Post by OpenCart_Support » Thu May 24, 2018 1:36 am

Hey Guys,

Steven here, as everyone knows GDPR is upon us in the next 48 hours and here at OpenCart, we're doing everything we can by providing a number of modules and tips to assist stores on how to survive the new regulations within the EU.

As part of the GDPR team, it's on my shoulders to gather feedback on what you currently think/feel OpenCart needs to do within the base model in order to be relevant and in keeping with the changes to better assist new users and Developers.

So, If you can reply to this thread and let me know and I'll be able to keep track and get the dev team in the loop and get things in place.

Between us and our amazing community, we're positive we'll be able to make the right changes in the right places to have the biggest impact.

I'll be available to answer any questions and be monitoring this and any other channels where GDPR is being discussed so please, please let us know.

Thanks!

- OpenCart Community Cheerleader -


User avatar
Administrator

Posts

Joined
Mon Apr 10, 2017 5:16 pm
Location - OpenCart UK Office

Post by Qphoria » Thu May 24, 2018 4:42 am

At the very least.. a "Delete Account" option should be in the account area.
But I'm not sure how that should reflect existing orders. You likely don't want to remove the actual orders as that will mess up reporting and revenue reporting, but perhaps update the orders to delete the customer info from them?

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by davidbfranks » Thu May 24, 2018 5:35 am

OpenCart_Support wrote:
Thu May 24, 2018 1:36 am
Hey Guys,

Steven here, as everyone knows GDPR is upon us in the next 48 hours and here at OpenCart, we're doing everything we can by providing a number of modules and tips to assist stores on how to survive the new regulations within the EU.

As part of the GDPR team, it's on my shoulders to gather feedback on what you currently think/feel OpenCart needs to do within the base model in order to be relevant and in keeping with the changes to better assist new users and Developers.

So, If you can reply to this thread and let me know and I'll be able to keep track and get the dev team in the loop and get things in place.

Between us and our amazing community, we're positive we'll be able to make the right changes in the right places to have the biggest impact.

I'll be available to answer any questions and be monitoring this and any other channels where GDPR is being discussed so please, please let us know.

Thanks!
iSenseLabs already did your job for you - https://isenselabs.com/products/view/gd ... r-opencart

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by OSWorX » Thu May 24, 2018 7:59 am

davidbfranks wrote:
Thu May 24, 2018 5:35 am
xxx already did your job for you - and so on ..
Enough advertising for someone else.

Hello Steven,

as written earlier to you in the Email, OpenCarts Website is missing nearly everthing what the GDPR is telling us (Websites & Webshops) to do.

Not one info about the User Rights.
No Data Policy.
No Privay Policy.
No statement which data is collected, what OC is doing with that, where is it stored, who has access to this data and with whom is OpenCart sharing these data.
How is this data be secured?
Nothing about Cookies (well most of them are here from the forum - good) .

What about the Right for Information?
Right to be forgotten?
Right to change data?
Right to change permissions (e.g. Newsletter subscription).
Right for Portability (okay, who cares about that .. ).

Well, OC is now located in HK. Office in the UK which is leaving us (EC) next year.
But the point is not where your business is, important from where your customes are coming.
And many of them are from the EC - therefore their Laws are important.

I am sure OC will move forward in these things.
But hurry up, the vultures will wait not too long.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member
Online

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by Freakshow » Thu May 24, 2018 2:10 pm

All that OSWorX write is ofcourse true, but to add.

  • Checkbox in contact form with agree text and link to privacy policy
  • Newsletter checkbox preferably mandetory and set default to unchecked with option YES/NO

Freakshow

https://matoghage.no - Running on WooCommerce
https://www.doobie.no - Running on WooCommerce


User avatar
Active Member

Posts

Joined
Tue Dec 30, 2014 3:52 am
Location - Norway

Post by davidbfranks » Thu May 24, 2018 3:25 pm

OSWorX wrote:
Thu May 24, 2018 7:59 am
davidbfranks wrote:
Thu May 24, 2018 5:35 am
xxx already did your job for you - and so on ..
Enough advertising for someone else
It’s not advertising, I’m in no way affiliated with them!

