♥14steve14 Posted May 26, 2018 Author Share Posted May 26, 2018 1 hour ago, yahalimu said: Hi, We don't send newsletters/unsolicited emails. (as yet) so have sent out no consent emails. If I did I would use mail-chimp as we've had issues before with mass emails from the shop and getting IP blacklisted by gmail and live and other 'learning' or 'intelligent' spam filters due to sheer numbers of new mail and customers sticking in them their spam folder.. Although many are sending consent emails to everyone in their database, as I read it customers you have a 'relationship' with (ie. order regularly or at all) do not need to consent to the new privacy policy unless you intend to mail them. I have put a notification on the log-in and added the privacy policy to the MATC tickbox. I have NULL'd all newsletter entries before 25th May as the newsletter tick box was pre-ticked previously. Since I pre un-ticked the newsletter box the rate has dropped from 80% to 7% of customers requesting it. I've deleted all inactive accounts with no purchases older than 5 years and email T&C's (inc. privacy policy) on every order confirmation If and when we do decide to mail out newsletters I will then send all the pre May 25th customers (all 26,000 of them) advising them of the new PP (which apparently needs no permission/opt-in) and they will now have to opt-in to newsletters if they want them, possibly with the bait of a discount code (which is seeming popular) and how to delete their account,no real rush til then I think. I'm sure someone is going to tell me that's wrong but after reading all the differing interpretations those are mine. I think just wait and see how it all rolls out and react accordingly. If you do not legitimately have customers consent which it sounds like you dont, as the box was pre ticked, you wont be able to email your current customer list. You could have done it before 25th but you didnt. But that is my interpretation of the rules. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
yahalimu Posted May 27, 2018 Share Posted May 27, 2018 Hi, To send them newsletters or anything they need to consent to yes. But the GDPR also says it is also a requirement to inform all customers of any changes to the privacy policy, whether they are a newsletter subscriber or not and does not need consent. This obviously can be at any time. Link to comment Share on other sites More sharing options...
♥14steve14 Posted May 27, 2018 Author Share Posted May 27, 2018 46 minutes ago, yahalimu said: Hi, To send them newsletters or anything they need to consent to yes. But the GDPR also says it is also a requirement to inform all customers of any changes to the privacy policy, whether they are a newsletter subscriber or not and does not need consent. This obviously can be at any time. As long as you are only emailing those customers about their orders, customer services relating to orders or sales or policy changes thats fine. There is something in the regulations about a line between normal transactional emails and marketing emails. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
MrPhil Posted May 27, 2018 Share Posted May 27, 2018 On 5/25/2018 at 7:01 AM, JcMagpie said: Well everyone had plenty of time to get on with it only your self to blame if the grim EU comes knocking at you door :) https://www.youtube.com/watch?v=0frHw-7J4Mk Link to comment Share on other sites More sharing options...
burt Posted May 27, 2018 Share Posted May 27, 2018 Here is Gumtrees take on that "positive affirmative action for consent"... So, if you click a link, or press "I accept" ... you've accepted. No way to say "no". Link to comment Share on other sites More sharing options...
MrPhil Posted May 28, 2018 Share Posted May 28, 2018 I don't see anything wrong with having several links to more detailed information (so long as they don't drop their own cookies, etc.). How can you make an informed decision on such things without information? The objection here is that you MUST accept their terms, simply to proceed. There does not appear to be any way to use the system without having accepted their terms, which IS contrary to GDPR and other laws. I suppose they could add something like "If you do not accept these terms, it is not technically possible for you to use our system (it uses cookies, etc.)", but even that may be problematic. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted May 28, 2018 Share Posted May 28, 2018 My approach is a little simplistic. Link to comment Share on other sites More sharing options...
