Page 4 of 18 FirstFirst ... 2345614 ... LastLast
Results 31 to 40 of 180
  1. #31
    Join Date
    Feb 2009
    Location
    UK
    Posts
    1,221
    Plugin Contributions
    1

    Default Re: GDPR is Europe's new framework for data protection laws

    That's a good question. I haven't quite decided that, still looking into it.

  2. #32
    Join Date
    Aug 2014
    Location
    Lisbon
    Posts
    594
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    Quote Originally Posted by simon1066 View Post
    This is just a copy and paste job (so there are probably plenty of errors/omissions/redundant code).
    Thanks!
    I'm going on the same road, was about to do that, so it's a good thrust.
    So far I've battle with javascript to manage to change the cookiecontent script to allow a user configuration.
    Basically, it starts with zenid ( but I think that analytics with IP anonymization is allowed) and sets some other cookies uppon user configuration.
    They will permit or not, the entrance of different levels of FB pixel, remarketing, etc... with tag manager (that I still have to learn a bit more)
    I've created a new table "customers_gdpr" that will save the users consent on registration, date, etc...
    A observer that will check the registration page to insert thos values on that table, and also check registers customers prior to this law, so if they start a session, redirects then to the account where may signal their agreement. (it's the same form used on registration page. ) .
    That notification is also recorded in the customers_gdpr, so even if a customer chooses not to agree, there is a record that has been notified.( with a date)

    Now it's that part, allowing the deletion of a account upon request.

    What to delete: there's no general answer to that, it really depends on the the size of the business and what kind of data that business asks and holds and the business informs.

    As far as I'm concern:
    There's a registered user that never made a purchase, or a comment. Don't see a problem here
    There's a registered user that never made a purchase but made some comments, etc. I don't see a problem here.
    There's a customer, bougth some stuff:
    We don't use zencart as a accounting software, neither we have integrations between other accounting plataforms (ie: sage pay) and zencart, so that purchase is registered on another software and can not be deleted according to our national law. We only ask the necessary data and hold the necessary data.
    But online, I don't see a problem either. The customers for what ever reason wants to leave, he leaves. I agree with that.

    That's the conclusion that our team of lawyers, highly reputable consultants, and implementation jscript programmers, php and mysql made.
    A team made up of me, myself, and sometimes I.

    And that's it. I'm done with this.

    In fact I'm looking forward for this law, because I'm also a customer, and I want to ask some questions to some big communication companies over here about my data.
    “Though the problems of the world are increasingly complex, the solutions remain embarrassingly simple.” ― Bill Mollison

  3. #33
    Join Date
    Feb 2009
    Location
    UK
    Posts
    1,221
    Plugin Contributions
    1

    Default Re: GDPR is Europe's new framework for data protection laws

    Re Cookie Control, I'm probably going to do something like cookiebot . com, although I don't like the way their cookie banner disappears when I start scrolling. Hopefully when I sign up for a free account, and taking into account your ideas, I'll get a better idea of how to implement it on my site .

    On my system I think that deleting the Customer and their associated Orders from withing the ZC Admin will be enough to remove customer identifiable information. Deleting an order affects a number of dbase tables but I think I might adjust this to keep the Order in TABLE_ORDERS_PRODUCTS at least then ZC has a record of products sold.

  4. #34
    Join Date
    Aug 2014
    Location
    Lisbon
    Posts
    594
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    Cookie Control, now it's the time to make money. I've searched for some free scripts that would allow some sort of configuration. Didn't find any, but it's a big internet.
    Maybe the cookieconsent script will be updated to give this option.
    I'm using foundation has a base template. I've added a link "Configure" to the cookie consent that will use the foundation reveal "module" ( a popup), a form using the foundation switch module. So it's mix of php and jscritp and cookies
    But it all can be done using jscritp, but I don't have the knowledge to do that neither the time.
    https://cookieconsent.insites. com/documentation/disabling-cookies/

