Page 3 of 17 FirstFirst 1234513 ... LastLast
Results 21 to 30 of 161
  1. #21
    Join Date
    Dec 2009
    Location
    Amersfoort, The Netherlands
    Posts
    2,845
    Plugin Contributions
    25

    Default Re: GDPR is Europe's new framework for data protection laws

    Quote Originally Posted by gilby View Post
    Not sure what "deleting their account" actually means?
    What about all their "orders"?
    Can't delete those as by law we need to keep this info for at least 7 years for tax purposes here in Oz
    As well if you actually deleted "orders" we wouldn't be able to do basic stock control and profit and loss etc....

    Perhaps it means renaming the account somehow to keep the actual data but to remove all customer identifying details?
    If so then how would you handle cases when the government wants details on who you sold stuff to?

    Perhaps it only applies to online data. Maybe you can keep printed offline records of all this stuff?
    Just thinking here....
    You may delete or change orders that are final, as that is prohibited by law, but you should probably have to tell the customer you need to save that information for a limited amount of time (7 years in EU countries).

  2. #22
    Join Date
    Jun 2003
    Location
    Newcastle UK
    Posts
    2,881
    Blog Entries
    2
    Plugin Contributions
    2

    Default Re: GDPR is Europe's new framework for data protection laws

    As the only core team member residing in the EU, thought I would offer my thoughts here.

    First, as mentioned in a previous post, be wary of scaremongers, especially when they are consultants looking to make some money from you.

    The first steps in compliance is to make sure your Privacy and Conditions of use tell the customer exactly what data you are collecting, what use it is put to, and how to contact you if they have concerns or want you to amend/delete their data.

    Another big issue is consent. Using Agree to terms on both sign up and checkout will help here. Also remember that any consent should be opt in, don't automatically check those checkboxes.
    Zen Cart by default does not have a Cookie consent pop up, although there are modules that you can install.

    When you are collecting information, make sure you are only collecting information you really need. Do you really need a customers telephone number, their date of birth etc. If you are collecting that information then tell the customer why you need it.

    On the right to forget, there are obviously some conflicts here. While its easy to delete a customers record, if they have made orders then personal info is also stored in the order. However as a general principle, the tax requirements to keep order information for n years will override the GDPR requirements. Again this fact should be shared with the customer in your privacy policy.

    On encryption. The actual section in the wonderful GDPR documentation does not make it an absolute necessity, at least as far as database encryption is concerned. However no store now should ever operate without SSL, and as a general principle should use SSL site wide and not just for admin/checkout.

    Finally, I am not a lawyer. My advice above is based on my reading of GDPR, and my experience working with Zen Cart for many many years :)

  3. #23
    Join Date
    Aug 2014
    Location
    Lisbon
    Posts
    594
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    I never took close look on the customers tables and all that stuff.
    I was thinking about creating a new table that could save the customers agreement in the new gdpr laws. But there's a beautiful table called customers_info, that could hold this extra info.
    My concern is on future zencart updates. I belive in principle that it will update tables without removing extra columns , right ?

    About the 7 years. I believe this depends if one is using zencart as a accounting software.
    “Though the problems of the world are increasingly complex, the solutions remain embarrassingly simple.” ― Bill Mollison

  4. #24
    Join Date
    Jul 2012
    Posts
    15,811
    Plugin Contributions
    17

    Default Re: GDPR is Europe's new framework for data protection laws

    Quote Originally Posted by mesnitu View Post
    I never took close look on the customers tables and all that stuff.
    I was thinking about creating a new table that could save the customers agreement in the new gdpr laws. But there's a beautiful table called customers_info, that could hold this extra info.
    My concern is on future zencart updates. I belive in principle that it will update tables without removing extra columns , right ?

    About the 7 years. I believe this depends if one is using zencart as a accounting software.
    This has been the operation of ZC for as far back as I have seen the install/upgrade process work. In fact there was discussion that one of the ZC provided tables had a field in it that was never used in core code (final_price as found in the customers_basket table). Removal of that field (from the install script and from the database in the upgrade process) was under review for nearly a year. Now, this was a direction to affect a field within a table that was generated by core Zen Cart code. Otherwise, the process has been to still generally leave other fields and tables alone to be controlled by some other process. So, provided the path forward continues to be one of Zen Cart taking care of its own tables and fields with any other modifications made to be addressed by an applicable process, you can yes use the customers_info table to track this additional field.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  5. #25
    Join Date
    Aug 2014
    Location
    Lisbon
    Posts
    594
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    Thanks !
    I see now that I was inventing the wheel. The zencart terms and conditions configuration, can handle this bit at the registration page! Cool!

