Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Gdpr Compliance In Cs-Cart And Multi-Vendor Rate Topic   * * * * - 1 votes

 
  • mumbomedia
  • Advanced Member
  • Members
  • Join Date: 13-Jan 17
  • 113 posts

Posted 03 May 2018 - 09:09 AM #21

The add-on will provide the tool: 1. Ask for consent

That's great, but it only affects to customers who register a new account. Customers who already have an account, must also agree with the terms.
I have to write to all customers and ask them to agree to the new privacy policy, set a deadline and who has not consented at this time delete the data. The add-on does not offer a solution for this yet.

This is something i've actually mentioned to them. Maybe Ilya can clarify this.
Either way, i think you have to send your customers a mail anyhow. You have to get concent from them to send that mail after 24th of may though ;)
The GDPR also applies to invoicing/accountancy software you might be using, external accountants handling their information, etc.
 



 
  • mumbomedia
  • Advanced Member
  • Members
  • Join Date: 13-Jan 17
  • 113 posts

Posted 03 May 2018 - 09:12 AM #22

Thank you for the clarification.

 

If we make a mistake which normally does not happen we are always happy to take care of it.

 

Next we will update our Privacy page and then we should be fine.

 

Keep in mind though that if you sell to EU Customers (not companies) you still have to be GDPR-ready and ask your customers for consent on all things where you store their information. If you work with a 3rd party accountant you have to inform your customers in the privacy policy.
/offtopic out of curiousity, what custom items are you making for your EU customers? :)



 
  • Traveler
  • Senior Member
  • Members
  • Join Date: 02-Feb 07
  • 899 posts

Posted 03 May 2018 - 09:19 AM #23

We make clothes and have less than 1% of our customers in the EU one sale every two months to the EU?

 

We have a check box at the checkout so we will update that.

 

We don't currently have a newsletter but i will make it double opt in when we do.

 

We do not use social media or external accountants

 

We use Stripe and Paypal and never see customer payment information

 

We store measurements on paper and in emails and in our CS cart database - that is it.


Version 4.9.2


 
  • mumbomedia
  • Advanced Member
  • Members
  • Join Date: 13-Jan 17
  • 113 posts

Posted 03 May 2018 - 09:29 AM #24

Cool.

You have to inform then that their information is stored in CS Cart, (some) information in Stripe and Paypal, and have to inform then how your e-mail is handled, local server, on the webserver or Google Apps/Exchange, stuff like that.
Also who handles the website. Local/selfhosted server or Hosting Company. You also have to inform them who internally is responsible for their data, who they can contact if they want it deleted/anonymized and what the steps are to do that. You also have to have a Data Emergency Plan (not sure if that's the actual English title), but what internally are the steps if there is a data leak. You don't have to make that public though, but just mention you have that.



 
  • Traveler
  • Senior Member
  • Members
  • Join Date: 02-Feb 07
  • 899 posts

Posted 03 May 2018 - 09:35 AM #25

Thanks again

 

Our email is just basic Gmail

 

We have our own server in America

 

They can contact our customerservice email for any question

 

Data plan - hmm - never have had a problem but my plan is to ask our server host for help - not sure what else could be done.

 

I shall update our terms and privacy page etc

 

Maybe in the future we will have more EU customers... so good to be prepared


Version 4.9.2


 
  • mumbomedia
  • Advanced Member
  • Members
  • Join Date: 13-Jan 17
  • 113 posts

Posted 14 May 2018 - 10:42 PM #26

The current GDPR plugin is NOT multi-store able. It should be, since based on the store, information can be diffrent. I have a cusomer running zoho mails for most of the shops but a local server for another. 
 

 



 
  • ikoshkin
  • Tech Writer
  • CS-Cart Architects
  • Join Date: 25-Nov 15
  • 427 posts

Posted 15 May 2018 - 11:03 AM #27

The current GDPR plugin is NOT multi-store able. It should be, since based on the store, information can be diffrent. I have a cusomer running zoho mails for most of the shops but a local server for another.


The support of multiple storefronts is planned, along with a couple of other improvements. Please refer to this post for our plans on the GDPR add-on.

 
  • Mongoose
  • Senior Member
  • Members
  • Join Date: 08-Mar 13
  • 989 posts

Posted 16 May 2018 - 02:38 PM #28

The support of multiple storefronts is planned, along with a couple of other improvements. Please refer to this post for our plans on the GDPR add-on.