    In the cookie consent script I created another status ( Config) , basically a copy from the "allow" status. More or less you can get the idea, just check where the cc.status.allow is used.
    Code:
    // valid cookie values
      cc.status = {
        deny: 'deny',
        allow: 'allow',
        dismiss: 'dismiss',
        config: 'config'
      };
    In the configuration ( window.addEventListener("load", function () { ) ( has to be set to add the new status ( When I say has, please read maybe )

    Code:
    "content": {
         
       "allow": "Allow",
       "config": '<i class="ic_settings_white_1x_small"></i>Configure'
        },
    "revokable": "true",
    "type": "opt-in",

    Then all is going to be on the
    onPopupOpen: function onPopupOpen(status, chosenBefore, options, utils) {

    onStatusChange: function onStatusChange(status, chosenBefore) {

    The only reason I don't paste here the complete code, it's because I know that makes the job for me, but it's a quick bandage, and it's using foundation base modules, and it's cookies strategies to configure cookies ( a paradox )
    To be a general scritp , a lot of JavaScript knowledge is required.
    But what was the more complicated part for me, was this.
    The rest is a form, with input checkboxes, etc... With PHP i'm checking the cookie config , and allowing or not analytics etc....
    Again, this is not a copy paste, but a general idea.


    PHP Code:
    "use strict";

    function 
    delete_cookie(namedomain) {
      
    document.cookie name '=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Domain=' domain;
    }

    window.addEventListener("load", function () {

      var 
    host window.location.hostname;
      
    window.cookieconsent.initialise({

        
    "palette": {
          
    "popup": {
            
    "background""#000"
          
    },
          
    "button": {
            
    "background""#f1d600"
          
    }
        },
        
    "layout""basic",
        
    "theme""edgeless",
        
    "content": {
          
    "message""bla bla bla:",
          
    "dismiss""ok",
          
    "allow""Aloow Cookies",
          
    "link""Privacy Link",
          
    "href""thelinink . com ",
          
    "config"'<i class="ic_settings_white_1x_small"></i>Configure'
        
    },
        
    "revokable""true",
        
    "type""opt-in",

        
    onPopupOpen: function onPopupOpen(statuschosenBeforeoptionsutils) {
          
          var 
    type this.options.type;
          var 
    hasConsented this.hasConsented(); // allow, dismiss, deny, config 
          
    var didConsent hasConsented;
          var 
    cfgCookiesAnalytics '';
          var 
    cfgCookiesExternal '';
          
    // to check if analytics is GDPR compliant

          
    var isAnalyticsChecked document.getElementById('c-analytics');
          var 
    isExternalChecked document.getElementById('c-external');

          function 
    updateState(input) { //This is update the input buttons state 

            
    var inputName input.name == 'secondaryC-switch' 'secondaryC-switch' 'secondaryC-switch-external';

            if (
    inputName == 'secondaryC-switch' && input.checked) {
              
    cfgCookiesAnalytics 'active';
            } else if (
    inputName == 'secondaryC-switch' && !input.checked) {
              
    cfgCookiesAnalytics 'inactive';
              
    isExternalChecked.checked false;
              
    cfgCookiesExternal 'inactive';
            }

            if (
    inputName == 'secondaryC-switch-external' && input.checked) {
              
    cfgCookiesExternal 'active';
              
    isAnalyticsChecked.checked true;
              
    cfgCookiesAnalytics 'active';
            } else if (
    inputName == 'secondaryC-switch-external' && !input.checked) {
              
    cfgCookiesExternal 'inactive';
            }
            return 
    false;
          }

          var 
    cookieForm document.getElementById("ccForm");
          
    // listen to input events
          
    cookieForm.addEventListener("click"checkInputStatefalse); // It's going to listen to the INPUT buttons


          
    function checkInputState(e) {
            if (
    e.target.nodeName == "INPUT") {
              var 
    listen updateState(e.target);
            }
            
    e.stopPropagation();
          }

          
    // console.log('ce: ' + cfgCookiesExternal + ' - ca ' + cfgCookiesAnalytics);

          
    var saveConfig document.querySelector('[aria-label="config cookie"]');

