Knowledgebase: Customers
How do I use the GDPR Toolkit?

Merchants needing to set up their stores to adhere to the EU's General Data Protection Regulation (GDPR) can use 3dcart's GDPR Toolkit to facilitate the process.

The GDPR Toolkit offers the following functions for merchants to add on their stores:

  • Add an automatic Cookie Acceptance popup to the store
    (Vistiors must accept the cookie in order to access and shop your site.)
  • Add Privacy Policy acceptance checkboxes on various email specific interaction points (i.e. registration, newletter sign up, Reviews, Q&A and Email a Friend.)
  • Generates a link that Merchants can give to their customers to review their stored data
    (i.e. orders, reviews, blog comments, product offers, etc)
    Upon review of the data, customers can request to have this data deleted.
  • A similar link allowing customers to request deletion of their records outright.
    (No report of what is stored, but rather just an automatic delete of records)
  • A running log for the merchant of these customer report and delete requests.
    (So you can see when requests were made in case of dispute)

Setup

To enable and setup the GDPR Toolkit, use the following steps:

  1. Log into your 3dcart Online Store Manager
  2. Using the left hand navigation menu, go to Modules
  3. On the Modules page, use the search bar at the top to search for and locate the "GDPR" toolkit.
  4. Once the module appears, click on its "Settings" button

A popup window will appear with the following settings:

  • Enforce Privacy Policy Acceptance
    Mark this checkbox to enable policy acceptance checkboxes on various areas where an email address is required for use of the function. This includes:
    • The Customer Registration page
    • Newsletter sign ups
    • CRM Tickets
    • Product Reviews
    • Product Q&A
    • Email a Friend
    If the site visitor does not mark the acceptance checkbox, then the function will not allow them to use it.
  • Specify your Privacy Policy URL
    Once you enable the above setting, a field will appear for your store's Privacy Policy. This will appear in the link on the wording used for the privacy policy acceptance checkbox mentioned above. By default, 3dcart will use your store's pre-created Terms and Conditions page (see Site Content). However, if you have a different page created specifically for your privacy policy, you may use that URL instead.
  • Request Data Page URL
    This URL can be posted or added somewhere on your site (or perhaps in your email communications) for customers to review their stored customer data. When reviewing their data, customers can also select to have their data deleted from the records. (See next section for a fuller explanation of the Data Report and Delete Functions)
  • Request Data Removal Page URL
    Similar to the URL described above, but rather than generating a report, this option allows the customer to delete their records outright. (See next section for a fuller explanation of the Data Report and Delete Functions)
  • Enforce Use of Cookie Acceptance
    Mark this checkbox to enable an automatic popup* that will appear for visitors to your site asking them to accept or deny the use of cookies on the site. If denied, the store will simply redirect the visitor back to your home page and not allow them to progress further until the use of cookies is accepted.

*Special Note
If you have previously used the steps outlined in our EU Cookie Law Compliance knowledgebase article, (or have another alternate cookie popup) on the site, please be sure to remove that function so that it does not interfere with the GDPR Toolkit's automated popup.

  • View Customer’s Requests Log
    Lastly, this link will take you to your store's internal report of Data Report and Deletion reqquests to your site for reference and record keeping.

Once you have configured your settings on the popup, click save and you will be taken back to the Modules page with the GDPR module displayed. To complete the setup:

  1. Within the GDPR module, mark the "Enable" checkbox
  2. Click "Save" at the top right of the page to finish the set up.

Your store now has the GDPR toolkit settings enabled and ready for use.


Data Request and Removal Options

As mentioned above, the two URLs can be added to either your site pages (i.e. added to an extra page, global footer, your privacy policy, or perhaps even in email communications) allowing your visitors to review their stored data and/or delete it completely.

Data Requests

In the case of the Data Request URL; when they visit the page, the customer will enter their email address and receive a confirmation email and a link to confirm that they'd like to have the data compiled for them. Once the data is compiled, they'll receive an additional email with the URL where they can review said data.

The report will list for them any areas of the store that has their email address saved and stored including:

  • Customer Records
  • Blog interactions (comments and replies)
  • Newsletter subscriptions
  • Product related interaction records such as
    • Make-an-Offer bids
    • Product Reviews
    • Waiting List records
    • Product Q&A records
  • Communication Logs from your Contact Us page (CRM)
  • Any additional records matching to their email address
  • Order history

On the report, the customer/visitor can then print the report or request that the stored data be deleted* from the store.

Delete Data Requests

In the case of the Data Deletion URL, the same process will occur with the visitor entering their email address and further confirming the request via an emailed link and acceptance button. The main difference however is that they will not receive any report of their data but rather the system will delete* it outright (although, the visitor will still get a confirmation email after everything is deleted).

*Important Information About the Deletion of Records
If the customer has unfulfilled orders (orders that have not been shipped or canceled), then the deletion request will not proceed until those orders are closed.

Furthermore, it should be noted that the orders themselves will not be removed from the store. Instead, they will be kept in the store's database (along with their country of origin data) for record keeping and accounting purposes.

However, all customer identifying information on the orders (email, billing address, shipping address, phone numbers, etc) will be removed and replaced with the phrase "gdpr-replaced" in its place. This is intended to let you adhere to GDPR policies while keeping your store's order information and subsequent business reporting intact.


Help Desk Software by Kayako fusion