Hotjar is a popular customer experience tool to analyze your users’ browsing behavior. With analyzing behavior, statistical data is shared with Hotjar to either/and record video’s of browsing behavior, creating heatmaps and other behavioral analyses. With Hotjar you also get the possibility to have different direct feedback pop-ups on site.
Does Hotjar collect personal data?
Configuring Hotjar for GDPR
We will discuss the following:
1. Configuring Hotjar’s dashboard for GDPR
2. Signing a DPA with Hotjar
3. Implementation with Tag Manager
Configuring Hotjar’s dashboard for GDPR
Hotjar’s compliance efforts have been above par compared to their competition. Making it quite easy to configure Hotjar for GDPR.
For heatmaps, recordings, and form analyses, you will need to suppress text and images if they contain personal data, or may contain personal data. In the latter case, think about recording the users’ email address when filling out a form, or a heatmap with your client’s data, because you have a portfolio on your website.
Go to the website you need to configure under Sites and Organizations and select the “Site settings” button on the right-hand side.
You will then be prompted with a list of possibilities to suppress data. Choose the ones as shown below, as a minimum!
For the feedback modules, you will need to ask consent, before using their feedback and collecting their data in conjunction with before mentioned profiled behavior.
With a video from Hotjar:
Short introduction by Hotjar to add consent in the feedback module.
Data Retention and Data Requests
It’s good to know how a service provider collects and shares data with other parties. For Hotjar, this has been outlines straightforward in its data retention policy. For data requests from users, Hotjar has built a visitor lookup module to comply with the right to access and erase.
Signing a DPA with Hotjar
Because Hotjar will process data as a third-party, it’s necessary to sign a DPA or Data Processing Agreement. The DPA states the responsibilities of Hotjar as a processor and you as the party responsible for the data collected.
This can be done online. Follow this link to read and sign the DPA when you agree to the agreement.
Deployment with Tag Manager
When you’re finished, you can deploy Hotjar with Tag Manager.
NB. Soon we will alter the wizard to check for a GDPR configuration of Hotjar to enable the script before consent. Until then, if you’re not using Tag Manager, you can deblock Hotjar from our blocklist by adding a function to your theme’s functions.php. Or with an MU plugin as can be read here:
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.