CloudCart Infrastructure is compliant with all GDPR regulatory requirements so that it can safely record, manage, and transmit data in secure (encrypted) environments. CloudCart has a PCI DSS Level 1 security certificate that verifies the level of security for data transfer and storage.
Аdditionally, оur team has developed CloudCart GDPR for online stores which aims to automatically implement much of the GDPR requirements.
We have prepared a list of steps that you need to do to ensure that your company meets all GDPR requirements.
How to install and configure CloudCart GDPR application
Sign in to your control panel and go to the Apps section to activate GDPR.
The app will automatically and free-install several important documents that will handle with the relationship with customers and visitors to your online store. They are:
Updated Terms and Conditions compliant with the new GDPR requirements (the update in this document will be automatically filled in according to your online store data. You are required to make a review of the information entered and make changes if needed). If you think you do not need these terms and conditions, you can also use yours in case you have already updated them to the new regulations.
We use "Cookies" - this document is intended to inform the users of your online shop about all cookies that are installed on user's browsers. When you add records that are related to the installation of third-party cookies, the document will be automatically updated.
Declaration of consent to the processing of personal data - this document handles the relation between you and the customers and visitors to your online store and requires voluntary consent. If users have consented to this document, you will be able to apply marketing on them. The document should not be submitted for mandatory consent, otherwise you will be in violation of the GDPR.
The Settings section contains two subdivisions - Sections where data is saved and Cookies
Sections where data is saved - The sections could be mandatory or optional checkboxes for consent from your customers and visitors to your online store. The sections are:
User Registration - This is the section where the users register their account, and you can require mandatory and optional consent with your policies. Our advice to you is not to require mandatory compliance with the Terms of Service in this section, and only if you'd like to add consent to the Declaration as optional. This section may be blank and this will not violate your compatibility with GDPR.
Contact form - This is the form that your customers could use to ask you questions and you will receive them on your email. At this section you may not require consent to the Terms of Service, but you must request an optional consent for a Privacy Statement. If you have more than one policy, you can sort the line with the Drag and Drop feature.
Completing an order - This is one of the most important sections of your store where you must necessarily ask your customers to agree to the Terms of Service and optionally request for consent with a Privacy Statement for the processing of personal data. If you have more than one policy, you can sort the line with the Drag and Drop feature.
Subscribed to newsletter - This is a subscription form for MailChimp newsletter. You may not require consent to the Terms of Service, but you must request an optional consent for Privacy Statement. If you have more than one policy, you can sort the line with the Drag and Drop feature.
Request for consent for registered users after login - This option enables your current customers to get acquainted with and agree to your new Terms and Conditions and other policies if you have one. If you have more than one policy, you can sort the line with the Drag and Drop feature.
Cookies - This section allows you to manage the window for the Permissions bar and saving the cookies in user browsers. It will be automatically filled in with all the necessary texts as well as description of all the cookies that your online store installs by default.
IMPORTANT NOTE: If you have third-party applications installed on your online store (like chat, tracing apps, etc.) which install cookies, you need to choose the category to which they belong and describe them. The categorization of cookies is:
Strictly Necessary Cookies - These cookies are necessary for the website to function and cannot be switched off in our systems by your customers.
Performance Cookies - These cookies measure the performance of your online store and its interaction with users.
Functional Cookies - Use this section to save cookies that are related to adding extra functionality to your online store.
Targeting Cookies - These cookies serve to identify, track, and target user.
The description of each one of these 4 categories is customizable.
The Policies section includes all documents related to your policy. From this section, you can add an unlimited number of documents that you could later assign as mandatory or optional for the user's consent.
IMPORTANT: The GDPR application records versions of changes to all Policies and saves history of the consent of each user with each policies and their versions. For example: If a customer accepts Version 1 of your Terms and Conditions and subsequently there are changes in the terms of the Terms and Conditions, the system will record and show to you and to the customer which Terms of Service agreement they have agreed.
Data processing register Section
After installing the app on your online store, there will be a new section named "Exercise your rights!". In the Data Processing register section you will receive all requests made by your users in "Exercise your Rights!".
In this section, you will be able to review the user's requests and accept or reject them respectively. For example: Your customer declares his desire to be "forgotten". In this case, you have the legal right to reject the application if it does not meet any of the following: http://www.privacy-regulation.eu/en/17.htm
Notification to the Supervisory Authority Section
This section is under development process. Once we enable it, you will be able to alert the Supervisory authorities about any issues related to the personal data of your customers.
"Exercise your rights!" Section
The "Exercise Rights!" Section will be activated when you install the app on your online store. The section will become visible to your customers at the bottom of the storefront at your online store. Clicking on it leads to a new section that is available to both registered and unregistered users who can exercise their rights.
Right of Correction - This section allows registered users to correct their personal data: Password, Delivery addresses and Invoice Addresses
Right to data portability - This section allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
Access to personal information - this section is accessible to unregistered users who will be able to request the personal information you have stored for their account by submitting an email. This request will be visible to you in the CloudCart GDPR Application in the Data Processing register section.
Please keep in mind that this app does not guarantee 100% that your company is and will be GDPR compliant. GDPR is, by its very nature, a regulation of action and is related not only to the technology we are introducing to you. If you need further consultation with a GDPR Specialist to help you implement the application, please contact firstname.lastname@example.org.
Published on: 19 / 03 / 2019