0345 8620012

support@jsweb.uk

Shopping Cart 0
Shopping Cart 0
Wordpress Icon

Wordpress

Unlock the full potential of your online identity with expert WordPress development – Crafting Seamless Experiences, Empowering Your Digital Journey

Zen Cart Icon

Zen Cart

Forge a Zen-like shopping experience with expert Zen Cart development – Seamlessly Navigate the Path to E-commerce Tranquility!

WooCommerce Icon

WooCommerce

Empower your online store with precision and style – Elevate your E-commerce Excellence by taking advantage of our Expert WooCommerce Development!

Magento Logo

Magento

Elevate your online empire with bespoke Magento development – Unleash the Power of E-commerce Excellence, Redefine Your Digital Success!

VIEW ALL SERVICES

Shopping Cart

Configure

Configure your desired options and continue to checkout.

GDPR Configuration for Zencart

General Data Protection Rules (GDPR) Compliance

To comply with GDPR, your users must give

  • Explicit Consent for you to use their data for the purposes you intend,
  • have Access to their information and
  • have the Option to remove their information.

Zencart has Consent and Access in place (possibly needing some settings to be made in admin); the Option to Remove exists in the sense that the user must inform you that they want to have their data removed, but there is not the clear guidance that GDPR demands.

Explicit Consent. Your Privacy Statement must explain exactly what you intend to do with the user's data, If you do not already have your Privacy Statement as mandatory reading, then go to admin>configuration>Regulations and turn on the Privacy page. Content is added via admin > tools > Define Pages Editor...define_privacy.php and this is where you should add your GDPR policy. We cannot write your policy for you, but we can offer an example which has been approved by trading standards.

Once switched on, a checkbox appears on the Create Account page which must be checked by the user before they can complete the process. Anyone using Guest Checkout will need to seriously consider what you do with their data after the order has been completed, and will have to explain that within your privacy policy.

Access to their information. Customers can access and edit their data through "My Account". However, Guest Checkout users think they do NOT have an account. Not offering Guest Checkout may well be the only sensible solution here to remain compliant with GDPR.

Option to remove their information. Users cannot delete their account themselves, and deleting the account does not delete orders made by that account - which is good, because by law you need to keep 7 years of historical order data for tax reasons. That need for retention should be explained as part of your GDPR policy.

Our service adds a Delete My Account option on the customer's My Account page, enabling them to send you an email so you can then manually delete their account. We have also built in an automatic process which will delete the account 30 days after the request is made. This does NOT delete past orders.

What About Existing Client Data

Activating your Privacy page and making it mandatory to accept it on account creation is fine for new customers. However, GDPR requires you have specific consent to hold existing data, so to ensure you are compliant, we have added a Review and re-accept option on the MyAccount page. This links to a page which holds a copy of the define_privacy.php (so you only ever need to apply updates in the one place via Define Pages Editor) and includes Accept and Decline buttons. Choosing Accept allows the user to continue and stores the date of Acceptance in the database - this will be displayed in the individual Customer data page in admin.

Clicking Decline will log the user out of their account and record the date they declined in the database. After 30 days, the account details (but NOT past orders) will be deleted automatically.

Of course, the vast majority of returning customers are not going to go to their My Account page unless directed, so we've created a popup that appears when logging in to their account the first time after the site has been configured for GDPR.

Assuming that they accept the privacy statement, they will never see that popup again ... unless in the future you change that Privacy Statement which means people will have to re-accept.

Doing this means that you don't really have to worry about sending emails out to your entire clientbase asking them to go and update their acceptance. .. although it's actually a good opportunity to let them know you're on the ball in respect of GDPR.

We cannot write your privacy statement for you and you must take your own legal advice on what is appropriate for your business. GDPR requires that the Privacy Statement must be clear and separate from the general Terms & Conditions - and it makes sense to have clear links to it from either the header or footer of your site if you do not already have that.

We are covering the practicalities of the user being able to apply their rights in accordance with GDPR and enabling you to easily comply with those rights. The actual management of the data itself is down to you, but we can obviously help if it comes to you needing mass deletion of redundant data. Should that be the case, please get in touch at https://my.jsweb.uk/submitticket.php

NOTE: This is a service offered by JSWeb. If you are comfortable with editing and merging php files we are happy to provide the files. However, there will be no warranty and should you self-install and find things didn't quite work and you need our help to resolve it then we will be happy to assist but our time will be billed at our hourly rate.

Configurable Options
Additional Information
(required fields are marked with *)
Have questions? Contact our sales team for assistance. Click here

Order Summary