          
    // define cookie
          
    var cname this.options.cookie.name;
          var 
    expiryDays this.options.cookie.expiryDays;
          var 
    path this.options.cookie.path;
          var 
    domain this.options.cookie.domain;
          var 
    allDomains '.' document.location.hostname;

          if (
    saveConfig.addEventListener) {
            
    saveConfig.addEventListener("click", function (checkInputState) { // On save will get the Input Buttons State
              //event.preventDefault();
              
    if (cfgCookiesAnalytics == 'active' && cfgCookiesExternal == 'active') {

                
    didConsent 'config';
                var 
    set cookieconsent.utils.setCookie(cname'allow'expiryDaysdomainpath);
                 
    setTimeout(function () {window.location.reload(true);}, 100);
              } else {
                
    didConsent 'config'// flag some user interaction

                
    delete_cookie('_ga'allDomains);
                
    delete_cookie('_gid'allDomains);

                var 
    set cookieconsent.utils.setCookie(cnamedidConsentexpiryDaysdomainpath);
                
    setTimeout(function () { window.location.reload(true);}, 100);
              }

              var 
    getCookieName '';
              if (
    cfgCookiesAnalytics == 'active') { // Analytics is good to go
                
    var set cookieconsent.utils.setCookie('cc_analytics''allow'expiryDaysallDomainspath);
              } else {
                
    getCookieName cookieconsent.utils.getCookie('cc_analytics');
                if (
    getCookieName) {

                  
    delete_cookie('cc_analytics'allDomains);
                }
              }

              if (
    cfgCookiesExternal == 'active') {
                
    // review this bit, if it's active, analytics cookie is also active

                
    var set cookieconsent.utils.setCookie('cc_allowSocial''allow'expiryDaysallDomainspath);
              } else {
                
    getCookieName cookieconsent.utils.getCookie('cc_allowSocial');
                if (
    getCookieName) {

                  
    delete_cookie('cc_allowSocial'allDomains);
                }
              }
            }, 
    false);
          }
        },

        
    onInitialise: function onInitialise(statuschosenBefore) {
          var 
    type this.options.type;
          var 
    hasConsented this.hasConsented();
          var 
    hasAnswered this.hasAnswered();
          
    //console.log( 'onInitialise' + hasConsented + hasAnswered + type);
         
          
    if (type == 'opt-in' && hasConsented == true) {
            
    // enable cookies

          

          if (
    type == 'opt-out' && !hasConsented) {
            
    // disable cookies
          
    }
        },

        
    onStatusChange: function onStatusChange(statuschosenBefore) { // The user revoke his choice
          
    var type this.options.type;
          var 
    hasConsented this.hasConsented();
          var 
    hasAnswered this.hasAnswered();
         
          if (
    this.hasAnswered() && this.hasConsented()) {
            
    setTimeout(function(){ window.location.reload(true) }, 100);
                
    // Put Your Google Analytics Tracking Code here ( Not using this, but this is the way to go ) 

          
    }  
          if (!
    hasConsented || !hasAnswered) {
            
    setTimeout(function(){ window.location.reload(true) }, 100);
                
    // Put Your Google Analytics Tracking Code here
          
    }     

        },

        
    onRevokeChoice: function onRevokeChoice() {
          var 
    type this.options.type;
          var 
    hasConsented this.hasConsented();
        
       
          if (
    type == 'opt-in' && hasConsented) {
            
    // enable cookies

          
    }
          if (
    type == 'opt-out' && !hasConsented) {
            
    // disable cookies
          
    }
        }

      });
    }); 
    “Though the problems of the world are increasingly complex, the solutions remain embarrassingly simple.” ― Bill Mollison

  5. #35
    Join Date
    Aug 2014
    Location
    Lisbon
    Posts
    594
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    I forgot to put the link https://www.kirupa.com/html5/handlin...y_elements.htm

    That's the function ( checkInputState ) that it's called on save. First I had a bunch of listeners that row me nowhere.
    Bits of this, bits of that
    “Though the problems of the world are increasingly complex, the solutions remain embarrassingly simple.” ― Bill Mollison

  6. #36
    Join Date
    Aug 2014
    Location
    Lisbon
    Posts
    594
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    What would be the implications in Zencart if instead of deleting orders, we could update orders only deleting personal information ?
    Something like returning the table to default values ?