I’m simply explaining there is already a solution that works, as OpenCart were clearly unable to cater to their users needs.

What’s the point in creating something which has already been created and works flawlessly?

(Also sounds like you are a little bitter isenselabs were able to release their extension before your one that you promised)

Active Member

Posts

Joined
Mon Mar 04, 2013 10:31 pm
Location - London

Post by OpenCart_Support » Thu May 24, 2018 4:35 pm

Hey guys,

As you know isenselabs handle a number of projects for us and while this option is viable to some businesses, we as an organisation need to also set this up within the core of the work.

Which is why I stated (sic) "we've got a number of tips and modules to choose from" ;)

So, with the outlined above, we're already heading towards getting these things in place but for the new users or them who are setting up a new store, expenses like modules can be tricky also looking at a POV of someone not technically minded or knowledgeable about installing modules or what to look out for we need to cater for every situation.

As mentioned I'm compiling a nice excel sheet, with these gathered and be able to work alongside the dev team to get this arranged. I will, of course, be updating everyone with the implemented changes and going forward avoiding any unnecessary updates

We have one goal right now and that is, a smooth update that will have minimal impact on already completed themes and modules (well as best as we can)

Thanks for your feedback.

Steven

- OpenCart Community Cheerleader -


User avatar
Administrator

Posts

Joined
Mon Apr 10, 2017 5:16 pm
Location - OpenCart UK Office

Post by Daniel » Thu May 24, 2018 5:14 pm

any one wants to advertise at the top of the marketplace send an email to andy@opencart.com.

i will fix the site when i have time and re add the option of advertising at the top of the marketplace again.

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by paulfeakins » Thu May 24, 2018 6:25 pm

Qphoria wrote:
Thu May 24, 2018 4:42 am
At the very least.. a "Delete Account" option should be in the account area.
But I'm not sure how that should reflect existing orders. You likely don't want to remove the actual orders as that will mess up reporting and revenue reporting, but perhaps update the orders to delete the customer info from them?
Well I believe you are allowed to keep data if you have a legitimate reason, and I think keeping an order history is a legal requirement for accounting purposes.

Also what if I bought something and then asked the seller to delete every piece of info about me and then I wanted a refund in future? They would say they have no record of my order.

So it's all a bit silly if you ask me.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by OpenCart_Support » Thu May 24, 2018 6:31 pm

paulfeakins wrote:
Thu May 24, 2018 6:25 pm
Qphoria wrote:
Thu May 24, 2018 4:42 am
At the very least.. a "Delete Account" option should be in the account area.
But I'm not sure how that should reflect existing orders. You likely don't want to remove the actual orders as that will mess up reporting and revenue reporting, but perhaps update the orders to delete the customer info from them?
Well I believe you are allowed to keep data if you have a legitimate reason, and I think keeping an order history is a legal requirement for accounting purposes.

Also what if I bought something and then asked the seller to delete every piece of info about me and then I wanted a refund in future? They would say they have no record of my order.

So it's all a bit silly if you ask me.
yeah, you're correct in that sense - As a business, you can keep certain details regarding a customer for legal reasons, even when they ask to be forgotten.

So in this sense, if a customer kicks off and demands to delete you can retain certain information, to protect yourself and your business from anything that may lead to legal grounds.

What permits to legal grounds is beyond me and I hope no one falls into it, and maybe towards them larger companies who deal with retaining a large number of details or client information, but it's always best to protect yourselves when it comes to your business/livelihood.

The problem I've found is that in the age of the internet, is anything really forgotten that can't be dragged up/out?

regardless we're working compiling the list of how we're going to solve this.

Some areas do fall down to personal security as well as Hosting providers, so ensure you know what you're getting yourself into with them, some hosts just don't know how to protect clients, especially users on shared hosting. So if a budget allows looking at affordable, secure, localised hosting.

:)

- OpenCart Community Cheerleader -


User avatar
Administrator

Posts

Joined
Mon Apr 10, 2017 5:16 pm
Location - OpenCart UK Office

Post by kousenboetiek » Thu May 24, 2018 7:32 pm

GDPR is not necessary for a normal webshop (electronics, clothing). If you have it, it is a plus.
As long as you only collect name, address, email and phone number you can continu working legally with a normal privacy policy.

