In this section:
- How to install and configure the CloudCart GDPR application
- Settings section
- Policies Section
- Data processing register Section
CloudCart Infrastructure is compliant with all GDPR regulatory requirements so that it can safely record, manage, and transmit data in secure (encrypted) environments. CloudCart has a PCI DSS Level 1 security certificate that verifies the level of security for data transfer and storage.
Аdditionally, оur team has developed CloudCart GDPR for online stores which aims to automatically implement much of the GDPR requirements.
Block Cookies with 'Prior Consent'
CloudCart GDPR enables you to block cookies from being placed on a visitor's computer until you have received explicit consent.
What is prior consent?
The GDPR and the European ePrivacy Directive require getting explicit consent before using cookies other than those necessary for the website to work properly. That means when a visitor comes to your website, you have to hold all your cookies until they agree to get them. You’ll show them the cookie banner and if they are opt-in, you send the cookies. If they remain passive or if they don’t agree, you have to keep blocking the cookies from getting into their computers.
There are many websites with cookie banners, but without prior consent installed. They are not ePrivacy and GDPR compliant, and thus risk fines. These banners will send tracking cookies as soon as the visitor lands on the website. They ask for consent, but since there is no blocking mechanism in place, they insert cookies even when visitors are passive or decline the consent request. Law-wise, these banners serve no purpose.
Prior consent tools allow you to block all the cookies other than those that must be injected straight into your visitor’s computer until they agree on that. With CloudCart GDPR, you can easily set it up and manage it through the admin dashboard.
Do I need prior consent?
Yes, if you track your users’ personal data by using tracking technologies, then you need to ask for prior consent. Hence, you need a tool for blocking the cookies before getting consent.
We have prepared a list of steps that you need to do to ensure that your company meets all GDPR requirements.
How to install and configure the CloudCart GDPR application
The app will automatically install several important documents that will handle the relationship with customers and visitors to your online store. They are:
The section contains two subdivisions - and - The sections could be mandatory or optional checkboxes for consent from your customers and visitors to your online store. The sections are:
- This section allows you to manage the window for the Permissions bar and saving the cookies in user browsers. It will be automatically filled in with all the necessary texts as well as a description of all the cookies that your online store installs by default.
If you enable the option ‘Cookie wall’, a pop-up will show up instead of the standard bar for asking and giving consent.
In this way, the user is obliged to take action to continue browsing your site smoothly.
If you have third-party applications installed on your online store (like chat, tracing apps, etc.) which install cookies, you need to choose the category to which they belong and describe them. The categorization of cookies is:
If you turn on the "Default" button, it means that the request to install this type of cookies will be enabled by default, and if the customer does not agree to it, he needs to disable them by himself.
If you do not activate the "Default" button, the request for the installation of the selected cookies will be turned off by default:
The description of each one of these 4 categories is customizable.
The Policies section includes all documents related to your policy. From this section, you can add an unlimited number of documents that you could later assign as mandatory or optional for the user's consent.
IMPORTANT: The GDPR application records versions of changes to all Policies and saves a history of the consent of each user with each policy and their versions. For example: If a customer accepts Version 1 of your Terms and Conditions and subsequently there are changes in the terms of the Terms and Conditions, the system will record and show to you and to the customer which Terms of Service agreement they have agreed.
Data processing register Section
After installing the app on your online store, there will be a new section named "Exercise your rights!". In the you will receive all requests made by your users in "Exercise your Rights!".
In this section, a register is kept of the actions for accepting Policies by every customer and visitor of your online store. That means that every customer who has accepted a given Policy, which is part of a certain section, is kept in a safe environment and is shown here. The collected data is as follows:
- Тhe Policy the user has agreed with
- User names (if available)
- User E-mail
- Date and hour the Policy has been accepted
- Date and hour of the last action of the user (if a user has agreed with a given policy a second time).
- For example: to send a message through a contact form twice or to make two orders, etc.)
- User IP address
- An imprint of the device from which the user has given their consent.
- Section from which the consent has been made
This register’s purpose is to prove that certain Policies have been accepted in case of disputes. It cannot be manipulated, edited or deleted by third parties. This register is visible to the user of your online store as well, in the GDPR section.
In this section, you will be able to review the user's requests and accept or reject them respectively. For example, Your customer declares his desire to be "forgotten". In this case, you have the legal right to reject the application if it does not meet any of the following: http://www.privacy-regulation.eu/en/17.htm
This section is under development process. Once we enable it, you will be able to alert the Supervisory authorities about any issues related to the personal data of your customers.
The "Exercise Rights!" section is activated when you install the app on your online store. The section will become visible to your customers at the bottom of the storefront at your online store. Clicking on it leads to a new section that is available to both registered and unregistered users who can exercise their rights.
Right of Correction - This section allows registered users to correct their personal data: Password, Delivery addresses, and Invoice Addresses
Right to data portability - in this section, every registered user can download a CSV file with information about his Personal data, Saved addresses, Completed orders, as well as track the status of all requests he has made.
Access to personal information - this section is accessible to unregistered users who will be able to request the personal information you have stored for their account by submitting an email. This request will be visible to you in the CloudCart GDPR Application in the Data Processing register section.
Right to deletion (right “to be forgotten”) – this section is available for non-registered users, who after providing an E-mail address will be able to ask for the deletion of the personal information you have stored for their profile. This request will be visible in CloudCart GDPR in the Data processing register section.
Please keep in mind that this app does not guarantee 100% that your company is and will be GDPR compliant. GDPR is, by its very nature, a regulation of action and is related not only to the technology we are introducing to you. If you need further consultation with a GDPR Specialist to help you implement the application, please contact firstname.lastname@example.org.
Is GDPR mandatory?
GDPR is mandatory for all websites in the European Union because the web servers and/or the websites themselves keep data about their visitors. Respectively, if your store is accessible to users, you need a GDPR message.
Can I make an Accept all button to let users agree with all terms and conditions related to GDPR upon a new order?
The CloudCart platform does not allow for the creation of such a button upon order completion because it is in violation of the general regulation of GDPR.