 

Well I can report my first bug with the GDPR addon. In the customer area where as store admin I can amend data related to my customer there is now a tab called GDPR user data. I cannot however manipulate any data under this tab


running CS Cart V4.10.3.SP1 


 
  • Mongoose
  • Senior Member
  • Members
  • Join Date: 08-Mar 13
  • 989 posts

Posted 16 May 2018 - 02:47 PM #29

as for my own test dummy account I have with my store I get the following  error thrown at me via the admin panel

 

 

Tygh\Exceptions\AException Message

Unknown column 'cscart_subscribers.lang_code' in 'field list' (1054)

SELECT cscart_subscribers.subscriber_id, cscart_subscribers.email, cscart_subscribers.timestamp, cscart_subscribers.subscriber_id, cscart_subscribers.lang_code FROM cscart_subscribers LEFT JOIN cscart_user_mailing_lists ON cscart_user_mailing_lists.subscriber_id = cscart_subscribers.subscriber_id WHERE 1 AND cscart_subscribers.email LIKE '%g.a.katgert@gmail.com%' GROUP BY cscart_subscribers.subscriber_id ORDER BY cscart_subscribers.timestamp desc

Error at

app/Tygh/Database/Connection.php, line: 1122


running CS Cart V4.10.3.SP1 


 
  • Traveler
  • Senior Member
  • Members
  • Join Date: 02-Feb 07
  • 899 posts

Posted 17 May 2018 - 02:08 AM #30

Will there soon be a bug fix for this?


Version 4.9.2


 
  • ikoshkin
  • Tech Writer
  • CS-Cart Architects
  • Join Date: 25-Nov 15
  • 427 posts

Posted 17 May 2018 - 07:32 AM #31

Well I can report my first bug with the GDPR addon. In the customer area where as store admin I can amend data related to my customer there is now a tab called GDPR user data. I cannot however manipulate any data under this tab


Do you mean the GDPR user data tab in the admin panel on the customer editing page? If so, then it's not a bug; that tab helps administrators to review all the data they have on a customer, and the sources where that data came from. That way administrators know what sort of data they'd be exporting to XML files or anonymizing on customer's request.

 
  • ikoshkin
  • Tech Writer
  • CS-Cart Architects
  • Join Date: 25-Nov 15
  • 427 posts

Posted 17 May 2018 - 07:41 AM #32

as for my own test dummy account I have with my store I get the following  error thrown at me via the admin panel


Does this issue also occur at http://demo.cs-cart.com? If so, please post an instruction how to reproduce it on the bug tracker. Otherwise, it may be better for our specialists to investigate this problem directly in your store. For that, please contact our technical support via Help Desk.

 
  • ibizo
  • Member
  • Authorized Reseller
  • Join Date: 10-Jul 12
  • 39 posts

Posted 22 May 2018 - 07:50 AM #33

According to GDPR you have to offer your visitors possibility to enable and disable some kind of cookies that you use on your store.

 

There is no option in this module to:

 

Visitors to can turn on/off cookies from this cookie providers:

Google Analytics
Google AdWords
Facebook Pixel

 

 

For Example:

https://preview.ibb....pr_coockies.jpg

 

WHAT HAS TO CHANGE?
The users must have a choice. The fact that they use a website does not mean they agree to all cookies. The type of phrase used at the moment is barely informative enough and it certainly doesn’t give a choice. A website owner will not be able to constrict users to accept cookies in exchange for information.
Like all other consent under the GDPR, consenting to cookies needs to be a clear affirmative action. An example is clicking through an opt-in box or choosing settings from the menu. Pay attention to not have pre-ticked boxes on the consent form!

 

Let’s not forget about opt-out. The GDPR clearly states that a data subject should be able to withdraw consent as easily as they gave it. With cookies this will generally mean that they should be able to revoke consent through the same action as when they gave consent. For example, if they consented by clicking through some boxes, they have to be able to find the same form to revoke consent.


 
  • fuoritempo
  • Advanced Member
  • Trial users
  • Join Date: 18-Apr 18
  • 67 posts

Posted 22 May 2018 - 09:57 AM #34

 

According to GDPR you have to offer your visitors possibility to enable and disable some kind of cookies that you use on your store.

 

There is no option in this module to:

 

Visitors to can turn on/off cookies from this cookie providers:

Google Analytics
Google AdWords
Facebook Pixel

 

 

For Example:

https://preview.ibb....pr_coockies.jpg

 

WHAT HAS TO CHANGE?
The users must have a choice. The fact that they use a website does not mean they agree to all cookies. The type of phrase used at the moment is barely informative enough and it certainly doesn’t give a choice. A website owner will not be able to constrict users to accept cookies in exchange for information.
Like all other consent under the GDPR, consenting to cookies needs to be a clear affirmative action. An example is clicking through an opt-in box or choosing settings from the menu. Pay attention to not have pre-ticked boxes on the consent form!

 

Let’s not forget about opt-out. The GDPR clearly states that a data subject should be able to withdraw consent as easily as they gave it. With cookies this will generally mean that they should be able to revoke consent through the same action as when they gave consent. For example, if they consented by clicking through some boxes, they have to be able to find the same form to revoke consent.

 

 

that's right