Search found 599 matches

Search found 599 matches

Re: GDPR EU Law Cookies 2018

I was advised differently by the ICO in the UK. Their advice was that as a supplier was processing it for the purposes of arranging the delivery. They would be acting as a joint data controller and therefore no contract would be needed. I would assume this is because they have their own legal basis ...

Jump to post
  • Wed Jun 20, 2018 12:47 am
  • Replies 75
  • Views 11011
Re: GDPR EU Law Cookies 2018

You may not need a data processing agreement with them if they are acting as a data controller in their own right. If they determine the data require and what to do with it. For example they ask for a name and address to deliver goods to to fulfill a contract for you. What is your relationship with ...

Jump to post
  • Mon Jun 18, 2018 10:50 pm
  • Replies 75
  • Views 11011
Re: Checkout button no longer working (sagepay)

The version of OpenSSL used by PHP cURL functions needs to be version 1.0.1 or later. If you are on managed hosting, ask you host to sort it.

Jump to post
  • Mon Jun 18, 2018 10:23 pm
  • Replies 5
  • Views 331
Re: Summernote Text Editor Security

Could be used for admin user escalation. For example a admin user who only has access to edit products could plant a script to escalate their user account privileges. Giving themselves access to personal data or setting they shouldn't. Good admin user account policy (who has access to them and stron...

Jump to post
  • Mon Jun 18, 2018 7:18 pm
  • Replies 2
  • Views 218
Re: Checkout button no longer working (sagepay)

First check your server supports TLS 1.2 using PHP cRUL. Sage Pay did say the were enforcing this a few month ago, maybe they gave been late in doing so. This post may help to check. https://forum.opencart.com/viewtopic.php?f=179&t=204260#p723228 CURLOPT_PORT, CURLOPT_FOLLOWLOCATION, CURLOPT_FORBID_...

Jump to post
  • Sun Jun 17, 2018 6:21 am
  • Replies 5
  • Views 331
Re: Order insert shipping and payment method issue.

I've just tested and you are right, the shipping and payment methods are not selectable after clicking save. However, I was able to click on "Update Totals" again without have to reenter all the details. After that the shipping and payment methods were selectable again. This looks to be by design, a...

Jump to post
  • Wed Jun 13, 2018 8:01 pm
  • Replies 8
  • Views 706
Re: My store only says HI

The master branch is the development branch for OpenCart on GitHub. Stable releases are only tagged.

Jump to post
  • Wed Jun 06, 2018 5:45 pm
  • Replies 3
  • Views 215
Re: My store only says HI

That was an issue with the development version. Download a stable version.

https://github.com/opencart/opencart/issues/6645

Jump to post
  • Wed Jun 06, 2018 12:38 am
  • Replies 3
  • Views 215
Re: Spam via my site 1.4.8b

Have you checked the email headers to make sure the emails are coming from your store? If not setting up SPF on your mail server may stop them. Have you looked through your web access logs to see if all the posts are coming from the same IP address? If so you could ban that IP address from your serv...

Jump to post
  • Wed Jun 06, 2018 12:28 am
  • Replies 2
  • Views 124
Re: OpenCart GDPR Code update

That is not true in the United Kingdom. As written, every shopowner has to know his business and the Laws in his country by himself. Asking here questions how long to keep records, is a bit late .. He has also to know which specific regulations he has to look for. Fact is, that an Invoice has to be...

Jump to post
  • Wed May 30, 2018 6:41 am
  • Replies 43
  • Views 11551
Re: OpenCart GDPR Code update

The internal captcha probably doesn't have personal data implications. You could switch to that one. Or is it easy to break? We would also need to consider the use of Gmail account for receiving order notifications, since Google has access to the data and analyze the contents. Google servers might ...

Jump to post
  • Wed May 30, 2018 5:58 am
  • Replies 43
  • Views 11551
Re: OpenCart GDPR Code update

OK, here is a question: A customer has ordered items in the past, and the store owner received email copies of submitted online orders. Now the customer wants to make use of his right to be deleted. So the store owner can delete his account, no problem. But what about the order history in the datab...

Jump to post
  • Wed May 30, 2018 5:17 am
  • Replies 43
  • Views 11551
Re: OpenCart GDPR Code update

I'm still not very familiar with the GDPR and am not an expert, but I suppose some countries might require that the privacy policy and TC be delivered to the customer during the sales. Even if what you say about not needing consent if the basis is for the contract, it might be necessary to have a r...

Jump to post
  • Tue May 29, 2018 7:45 am
  • Replies 43
  • Views 11551
Re: OpenCart GDPR Code update

That link you posted relates to the ePrivacy directive, which is different to the GDPR. To make matters more confusing the ePrivacy directive is shortly to be replaced by the ePrivacy Regulation. Which one of it's proposals is to make the cookie rules simpler. https://ec.europa.eu/digital-single-mar...

Jump to post
  • Mon May 28, 2018 10:05 pm
  • Replies 43
  • Views 11551
Re: OpenCart GDPR Code update

I would of thought it should be possible to use Google Analytics without consent under the GDPR if you are not using the advance advertising features that require the Google's EU user consent policy. You would need turn on the IP Anonymisation feature and strip out any customer IDs, order IDs, etc. ...

Jump to post
  • Mon May 28, 2018 5:30 am
  • Replies 43
  • Views 11551
Re: GDPR EU Law Cookies 2018

Recording when and how consent is given when a cookie is used (or as/the result of the consent). That would be the same (stupid discussion as can be found at many places) when someone use the contact form. A lot of people mentioned to store also this as a decision (as a result of ??which?? consent)...

Jump to post
  • Mon May 28, 2018 5:03 am
  • Replies 75
  • Views 11011
Re: GDPR EU Law Cookies 2018

Also, don't forget if you are using consent as the basis for using a cookie (or browser storage) that stores of links to personal data that is covered by the GDPR, then you need to record when and how consent was given and what the user was told at the time. Sorry, but this is not correct. The mome...

Jump to post
  • Fri May 25, 2018 6:07 pm
  • Replies 75
  • Views 11011
Re: OpenCart GDPR Code update

1. Remove the name requirement on the contact form of the contact page. This seems strange advice as you need their name in order to reply to them. An email address is just as much personal data as a name. If you sell shirts and your company has a sale on, within the disclaimer you can say, we have...

Jump to post
  • Fri May 25, 2018 1:05 am
  • Replies 43
  • Views 11551

Search found 599 matches