    UPDATE orders SET
    customers_name = 'User Deleted OR EMPTY',
    customers_company = DEFAULT,
    customers_street_address = DEFAULT,
    customers_email_address = DEFAULT,
    customers_street_address = DEFAULT
    etc, etc, etc,
    WHERE customers_id = 1;
    “Though the problems of the world are increasingly complex, the solutions remain embarrassingly simple.” ― Bill Mollison

  7. #37
    Join Date
    Dec 2009
    Location
    Amersfoort, The Netherlands
    Posts
    2,846
    Plugin Contributions
    25

    Default Re: GDPR is Europe's new framework for data protection laws

    You should not delete the orders, or edit personal data in the orders. That is in may countries illegal, and will destroy your audit trail.
    It is allowed to keep personal data in the orders, as long as you tell your customers you have that data, and tell them it has to be kept for a certain amount of years.

    Quote Originally Posted by mesnitu View Post
    What would be the implications in Zencart if instead of deleting orders, we could update orders only deleting personal information ?
    Something like returning the table to default values ?

    UPDATE orders SET
    customers_name = 'User Deleted OR EMPTY',
    customers_company = DEFAULT,
    customers_street_address = DEFAULT,
    customers_email_address = DEFAULT,
    customers_street_address = DEFAULT
    etc, etc, etc,
    WHERE customers_id = 1;

  8. #38
    Join Date
    Aug 2014
    Location
    Lisbon
    Posts
    594
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    Ok, but let's say in theory, this could be done. No zones stuff would get in the way, etc ? That's what I'm trying to find out ( in a lazy way I confess)

    I'll start now by not deleting any orders ( honestly I'm really tired ).

    More or less I made the changes and we are ready for the new regulation.
    My only doubt is this one, since we are not using zencart as a accounting software, neither we could use it here, since it's not certify , etc..
    So the customers with orders that asks to delete their personal data, we will give then the option to remove online data, but we can not delete a invoice from the accounting software. That's clear crystal.
    But online, we really don't need that info, since we are not providing their info to google or whatever.
    We have "physical" stores, and that assembles to a customer that enters the shop, provides me with his name, address, mail, phone number, etc , and goes to a corner of the shop and stays there for the rest of his live.

    I'm not expecting tons of removal requests, but we have to be ready for the first, since we will notify our customers (all of them) but specially the ones without orders of our new privacy policy.
    “Though the problems of the world are increasingly complex, the solutions remain embarrassingly simple.” ― Bill Mollison

  9. #39
    Join Date
    May 2005
    Location
    England
    Posts
    626
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    Quote Originally Posted by RixStix View Post
    I'm glad our volume of sales exempts us from all/Most of this.
    Hello there. I just wondered if you heard what threshold exempts some companies from the GDPR rules? Thanks in advance

  10. #40
    Join Date
    Aug 2014
    Location
    Lisbon
    Posts
    594
    Plugin Contributions
    0

    Default Re: GDPR is Europe's new framework for data protection laws

    There are no exceptions in terms of data protection, and it's not just online. Just different levels of implementation regarding what kind of data do you hold, the amount of data and for what purposes.
    For example, your site sets analytics cookies without asking. If the IP is anonymous ( there's a configuration in analytics for that ), it's considered not personal Information. If it tracks the complete IP , then it's personal data, since it can track your localization , and google loves locations to sell.
    Basically we all work for google for free.
    For security reasons, a company can track IP. But the user has to consent, or at least there must be some sort of information that explains why a company need that data.
    If you have more than 250 employees, then a company must have a kind of data manager.
    If there's a data breach, all companies are obliged to report that to authorities ( dont« recall the name )
    “Though the problems of the world are increasingly complex, the solutions remain embarrassingly simple.” ― Bill Mollison

 

 
Page 4 of 18 FirstFirst ... 2345614 ... LastLast

Similar Threads

  1. Product general in document general
    By Akasashasha in forum General Questions
    Replies: 7
    Last Post: 5 Apr 2010, 04:15 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR