General Data Protection Rules GDPR

Quote:

---

Originally Posted by Ryk

@fix_metal

a. Opening another window frequently leads to people to getting lost...and if they click the back button on the new window, either the one in the page or the browser, they have nowhere to go back to. On the plus side, it does at least mean the details you've already typed in on your original window will still be there, whereas...

---

I would have tended to agree with this, apart from the fact that Firefox on desktop (v60) does not keep the create account page in its cache. It prompts for a 'Try Again', followed by a 'Resend' popup, and eventually you get back to the create account page. Chrome on Android does something similar but at least it's one step less. There's no issue on Edge and Chrome on a desktop.

Interestingly, and I have never paid attention to this before, opening a new tab on Android Chrome the back button (on the device) does work, in fact better than going back within the same window.

So given desktop users can easily select the original tab and that mobile users can use the back mechanism (at least on Android Chrome) to return to the original page, I'm inclined to add the target="_blank" to this link.

Quote:

---

Originally Posted by delia

Thanks to JSWeb for the mod. Note that us idiot Americans do need to look at your verbiage for Americanization and some specific things are written in (such as specified time to keep orders) that will differ from company to company. Your sample privacy page really did help though to make it clearer what transparency means in this case. My rewriting for my clients resulted in this http://deliatest.com/index.php?main_page=privacy. Feel free to use it as you wish. Disclaimer: course I'm no lawyer either but I took some liberties that may lessen the transparency as intended by GDPR, partially in an effort to match all my clients needs and partially because I'm thinking American companies will have trouble with the order retention part of this. We don't have a 7 year requirement to fall back on.

---

Delia, you are probably aware but the link in your post is not working.


It was remiss of me not to also thank Ryk for offering this mod - thank you.

It was a fun zencart newsletter: Happy GDPR day! :cheers:

thanks Simon1066! The correct link is http://deliatest.com/readytodo/index...n_page=privacy.

Ahhh.. That link is also broken:blink:

obviously I have had a very long hard day....
copied and pasted
http://deliatest.com/readytogo/index...n_page=privacy

typo, sorry guys!

Not a bad little privacy policy generator: https://www.shopify.com/tools/policy-generator

There's definitely some good verbiage there - but it is an effort to sign you up for shopify. It's a template that plugs in your business/website information and they do collect (with absolutely no transparency!) your email address.

I particularly like the google analytics information I had never seen before.

In that light I'm posting it:

Business name Privacy Policy

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from https://wiztech4zc.com (the “Site”).

PERSONAL INFORMATION WE COLLECT

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
[[INSERT DESCRIPTIONS OF OTHER TYPES OF TRACKING TECHNOLOGIES USED]]

Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers [[INSERT ANY OTHER PAYMENT TYPES ACCEPTED]]), email address, and phone number. We refer to this information as “Order Information.”

[[INSERT ANY OTHER INFORMATION YOU COLLECT: OFFLINE DATA, PURCHASED MARKETING DATA/LISTS]]

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.

HOW DO WE USE YOUR PERSONAL INFORMATION?

We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
Communicate with you;
Screen our orders for potential risk or fraud; and
When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
[[INSERT OTHER USES OF ORDER INFORMATION]]
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
[[INSERT OTHER USES OF DEVICE INFORMATION, INCLUDING: ADVERTISING/RETARGETING]]

SHARING YOUR PERSONAL INFORMATION

We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store--you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

[[INCLUDE IF USING REMARKETING OR TARGETED ADVERTISING]]
BEHAVIOURAL ADVERTISING
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/un...w-does-it-work.

You can opt out of targeted advertising by:
[[
INCLUDE OPT-OUT LINKS FROM WHICHEVER SERVICES BEING USED.
COMMON LINKS INCLUDE:
FACEBOOK - https://www.facebook.com/settings/?tab=ads
GOOGLE - https://www.google.com/settings/ads/anonymous
BING - https://advertise.bingads.microsoft....rsonalized-ads
]]

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.abouta############fo/.

DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

[[INCLUDE IF LOCATED IN OR IF STORE HAS CUSTOMERS IN EUROPE]]
YOUR RIGHTS
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

DATA RETENTION
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.

[[INSERT IF AGE RESTRICTION IS REQUIRED]]
MINORS
The Site is not intended for individuals under the age of [[INSERT AGE]].

CHANGES
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

CONTACT US
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at email address or by mail using the details provided below:

mail address

Very nice, Delia; thanks for sharing.

I personally hate extensive policy statements 'cause none of us read them but...

I combined the two and rewrote the one I have posted. It is written for non-European companies and for ease of use in Zen Cart. I will be editing it as needed on an ongoing basis, but I am going to start including it in my templates and clean installs. Sometimes clients just don't get around to creating one. I'm tempted to automate some parts of it with real site integration which might work for many small sites but I can see that being an issue with larger companies who may actually have a lawyer.

I also added some wording for COWOA which anyone is welcome to suggest changes to if I have failed there.

http://deliatest.com/readytogo/index...n_page=privacy

One reason for me doing this is that I am a writer, first and foremost. (and am available for hire:smile:) Ah, yes, a writer but not a lawyer (disclaimer again)

I am astonished at that the GDPR is having unintended repercussions such as major companies blocking European IP addresses completely, i.e., the Chicago Tribune. Interesting times.

Quote:

---

Originally Posted by delia

I am astonished at that the GDPR is having unintended repercussions such as major companies blocking European IP addresses completely, i.e., the Chicago Tribune. Interesting times.

---

I am astonished that you are astonished. This is a huge pain in the neck. I'm tempted to do likewise.

swguy, I got European clients on my hosting. Not giving up money. Part of the reason for me digging into this was to see what I needed on my website. Global business -which I know you have as well.

