Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Gdpr Policy In The Eu Rate Topic   - - - - -

 
  • andnow
  • Member
  • Trial users
  • Join Date: 20-Oct 16
  • 42 posts

Posted 06 April 2018 - 08:59 AM #21

TL:DR - https://ec.europa.eu...hts-citizens_en



 
  • andnow
  • Member
  • Trial users
  • Join Date: 20-Oct 16
  • 42 posts

Posted 06 April 2018 - 09:31 AM #22

Rules for business and organisations: https://ec.europa.eu...rganisations_en



 
  • mumbomedia
  • Advanced Member
  • Members
  • Join Date: 13-Jan 17
  • 66 posts

Posted 07 April 2018 - 07:31 AM #23

Hi Guys,

 

We are considering this feature for CS-Cart / Multi-Vendor. 

 

Right now I'm trying to find answer to questions: what kind of personal data should customer have access to (export/modify/delete) in CS-Cart.

It looks like:

- User & profile data

- Orders

- Cart & Wishlist content

 

Besides if client want to be "forgotten" should we erase all the records or we can just anonymize this data - like replace with "deleted user". This is need in order to maintain sychrnonization process - a lot of stores have some kind of synchronisations like CRM, Accounting programms etc. Documentations says there should be 2 optins erase of anonymize, and this is not good(

This is a very important point I think.

 

Feel free to share you thoughts on this. 

 

We contacted a lawyer for this, since we're in The Netherlands, and basicly it comes down to this.

 

1) Terms and Conditions need to comply, it should state exactly which user information you are using, why are you using it, if you are storing it, why are you storing it and who you share it with. ie. external mailclient, accounting software and ofcourse which data CS Cart is collecting and why.
 

2) Privacy policy and disclamer, Same as above.

 

3) Every customer (new and old) have to agree with a processors-agreement. They have to accept the agreement where it states again which data is collected, why it is collected and whoom it's shared with. Customers have to do this one time only. Old customers need to do this via a pop-up or opt-in via e-mail or similar, and new customers for the first time on checkout, BUT ACTUALLY BEFORE ANY DATA IS COLLECTED. (besides cookies, which need to be in the cookie pop-up)

 

4) The customers right to forget. Anonimising data is enough. Our accountingsoftware is GDPR complient and does just that. Click on a customer, click on forget and all his personal data (name, address, day of birth) is being anonymized.

 

There should be a seperate page where customers can request this.

 

 

So on 1&2 CS Cart needs to make a list on which data is collected, why and how.

 

on 3&4 there need to be modifications to the store.



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 11248 posts

Posted 07 April 2018 - 09:39 PM #24

Newsletters, all integrations that look at navigation that might capture/reference an email or user_id that can be resolved to any personal information, any 3rd party addons that my have captured information for other usage (like storing an email address for post-order followup, etc.  This could include things like mailchimp, constant contact, klaviyo, etc.  And there are probably tons of other areas like blogs and many corner-cases.

 

Lot of compliance agencies are going to become very wealthy with this.  Might make PCI compliance look easy! :-)


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • Jacek
  • Advanced Member
  • Trial users
  • Join Date: 13-Dec 12
  • 108 posts

Posted 09 April 2018 - 09:42 AM #25

Imac, the clock is ticking. Any news about ETA of the cs-cart compliance with GDPR? Store owners need to have time to adapt internal procedures and train personel.



 
  • deepxtz
  • Advanced Member
  • Trial users
  • Join Date: 18-Feb 15
  • 56 posts

Posted 10 April 2018 - 09:32 AM #26

Any news imac ?

We need this. ...



 
  • imac
  • Head of Product
  • CS-Cart Architects
  • Join Date: 22-Nov 05
  • 2046 posts

Posted 11 April 2018 - 06:46 AM #27

The customer does not have to be able to delete his account information himself, however he should be able to file in a form with a request to delete his account information.

It should be clear to the customer which information is collected by CS.cart and why it is.

The customer has to authorize that the shop stores his information.

If customer information or name is indexed by searchengines that information has to be re-indexed when a customer's profile is being deleted.

As far as i can tell it IS allowed to save the data, like products, but everything that has to do with the customer, cookies, ip address, name, contact information, everything has to be erased. Changing a name to "DELETED" with a number or something IS allowed as long everything else is destroyed.

yes, customer won't be able to delete his profile, in first version of GDPR add-on we develop he have to write a email withy request to delete his data.

 

As for the authorization (consent) and informing customer we will add texts to each registration form with notice what data and for what reasons we store and process.


Ilya Makarov,
CS-Cart Architect Team
Suggest and vote for new features | Report a bug

 
  • imac
  • Head of Product
  • CS-Cart Architects
  • Join Date: 22-Nov 05
  • 2046 posts

Posted 11 April 2018 - 07:01 AM #28

Imac, the clock is ticking. Any news about ETA of the cs-cart compliance with GDPR? Store owners need to have time to adapt internal procedures and train personel.

 

 

Any news imac ?

We need this. ...

Within next 2 weeks we will post news about GDPR add-on in the blog and also send a newsletter.

 

The feature is under development at the moment.

Changes in CS-Cart will be implemented as an add-on in case you use latest version you will need just an update. In case you use 4.x.x you will need some help from tech support or developer to add additional hooks.

 

The add-on will do 3 major features.

1. Get the consent of a customer [Frontend] (customer will get a clear explanation of what data we are going to collect for what reason)

2. Management personal data [Backend] (admin will be able to download all customer data he has in CS-Cart as xml file, and also admin can anonymize customer data

3. Store the history of consent [Backed] (we will have a special table in DB where all customer consents will be stored. There will be email, data, time, text of consent) 

 

For now we do not add any tools to get consent from existing customers - actually this can be done using newsletter with request to confirm they are understand what data is stored in the store and they agree with it. 


Ilya Makarov,
CS-Cart Architect Team
Suggest and vote for new features | Report a bug

 
  • poppedweb
  • Authorized Reseller
  • Members
  • Join Date: 02-Aug 16
  • 479 posts

Posted 11 April 2018 - 07:02 AM #29

By the way, here is a very good explenation of what it actually is. https://www.slaughte...er-the-gdpr.pdf


PoppedWeb | sales@poppedweb.com | https://poppedweb.com
TurnKey Website Design | Add-Ons | Performance Audits | Dedicated Server Management
24/7 Support | Response within an hour (during working hours).

 
  • andnow
  • Member
  • Trial users
  • Join Date: 20-Oct 16
  • 42 posts

Posted 11 April 2018 - 12:01 PM #30

Nice. But what about cookies? - http://forum.cs-cart...eu/#entry294404- "The expiry period must not exceed one year."



 
  • poppedweb
  • Authorized Reseller
  • Members
  • Join Date: 02-Aug 16
  • 479 posts

Posted 11 April 2018 - 02:52 PM #31

http://blog.cs-cart....gdpr-landscape/


PoppedWeb | sales@poppedweb.com | https://poppedweb.com
TurnKey Website Design | Add-Ons | Performance Audits | Dedicated Server Management
24/7 Support | Response within an hour (during working hours).

 
  • richardfmm
  • Senior Member
  • Trial users
  • Join Date: 20-Apr 12
  • 240 posts

Posted 14 April 2018 - 07:56 PM #32

Is there already more news?



 
  • mumbomedia
  • Advanced Member
  • Members
  • Join Date: 13-Jan 17
  • 66 posts

Posted 18 April 2018 - 09:08 PM #33

I've seen a demonstration of the GDPR Plugin and have to say that CS Cart did a VERY good job on it.
We have a lawyer ready to audit it when it's being released, but from what i could tell it's GDPR complient, only need to customize the legal texts on it.

 

Judging by what i saw, release should be anytime soon. At least more then soon enough for May 25th.



 
  • becomarius
  • Senior Member
  • Members
  • Join Date: 09-Feb 12
  • 154 posts

Posted 23 April 2018 - 06:25 AM #34

General Data Protection Regulation

 

https://www.eugdpr.org/

 

CsCart will have update soon to help us with this rules ?!

There is another topic discussion about this ?


CS Cart lovers


 
  • deepxtz
  • Advanced Member
  • Trial users
  • Join Date: 18-Feb 15
  • 56 posts

Posted 23 April 2018 - 06:30 PM #35

I've seen a demonstration of the GDPR Plugin and have to say that CS Cart did a VERY good job on it.
We have a lawyer ready to audit it when it's being released, but from what i could tell it's GDPR complient, only need to customize the legal texts on it.

 

Judging by what i saw, release should be anytime soon. At least more then soon enough for May 25th.

 

could you please share your results. so we can compare our own results with yours.

thank you !



 
  • mumbomedia
  • Advanced Member
  • Members
  • Join Date: 13-Jan 17
  • 66 posts

Posted 24 April 2018 - 08:53 AM #36

could you please share your results. so we can compare our own results with yours.

thank you !

Not sure what results you're asking of me.
 



 
  • deepxtz
  • Advanced Member
  • Trial users
  • Join Date: 18-Feb 15
  • 56 posts

Posted 24 April 2018 - 08:55 AM #37

Audit rezults :)



 
  • mumbomedia
  • Advanced Member
  • Members
  • Join Date: 13-Jan 17
  • 66 posts

Posted 24 April 2018 - 10:25 AM #38

Audit rezults :)

AH! well, the plugin isn't finished yet, as soon as it is we'll let it check and i'll post the results here.



 
  • ikoshkin
  • Tech Writer
  • CS-Cart Architects
  • Join Date: 25-Nov 15
  • 290 posts

Posted 24 April 2018 - 01:57 PM #39

Hello. There is some news about CS-Cart/Multi-Vendor GDPR compliance add-on in our blog. Feel free to discuss it in this topic.

 
  • sok777
  • Senior Member
  • Members
  • Join Date: 23-Jun 11
  • 376 posts

Posted 10 May 2018 - 11:17 PM #40

Hello,

 

is it 100% obligatory to to send newsletter to all existing customers and ask them explicitly to agree with new Privacy Policy?

 

I am sure 95% of recipients will not even open this email, but it does not mean they want to close the account or will not buy again in the future. They just do not care about GDPR emails from hundreds of companies they have registered in the past 20 years. What happens in this case? Do I have to delete all these customers or what? Any idea how to do it right without disturbing customers? (looks like "law makers" did not care that much about customers from this point of view).