So before you make any unnecessary purchases, check with a lawyer to see if you need it .
For example an online pharmacy is required to follow the GDPR.

Regards

Newbie

Posts

Joined
Wed May 16, 2018 4:34 am

Post by OpenCart_Support » Thu May 24, 2018 7:36 pm

kousenboetiek wrote:
Thu May 24, 2018 7:32 pm
GDPR is not necessary for a normal webshop (electronics, clothing). If you have it, it is a plus.
As long as you only collect name, address, email and phone number you can continu working legally with a normal privacy policy.

So before you make any unnecessary purchases, check with a lawyer to see if you need it .
For example an online pharmacy is required to follow the GDPR.

Regards
I feel the need to add that, GDPR is and was mainly designed to ensure that marketing and communication between business and customer were transparent and that they can leave regardless of whatever reason to not receive emails etc.

If you're getting any information from a customer regardless, you need to allow them to not be contacted, (which is one of the requirements we're looking to add) and if contacted why and what grounds. :)

Its always better to be protected and have this as a standard rather than believe you don't need it and later fall risk to the hefty fines.

There is enough information out there now regarding different types of businesses and how they're using customer data, so best to follow example of leaders in the field. :)

- OpenCart Community Cheerleader -


User avatar
Administrator

Posts

Joined
Mon Apr 10, 2017 5:16 pm
Location - OpenCart UK Office

Post by ADD Creative » Thu May 24, 2018 9:16 pm

kousenboetiek wrote:
Thu May 24, 2018 7:32 pm
GDPR is not necessary for a normal webshop (electronics, clothing). If you have it, it is a plus.
As long as you only collect name, address, email and phone number you can continu working legally with a normal privacy policy.

So before you make any unnecessary purchases, check with a lawyer to see if you need it .
For example an online pharmacy is required to follow the GDPR.

Regards
GDRP is necessary for any business processing personal data if they are in the EU or process data of someone in the EU. A web shop is just the sort of business it covers.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by quitoxic » Thu May 24, 2018 10:23 pm

Hi There,
I'm banging my head against the wall, so I'm happy I found this thread.
We are trying to adapt an old client site to the GDPR regulations but we are not sooo familiar with Open cart, even less with the old version of it.

Following their lawyers advice we need to change the following:

1. Remove the name requirement on the contact form of the contact page.
On the Controller contact.php we have just changed
/* if (isset($this->error['name'])) {
$this->data['error_name'] = $this->error['name'];
} else {
$this->data['error_name'] = '';
} */

The form sends but the page goes blank after it sends.

2. Add an acceptance text (could be a checkbox or just text) regarding they "agree with the terms and conditions" in the contact form.
This nor a problem.

3. Add a checkbox to subscribe to the newsletter (optional) agreeing on the terms and conditions.

Any guidance on how to do this? We have only started with the point 1 and I'm sure you could guide us better on it since we clearly do not know what are we doing.

Thanks in advance.
Last edited by quitoxic on Thu May 24, 2018 10:45 pm, edited 1 time in total.

Newbie

Posts

Joined
Thu May 24, 2018 10:15 pm

Post by OpenCart_Support » Thu May 24, 2018 10:30 pm

quitoxic wrote:
Thu May 24, 2018 10:23 pm
Hi There,
I'm banging my head against the wall, so I'm happy I found this thread.
We are trying to adapt an old client site to the GDPR regulations but we are not sooo familiar with Open cart, even less with the old version of it.

Following their lawyers advice we need to change the following:

1. Remove the name requirement on the contact form of the contact page.
On the Controller contact.php we have just changed
/* if (isset($this->error['name'])) {
$this->data['error_name'] = $this->error['name'];
} else {
$this->data['error_name'] = '';
} */

The form sends but the page goes blank after it sends.

2. Add an acceptance text (could be a checkbox or just text) regarding they "agree with the terms and conditions" in the contact form.

3. Add a checkbox to subscribe to the newsletter (optional) agreeing on the terms and conditions.

Any guidance on how to do this? We have only started with the point 1 and I'm sure you could guide us better on it since we clearly do not know what are we doing.

Thanks in advance.

Hey

Thanks for reaching out, so your client won't need to edit or not request a name these details are fine, they just need a disclaimer of what they use the data for and if anyone contacts them, why and who will be contacting them.

So this is the example I use best to describe it.

If you sell shirts and your company has a sale on, within the disclaimer you can say, we have sales sometimes and John/bob/Mary will send an email letting you know a sale is happening, you can request to not see these emails, by letting us know - have opt-out button etc.

Best thing is advise them or their marketing team to simply use social media streams to promote sales if unsure about the GDPR stuff until further classification is available down the line.

As mentioned we're working on cultivating a list of what needs to be added, (but will take some time to get it on all past versions and future versions at the moment.

Turn on tracking and I'll update everyone if and when an update happens and what versions it has been applied too.

Cheers

- OpenCart Community Cheerleader -


User avatar
Administrator

Posts

Joined
Mon Apr 10, 2017 5:16 pm
Location - OpenCart UK Office

Post by kousenboetiek » Thu May 24, 2018 10:48 pm

Post by ADD Creative » Thu May 24, 2018 9:16 pm

"kousenboetiek wrote: ↑
Thu May 24, 2018 7:32 pm
GDPR is not necessary for a normal webshop (electronics, clothing). If you have it, it is a plus.
As long as you only collect name, address, email and phone number you can continu working legally with a normal privacy policy.

So before you make any unnecessary purchases, check with a lawyer to see if you need it .
For example an online pharmacy is required to follow the GDPR.

Regards"
GDRP is necessary for any business processing personal data if they are in the EU or process data of someone in the EU. A web shop is just the sort of business it covers.


Sorry to inform you ADD Creative : GDPR is NOT necessary for a normal webshop selling clothes, electronics, .... . (Also see reaction of "OpenCart support")
I would suggest you read carrefully the GDPR and for which webshops and companies its necessary.
GDPR is big business ..... but not necessary !

PS. I have bought it and have it working in the shop....
PS. I even recommend it to everyone , but obligated no ....
PS. I regret it that it's not obligated for every shop, organistaion who collects data, but that 's another discussion ...

Newbie

Posts

Joined
Wed May 16, 2018 4:34 am

Post by OSWorX » Fri May 25, 2018 12:30 am

kousenboetiek wrote:
Thu May 24, 2018 10:48 pm
Post by ADD Creative » Thu May 24, 2018 9:16 pm

"kousenboetiek wrote: ↑
Thu May 24, 2018 7:32 pm
GDPR is not necessary for a normal webshop (electronics, clothing). If you have it, it is a plus.
As long as you only collect name, address, email and phone number you can continu working legally with a normal privacy policy.

So before you make any unnecessary purchases, check with a lawyer to see if you need it .
For example an online pharmacy is required to follow the GDPR.

Regards"
GDRP is necessary for any business processing personal data if they are in the EU or process data of someone in the EU. A web shop is just the sort of business it covers.


Sorry to inform you ADD Creative : GDPR is NOT necessary for a normal webshop selling clothes, electronics, .... . (Also see reaction of "OpenCart support")
I would suggest you read carrefully the GDPR and for which webshops and companies its necessary.
GDPR is big business ..... but not necessary !

PS. I have bought it and have it working in the shop....
PS. I even recommend it to everyone , but obligated no ....
PS. I regret it that it's not obligated for every shop, organistaion who collects data, but that 's another discussion ...
Interesting how some people 'can' read the GDPR
But to simplify it (again and again): the only important thing is:
are you handling with personal data?

Well, I guess beside Humans nobody can and will buy products from you (for myself, never have seen a cow or ape in an shop buying some goods ..).

Okay, sure you got it?!
Because this IS the point: personal data
Nothing less, nothing more.

Because every Webshop is collecting personal data.
Starting with the
a. IP-Address (stored also in the serverlog)
b. Name
c. Address
d. eventually Telefon number, which car he/she is driving, shoesize and so on.

All this and a few more is: PERSONAL DATA
Or what do would say what this is ..

All of the above is the background for you (and all others in this business) to implement the GDPR.
Isn' t that simple?