♥14steve14 Posted May 28, 2018 Author Share Posted May 28, 2018 2 hours ago, JcMagpie said: My approach is a little simplistic. I see on several sites now something similar to what is on the Lloyds bank site. https://www.lloydsbank.com/personal.asp There is an option to manage cookies. How that works I have no idea. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
♥JcMagpie Posted May 28, 2018 Share Posted May 28, 2018 Na! not worth the effort. Thats just a widget lots of those have been doing the rounds, I've had loads of tel sales bugging me telling me my site needs them , The EU have a help site which gives info on it. Intrestingly they dont require anything that fancy just yes or no. http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm#section_5 Its ironic that on there site to download Documentation Cookie Consent Kit they as for you email!!! Link to comment Share on other sites More sharing options...
burt Posted May 28, 2018 Share Posted May 28, 2018 11 hours ago, wHiTeHaT said: There is already 3 links in THAT cookie message. So i do not think that this is the legal way. Assuming before i accept anything i would like to read more about their "brands", "learn more" " manage your privacy settings". or do i miss the whole thingy here? 100% not legal per the GDPR regulations. What they say is; click any link and you have accepted. But what if I want to view their terms/privacy and then decline. Link to comment Share on other sites More sharing options...
burt Posted May 28, 2018 Share Posted May 28, 2018 It's eBay though. One of those sites that gets away with all sorts of shit because they are big. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted May 29, 2018 Share Posted May 29, 2018 13 hours ago, wHiTeHaT said: your code can be on the market for £25 Nice clean looking website is it official or private ? Link to comment Share on other sites More sharing options...
♥JcMagpie Posted May 29, 2018 Share Posted May 29, 2018 On 27/05/2018 at 12:49 PM, MrPhil said: https://www.youtube.com/watch?v=0frHw-7J4Mk had forgotten how good they were, will have to find a copy and watch again Link to comment Share on other sites More sharing options...
♥Dan Cole Posted May 29, 2018 Share Posted May 29, 2018 14 hours ago, wHiTeHaT said: your code can be on the market for £25 Looking good Henry. Dan Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
♥JcMagpie Posted May 29, 2018 Share Posted May 29, 2018 Just now, wHiTeHaT said: It is official unofficial cool lest see if we can get people to use it. But I have to be carfull dont want to upset anyone. So its only unofficial support. Link to comment Share on other sites More sharing options...
CasperC Posted June 14, 2018 Share Posted June 14, 2018 We did spend quite some time adapting. We bought a GDPR-software which had several templates. Everything from incoming orders, handling, newsletters and storage of data have been described thoroughly. The software certainly made it quicker to become compliant. Link to comment Share on other sites More sharing options...
ArtcoInc Posted July 16, 2018 Share Posted July 16, 2018 https://www.business2community.com/cybersecurity/gdpr-2-0-comes-to-the-united-states-02092832 GDPR 2.0 Comes to the United States On June 28 2018, California Governor Jerry Brown signed into law AB 375, the California Consumer Privacy Act (CCPA) of 2018. The statute, seen as one of the toughest privacy laws in the United States, will require companies to tell California residents what information is being collected and how it’s used. You have 18 months to get ready. For organizations already actively complying with the requirements of the European Union’s General Data Protection Regulation (GDPR), the CCPA will have little impact. You are already doing what you need to do to comply, as the California statute’s intent is very similar to GDPR. The goal of both of these laws — and the Australian Privacy Principles — is to give consumers ownership and control of their personal data. And it provides the legal bite to ensure compliance. If your US-based organization, however, has not started or believes that the GDPR will not have an impact on your local business, the new law is more than a wake up call, it’s your fire alarm. And where California goes, many other states will follow. The new law will more than likely require a thorough review of your data security controls or risk expensive litigation and fines. Here’s a quick look at the highlights: California’s Attorney General’s office will have the authority to enforce the law when it goes into effect in January 2020. It has provisions for allowing people to tell companies to delete or stop selling their information. The law does not force companies to stop collecting information OR provide provisions for consumers to request companies stop collecting their information. Like the GDPR, the California law has a broad definition of PII (IP addresses, geo-location and browsing info [cookies]) The California law has an exception for personal information “de-identified or in the aggregate consumer information;” however, the law doesn’t give much detail on the identifiers that are not subject to scrutiny. Aggregation of information might also be an alternative way for advertisers to ignore the law. With 18 months to enforcement, companies need to start today. Most companies focused on security and compliance already maintain formalized incident response, disaster recovery/business continuity plans as well as comply with encryption/data anonymization for sensitive data storage and have gone through at least a rudimentary data-mapping process that should easily surpass the California requirements. If that isn’t the case for your organization, implement the GDPR methodologies and processes to comply with the CCPA and you will be set for any eventuality. Link to comment Share on other sites More sharing options...
