Search the Community

General Data Protection Regulation (GDPR) The European Union's General Data Protection Regulation (GDPR) came into effect on May 25, 2018. The GDPR imposes new obligations and responsibilities on controllers and processors of data. As a merchant, you are generally the controller of your customers’ data. This means that you collect your customers’ data and choose how it is handled. Additionally, though it is a European regulation, the GDPR might apply to your business if you make goods and services available in Europe, even if you or your business are not located in Europe. ClicShopping believes strongly in protecting your customers’ personal data as well as your own, and understands that doing so is critical to help you preserve the trust and confidence of your customers. ClicShopping has designed its platform to allow merchants to operate anywhere in the world. GDPR-compliant features are built into ClicShopping 's platform, including features to enable you to offer your customers transparency into and control over their personal data, and technical measures to ensure that your customers’ personal data is protected as it crosses borders. ClicShopping believes in making it easy for you to use our platform in a manner that complies with privacy and data protection laws like the GDPR. While ClicShopping does what it can to set you up for success, there are also steps you will need to take on your own, and ultimately, compliance with the GDPR is the responsibility of each individual merchant. If you have legal questions specific to your obligations under the GDPR, consult with a local lawyer who is familiar with data protection laws. How does the GDPR affect ClicShopping ? The General Data Protection Regulation (GDPR) requires ClicShopping to make the following changes inside the code Make sure that ClicShopping is able to honor the rights of European merchants and customers over their personal data, and that when using ClicShopping 's services, merchants are able to do the same. How does the GDPR affect you? The General Data Protection Regulation (GDPR) affects any ClicShopping merchants who are based in Europe or who serve European customers. While ClicShopping is working hard to make sure that it complies, and allows its merchants to comply with the GDPR as of May 25, 2018, it is important to note that the GDPR will also require you to take action independently from the ClicShopping platform. The GDPR is a complicated regulation, and it will apply differently to different merchants. You should consult with a lawyer to figure out what you specifically need to do. For information about processing data requests, see Processing GDPR data requests. Processing GDPR data requests The GDPR expands on an individual's right to access and control their personal data.

Failure of delivery or non-compliant order on the Internet ... what is the right attitude to obtain satisfaction? The very recent creation of a mediation body for Internet litigation strengthens the will already set by the Community Directive of 8 June 2000 on electronic commerce, to privilege out-of-court solutions, since the damage is not too important . The user has at his disposal a hierarchy of remedies to assert his rights as consumers. In practice, everything depends on the location of the site on which the user is shopping. French sites If the dispute concerns a delay in delivery, most sites now allow to check directly online the status of the order. The buyer has an interest in doing this before contacting the seller. Customer service According to the law on confidence in the digital economy of 21 June 2004, merchants must indicate in the offer of sale the details of customer service. An e-mail contact followed by a telephone conversation can sometimes resolve the dispute amicably, especially if the company is concerned about its brand image. Registered letter: In the absence of agreement, it is prudent to send the seller a registered letter with acknowledgment of receipt reminding him of the facts at the origin of the dispute and the requested arrangement. In practice, this is the best way to formally notify the seller of his claim through a specific complaint form developed by the European Commission. Your claim must include: all of your details (name, surname, address, telephone number ...); the reference of the product or service causing the problem (product code, packaging code or barcode, reference of the contract or order form ...); if possible, the date and place of the purchase or performance of the service (canvassing at home, distance selling ...); the problem occurred, by clearly expressing its nature (eg failure to deliver after expiry of the delivery period); the subject of your request (cancellation or performance of the contract, refund, exchange, repair ... try to encrypt your request); if possible, the legal bases of your complaint (code articles, texts ...); vouchers in photocopies (invoice, receipt, estimate ...). Organizations and Associations Professional organizations, such as FEVAD (Federation of Distance Selling Companies) are responsible for settling disputes between their members and buyers. The list of its members can be found on its website (www.fevad.com). Consumer associations are now effectively intervening in e-commerce disputes or settling a dispute with a mobile operator or service provider (European Consumer Center). European Consumer Centers (ECC) Information centers located near cross-border areas, such as the one located in Kehl (Germany, where the Franco-German association EUROPEAN CONSUMPTION CENTER hosts CEC France and CEC Germany in the same premises, which work in this way. close cooperation), inform European consumers and their internet users of their rights and help them find an extra-judicial solution to their cross-border disputes. For German Internet users, there is even a service in Kehl entirely devoted to the problems related to electronic commerce, to settle a dispute against a site installed in another European country. The website of the German Contact Point for Electronic Commerce can be found at: http://www.ecommerce-verbindungsstelle.de/ European Consumer Center France Indigo number 0 820 200 999 (0,09 EUR / min) By phone: (0049) 7851.991.48.0 By fax: (0049) 7851.991.48.11 By mail: info@cec-zev.eu.eu By mail: Bahnhofsplatz 3, 77694 Kehl - GERMANY Website: http://www.europe-consommateurs.eu Outside Europe Even if the user can claim the application of its national law, the recourse against the foreign sites turns out to be complex and random. Judicial Remedies In France The Internet user who has suffered significant damage can bring against the professional a civil action for liability, for example in case of non-delivery of expensive computer equipment whose price had been paid in full. The seller is considered as the only interlocutor responsible for the good performance of the contract since the law on confidence in the digital economy. In Europe The Rome Convention of 19 June 1980 (Article 5) specifies that, in the absence of a choice between the parties, the usual law of the buyer applies if the conclusion of the contract was preceded in that country by an offer of product or services or if the consumer has performed the act

Below, some information can help you to majke your website GDPR. GDPR is new european directive to allow all the customers to control their data. GDPR Requirement for your E-commerce website - General Please note: EU GDPR will affect businesses both inside and outside of the EU. Any non-EU company dealing with EU customers will have to comply with the GDPR. To achieve full compliance by the end of May 2018, WooCommerce businesses will need to: Tell the user who you are, what data you collect, why you collect the data, for how long you retain it and which third parties receive it (if any) Get a clear consent before collecting any data Let users access their data Let users download their data Let users delete their data Let users know if a data breach has occurred If you don’t strictly adhere to these rules, you will eventually get fined up to €20 million or 4% of your worldwide annual turnover, whichever is greater… Now, this is good to know, but actually, the most important question is: what changes am I required to do on my WordPress/WooCommerce website? Well, with my goal being translating GDPR in plain English and in “WordPressian” (a new language I just created), the 6 rules outlined above will have implications on: ClicShopping Terms & Conditions (Checkout page) ClicShopping Privacy Policy (Checkout page) ClicShopping User registration (My Account page) ClicShopping Cart Abandonment (Checkout page) ClicShopping product reviews (Single Product page) ClicShopping comments (Blog pages) ClicShopping opt-in forms (Newsletter, notification, etc.) ClicShopping contact forms (Contact Us page, widgets, etc.) ClicShopping analytics (Google Analytics, etc.) ClicShopping Plugins & APIs (Payments, Email marketing, etc.) Breach notifications That’s quite a lot of work… Once again, please double check this with a lawyer or a GDPR consultant as I’m neither of the two. GDPR Compliance Step 1: ClicShopping Terms & Conditions Based on Quora’s article, “What is the difference between Privacy Policy and Terms and Conditions?“, the Privacy Policy is to inform the user about the data you gather, while the Terms and Conditions (also called T&C, Terms of Service or ToS) include the legal terms and rules that bind the customer to your business. Therefore, while the biggest changes will need to be done on your Privacy Policy (as well as showing this everywhere, see the following section), you should also amend your T&C page in regard to the new GDPR terminology and the gathering of customer data from the ClicShopping checkout. In my opinion, it’s simply sufficient to add a paragraph to your ToS that links to the revised Privacy Policy and therefore the whole personal data usage document. If you have no T&C page at all, you can use some of the online generators (google “terms and conditions generator” or “terms and conditions template”), use a premium service like iUbenda, or alternatively take a look at T&C pages on popular e-commerce websites to get some inspiration Once this is done, the Clicshopping checkout will show a checkbox on the checkout page with default text and a link to the T&C page you selected in the previous step: To-do list: Create a T&C page if you have none (you can use a T&C generator or take a look at popular e-commerce T&C pages – remember to refine the document for your specific legal agreements and have it revised by a lawyer) Add a new GDPR paragraph to your T&C that links to your Privacy Policy page Use the ClicShopping Checkout Settings to add a checkbox to the Checkout page GDPR Compliance Step 2: ClicShopping Privacy Policy On Business Bloomer I have no T&C page (working on that…) and no Privacy Policy page (definitely working on that now…). Surely, the Privacy Policy page is the one that requires a lot of editing and copywriting. On top of this, we will need to show the Privacy Policy opt-in message on the checkout page and other places, such as contact forms and opt-in forms (see following sections). In regard to the Privacy Policy page content, you must inform the user about the data you collect, store and use. Once again, the suggestion here is to take a look at reliable ecommerce websites Privacy Policy pages and see how they’re approaching the new GDPR rules. Surely, you will need to cover the following: who you are (company, address, etc) what data you collect (IP addresses, name, email, phone, address, etc) for what reason you collect the data (invoicing, tracking, email communication, etc) for how long you retain it (e.g. you keep invoices for 6 years for accounting purposes) which third parties receive it (MailChimp, Google, CRM, etc) how to download data (either automatically or by emailing the Data Protection Officer) how to delete data (either automatically or by emailing the Data Protection Officer) how to get in touch with you for data-related issues (the contact details of the assigned Data Protection Officer, probably you) Now that you’ve written your Privacy Policy, you need to show this on every page of the website (a link in the footer would do) and – on top of that – a privacy policy checkbox on any opt-ins, user registration forms and checkout forms. Based on the useful comments I received on this article, users need to actively “check” or “agree” to the Privacy Policy (exactly in the same way people do so with your T&C) so you must show a checkbox (and you cannot pre-select that checkbox by default). So, how do you add a “Privacy Policy” checkbox on the checkout page? Well, in this case you can add a second checkbox, on top of the default “I’ve read and accept the terms & conditions”. This second checkbox might say something like “I’ve read and accept the Privacy Policy” (or a more user-friendly label such as “Your personal data will help us create your account and to support your user experience throughout this website. Please read and accept our Privacy Policy document, where you can find for more information on how we use your personal data”). So, this concludes the Privacy Policy work. To-do list: Create a Privacy Policy page if you have none Add who – what – how – why – when to Privacy Policy Display link to Privacy Policy in the footer GDPR Compliance Step 3: ClicShopping User Registration As this is personal data, we need to show the Privacy Policy checkbox on the frontend, similarly to what we’ve done on the checkout page. Also remember to only collect information you strictly require to run your business. To-do list: add a Privacy Policy checkbox to the registration form GDPR Compliance Step 4: ClicShopping Product Reviews Ah, product reviews! In ecommerce, they really matter, don’t they? Of course, reviews contain personal data. You got it, you need user consent. This is against the GDPR, which requires explicit consent (i.e. ticking a box). Customers will have already opted-in to your T&C and Privacy Policy, so nothing will need to be added to the product review form if they’re logged in. If you allow reviews from non-logged-in, non-purchaser users, that’s another story. Not sure why you’d do that, but in this case you’ll need to add the Privacy Policy checkbox to the product review form. Simple as that ! GDPR Compliance Step 6: ClicShopping Comments If your ClicShopping pages and posts have comments, here comes another GDPR compliance problem. Users are usually prompted to enter their name, email address and website URL together with their message without the need to register an account (this happens on Business Bloomer for example, but maybe in your case you might force user registration in which case you’re GDPR compliant in regard to ClicShopping comments by default). Once again this is pretty simple – you will need to add a Privacy Policy consent message in the “Leave a comment” form and a “cookies opt-out”. To-do list: Make sure to display the Privacy Policy checkbox before users submit a comment GDPR Compliance Step 7: ClicShopping Opt-in Forms An opt-in form is a contact form where users enter their name and email address (usually) to join your email marketing list (or database of contacts). First of all, you must remove all automatic opt-ins on your site. All checkboxes must be not checked by default (a “checked” checkbox by default cannot imply acceptance). Besides, are you passing those email addresses to sub-companies or other partners? Hopefully not… Either way, users must: consent know why their personal data is needed (“Enter your email address to receive our weekly newsletter“) give you only relevant information (to join your newsletter you don’t need to ask for the date of birth… unless you want to send them a gift on their birthday! In this case, you’ve got to make it clear WHY you want that personal piece of data know how to delete/download the data at any time know how to opt-out Usually, an opt-in form is tied to a specific software e.g. Mailchimp Whoever you send that email address to, make sure they are reliable (Mailchimp, ConvertKit, Aweber, etc.) and that they are actively working on HELPING you being GDPR-ready. To-do list: Audit all your