A. Cookie Banner
Current version on website
This needs to be replaced with the following:
This pop-up should appear for each browsing session.
What does GDPR say about cookies?
· GDPR Recital 26, which states that any data that can be used to identify an individual either directly or indirectly (whether on its own or in conjunction with other information) is personal data. So the cookies under consideration here are the ones which can be used as user identifiers.
· The users must have a choice. The fact that they use a website does not mean they agree to all cookies. The type of phrase used at the moment is barely informative enough and it certainly doesn’t give a choice. A website owner will not be able to constrict users to accept cookies in exchange for information.
· Like all other consent under the GDPR, consenting to cookies needs to be a clear affirmative action. An example is clicking through an opt-in box or choosing settings from the menu.
· The following methodology should be used :
· Set another cookie that stores the cookie acceptance value (0 – No response and 1 –If clicked option “Accept”)
· Check the value of this cookie at the web campaign code. The by-default value of this cookie should be 0
· If the value is 1, then the data can be captured, else the data should not be captured.
B. Privacy Notice and Consent
This needs to be changed at all point where personal data is collected to the following :
The disclaimer can stay as it is, however the checkbox can be re-aligned to be somewhere near the disclaimer so the user reads it in concurrence.
C. Child's Consent
We also suggest that age be captured as part of the fields in Test Ride form
The significance of this would be to track if Royal Enfield is capturing data of auser below the age of 16.In case RE captures data of users below the age of 16 parental consent would be required.
Alternately, we can have a declaration from the user to ensure that they are above 16 years of age.
"I declare that I am above 16 years of age"