Implementation of the GDPR

Where and how can I edit the supplied privacy policy?

WoltLab Suite 3.x

  • Open your admin panel and navigate to "Content -> CMS -> Pages" and search for "Privacy Policy".

Burning Board 4.1

  • Open your admin panel and navigate to "Appearance -> Languages -> Manage Phrases" and search for "".

What adjustments should I make to the supplied privacy policy?

The GDPR stipulates that the operator of the website is named and addressed in the privacy policy. This must be supplemented in section 2 of the privacy policy.

Which areas does the supplied privacy policy cover?

The privacy policy is designed for the built-in functionality of WoltLab Suite including all official applications and plugins. This includes, for example, the use of the contact form, third-party logins or media providers such as YouTube.

Which areas are not covered by the supplied privacy policy?

The supplied privacy policy does not cover areas that could potentially arise from your own customizations or the installation of third-party plugins. This can be, for example, an integration of advertisements (e.g. Google AdSense), analysis tools (e.g. Google Analytics), additional third party logins, media providers etc.. When using such functions, the data protection declaration may have to be supplemented by further passages. Many third party providers already offer ready-made text modules that only need to be inserted.

Should I disable the permanent storage of IP addresses?

The long-term storage of IP addresses is legally questionable, as the GDPR requires that personal data (including IP addresses) is to be stored only for as long as necessary. In addition, a user has the right to request information about the data stored about them, as well as to request complete deletion of the data. Both would be difficult to implement in practice if many stored IP addresses have accumulated for a user who, for example, has written many forum posts. We therefore recommend disabling the permanent storage of IP addresses. The corresponding setting can be found in the administration interface under "Configuration -> Options -> Modules -> System -> Save IP addresses".

SSL/TLS Encryption

The GDPR requires appropriate technical and organisational measures to protect the data entered in forms from being access by third parties. SSL/TLS encryption secures the communication between the user and the website and thus provides a sufficient level of protection. Furthermore, the use of encryption is expressly recommended by some search engines, e.g. Google, and has a positive effect on search result rankings.

The activation of SSL/TLS encryption is solely performed and controlled by the web server, please contact your provider if you require assistance to get this to work. Neither WoltLab Suite 3.x nor Burning Board 4.1 will require any configuration in this regards.


The Gravatar service allows users to create a single avatar based on their email address, which can be retrieved from their website. For this purpose, it is necessary to transmit the e-mail address of the user to this service and thus represents a direct transmission of personal data to a service located in the United States of America. The email address is processed using the cryptographically weak MD5 algorithm to produce a hash value, but this hardly represents an effective protection.

WoltLab Suite 3.x

  • Can be disabled via "Configuration > Modules > Users > Gravatars"

Burning Board 4.1

  • Can be disabled via "System > Modules > Users > Gravatars"

Embedding Images from External Sources

Embedded images from external sites in (user-generated) content leads to a direct data transfer from the users' browser to the third party site, which also includes personal data. It is recommended to deactivate the use of images and use the file attachment function instead. For existing images, a new option has been added to disable the integration of images from external sources, you may want to consider disabling the integration of images in general.

WoltLab Suite 3.x

  • Disable the use of images: The user group permissions "Disallowed BBCodes" allows you to deny the usage of images per user group.
  • Disable embedded images from external sources: "Configuration > Options > Messages > Allow images from external sites".

Burning Board 4.1

  • Disable the img bbcode: Navigate to "Content > BBCodes" and untick the checkbox in front of the row for "[img]".
  • Disable embedded images from external sources: "System > Options > Messages > Allow images from external sites".