Well, it was a pain, but personally I do like this law. And I'm European.
I'm tired of getting phone messages, emails, from companies that I've never contacted.
Those days are over (I hope).
Until now we've had one customer that made a purchase and after asked to remove the account. So it was remove. Simple.
I guess the guest_account module from lat9 will prevent this situations, but didn't had the time to look into it.
From all the notifications to review the account, nothing really happen, and some "old" customers already agree with the new privacy policy. etc.
I already receive a lots of emails to review my own account on other sites, and I'm not going to. At least today. But it's nice to have the tools and laws to do it.

"We share your Personal Information with third parties to help us use your Personal Information, as described above."

To me, this would be better worded as,

"We share your Personal Information with third parties to help us process orders, as described above."

Quote:

---

Originally Posted by mesnitu

Well, it was a pain, but personally I do like this law. And I'm European.
I'm tired of getting phone messages, emails, from companies that I've never contacted.
Those days are over (I hope).

---

I would bet my bottom dollar they're not. Laws like this inconvenience honest vendors and don't slow down the bad guys one bit.
Bad guys are *criminals*. They are not concerned with obeying the law. That's why we call them bad guys!

Quote:

---

Originally Posted by swguy

I am astonished that you are astonished. This is a huge pain in the neck. I'm tempted to do likewise.

---

DITTO. For now, We're using GDPR recital 23 and removing EU from advertisement targets

GDPR Checklist: https://gdprchecklist.io/

@jsweb
Thanks for making your efforts public. You should put it on Github for the moment, this is not really the place to discuss code.

But:
1) includes\modules\pages\privacy_review\header_php.php
has a block of code in it for sending an email.

As far as I can see, there is nothing in includes\templates\MYTEMPLATE\templates\tpl_privacy_review_default.php
to send that: the "send" action is missing.

I am guessing this header code is copied from delete_account and has not been cleaned.

2) There are many instances of incorrect break tags: <br/>.

regards
Steve

Quote:

---

Originally Posted by HeathenMagic

A lot of websites are sending email to ask to resubscribe to newsletter. Are there any implications for not doing this? I asked the newsletter people I use, even they are not sure how to proceed.

---

Probably not the best solution, but a while back I created a Mailchimp account. I added all customers to the list. I disabled the default newsletter checkbox in my Zen Cart (and I think I set newsletters to NO in all user records).

I added a link in the new customer email telling them to click if they wanted the newsletter.

In the first newsletter I sent out, I told people I had switched to Mailchimp, and that if they wished at any time to remove themselves, click the link at the bottom. (I realize this forced an OPT-OUT rather than OPT-IN but decided to do it this way). If one wanted to make this an OPT-IN you would not import anyone into Mailchimp and might use the email all customers function with the Mailchimp signup link.

While I applaud the work done so far by others, I have decided to *temporarily* ban European visitors until I can become compliant. I will continue to work towards that goal myself, but in the meantime..

I think I have only had a couple of customers in other countries so far.

I found a service that blocks EU visitors for free, up to 25,000 pageloads per month. It took all of 20 minutes from start to finish (most time spent adding 1 line in my header for both Zen-Cart and Wordpress). I tested it with a VPN and it seems to work fine. ezigdpr.com

As I say, I will continue to implement changes to my customers Zen-carts but this has allowed me more time to do it right.

Quote:

---

Originally Posted by mshultise

In the first newsletter I sent out, I told people I had switched to Mailchimp, and that if they wished at any time to remove themselves, click the link at the bottom. (I realize this forced an OPT-OUT rather than OPT-IN but decided to do it this way).

---

This is actually a violation of MailChimp's TOS. I encourage others *not* to do this.

And in a lot of countries that is called spamming, and has been for years.

For those who are not aware: the definition Mailchimp uses of Spam is a pretty common one; it's on the Spamhaus website: https://www.spamhaus.org/consumer/definition/

Spam is bulk, unsolicited email.

Easy peasy. Govern yourselves accordingly!

Thank you Delia.
:yes:

Quote:

---

Originally Posted by giancalr

ok Thanks You, but in the new tool package there is the file footer.php in the tamplate, but what is the purpose, what is the change made? because my file is very complex and I can not replace it with the default one. Thanks It would be advisable to insert in the readme the changes made to the individual files that have overdrive.

---

If you are doing this kind of changes to a site you should have a tool to compare. I use winmerge. Opens your working file and the one you want to replace. You merge them. Winmerge actually shows you which lines have changed and easy to move stuff to the final file you want to upload. This is sort of a requirement for something like zen-cart. You get a list of files that change. You load those into your merge program, then put the originals next to each page and you got it.
Good luck

I've used Ryk's zipped file on page 6 on my website... Once installed it works fine but if people don't tick the terms conditions button it does not register under GDPR Tools , they literally have to read and accept , surely a tick should also work to say they have read them..
I've tried to read though post but there have been so many different things posted, so if there is a answer I am sorry

If they sign up with the privacy turned on, they have to accept it and it gets recorded. If it is an old customer, all they have to do is accept the terms and conditions when they check out. If they don't read the terms & conditions (surprise), they never see the link to the privacy page. If they don't read the privacy page and accept it there, it never happens. So the freebie mod is not as fully done as I would want either. Still grateful that JSWeb gave us this much.

Hi thanks for answer
Yes the privacy is turned on and and shows on both sections of FEC but you can still sign up without having to tick the button ..So I am assuming there is a issue with my installation as it worked before the upgrade

If you have FEC installed then all bets are off.

Quote:

---

So the freebie mod is not as fully done as I would want either. Still grateful that JSWeb gave us this much.

---

True on both counts, much easier to modify/build on what JSWeb have donated than start with a blank page. Thanks to them.

