This article summarizes all important facts about the EU-GDPR / EU-DSGVO compliant use of ASA1 and ASA2.

General questions regarding WordPress plugins and EU-GDPR

As an owner of a WordPress website, one must ensure that the plugins used are EU-GDPR / EU-DSGVO compliant. In this context, the following questions are in the spotlight:

• Does the plugin collect personal data of website visitors and if so, which?
• Where is this data stored?
• Does the plugin use external sources (e.g. scripts integrated via CDN)?
• Does the plugin use external services?
• Does the plugin generate cookies?
• Does the plugin track user behavior?

Questions regarding ASA1 and ASA2

These questions regarding ASA1 and ASA2 are answered below.

Question: Do ASA1 or ASA2 collect personal data from website visitors?

Answer: No.

Q: Does ASA1 or ASA2 use external sources?

A: In the standard configuration, ASA1 and ASA2 use the product images from Amazon image servers. So when the products are displayed on your website, the product images are loaded from an Amazon server. When loading these images, the IP address of the website visitor is transmitted to the Amazon servers. This is not EU-GDPR / EU-DSGVO compliant, must be documented in your data privacy policy and the user’s agreement must be obtained before opening pages containing respective image from Amazon servers.

If, for whatever reason, this is not possible for you, or this supplement to the Data Privacy Policy is still in progress, there is a temporary workaround in ASA2.

In ASA2 the feature “Local Images” downloads all external product images from the Amazon servers to your own server before the product is displayed to the user. Then only the local image URLs are used to display the product on your website. This will not transfer the IP address of visitors to external servers. This is EU-GDPR / EU-DSGVO compliant.

Important notice

Please keep in mind that it is against the terms and conditions of Amazon PartnerNet to copy product images to your own server. Therefore use the feature only temporarily and on your own responsibility until you have found the proper solution for you to be GDPR compliant with external images.

Learn more about the local image feature in this blog post: ASA2 update brings support for local images (EU-GDPR ready) and AMP.

The “Local Images” feature is currently only available in ASA2.

When using ASA1, the use of external image sources should therefore be noted in the data protection policy.

Q: Does ASA1 or ASA2 use external services such as Google Analytics?

A: No.

Q: Does ASA1 or ASA2 generate cookies?

A: No.

Q: Does ASA1 or ASA2 track user behavior, e.g. which product links are clicked?

A: No.