we do not collect names or emails - our visitors even cannot log to the page. But still, it is not clear to me if we collect personal data or not.
According to the article The new GDPR data protection… IP addresses, cookies and UserID are personal data.
This is our situation:
IP addresses: We anonymize IP addresses, but we still want to estimate user location with decent precision by setting the option Also use the Anonymized IP addresses when enriching visits. to No . As I understand this option, full IP will be used for geolocation. Do we collect then personal data from the point of view of GDPR in this case? Is this full IP address then stored in the database? Is stored, then we probably collect personal data from the point of view of GDPR.
Cookies: We want to track visitors so that we know what do they read and how much time do they spent with us. Some cookies are used in this case. Should these be regarded as personal data? We do not use any other cookies.
UserID: I understand UserID as an identifier of a user registered on the web page. So in our case this should not be relevant.
Do you think that in this case would it be OK not to ask visitors for consent?
Thank you for your opinion!