Functionally I added:
- make existing customers accept privacy on next login (or log them out if they don't as they cannot buy!)
- added consent (on checkout_success) to receive automatic emails post-order to get them to comment. With option to remove consent in My Account.
plus various changes to make things more to my taste code-wise.

I just made the accept privacy a required field for create account. No consent=no account.

I wont be doing it ..My site has gone way wayyyy beyond my capabilities lol ... I'll get my guy who does my website to look into it for me :)

Quote:

---

Originally Posted by torvista

True on both counts, much easier to modify/build on what JSWeb have donated than start with a blank page. Thanks to them.

Functionally I added:
- make existing customers accept privacy on next login (or log them out if they don't as they cannot buy!)
- added consent (on checkout_success) to receive automatic emails post-order to get them to comment. With option to remove consent in My Account.
plus various changes to make things more to my taste code-wise.

I just made the accept privacy a required field for create account. No consent=no account.

---

That sounds like the solution many of us need, including me. Care to share how you did this?

The second part is simple - admin > configuration > Regulations ... set the Privacy to true...but a reminder, as @delia pointed out, if you have FEC, or indeed, anything else added to the create account page as customisation, then there's no guarantee.

The first part requires php coding and isn't something that can be set in admin.

Only half-helpful I know, but ensuring new clients formally accept your privacy statement is probably the more important requirement.

I tried installing gdpr4zc in local test, when I tried accessing the admin area I got the following error:

1054 Unknown column 'languages_id' in 'field list'
in:

Code:

---

[INSERT INTO ezpages (`languages_id`, `pages_title`, `alt_url`, `alt_url_external`, `pages_html_text`, `status_header`, `status_sidebox`, `status_footer`, `status_toc`, `header_sort_order`, `sidebox_sort_order`, `footer_sort_order`, `toc_sort_order`, `page_open_new_window`, `page_is_ssl`, `toc_chapter`) VALUES (1, 'PRIVACY SAMPLE', '', '', '
MODIFY THE FOLLOWING FOR YOUR BUSINESS THEN COPY TO admin
[... cut ....]
Email: via our Contact Us page [LINK TO IT]
', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);]

---

I am using 1.55e from zen-cart.it
https://sourceforge.net/projects/zen...0Cart%201.5.x/

@keneso - I've just checked against a vanilla 155e installation from the main Zencart site and languages_id exists in the ez_pages table.

It seems as if your Zencart installation is at fault.

Quote:

---

Originally Posted by Ryk

@keneso - I've just checked against a vanilla 155e installation from the main Zencart site and languages_id exists in the ez_pages table.

It seems as if your Zencart installation is at fault.

---

Thank you, indeed I should have checked the db, it was an upgrade from a lower version, and perhaps something didn't go very well, I imported the table from another install, and it fixed it.

In Beta - Twitch GDPR Compliance

If anyone is interested we've started beta building a new module based on Twitch CASL to provide a fluid and standard upgrade to anyone using Zen Cart 1.55f that requires GDPR compliance. Currently adding code bits from this forum and any suggestions you may provide to us!


General Data Protection Rules Module:
- Adds required consent display with user controlled data management - live site.
- Add data management and reporting for GDPR audits - admin.


GDPR Features:
- SQL update to build complete GDPR table during install included
- Records GDPR data during create account
- Records if the newsletter switch checked or not checked by admin/user
- Records GDPR data if record was not found
- GDPR record remains even if customer is deleted - index id, date, time, agreement and ip address stored.
- SQL update to import all customers from existing databases included


Open to any other features you would like added.

Complete project updates posted on my site in Beta Projects, when complete it will be submitted for review here in the forum!

While not core code, on order completion I added an acceptance box to record permission to send a follow-up email post-purchase (for a review).
I also changed the deletion of a customer to not delete the record and leave a "hole" but record the manual deletion and obfuscate the personal details.

Hello

I'm new French user on Zencart (Fresh install 1.5.6a at https://www.ribetchris.fr/) and I need GDRP compliance to respect law.

I haven't found how to activate information and agreement for the new user on first open page or as long as he hasn't accepted terms of navigation on my website

I found the regulation in admin panel but I don't know what to add the page index.php?main_page=privacy because I don't know exactly what are collected informations outline or on-line after inscription

I don't find the place where customer can delete his account as and when he want (it's an obligation on new gdpr)

Is the frameworks that you developed is completed and usabe on zencart 1.5.6

Thanks for help :cool:

Ribetchris

Quote:

---

Originally Posted by Ryk

This manual version of our GDPR package for Zencart was written for ZC155 (although it will work on older) and for now you can download it from http://jsweb.uk/gdpr_service/gdpr4zc.zip as we haven't had time yet to meet the documentation requirements for submitting to the plugins section.

---

Hello, how is it possible to download or purchase your plugin in its final version (if any)?
Thanks!

Quote:

---

Originally Posted by flax

Hello, how is it possible to download or purchase your plugin in its final version (if any)?
Thanks!

---

Did you try clicking on that link that was part of your post? It still leads to that zip-file.

Quote:

---

Originally Posted by keneso

Thank you, indeed I should have checked the db, it was an upgrade from a lower version, and perhaps something didn't go very well, I imported the table from another install, and it fixed it.

---

Hi Keneso! I am having that same problem of the error page showing up instead of any admin pages and can't seem to fix it, what table did you import/where from and where did you put it? Thanks

IN the end I had to delete the various autoloaders etc. Mod doesn't seem to work with 1.5.6a or higher?

For anyone upgrading to ZC156c we have updated the free version of our GDPR package - you can download it from https://jsweb.uk/gdpr_service/gdpr4zc156c.zip

Stay safe, stay in.

Quote:

---

Originally Posted by Heresy Miniatures

Hi Keneso! I am having that same problem of the error page showing up instead of any admin pages and can't seem to fix it, what table did you import/where from and where did you put it? Thanks

---

Apologies for not having replied, For few months I haven't been here. I guess we need the new version Ryk posted.

Is there a plugin for popup Cookie Consent please?

Zen Cart 1.5.6c
Database Patch Level: 1.5.6
v1.5.6c [2019-10-17 11:28:21] (Version Update 1.5.5->1.5.6c)
v1.5.5f [2019-10-17 11:28:18] (Version Update 1.5.4->1.5.5f)
v1.5.4 [2019-10-17 11:28:18] (Version Update 1.5.3->1.5.4)
v1.5.3 [2019-10-17 11:28:17] (Version Update 1.5.2->1.5.3)
v1.5.2 [2019-10-17 11:28:17] (Version Update 1.5.1->1.5.2)
v1.5.1 [2019-10-17 11:28:16] (Version Update 1.5.0->1.5.1)
v1.5.0 [2012-09-28 11:45:21] (Fresh Installation)
v1.5.0 [2012-09-28 11:45:21] (Fresh Installation)

Does it have to be a popup? Why not a simple banner at the bottom of the page (or top) ?

Does not have to be a popup; It needs to be something they can click ok to accept cookies,not a scrolling message in compliance with GDPR

Quote:

---

Why not a simple banner at the bottom of the page

---

Absolutely, so you can ignore it if you wish and still browse. They should be fining those companies that obscure the page and "provide" such "comprehensive" cookie disclaimers that it is too much trouble to deal with.

Anyway this is off-topic, nothing to do with GDPR.

@Webangel
There's a plugin from Keneso, see his signature a few posts above. Or, you can grab my simpler version here (I didn't have time to write docs and pack as contrib but will do soon). Make sure you backup files and database before installing anything.

@torvista
Yeah, those popups are incredibly annoying, but I'm not sure if there's actually a reason behind it. Perhaps some kind of logging where they are 100% sure you agreed and then you can't ask questions later on because you basically signed it and can't say something like "oh, but I didn't notice it and the site still worked just fine...". Those popups are very common with EIG-owned sites and when you take a closer look and see how you're agreeing that they share your information with hundreds of their partners, it does make you wonder...

thank you :)

Hi, I installed gdpr4zc156c.zip into zencart with Westminster New template by Picaflor Azul (Picaflora also did the mod merge). After install the admin side is there and I can reset consent flag, but the popup does not appear when a (new or repeat) user visits the site. zgarcitul.ro Would you have any idea why?

Quote:

---

Originally Posted by Stingey

Hi, I installed gdpr4zc156c.zip into zencart with Westminster New template by Picaflor Azul (Picaflora also did the mod merge). After install the admin side is there and I can reset consent flag, but the popup does not appear when a (new or repeat) user visits the site. zgarcitul.ro Would you have any idea why?

---

As far as I can recall (I used an older version of this), this mod is aimed at gaining consent from customers during the account creation process, it also allows for account holders to remove their information i.e. delete their account and to gain acceptance from existing (pre GDPR) customers the next time they login.

The popup I think you are referring to is from a Cookie Control plugin - there should be some in the Plugins area of this forum. I believe the Cookie Control and GDPR plugins are two separate animals.

Quote:

---

Originally Posted by simon1066

As far as I can recall (I used an older version of this), this mod is aimed at gaining consent from customers during the account creation process, it also allows for account holders to remove their information i.e. delete their account and to gain acceptance from existing (pre GDPR) customers the next time they login.

The popup I think you are referring to is from a Cookie Control plugin - there should be some in the Plugins area of this forum. I believe the Cookie Control and GDPR plugins are two separate animals.

---

Some further thinking - I took your reference to a 'user' to be a visitor but you might have been referring to the popup that a user gets when creating an account (this wasn't present in my version). In that case it will probably be due to the way the plugin was installed or configured. It seems you might have paid to have this plugin installed in which case the installer should be able to help.

Thanks for your input. I thought that the cookie consent was all part of the GDPR mod, I'll get that next.

I created a test account and did not receive GDPR notification, the account appears on the customer list but does not appear on the GDPR list. If I go to My Account and specifically chose PRIVACY POLICY REVIEW and accept, then the account is added to the GDPR tool. I'm pretty sure that a popup should appear asking me to accept if I have not already done so.

Quote:

---

Originally Posted by Stingey

... I'm pretty sure that a popup should appear asking me to accept if I have not already done so.

---

You might want to double-check that the popup feature is actually present in your version of the GDPR mod. I'm not sure where gdpr4zc156c.zip comes from, not having looked at all of this thread. I seem to remember that there were some differences between the free and paid versions.

Thanks for the input.

gdpr4zc156c comes from post #144 by Rykon 25 March in this thread.

I confess to being a novice but with a little experience of playing with PHP files in zencart a couple of years ago. From my limited understanding gdpr.php starts by loading a popup dialog.

file starts as follows...

<?php
// start GDPR
//
// +----------------------------------------------------------------------+
// |zen-cart Open Source E-commerce |


// | [email protected] so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// $Id: gdpr.php v1.1 2020-03-25 Steve Price JS Web $
//
?>
<?php
require('includes/application_top.php');
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<link rel="stylesheet" type="text/css" href="includes/cssjsmenuhover.css" media="all" id="hoverJS">
<script language="javascript" src="includes/menu.js"></script>
<script language="javascript" src="includes/general.js"></script>
<script type="text/javascript">
<!--
function init()
{
cssjsmenu('navbar');
if (document.getElementById)
{
var kill = document.getElementById('hoverJS');
kill.disabled = true;
}
}
// -->
</script>
</head>
<body onLoad="init()" marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td class="pageHeading">GDPR Acceptance</td>
<td class="pageHeading" align="right"><?php echo zen_draw_separator('pixel_trans.gif', HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
</tr>
</table></td>
</tr>
<tr>
<td width="100%">
<?php
// collect configuration group id
$sql = "SELECT configuration_group_id FROM ".TABLE_CONFIGURATION_GROUP." WHERE configuration_group_title='GDPR Configuration' LIMIT 1";
$result = $db->Execute($sql);
$cfg_group = $result->fields['configuration_group_id'];

Not sure I can help much more without installing the mod but, whenever anything to do with jscript fails to work I first look for console errors in the browser, then look at whether it is designed to work with the jquery version being loaded in html_header.php and then whether it conflicts with any of the other scripts being used (I would disable them one by one to try to identify the culprit). You could also look at the html code for errors - stray/not-closing tags.

I upgraded from 155f to 157b but had a db failure

Code:

---

[04-Dec-2020 14:32:27 Europe/Berlin] MySQL error 1292 encountered during zc_install:
Incorrect datetime value: '0000-00-00 00:00:00' for column `zencart157btest`.`customers`.`gdpr_accept_date` at row 1

---

Dr Byte answered this is based on old ways of handling dates, and only built for old MySQL versions not using strict-mode.

So following his advice I set the default for the gdpr date/time columns to "0001-01-01 00:00:00" and ran this piece of code to fix existing entries

Code:

---

UPDATE customers SET gdpr_accept_date = '0001-01-01 00:00:00' WHERE gdpr_accept_date < '0001-01-01' and gdpr_accept_date is not null;
UPDATE customers SET prev_gdpr_accept_date1 = '0001-01-01 00:00:00' WHERE prev_gdpr_accept_date1 < '0001-01-01' and prev_gdpr_accept_date1 is not null;
UPDATE customers SET prev_gdpr_accept_date2 = '0001-01-01 00:00:00' WHERE prev_gdpr_accept_date2 < '0001-01-01' and prev_gdpr_accept_date2 is not null;
UPDATE customers SET prev_gdpr_accept_date3 = '0001-01-01 00:00:00' WHERE prev_gdpr_accept_date3 < '0001-01-01' and prev_gdpr_accept_date3 is not null;
UPDATE customers SET gdpr_decline_date = '0001-01-01 00:00:00' WHERE gdpr_decline_date < '0001-01-01' and gdpr_decline_date is not null;

---

@marton_1 while that will probably work fine in most cases, we've updated our "advice" on that topic a little after more experience.
See: https://docs.zen-cart.com/user/upgra...andardization/

Hi, I've installed the Cookie Control plugin, is there a way to disable the timer? I need the consent page to appear and stay on the screen until the user clicks ok? Thanks

Hi, I have a question if someone solved according to the new cookies opt-in according to the EU gdpr. I have updated the cookie control to the latest version, but it does not address the division of cookies into permanent, analytical, marketing, advertising, others. External services may be fine, but they only partially solve the problem. thank you for answer

Just a heads up. The admin/customers.php has a call to a nonexistant zen_admin_demo which causes the delete customer function to fail.

Hello

Anyone knows about this new rules ?

consentmanager.net Newsletter 02/2022

Hello ---------------,

We're excited to announce the latest update that has gone live! Among many new things, these are the most important features available with the new update:
Illegal #1: Google Fonts illegal?
At the end of January, the Munich Regional Court had to deal with the topic of Google Fonts (integrating fonts into a website). The court ruled that embedding Google Fonts via Google's server without consent was illegal and awarded the plaintiff damages. As you are used to from consentmanager, we reacted directly and in this month's update created the possibility to block Google Fonts and other external font and style elements (automatic blocking: Menu > CMPs > Edit > Other settings > Block stylesheets or manual blocking via code customization, see help).
Our recommendation: Activate blocking or, best of all, simply download the fonts and place them on your own server.
Illegal #2: Google Analytics illegal?
In addition to Google Fonts, Google Analytics was also recently "under fire": In Austria, the data protection authority decided in a case that Google Analytics was not compatible with the principles of the GDPR, since data is sent to the USA and there is no adequate level of protection. The website operator was therefore prohibited from using Google Analytics (especially since an insufficient consent banner was used in this case). A little later, the Dutch and French data protection authorities followed and also ruled that the (unprotected) integration of Google Analytics was not GDPR-compliant. It can be assumed that other data protection authorities of other countries will follow.
Our recommendation: Only use Google Analytics when consent is given or look for alternatives that are friendly to data protection (e.g. etracker or Matomo).
Illegal #3: IAB TCF illegal?
The Belgian data protection authority has also caused a stir. This had to decide on the IAB TCF standard. The authority found that under the current circumstances, the IAB Transparency and Consent Framework, as well as IAB Europe as the administrative body behind the standard, do not meet various conditions of the GDPR. The IAB has now been given a two-month period to develop an "Action Plan" with proposed changes. The proposed changes are intended to show how the TCF can be redesigned to be GDPR compliant. The IAB Europe has since appealed against the decision. We have collected more details in our FAQ (german).
Our recommendation: If you have nothing to do with online advertising (e.g. e-commerce or company websites), you should not use the IAB TCF standard. If you can't do without it, you shouldn't panic now, but wait and see how the situation develops.
Purposes & Slider
Also new this month is the possibility of rearranging and sorting purposes: Simply "drag" the entry and move it to where it should appear.

Hello.

I just notice when you make delete a customer can't sign in of course but when he try to apply the module forgot my password the dat abase not pop up the message sorry we re not in our data this email account, just said ( Thank you. If that email address is in our system, we will send password recovery instructions to that email address.) of course not send any email to the customer but the right it is (sorry we re not in our data this email account)

I'm attempting to integrate my GDPR customisations (I think they were from JSWeb's mod) into ZC v1.5.8. In /includes/modules/MY_TEMPLATE/create_account.php

I have, in ZC v1.5.7d, the additional code in red

Code:

---

if ($error == true) {
    // hook notifier class
    $zco_notifier->notify('NOTIFY_FAILURE_DURING_CREATE_ACCOUNT');
  } elseif ($antiSpam != '') {
    $zco_notifier->notify('NOTIFY_SPAM_DETECTED_DURING_CREATE_ACCOUNT');
    $messageStack->add_session('header', (defined('ERROR_CREATE_ACCOUNT_SPAM_DETECTED') ? ERROR_CREATE_ACCOUNT_SPAM_DETECTED : 'Thank you, your account request has been submitted for review.'), 'success');
    zen_redirect(zen_href_link(FILENAME_SHOPPING_CART));
  } else {
    $sql_data_array = array(array('fieldName'=>'customers_firstname', 'value'=>$firstname, 'type'=>'stringIgnoreNull'),
                          array('fieldName'=>'customers_lastname', 'value'=>$lastname, 'type'=>'stringIgnoreNull'),
                          array('fieldName'=>'customers_email_address', 'value'=>$email_address, 'type'=>'stringIgnoreNull'),
                          array('fieldName'=>'customers_nick', 'value'=>$nick, 'type'=>'stringIgnoreNull'),
                          array('fieldName'=>'customers_telephone', 'value'=>$telephone, 'type'=>'stringIgnoreNull'),
                          array('fieldName'=>'customers_fax', 'value'=>$fax, 'type'=>'stringIgnoreNull'),
                          array('fieldName'=>'customers_newsletter', 'value'=>$newsletter, 'type'=>'integer'),
                          array('fieldName'=>'customers_email_format', 'value'=>$email_format, 'type'=>'stringIgnoreNull'),
                          array('fieldName'=>'customers_default_address_id', 'value'=>0, 'type'=>'integer'),
                          array('fieldName'=>'gdpr_accept', 'value'=>$gdpr_accept, 'type'=>'integer'),
                          array('fieldName'=>'gdpr_accept_date', 'value'=>date('Y-m-d H:i:s'), 'type'=>'date'),
                          array('fieldName'=>'customers_password', 'value'=>zen_encrypt_password($password), 'type'=>'stringIgnoreNull'),
                          array('fieldName'=>'customers_authorization', 'value'=>$customers_authorization, 'type'=>'integer'),
    );

    if ((CUSTOMERS_REFERRAL_STATUS == '2' and $customers_referral != '')) $sql_data_array[] = array('fieldName'=>'customers_referral', 'value'=>$customers_referral, 'type'=>'stringIgnoreNull');
    if (ACCOUNT_GENDER == 'true') $sql_data_array[] = array('fieldName'=>'customers_gender', 'value'=>$gender, 'type'=>'stringIgnoreNull');
    if (ACCOUNT_DOB == 'true')  $sql_data_array[] = array('fieldName'=>'customers_dob', 'value'=>empty($_POST['dob']) || $dob_entered == '0001-01-01 00:00:00' ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($_POST['dob']), 'type'=>'date');

    $db->perform(TABLE_CUSTOMERS, $sql_data_array);

    $_SESSION['customer_id'] = $db->Insert_ID();

    $zco_notifier->notify('NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_CUSTOMER_RECORD', array_merge(array('customer_id' => $_SESSION['customer_id']), $sql_data_array));


    $sql_data_array = array(array('fieldName'=>'customers_id', 'value'=>$_SESSION['customer_id'], 'type'=>'integer'),
                            array('fieldName'=>'entry_firstname', 'value'=>$firstname, 'type'=>'stringIgnoreNull'),
                            array('fieldName'=>'entry_lastname', 'value'=>$lastname, 'type'=>'stringIgnoreNull'),
                            array('fieldName'=>'entry_street_address', 'value'=>$street_address, 'type'=>'stringIgnoreNull'),
                            array('fieldName'=>'entry_postcode', 'value'=>$postcode, 'type'=>'stringIgnoreNull'),
                            array('fieldName'=>'entry_city', 'value'=>$city, 'type'=>'stringIgnoreNull'),
                            array('fieldName'=>'entry_country_id', 'value'=>$country, 'type'=>'integer'),
    );

    if (ACCOUNT_GENDER == 'true') $sql_data_array[] = array('fieldName'=>'entry_gender', 'value'=>$gender, 'type'=>'stringIgnoreNull');
    if (ACCOUNT_COMPANY == 'true') $sql_data_array[] = array('fieldName'=>'entry_company', 'value'=>$company, 'type'=>'stringIgnoreNull');
    if (ACCOUNT_SUBURB == 'true') $sql_data_array[] = array('fieldName'=>'entry_suburb', 'value'=>$suburb, 'type'=>'stringIgnoreNull');

    if (ACCOUNT_STATE == 'true') {
      if ($zone_id > 0) {
        $sql_data_array[] = array('fieldName'=>'entry_zone_id', 'value'=>$zone_id, 'type'=>'integer');
        $sql_data_array[] = array('fieldName'=>'entry_state', 'value'=>'', 'type'=>'stringIgnoreNull');
      } else {
        $sql_data_array[] = array('fieldName'=>'entry_zone_id', 'value'=>0, 'type'=>'integer');
        $sql_data_array[] = array('fieldName'=>'entry_state', 'value'=>$state, 'type'=>'stringIgnoreNull');
      }
    }

    $db->perform(TABLE_ADDRESS_BOOK, $sql_data_array);

    $address_id = $db->Insert_ID();

    $zco_notifier->notify('NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_ADDRESS_BOOK_RECORD', array_merge(array('address_id' => $address_id), $sql_data_array));