    Edit:
    Not so cool! However it seems that it's not inserting this data anywhere...
    “Though the problems of the world are increasingly complex, the solutions remain embarrassingly simple.” ― Bill Mollison

  6. #26
    Join Date
    Aug 2009
    Location
    North Idaho, USA
    Posts
    2,004
    Plugin Contributions
    1

    Default Re: GDPR is Europe's new framework for data protection laws

    I'm glad our volume of sales exempts us from all/Most of this.
    Rick
    ChainWeavers (dot) com

  7. #27
    Join Date
    Nov 2005
    Location
    los angeles
    Posts
    1,914
    Plugin Contributions
    6

    Default Re: GDPR is Europe's new framework for data protection laws

    Quote Originally Posted by mesnitu View Post
    But if a site uses SSL I guess it's encrypted.
    SSL encrypts data transmission between a users browser and the web server.

    it does NOT encrypt the data that resides on the web server.
    #getAJabWhenYouCan
    if you feel so inclined, feel free to send some cake....

  8. #28
    Join Date
    Aug 2014
    Location
    Lisbon
    Posts
    594
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    I guess something like bbc.com , where you can control what cookies are in place. So one could stop analytics or whatever to run before user consent.
    However zencart uses IP from visitors, and IP are now considered personal information.
    A lot of issues here.
    “Though the problems of the world are increasingly complex, the solutions remain embarrassingly simple.” ― Bill Mollison

  9. #29
    Join Date
    Feb 2009
    Location
    UK
    Posts
    872
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    I've given some thought to how to implement the 'right to be forgotten'. Some years ago Kuroi highlighted a potential fraud issue with allowing customers to delete their own accounts. So given that I'm unlikely to have to deal with many account deletions I've gone down the road of having a customer request that their account be deleted - click on a button and it sends me an email requesting such. In case anyone's interested:

    I added a link in the customers Account page (\includes\templates\my_template\templates\tpl_account_default.php) pointing to a 'Delete My Account' page.

    I created 3 new files:

    \includes\languages\english\my_template\account_delete.php

    Code:
    define('HEADING_TITLE', 'Delete My Account');
    define('NAVBAR_TITLE_1', 'My Account');
    define('NAVBAR_TITLE_2', 'Delete Account');
    define('TEXT_SUCCESS_ACCOUNT_DELETE', 'Your request for your account to be deleted has been successfully sent and will be actioned as soon as possible.');
    define('ACCOUNT_DELETE_INFORMATION', 'Do you wish to delete your account? Please confirm by clicking the button below. <br/><br/>This will notify us of your request and we will delete your account as soon as possible (by law we must action your request within one month).<br/><br/>Please note that this will permanently remove all of your personal information, including order history, from our system.');
    define('EMAIL_SUBJECT', 'Website Enquiry from ' . STORE_NAME);
    define('ENTRY_NAME', 'Full Name:');
    define('ENTRY_EMAIL', 'Email Address:');
    define('ENTRY_ENQUIRY', 'Message:');
    define('MESSAGE_BODY', 'Please permanently delete my account');
    define('MESSAGE_CUSTOMERS_ID', 'customers_id: ');
    \includes\templates\my_template\templates\tpl_account_delete_default.php

    Code:
    <article id="main">
    <header><h1><?php echo HEADING_TITLE; ?></h1>
    							
    						</header>
    						<section class="wrapper style5">
    							<div class="inner">							
    							
    <?php echo zen_draw_form('account_delete', zen_href_link(FILENAME_ACCOUNT_DELETE, 'action=send', 'SSL')); ?>
    
    <?php
      if (isset($_GET['action']) && ($_GET['action'] == 'success')) {
    ?>
    
    <div class="mainContent success"><?php echo TEXT_SUCCESS_ACCOUNT_DELETE; ?></div>
    <br class="clearBoth" />
    <div class="buttonRow"><?php echo zen_back_link() . zen_image_button(BUTTON_IMAGE_BACK, BUTTON_BACK_ALT) . '</a>'; ?></div>
    
    <?php
      } else {
    ?>
    <?php echo zen_draw_input_field('contactname', $name, 'style="visibility:hidden; display:none;"'); ?>
    <?php echo zen_draw_input_field('email', ($email_address), 'style="visibility:hidden; display:none;"'); ?>
    <?php echo zen_draw_input_field('enquiry', $enquiry, 'style="visibility:hidden; display:none;"'); ?>
    			
    
    <fieldset class="accountDelete">
    
    <legend><?php echo HEADING_TITLE; ?></legend>
    
    <?php echo ACCOUNT_DELETE_INFORMATION; ?>
    
    </fieldset>
    
     <div class="buttonRow forward"><?php echo zen_image_submit(BUTTON_IMAGE_CONFIRM,BUTTON_CONFIRM_DELETE_ALT); ?></div>
     <div class="buttonRow back"><?php echo '<a href="' . zen_href_link(FILENAME_ACCOUNT, '', 'SSL') . '">' . zen_image_button(BUTTON_IMAGE_BACK, BUTTON_BACK_ALT) . '</a>'; ?></div>
    <?php
      }
    ?>
    </form>	
    <br class="clearBoth" />
    </div>
    </section>
    	</article>
    \includes\modules\pages\account_delete\header_php.php

