Compliance with Privacy Regulations
Is Wix compliant with international regulations?
Wix.com is 100% committed to data protection. We work with a team of experts that can ensure our products, services and documentation are up to standard and comply with the most important privacy regulations currently in force; the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) in the US and Lei Geral de Proteção de Dados (LGPD) in Brazil.
Wix aims to empower its customers to get more control over their personal data - respecting and honoring individuals’ rights outlined in worldwide privacy regulations.
What is GDPR?
The General Data Protection Regulation (“GDPR”) took effect in May 2018. It’s a European regulation that aims to protect European citizens’ personal data and right to privacy.
The GDPR applies to any person or business (including websites) that processes EU citizens' personal data. Even if you or your business are not physically located in the EU; if you offer your goods or services in the EU, have EU site visitors or if your marketing campaigns target EU citizens, you may have to comply with GDPR. Learn more
What is CCPA?
The California Consumer Privacy Act (CCPA) is in place to protect the consumer rights of California residents. The act encourages stronger privacy for consumers and promotes greater transparency for companies who have an online presence in the state. Learn more
What is LGPD?
The Lei Geral de Proteção de Dados (LGPD) is a regulation intended to strengthen and unify data protection for all Brazilian citizens. Its purpose is to protect the fundamental right to privacy and the protection of personal data.
Is my Wix website GDPR compliant?
Wix provides all the tools to create a GDPR compliant website, but can’t guarantee that the site will be compliant. In addition, the site owner is in charge of what happens to the data collected from their site visitors, as such we always recommend that the site owner do their own research to understand what their privacy and other legal obligations are in regards to their site visitor’s data.
Am I able to build a GDPR compliant website with Wix?
Yes. Wix provides all the tools necessary to create a GDPR compliant website. Learn more
Do I need to request consent from my visitors?
It is important to note that you don’t always need your visitor´s consent to use their personal data. In multiple situations you may be able to use it without consent if you have a valid reason. These reasons are explained in the GDPR as a ‘lawful basis’. There are six lawful bases you can use. To ensure you’re complying with your legal obligations we always recommend that you review the GDPR and local laws, as well as seek legal advice.
Here are some tools Wix offers to obtain consent from your site visitors:
Do I need to request consent for marketing campaigns?
Each country has its own laws about marketing which may require you to get consent from your site visitors for your marketing campaigns. If you're using Wix Email Marketing or any other email marketing tools, it’s your responsibility to check your obligations under local laws.
Here are some tools Wix offers to obtain consent from your site visitors:
Can I enable double opt-in for my marketing campaigns?
Yes you can. Double opt-in means that your visitors must verify their email address before they can become subscribers. Until they do, you'll see the ‘Subscription Pending’ label in their contact card. Learn More
While we can’t help you write your documents, we have published a general guide with information on how to create your Terms and Conditions which is available here. Remember, your document must be customized to your site so while our guide is here to help, you will need to make alterations for your specific needs. And as always we recommend you seek legal advice for any uncertainties.
A “statement of ownership and authorship of content” may be legally required in some countries. We have published guidance about how to write an Impressum/Imprint/Mention Legale and explanations on how to add it to your website.
Data storage & data transfers
Where does Wix store my data?
Wix.com Ltd. is based in Israel, which is considered by the European Commission to have an adequate level of protection for the personal information of EU individuals.
We also have many group companies and third-party processors worldwide so we may process personal information in other countries if necessary. We store personal information in our data centers which are located in the United States of America, Ireland, Japan and Israel.
How does Wix transfer personal information outside the EEA (European Economic Area)?
Any transfer to a third country, outside the European Union, that does not ensure an adequate level of protection according to the European Commission, will be made in accordance with the Standard Contractual Clauses along with additional technical, contractual and organizational safeguards.
Wix group companies and third-party service providers that store or process personal information on Wix’s behalf are contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.
Does Wix provide a Data Processing Agreement?
Yes. Learn more about the DPA (Data Processing Agreement) here.
How does the invalidation of the Privacy Shield impact my GDPR compliance?
Wix.com will continue to transfer personal data via applicable suitable safeguards and legal mechanisms. Nevertheless, Wix also maintains its commitments under the U.S.- EU Privacy Shield (although we no longer rely on it as a transfer mechanism).
In the absence of an adequacy decision (Article 45 GDPR), Wix relies upon the Standard Contractual Clauses (“SCC”s) for the international transfer of personal information, together with additional technical, contractual, and organizational safeguards.
Wix group companies and third party service providers that store or process personal information on Wix’s behalf are contractually committed to keep it protected and secured, in-line with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.
Our legal team's assessment and understanding is that cross border transfers performed by Wix are compliant with current GDPR and other applicable data protection requirements.
Is my personal information protected when I sign up for Wix services?
Yes. The sign up and log in process with Wix is completed through a secure server. In addition, Wix does not keep users' passwords in its database but instead uses a one way encryption method. This means that even if there is a database breach, the passwords cannot be restored by any means. Learn More
How does Wix protect my user’s data?
Wix has implemented security measures designed to protect the personal information you share with us including physical, electronic and procedural measures. We have additionally implemented encryption of Users and Users-of-Users personal information.
In addition, Wix offers HTTPS secure access to most areas on our platform and the transmission of sensitive payment information (such as a credit card number) through our designated purchase forms are protected by an industry standard SSL/TLS encrypted connection. We also maintain PCI DSS (Payment Card Industry Data Security Standards) certification.
Wix regularly monitors its systems for possible vulnerabilities and attacks, and seeks new third-party services to secure our platform and enhance our visitors’ and users’ privacy.
Do you have a security certificate that confirms my data is protected?
Yes. Wix is Payment Card Industry Data Security Standards (PCI DSS) compliant and is accredited as a level 1 service provider and merchant. The PCI DSS is an information security standard for organizations or companies that accept credit card payments. This standard helps to create a secure environment by increasing cardholder data, thus reducing credit card fraud. Learn more