    $sql = "UPDATE " . TABLE_CUSTOMERS . "
              SET customers_default_address_id = '" . (int)$address_id . "'
              WHERE customers_id = '" . (int)$_SESSION['customer_id'] . "'";

    $db->Execute($sql);

    $sql = "INSERT INTO " . TABLE_CUSTOMERS_INFO . "
                          (customers_info_id, customers_info_number_of_logons,
                          customers_info_date_account_created, customers_info_date_of_last_logon)
              VALUES ('" . (int)$_SESSION['customer_id'] . "', '1', now(), now())";

    $db->Execute($sql);

    // do any 3rd-party nick creation
    $nick_email = $email_address;
    $zco_notifier->notify('NOTIFY_NICK_CREATE_NEW', $nick, $password, $nick_email, $extra_welcome_text);

    if (SESSION_RECREATE == 'True') {
      zen_session_recreate();
    }

    $_SESSION['customer_first_name'] = $firstname;
    $_SESSION['customer_last_name'] = $lastname;
    $_SESSION['customer_default_address_id'] = $address_id;
    $_SESSION['customer_country_id'] = $country;
    $_SESSION['customer_zone_id'] = $zone_id;
    $_SESSION['customers_authorization'] = $customers_authorization;

    // restore cart contents
    $_SESSION['cart']->restore_contents();

    // hook notifier class
    $zco_notifier->notify('NOTIFY_LOGIN_SUCCESS_VIA_CREATE_ACCOUNT', $email_address, $extra_welcome_text, $send_welcome_email);

---

in ZC v1.5.8 that part of the create_account.php file now reads

Code:

---

    if ($error == true) {
        // hook notifier class
        $zco_notifier->notify('NOTIFY_FAILURE_DURING_CREATE_ACCOUNT');
    } elseif ($antiSpam != '') {
        $zco_notifier->notify('NOTIFY_SPAM_DETECTED_DURING_CREATE_ACCOUNT');
        $messageStack->add_session('header', (defined('ERROR_CREATE_ACCOUNT_SPAM_DETECTED') ? ERROR_CREATE_ACCOUNT_SPAM_DETECTED : 'Thank you, your account request has been submitted for review.'), 'success');
        zen_redirect(zen_href_link(FILENAME_SHOPPING_CART));
    } else {

        $ip_address = zen_get_ip_address();

        $customer = new Customer;

        $data = compact(
            'firstname', 'lastname', 'email_address', 'nick', 'email_format', 'telephone', 'fax',
            'newsletter', 'password', 'customers_authorization', 'customers_referral',
            'gender', 'dob', 'company', 'street_address',
            'suburb', 'city', 'zone_id', 'state', 'postcode', 'country', 'ip_address'
        );

        $result = $customer->create($data);
        if (!empty($result)) {
            $customer->login($result['customers_id'], $restore_cart = true);
            if (SESSION_RECREATE == 'True') {
                zen_session_recreate();
            }
        }

        // do any 3rd-party nick creation
        $nick_email = $email_address;
        $zco_notifier->notify('NOTIFY_NICK_CREATE_NEW', $nick, $password, $nick_email, $extra_welcome_text);

        // hook notifier class
        $zco_notifier->notify('NOTIFY_LOGIN_SUCCESS_VIA_CREATE_ACCOUNT', $email_address, $extra_welcome_text, $send_welcome_email);

---

How do I incorporate my gdpr code into the new ZC v1.5.8 code? I had thought that something like this might be appropriate

Code:

---

$data = compact(
            'firstname', 'lastname', 'email_address', 'nick', 'email_format', 'telephone', 'fax',
            'newsletter', 'gdpr_accept', 'gdpr_accept_date', 'password', 'customers_authorization', 'customers_referral',
            'gender', 'dob', 'company', 'street_address',
            'suburb', 'city', 'zone_id', 'state', 'postcode', 'country', 'ip_address'
        );

---

but am not sure if that works for 'gdpr_accept_date' with its value of 'date'.

Your edit to /includes/modules/MY_TEMPLATE/create_account.php is correct.

You will also need to edit includes/classes/Customer.php, adding the following code at line 727.

Code:

---

/* bof gdpr */
$sql_data_array [] = ['fieldName'=>'gdpr_accept', 'value'=>$data['gdpr_accept'], 'type'=>'integer'];
$sql_data_array [] = ['fieldName'=>'gdpr_accept_date', 'value'=>date('Y-m-d H:i:s'), 'type'=>'date'];
/* eof gdpr */

---

Quote:

---

Originally Posted by strelitzia

Your edit to /includes/modules/MY_TEMPLATE/create_account.php is correct.

You will also need to edit includes/classes/Customer.php, adding the following code at line 727.

Code:

---

/* bof gdpr */
$sql_data_array [] = ['fieldName'=>'gdpr_accept', 'value'=>$data['gdpr_accept'], 'type'=>'integer'];
$sql_data_array [] = ['fieldName'=>'gdpr_accept_date', 'value'=>date('Y-m-d H:i:s'), 'type'=>'date'];
/* eof gdpr */

---

---

That's great, thank you for this.

Quote:

---

Originally Posted by simon1066

That's great, thank you for this.

---

You're welcome.

If you get any further issues with it, let me know and I'll help you out.

I'll try and find time to update the package we offer via Zen Cart downloads!

Quote:

---

Originally Posted by strelitzia

Your edit to /includes/modules/MY_TEMPLATE/create_account.php is correct.

You will also need to edit includes/classes/Customer.php, adding the following code at line 727.

