That's a good question. I haven't quite decided that, still looking into it.
Printable View
That's a good question. I haven't quite decided that, still looking into it.
Thanks!Quote:
Originally Posted by simon1066
I'm going on the same road, was about to do that, so it's a good thrust.
So far I've battle with javascript to manage to change the cookiecontent script to allow a user configuration.
Basically, it starts with zenid ( but I think that analytics with IP anonymization is allowed) and sets some other cookies uppon user configuration.
They will permit or not, the entrance of different levels of FB pixel, remarketing, etc... with tag manager (that I still have to learn a bit more)
I've created a new table "customers_gdpr" that will save the users consent on registration, date, etc...
A observer that will check the registration page to insert thos values on that table, and also check registers customers prior to this law, so if they start a session, redirects then to the account where may signal their agreement. (it's the same form used on registration page. ) .
That notification is also recorded in the customers_gdpr, so even if a customer chooses not to agree, there is a record that has been notified.( with a date)
Now it's that part, allowing the deletion of a account upon request.
What to delete: there's no general answer to that, it really depends on the the size of the business and what kind of data that business asks and holds and the business informs.
As far as I'm concern:
There's a registered user that never made a purchase, or a comment. Don't see a problem here
There's a registered user that never made a purchase but made some comments, etc. I don't see a problem here.
There's a customer, bougth some stuff:
We don't use zencart as a accounting software, neither we have integrations between other accounting plataforms (ie: sage pay) and zencart, so that purchase is registered on another software and can not be deleted according to our national law. We only ask the necessary data and hold the necessary data.
But online, I don't see a problem either. The customers for what ever reason wants to leave, he leaves. I agree with that.
That's the conclusion that our team of lawyers, highly reputable consultants, and implementation jscript programmers, php and mysql made.
A team made up of me, myself, and sometimes I.
And that's it. I'm done with this.
In fact I'm looking forward for this law, because I'm also a customer, and I want to ask some questions to some big communication companies over here about my data.
Re Cookie Control, I'm probably going to do something like cookiebot . com, although I don't like the way their cookie banner disappears when I start scrolling. Hopefully when I sign up for a free account, and taking into account your ideas, I'll get a better idea of how to implement it on my site .
On my system I think that deleting the Customer and their associated Orders from withing the ZC Admin will be enough to remove customer identifiable information. Deleting an order affects a number of dbase tables but I think I might adjust this to keep the Order in TABLE_ORDERS_PRODUCTS at least then ZC has a record of products sold.
Cookie Control, now it's the time to make money. I've searched for some free scripts that would allow some sort of configuration. Didn't find any, but it's a big internet.
Maybe the cookieconsent script will be updated to give this option.
I'm using foundation has a base template. I've added a link "Configure" to the cookie consent that will use the foundation reveal "module" ( a popup), a form using the foundation switch module. So it's mix of php and jscritp and cookies
But it all can be done using jscritp, but I don't have the knowledge to do that neither the time.
https://cookieconsent.insites. com/documentation/disabling-cookies/
In the cookie consent script I created another status ( Config) , basically a copy from the "allow" status. More or less you can get the idea, just check where the cc.status.allow is used.
In the configuration ( window.addEventListener("load", function () { ) ( has to be set to add the new status ( When I say has, please read maybe )Code:// valid cookie values
cc.status = {
deny: 'deny',
allow: 'allow',
dismiss: 'dismiss',
config: 'config'
};
"revokable": "true",Code:"content": {
"allow": "Allow",
"config": '<i class="ic_settings_white_1x_small"></i>Configure'
},
"type": "opt-in",
Then all is going to be on the
onPopupOpen: function onPopupOpen(status, chosenBefore, options, utils) {
onStatusChange: function onStatusChange(status, chosenBefore) {
The only reason I don't paste here the complete code, it's because I know that makes the job for me, but it's a quick bandage, and it's using foundation base modules, and it's cookies strategies to configure cookies ( a paradox )
To be a general scritp , a lot of JavaScript knowledge is required.
But what was the more complicated part for me, was this.
The rest is a form, with input checkboxes, etc... With PHP i'm checking the cookie config , and allowing or not analytics etc....
Again, this is not a copy paste, but a general idea.
PHP Code:"use strict";
function delete_cookie(name, domain) {
document.cookie = name + '=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Domain=' + domain;
}
window.addEventListener("load", function () {
var host = window.location.hostname;
window.cookieconsent.initialise({
"palette": {
"popup": {
"background": "#000"
},
"button": {
"background": "#f1d600"
}
},
"layout": "basic",
"theme": "edgeless",
"content": {
"message": "bla bla bla:",
"dismiss": "ok",
"allow": "Aloow Cookies",
"link": "Privacy Link",
"href": "thelinink . com ",
"config": '<i class="ic_settings_white_1x_small"></i>Configure'
},
"revokable": "true",
"type": "opt-in",
onPopupOpen: function onPopupOpen(status, chosenBefore, options, utils) {
var type = this.options.type;
var hasConsented = this.hasConsented(); // allow, dismiss, deny, config
var didConsent = hasConsented;
var cfgCookiesAnalytics = '';
var cfgCookiesExternal = '';
// to check if analytics is GDPR compliant
var isAnalyticsChecked = document.getElementById('c-analytics');
var isExternalChecked = document.getElementById('c-external');
function updateState(input) { //This is update the input buttons state
var inputName = input.name == 'secondaryC-switch' ? 'secondaryC-switch' : 'secondaryC-switch-external';
if (inputName == 'secondaryC-switch' && input.checked) {
cfgCookiesAnalytics = 'active';
} else if (inputName == 'secondaryC-switch' && !input.checked) {
cfgCookiesAnalytics = 'inactive';
isExternalChecked.checked = false;
cfgCookiesExternal = 'inactive';
}
if (inputName == 'secondaryC-switch-external' && input.checked) {
cfgCookiesExternal = 'active';
isAnalyticsChecked.checked = true;
cfgCookiesAnalytics = 'active';
} else if (inputName == 'secondaryC-switch-external' && !input.checked) {
cfgCookiesExternal = 'inactive';
}
return false;
}
var cookieForm = document.getElementById("ccForm");
// listen to input events
cookieForm.addEventListener("click", checkInputState, false); // It's going to listen to the INPUT buttons
function checkInputState(e) {
if (e.target.nodeName == "INPUT") {
var listen = updateState(e.target);
}
e.stopPropagation();
}
// console.log('ce: ' + cfgCookiesExternal + ' - ca ' + cfgCookiesAnalytics);
var saveConfig = document.querySelector('[aria-label="config cookie"]');
// define cookie
var cname = this.options.cookie.name;
var expiryDays = this.options.cookie.expiryDays;
var path = this.options.cookie.path;
var domain = this.options.cookie.domain;
var allDomains = '.' + document.location.hostname;
if (saveConfig.addEventListener) {
saveConfig.addEventListener("click", function (checkInputState) { // On save will get the Input Buttons State
//event.preventDefault();
if (cfgCookiesAnalytics == 'active' && cfgCookiesExternal == 'active') {
didConsent = 'config';
var set = cookieconsent.utils.setCookie(cname, 'allow', expiryDays, domain, path);
setTimeout(function () {window.location.reload(true);}, 100);
} else {
didConsent = 'config'; // flag some user interaction
delete_cookie('_ga', allDomains);
delete_cookie('_gid', allDomains);
var set = cookieconsent.utils.setCookie(cname, didConsent, expiryDays, domain, path);
setTimeout(function () { window.location.reload(true);}, 100);
}
var getCookieName = '';
if (cfgCookiesAnalytics == 'active') { // Analytics is good to go
var set = cookieconsent.utils.setCookie('cc_analytics', 'allow', expiryDays, allDomains, path);
} else {
getCookieName = cookieconsent.utils.getCookie('cc_analytics');
if (getCookieName) {
delete_cookie('cc_analytics', allDomains);
}
}
if (cfgCookiesExternal == 'active') {
// review this bit, if it's active, analytics cookie is also active
var set = cookieconsent.utils.setCookie('cc_allowSocial', 'allow', expiryDays, allDomains, path);
} else {
getCookieName = cookieconsent.utils.getCookie('cc_allowSocial');
if (getCookieName) {
delete_cookie('cc_allowSocial', allDomains);
}
}
}, false);
}
},
onInitialise: function onInitialise(status, chosenBefore) {
var type = this.options.type;
var hasConsented = this.hasConsented();
var hasAnswered = this.hasAnswered();
