Post by OSWorX » Wed May 30, 2018 6:20 am

ADD Creative wrote:
Wed May 30, 2018 5:58 am
There is lots of information on using Google's services at this link.

They do seem to meet all the standards required. However this only seems to apply to the paid for business G Suite version of Gmail. Using the free personal version of Gmail would probably not be compatible with the GDPR. There is no way to agree a processing contract for one. There is in G Suite I believe.
Correct, free services from Google are - currently - not covered by the GDPR.
Which will mean, using services like GMail, GDoc, GDrive etc. should be avoided.


User avatar
Expert Member


Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by ADD Creative » Wed May 30, 2018 6:41 am

OSWorX wrote:
Wed May 30, 2018 5:53 am
ADD Creative wrote:
Wed May 30, 2018 5:17 am
That is not true in the United Kingdom.
As written, every shopowner has to know his business and the Laws in his country by himself.
Asking here questions how long to keep records, is a bit late ..

He has also to know which specific regulations he has to look for.

Fact is, that an Invoice has to be a non-editable document and is non-revokeable - it is an official document.

All OpenCart is not and has not per default.
It is then the question how your local tax office will trust the data(tables) in OpenCart/Database - I guess not (as it was at my last company audit!) because they can be edited at any time in any way.
Yes, the laws will be completely different depending which EU country your business is based in. For example in the UK you don't even need to issue a invoice if the sale is to consumer. Which is why you need to keep all the supporting evidence of a sale.

ADD Creative - Web development and e-commerce development, Milton Keynes or Christchurch, UK
ADD Filtration - HVAC Panel Filters, Bag Filters and HEPA Filters

Active Member


Sat Jan 14, 2012 1:02 am

Post by thomash2 » Wed May 30, 2018 6:54 am

If using Gsuite, what might be the possible text to add in the privacy policy regarding third party sharing and transfer out of EU?

I was looking at some policies from different websites. Some are extremely detailed listing all the third parties, purpose, basis, and their addresses. Others were very short, saying they share with partners without naming them, purpose basis, which are international organizations that may be located outside the EEA.

Would you also disclose your web hosting provider? As they are also one of your processors?

Edit: I read comments on this page that generally you have to name all of the processors, except when it is fair not to, but fairness is ambiguous. ... under-gdpr

It links to Working Party Transparency Guideline, although an outdated version. The newer version here: ... _id=622227
The last 6 pages have a table of what is required to disclose to the person you're collecting data from, and examples of generic scenarios.

New member


Tue Jul 30, 2013 12:44 am

Post by IP_CAM » Sun Jun 03, 2018 9:56 am

.... Now the customer wants to make use of his right to be deleted.
So the store owner can delete his account, no problem ...
But why make it so complicated ? Better allow the Customer to delete
his/her own Account Information directly, since It will not have an influence,
or delete Data, required to be kept, to apply with legal (Tax) Regulations.



Customer delete Account - delete_my_account_extension_opencart.jpg (327.15 KiB) Viewed 1368 times

Ernie's OpenCart v. LIGHT + V-Pro + OpenShop Admin v.1.75 Test Sites - -

User avatar
Guru Member


Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 11 guests