Code:

---

/* bof gdpr */
$sql_data_array [] = ['fieldName'=>'gdpr_accept', 'value'=>$data['gdpr_accept'], 'type'=>'integer'];
$sql_data_array [] = ['fieldName'=>'gdpr_accept_date', 'value'=>date('Y-m-d H:i:s'), 'type'=>'date'];
/* eof gdpr */

---

---

FWIW, there is a notification issued by that class just after the base customer record has been created

Code:

---

        $this->notify('NOTIFY_MODULE_CREATE_ACCOUNT_ADDED_CUSTOMER_RECORD', array_merge(['customer_id' => $customer_id], $sql_data_array));

---

... which you could use via an observer-class to add those gpdr-related fields without carving up a core file.

Quote:

---

Originally Posted by strelitzia

I'll try and find time to update the package we offer via Zen Cart downloads!

---

If you don't have time, even an old copy of the plugin would be very helpful and could be adopted by another developer.

Thanks for your contributions to Zen Cart!

Quote:

---

Originally Posted by lat9

FWIW, there is a notification issued by that class just after the base customer record has been created

---

I’m aware of the notifier. I gave a quick fix to a forum member wanting to get his/her upgraded site working.
When the full module is checked and updated for 158 it will be updated to make use of this notifier. 😉

The copy of the JSWeb gdpr mod one customer has adds three more fields prev_gdpr_accept_date1, prev_gdpr_accept_date2, prev_gdpr_accept_date3.
These have no default value and are not nullable. They seem only partially integrated into the code as well - have these been removed or have they been changed to nullable? The current schema wouldn't work at all on a modern PHP/MySQL.

Also, are the gdpr_decline and gdpr_decline_date fields no longer used in the customers table by the JSWeb GDPR mod?

@strelitzia if you want to put what's available now in the plugins library, I can get it updated for 1.5.8.

Quote:

---

Originally Posted by swguy

Also, are the gdpr_decline and gdpr_decline_date fields no longer used in the customers table by the JSWeb GDPR mod?

---

Those are definitely integral to the mod. When JSweb did this quickie thing - they also did a paid version. I found it just now - it still says it's for 1.5.5. So it was a quickie that they have abandoned - I saw problems and redid a bit of it from the start. I had integrated it into my template for a while but pulled it as it didn't turn out to be required as we thought at the time.

There is no question something like this is needed - I feel it should be integrated fully in zen cart default. But is this worth updating? It was never intended to be a mod for adding to the plugin directory. Not one of my clients use it. (My clients are now all US based) It is only an interface really for alerting customers that they have options. It doesn't provide anyway to delete or to decide how to delete a customer's data - that was in the commercial version. In other words this is very deceptive, only making a website look like it's obeying the intent of the GDPR regulations.

I would grateful for an uninstall script or instructions on converting the database fields (one of the employees of that website actually did this instead of me). I may have to come up with that myself. But the biggest issue is actually a website who has these changed fields, not using the mod, no indication of the mod being installed and then having the upgrade create issues - after the fact. I know that putting in some kind of check in the upgrade is more than one wants to do for one little used mod. But in reality - that's what I need ahead of the upgrade. Any ideas you have along those lines would be super!

Quote:

---

Originally Posted by delia

Those are definitely integral to the mod. When JSweb did this quickie thing - they also did a paid version. I found it just now - it still says it's for 1.5.5. So it was a quickie that they have abandoned - I saw problems and redid a bit of it from the start. I had integrated it into my template for a while but pulled it as it didn't turn out to be required as we thought at the time.

There is no question something like this is needed - I feel it should be integrated fully in zen cart default. But is this worth updating? It was never intended to be a mod for adding to the plugin directory. Not one of my clients use it. (My clients are now all US based) It is only an interface really for alerting customers that they have options. It doesn't provide anyway to delete or to decide how to delete a customer's data - that was in the commercial version. In other words this is very deceptive, only making a website look like it's obeying the intent of the GDPR regulations.

I would grateful for an uninstall script or instructions on converting the database fields (one of the employees of that website actually did this instead of me). I may have to come up with that myself. But the biggest issue is actually a website who has these changed fields, not using the mod, no indication of the mod being installed and then having the upgrade create issues - after the fact. I know that putting in some kind of check in the upgrade is more than one wants to do for one little used mod. But in reality - that's what I need ahead of the upgrade. Any ideas you have along those lines would be super!

---

Has this moved on at all? I am upgrading to v158a and already use GDPR in my current ZC155f shop.
If it is of any use I attach the original files I had for installation on earlier versions

Attachment 20374

nope, it's dead in the water to my knowledge. Tho it may well work okay with 1.5.8 with little fixing. I simply haven't used it in years.

Those of us in the EU and the UK must have a solution in place. Both for GDPR and Cookie Control. The lack of both is a serious omission and a significant obstacle to Zen Cart being chosen or even tried by EU customers. It would be on my roadmap for world domination.

But while we may think ZC should have this in core, it is not going to happen while the development input is almost purely US-centric.
No that "they" don't care, but there is a lot of tedious detail to be reviewed and dealt-with and, inevitably, if you don't have an EU customer driving the work, you are not going to do it.

I wrote my own solution based on the ideas/code supplied at the start of this thread, but if I were starting now I would go to the German Zen Cart (where I would expect it to be built-in) and extract it from there.

Quote:

---

Originally Posted by torvista

Those of us in the EU and the UK must have a solution in place. Both for GDPR and Cookie Control. The lack of both is a serious omission and a significant obstacle to Zen Cart being chosen or even tried by EU customers.

---

I too would have to agree that not even having at least a cookie control dialogue built into the core of Zen Cart is an omission that really needs to be looked at now. Whatever ones viewpoint is and yes I live in a country that has purposefully left the EU, you cannot overlook the fact that the EU represents a potential customer base of hundreds of millions of people. Very few businesses could realistically turn their back on that size of customer base.

GDPR is a pain in the ######## for sure.