opt-in forms See if your opt-in form / newsletter / email marketing provider has a GDPR solution Make sure to display the Privacy Policy checkbox before users opt-in GDPR Compliance Step 8: ClicShopping Contact Forms These forms now require Privacy Policy consent. Simply put, you should add a checkbox (very easy with any of the above plugins) close to the “Submit” button, to make sure users are agreeing to your Privacy Policy. To-do list: Add Privacy Policy checkbox to all your contact forms If the contact form is going to store personal data in a database and/or is tied to an email marketing software, you need to tell your users why and where you’re storing data GDPR Compliance Step 9: ClicShopping Analytics Whether you use Google Analytics, Metorik, or both, you’re capturing user data and using cookies without consent. Same applies to Google AdWords, Facebook pixels and similar. The best thing to do in this case is to check each provider’s GDPR policy, because THEY are collecting the data and not YOU. You’re just passing data to THEM: “Under the GDPR, if you use Google Analytics, then Google is your Data Processor. Your organization is the Data Controller since you control which data is sent to Google Analytics“. According to Google Analytics Team (they sent an email to all account holders on April 11th 2018): GDPR requires your attention and action even if your users are not based in the European Economic Area (EEA) They introduced granular data retention controls that allow you to manage how long your user and event data is held on our servers. Google Analytics will automatically delete user and event data that is older than the retention period you select Before May 25, Google Analytics will also introduce a new user deletion tool that allows you to delete all data associated with an individual user (e.g. site visitor) from your Google Analytics properties GA remain committed to providing features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization They are also updating their policies as Data Processors Indeed, I just found this new section in my GA account: To-do list: Only use reliable, GDPR-compliant tracking software Ask software providers how they’re handling GDPR compliance Add to your Privacy Policy who handles your tracking data GDPR Compliance Step 10: ClicShopping Plugins This is a very important section, but I won’t keep you here for too long. It’s very easy. Does plugin _____ either get, read, store, use, edit, handle, access user personal data? Simply ask yourself this question for each plugin. If the answer is yes: make sure it’s a reliable plugin make sure they are GDPR ready make sure to add the plugin to the list of “third parties” that get access to user data in your Privacy Policy If the answer is no: are you 100% sure? really, really sure? good then, you don’t need to do anything Who knew GDPR was actually a good thing! To-do list: Ask yourself the “magic” GDPR question about each plugin and theme Select GDPR-compliant plugins Discard non-GDPR-compliant plugins GDPR Compliance Step 11: ClicShopping APIs We already mentioned this before, but “API” cover a lot of different applications. But first, what the heck is an API (in plain English pleaseeee)? An API (Application Programming Interface) is basically “a piece of code” that allows you to access an external software without ever leaving your website. API is used for transmitting data between two parties. A good analogy is to think about a bus traveling from one city to another, back and forth, moving people between the two points (data). Another good one (allow me to be a little Italian about it!) is to think about API as a waiter that takes your pizza order and lets the kitchen know what toppings you want Either way, an API is a “data connector” – private data might be passed from your website to another software and viceversa, hence GDPR applies. Examples: users can join your Mailchimp list without ever leaving your website, thanks to Mailchimp API users can checkout with Stripe without ever leaving your site, thanks to Stripe API and so on… Facebook, Twitter, any kind of third party software give you APIs. These APIs connect your ClicShopping store to the outside world, passing data to it – possibly private, personal user data. As long as you know: what APIs you use ? what data is sent ? if the API is GDPR compliant …then you’re good to go. As usual, you have to add to your Privacy Policy the detailed list of APIs that handle user data. To-do list: Audit all your APIs Discard non-GDPR-compliant APIs Add APIs to your Privacy Policy GDPR Compliance Step 12: Breach Notifications Under the GDPR, if your website experiences a data breach this needs to be immediately communicated to those users affected by the breach. A notification must be sent within 72 hours. What’s a data breach by the way? Well, this occurs when personal information is passed to: an unauthorized data processor or subcontractor a non-GDPR compliant body a third party without the knowledge of the data subject a hacker On top of this, you will need to have a security data breach response plan and process in place. To-do list: Secure your ClicShopping website please! Subscribe to all your third-party software / API providers so that you can become aware as soon as a data breach that affects your users occurs Reduce the amount of data you store. Brilliant workaround, isn’t it? Have a data breach emergency plan