    Code:
    $zco_notifier->notify('NOTIFY_HEADER_START_ACCOUNT_DELETE');
    
    if (!$_SESSION['customer_id']) {
      $_SESSION['navigation']->set_snapshot();
      zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
    }
    
    require(DIR_WS_MODULES . zen_get_module_directory('require_languages.php'));
    
    $error = false;
    if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
      $name = zen_db_prepare_input($_POST['contactname']);
      $email_address = zen_db_prepare_input($_POST['email']);
      $enquiry = zen_db_prepare_input(strip_tags($_POST['enquiry']));
       
          $sql = "SELECT customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id
                  FROM " . TABLE_CUSTOMERS . "
                  WHERE customers_id = :customersID";
    
          $sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer');
          $check_customer = $db->Execute($sql);
          $customer_email= $check_customer->fields['customers_email_address'];
          $customer_name= $check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'];
    	  $send_to_email = trim(EMAIL_FROM);
          $send_to_name =  trim(STORE_NAME);    
    
        // Prepare extra-info details
        $extra_info = email_collect_extra_info($name, $email_address, $customer_name, $customer_email);
        // Prepare Text-only portion of message
        $text_message = OFFICE_FROM . "\t" . $name . "\n" .
        OFFICE_EMAIL . "\t" . $email_address . "\n\n" .
        '------------------------------------------------------' . "\n\n" .
        strip_tags($_POST['enquiry']) .  "\n\n" .
        '------------------------------------------------------' . "\n\n" .
        $extra_info['TEXT'];
        // Prepare HTML-portion of message
        $html_msg['EMAIL_MESSAGE_HTML'] = strip_tags($_POST['enquiry']);
        $html_msg['CONTACT_US_OFFICE_FROM'] = OFFICE_FROM . ' ' . $name . '<br />' . OFFICE_EMAIL . '(' . $email_address . ')';
        $html_msg['EXTRA_INFO'] = $extra_info['HTML'];
        // Send message
        zen_mail($send_to_name, $send_to_email, EMAIL_SUBJECT, $text_message, $name, $email_address, $html_msg,'contact_us');
       
        zen_redirect(zen_href_link(FILENAME_ACCOUNT_DELETE, 'action=success', 'SSL'));
    
    } // end action==send
    
    // default email and name if customer is logged in
    if($_SESSION['customer_id']) {
      $sql = "SELECT customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id
              FROM " . TABLE_CUSTOMERS . "
              WHERE customers_id = :customersID";
    
      $sql = $db->bindVars($sql, ':customersID', $_SESSION['customer_id'], 'integer');
      $check_customer = $db->Execute($sql);
      $email_address = $check_customer->fields['customers_email_address'];
      $name= $check_customer->fields['customers_firstname'] . ' ' . $check_customer->fields['customers_lastname'];
      $customers_id = $check_customer->fields['customers_id'];
      $enquiry = MESSAGE_BODY . ' (' . MESSAGE_CUSTOMERS_ID . $customers_id . ')';
      
    }
    
    $breadcrumb->add(NAVBAR_TITLE_1, zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
    $breadcrumb->add(NAVBAR_TITLE_2, zen_href_link(FILENAME_ACCOUNT_DELETE, '', 'SSL'));
    
    // This should be last line of the script:
    $zco_notifier->notify('NOTIFY_HEADER_END_ACCOUNT_DELETE_PROCESS');
    and added a line to:

    \includes\languages\english\my_template\button_names.php

    Code:
    define('BUTTON_CONFIRM_DELETE_ALT', 'Yes, Delete My Account');
    All this gives give me

    Name:  acc_delete.jpg
Views: 896
Size:  21.4 KB

    A click on the button gives a 'message received and understood' page and an email is sent to the address in the admin > configuration > e-mail options > Email Address (sent FROM) field.

    This is just a copy and paste job (so there are probably plenty of errors/omissions/redundant code).

    Edit: forgot to say that I've posted the full code from the three files so there'll be some custom HTML tags that won't relate to the standard ZC template
    Last edited by simon1066; 13 Apr 2018 at 07:24 PM.

  10. #30
    Join Date
    Aug 2005
    Location
    Vic, Oz
    Posts
    1,904
    Plugin Contributions
    5

    Default Re: GDPR is Europe's new framework for data protection laws

    And just for my curiosity, as I don't need to implement this (yet)
    What data do you actually delete when you decide to go ahead with their request?

 

 
Page 3 of 17 FirstFirst 1234513 ... LastLast

Similar Threads

  1. Product general in document general
    By Akasashasha in forum General Questions
    Replies: 7
    Last Post: 5 Apr 2010, 04:15 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR