The General Data Protection Regulation (GDPR) is the primary law regulating how companies protect EU citizens' personal data since May 25, 2018. Companies that fail to achieve GDPR compliance before the deadline will be subject to stiff penalties and fines. GDPR is a set of data protection rules for all companies (including small to medium-sized companies and large enterprises) operating in the EU, no matter where they are based in. More information can be found here and here.

Joomla! Since 3.9.27 by default block FLoC (Federated Learning of Cohorts).

Helix Ultimate Framework and Templates follow GDPR

They do not store personal information or tracking cookies created or saved by the template.

In any Helix-based template, you can make use of 3rd party services, for example, Google Fonts (more information on this can be found under the Typography section of this documentation). These services and the Joomla team (Joomla 3.9) are all working on making their products and services GDPR-compliant.

Social Icons

This feature doesn't store any Personal Data nor track users' behavior, it's just a link to a social network website. If the user clicks a third-party link, they will be directed to that third party's site. JoomShaper has no control over and holds no responsibility for the content, privacy policies, or practices of any third-party sites or services used as a link in the Social Icons area.

Social Share Icons

Helix Template(s) offer options to use social buttons to share your content on Facebook, Twitter, and LinkedIn. If any of them is enabled, the Social Share JavaScripts are loaded into the article view. This feature may collect some user(s) data, for example, IP address, web browser User Agent, store and retrieve cookies on the user browser, embed additional tracking, and monitor interaction with the social share icons. If you would disable this feature social share script is not loaded.

Social Comments

Helix Ultimate template(s) offer options to use social comments (Disqus, IntenseDebate, and Facebook) to add/use the comments section below the articles. If any option is enabled, the Disqus, IntenseDebate, or Facebook, scripts are loaded into the page, which might track user data. Helix framework sends a request to third-party APIs via the website-visitors web browser to fetch information (like social shares, and social comment count). You should include relevant snippets in the Privacy Policy of your website stating how these services handle the privacy of your users. Remember that each social solution has a connection to different personal data, and may collect more or less information (not only IP address).

Google Fonts

 You don't have to use Google Fonts inside the Helix Ultimate template. You can use default fonts (Arial, Verdana, etc.) without connecting to Google. The German court (in 2021) deemed this a violation of Europe’s GDPR (General Data Protection Regulation) because Google Fonts exposes the visitor’s IP address.

If you want to continue using Google Fonts in a more privacy-respecting way, there are many tutorials (also ours) for self-hosting the fonts instead. Check this tool as well: https://google-webfonts-helper.herokuapp.com/fonts/