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member
Online

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by OSWorX » Fri May 25, 2018 12:41 am

OpenCart_Support wrote:
Thu May 24, 2018 6:31 pm
As a business, you can keep certain details regarding a customer for legal reasons, even when they ask to be forgotten.
Not only you can - you have to!

OpenCart_Support wrote:
Thu May 24, 2018 6:31 pm
So in this sense, if a customer kicks off and demands to delete you can retain certain information, to protect yourself and your business from anything that may lead to legal grounds.
Not may - it will.

You - as business - have the obligation to store all Invoices (and Creditnotes, Voucher, etc.) for at least 7 years (some Countries like me 10, some more).
This has several reasons:
1. Financial Authority
2. Guarentee
3. Warranty (not the same as 2.)

1. as written starting with 7 Years
2. need to be only 6 Mons up to 2 Years
3. in the worst scenario 30 Years (e.g. Construction, Medical Doctors, etc.)

For all these reasons (and many more), personal data associated is not allowed to delete!

Therefore: the right to be forgotten is nice, is real - but not 100%
Deleted can only be what is not needed in the future because of 1. - 3.

But what can be done (and should be, because electronic material can be destroyed !), print out the Invoices etc., store them at a safe place (e.g. Safe at Bank) and then you delete customers data.
With that you are on the 'safe' side of all.

And if that guy mean several years later to come back - well a new registration is open to everyone ..

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member
Online

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by ADD Creative » Fri May 25, 2018 1:05 am

quitoxic wrote:
Thu May 24, 2018 10:23 pm
1. Remove the name requirement on the contact form of the contact page.
This seems strange advice as you need their name in order to reply to them. An email address is just as much personal data as a name.

OpenCart_Support wrote:
Thu May 24, 2018 10:30 pm
If you sell shirts and your company has a sale on, within the disclaimer you can say, we have sales sometimes and John/bob/Mary will send an email letting you know a sale is happening, you can request to not see these emails, by letting us know - have opt-out button etc.
That type of behaviour isn't allowed under the GDPR. A user needs to positively opt in and consent to receive marketing. The recommended practice seems to be that you would need say "We would like to send you an email of our offers. Please tick the box to consent to this. For more information explaining how we use your information please see our privacy notice". The tick box can not be pre-ticked, the user need to tick the box. When they submit the form you must record when and how the consent was given and what you asked/informed them.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by OSWorX » Fri May 25, 2018 2:41 am

ADD Creative wrote:
Fri May 25, 2018 1:05 am
quitoxic wrote:
Thu May 24, 2018 10:23 pm
1. Remove the name requirement on the contact form of the contact page.
This seems strange advice as you need their name in order to reply to them. An email address is just as much personal data as a name.

OpenCart_Support wrote:
Thu May 24, 2018 10:30 pm
If you sell shirts and your company has a sale on, within the disclaimer you can say, we have sales sometimes and John/bob/Mary will send an email letting you know a sale is happening, you can request to not see these emails, by letting us know - have opt-out button etc.
That type of behaviour isn't allowed under the GDPR. A user needs to positively opt in and consent to receive marketing. The recommended practice seems to be that you would need say "We would like to send you an email of our offers. Please tick the box to consent to this. For more information explaining how we use your information please see our privacy notice". The tick box can not be pre-ticked, the user need to tick the box. When they submit the form you must record when and how the consent was given and what you asked/informed them.
Going a bit further.
Every given consent is allowed to be used only for the target it is given!

For example: a Website is offering a Newsletter.
Until today this Newsletter could be used (and was) for everything (not really true in many European Countries, but common practise).
Clear a Misusage.

From tomorrow on, if you want to offer a Newsletter, you have to send only a Newsletter.
No special promotions, no advertisements, nothing else.

So, if you want to make a sale and want to offer such in an Email, this is not a newsletter!
And you are not allowed to send, because you do not have the consent.

If you want to send such emails in future, ask for Conesnt.
Build a webpage, display several tickboxes [not prechecked !] - each for another purpose.
And let the customer deside which kind of Email he wants to receive in future.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member
Online

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria
Who is online

Users browsing this forum: No registered users and 37 guests