//console.log( 'onInitialise' + hasConsented + hasAnswered + type);
if (type == 'opt-in' && hasConsented == true) {
// enable cookies
}
if (type == 'opt-out' && !hasConsented) {
// disable cookies
}
},
onStatusChange: function onStatusChange(status, chosenBefore) { // The user revoke his choice
var type = this.options.type;
var hasConsented = this.hasConsented();
var hasAnswered = this.hasAnswered();
if (this.hasAnswered() && this.hasConsented()) {
setTimeout(function(){ window.location.reload(true) }, 100);
// Put Your Google Analytics Tracking Code here ( Not using this, but this is the way to go )
}
if (!hasConsented || !hasAnswered) {
setTimeout(function(){ window.location.reload(true) }, 100);
// Put Your Google Analytics Tracking Code here
}
},
onRevokeChoice: function onRevokeChoice() {
var type = this.options.type;
var hasConsented = this.hasConsented();
if (type == 'opt-in' && hasConsented) {
// enable cookies
}
if (type == 'opt-out' && !hasConsented) {
// disable cookies
}
}
});
});
I forgot to put the link https://www.kirupa.com/html5/handlin...y_elements.htm
That's the function ( checkInputState ) that it's called on save. First I had a bunch of listeners that row me nowhere.
Bits of this, bits of that
What would be the implications in Zencart if instead of deleting orders, we could update orders only deleting personal information ?
Something like returning the table to default values ?
UPDATE orders SET
customers_name = 'User Deleted OR EMPTY',
customers_company = DEFAULT,
customers_street_address = DEFAULT,
customers_email_address = DEFAULT,
customers_street_address = DEFAULT
etc, etc, etc,
WHERE customers_id = 1;
You should not delete the orders, or edit personal data in the orders. That is in may countries illegal, and will destroy your audit trail.
It is allowed to keep personal data in the orders, as long as you tell your customers you have that data, and tell them it has to be kept for a certain amount of years.
Quote:
Originally Posted by mesnitu
Ok, but let's say in theory, this could be done. No zones stuff would get in the way, etc ? That's what I'm trying to find out ( in a lazy way I confess)
I'll start now by not deleting any orders ( honestly I'm really tired :sleep1: ).
More or less I made the changes and we are ready for the new regulation.
My only doubt is this one, since we are not using zencart as a accounting software, neither we could use it here, since it's not certify , etc..
So the customers with orders that asks to delete their personal data, we will give then the option to remove online data, but we can not delete a invoice from the accounting software. That's clear crystal.
But online, we really don't need that info, since we are not providing their info to google or whatever.
We have "physical" stores, and that assembles to a customer that enters the shop, provides me with his name, address, mail, phone number, etc , and goes to a corner of the shop and stays there for the rest of his live.
I'm not expecting tons of removal requests, but we have to be ready for the first, since we will notify our customers (all of them) but specially the ones without orders of our new privacy policy.
Hello there. I just wondered if you heard what threshold exempts some companies from the GDPR rules? Thanks in advanceQuote:
Originally Posted by RixStix
There are no exceptions in terms of data protection, and it's not just online. Just different levels of implementation regarding what kind of data do you hold, the amount of data and for what purposes.
For example, your site sets analytics cookies without asking. If the IP is anonymous ( there's a configuration in analytics for that ), it's considered not personal Information. If it tracks the complete IP , then it's personal data, since it can track your localization , and google loves locations to sell.
Basically we all work for google for free.
For security reasons, a company can track IP. But the user has to consent, or at least there must be some sort of information that explains why a company need that data.
If you have more than 250 employees, then a company must have a kind of data manager.
If there's a data breach, all companies are obliged to report that to authorities ( dont« recall the name )