Knowledgebase: Customers

How do I use the Data Privacy Toolkit Toolkit?


Merchants needing to set up their stores to adhere to Data Privacy Regulations (such as GDPR and CCPA) can use Shift4Shop's Data Privacy Toolkit to facilitate the process.

The Data Privacy Toolkit offers the following functions for merchants to add on their stores:

  • Add an automatic Cookie Acceptance popup to the store
    (Visitors are advised that the cookie will be used while shopping your site.)
  • Add Privacy Policy acceptance checkboxes on various email specific interaction points (i.e. registration, newletter sign up, Reviews, Q&A and Email a Friend.)
  • Generates a link that Merchants can give to their customers to review their stored data
    (i.e. orders, reviews, blog comments, product offers, etc)
    Upon review of the data, customers can request to have this data deleted.
  • A similar link allowing customers to request deletion of their records outright.
    (No report of what is stored, but rather just an automatic delete of records)
  • A running log for the merchant of these customer report and delete requests.
    (So you can see when requests were made in case of dispute)


To enable and setup the Data Privacy Toolkit, use the following steps:

  1. Log into your Shift4Shop Online Store Manager
  2. Using the left hand navigation menu, go to Modules
  3. On the Modules page, use the search bar at the top to search for and locate the "Data Privacy" toolkit.
  4. Once the module appears, click on its "Settings" button

A popup window will appear with the following settings:

  • Enforce Privacy Policy Acceptance
    Mark this checkbox to enable policy acceptance checkboxes on various areas where an email address is required for use of the function. This includes:
    • The Customer Registration page
    • Newsletter sign ups
    • CRM Tickets
    • Product Reviews
    • Product Q&A
    • Email a Friend
    If the site visitor does not mark the acceptance checkbox, then the function will not allow them to use it.
  • Specify your Privacy Policy URL
    Once you enable the above setting, a field will appear for your store's Privacy Policy. This will appear in the link on the wording used for the privacy policy acceptance checkbox mentioned above. By default, Shift4Shop will use your store's pre-created Terms and Conditions page (see Site Content). However, if you have a different page created specifically for your privacy policy, you may use that URL instead.
  • Request Data Page URL
    This URL can be posted or added somewhere on your site (or perhaps in your email communications) for customers to review their stored customer data. When reviewing their data, customers can also select to have their data deleted from the records. (See next section for a fuller explanation of the Data Report and Delete Functions)
  • Request Data Removal Page URL
    Similar to the URL described above, but rather than generating a report, this option allows the customer to delete their records outright. (See next section for a fuller explanation of the Data Report and Delete Functions)
  • Enforce Use of Cookie Acceptance
    Mark this checkbox to enable an automatic popup* that will appear for visitors to your site asking them to accept the use of cookies on the site.

*Special Note
The popup is not intended to allow the user to accept or decline the cookies. It is simply there to advise them that cookies are used. Visitors can ignore the popup if they'd like (even all the way to checkout), but cookies will still be used on their visit to the store. Furthermore, until the visitor clicks on the "I Accept" button, the popup will appear for every page they visit on your store.

  • View Customer’s Requests Log
    Lastly, this link will take you to your store's internal report of Data Report and Deletion reqquests to your site for reference and record keeping.

Once you have configured your settings on the popup, click save and you will be taken back to the Modules page with the Data Privacy module displayed. To complete the setup:

  1. Within the Data Privacy module, mark the "Enable" checkbox
  2. Click "Save" at the top right of the page to finish the set up.

Your store now has the Data Privacy toolkit settings enabled and ready for use.

Data Request and Removal Options

As mentioned above, the two URLs can be added to either your site pages (i.e. added to an extra page, global footer, your privacy policy, or perhaps even in email communications) allowing your visitors to review their stored data and/or delete it completely.

Data Requests

In the case of the Data Request URL; when they visit the page, the customer will enter their email address and receive a confirmation email and a link to confirm that they'd like to have the data compiled for them. Once the data is compiled, they'll receive an additional email with the URL where they can review said data.

The report will list for them any areas of the store that has their email address saved and stored including:

  • Customer Records
  • Blog interactions (comments and replies)
  • Newsletter subscriptions
  • Product related interaction records such as
    • Make-an-Offer bids
    • Product Reviews
    • Waiting List records
    • Product Q&A records
  • Communication Logs from your Contact Us page (CRM)
  • Any additional records matching to their email address
  • Order history

On the report, the customer/visitor can then print the report or request that the stored data be deleted* from the store.

Delete Data Requests

In the case of the Data Deletion URL, the same process will occur with the visitor entering their email address and further confirming the request via an emailed link and acceptance button. The main difference however is that they will not receive any report of their data but rather the system will delete* it outright (although, the visitor will still get a confirmation email after everything is deleted).

*Important Information About the Deletion of Records
If the customer has unfulfilled orders (orders that have not been shipped or canceled), then the deletion request will not proceed until those orders are closed.

Furthermore, it should be noted that the orders themselves will not be removed from the store. Instead, they will be kept in the store's database (along with their country of origin data) for record keeping and accounting purposes.

However, all customer identifying information on the orders (email, billing address, shipping address, phone numbers, etc) will be removed and replaced with the phrase "gdpr-replaced" in its place. This is intended to let you adhere to Data Privacy policies while keeping your store's order information and subsequent business reporting intact.

Help Desk Software by Kayako fusion