burt Posted July 16, 2018 Share Posted July 16, 2018 Nice! When I first heard about GDPR I was "bloody EU meddling bas---- bureaucrats". Since it came into force, I've got my details removed from numerous sites with no questions asked. So, good for California - what you guys will see is some resistance from Shopowners to the whole idea, then when it comes these shopowners will realise "hey that was easy". And when it is in force...most "Joe Average" will find it useful. And yes, I agree...what one state does...the rest will follow. Link to comment Share on other sites More sharing options...
MrPhil Posted July 17, 2018 Share Posted July 17, 2018 Well then, applications such as osCommerce should be GDPR/CCPA ready right out of the box, with all the places explaining what the site does with your data ready to be filled in (or customized), and all the tools in place for customers to make requests and manage their data. Not add-ons -- built right in, as it will be needed almost everywhere. Link to comment Share on other sites More sharing options...
burt Posted July 17, 2018 Share Posted July 17, 2018 Adding stuff in is not the way forward. The way forward is modular. Link to comment Share on other sites More sharing options...
MrPhil Posted July 18, 2018 Share Posted July 18, 2018 I don't care what form it takes, so long as it's not something that a store owner has to go looking for and install separately. Turning it on manually is OK, but it has to be built in. Any store software that has it built in is going to have a major advantage over all others where it's an "extra" afterthought, because almost everyone is going to have to use it. Link to comment Share on other sites More sharing options...
burt Posted July 18, 2018 Share Posted July 18, 2018 I'm 100% sure that things will be removed from Core, in order to make it; easier for "Team" (hahaha) to support easier for coders to code new stuff easier for shopowners to have a choice of what they want I can't imagine any scenario where osCommerce gets more things added. As for GDPR things: There is already a very good GDPR system available for these (as you put them) "business people who don't want to be computer wizards" . Link to comment Share on other sites More sharing options...
♥14steve14 Posted July 18, 2018 Author Share Posted July 18, 2018 But where would the legal stuff stop. GDPR, Taxes, VAT and all the different legal rules from every country, the code would be a nightmare. May be there should be a package available for each country, similar to the concept of a language pack, that would include all the legal stuff for all the countries, all as modules. Each pack could them be maintained by someone with an interest and knowledge of the laws in each countries. Each pack could also contain things like currencies set up, date and address layouts, and so much more, but it will take lots of organising and will soon become a headache,and would get left and then become outdated because only a few people would want it, and others couldnt be bothered to update things as needed. It would become a mess like many other addons. It would also mean more work in altering the core code to allow these things to be added as a package. The only trouble being this will never happen as no one can access the core code, and without help Gary cant do everything on his own. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
♥JcMagpie Posted July 18, 2018 Share Posted July 18, 2018 Politicians flip & flop all the time, It would be a nightmare keeping it up to date with every change! Also giving league advice in the core or as an add-on is not wise as it would open OsC to legal complications. Its best people get advice from own local legal experts so there is no comeback on OsC. People should be getting there T&S and other stuff legally check anyway. I would definitely keep it out of core. Link to comment Share on other sites More sharing options...
ArtcoInc Posted July 19, 2018 Share Posted July 19, 2018 * update * The recently passed law here in California has this provision: What “Businesses” Are Covered? The CCPA broadly applies to “businesses” that operate for-profit and (1) have an annual gross revenue of more than $25 million, (2) buy, receive or share for commercial purposes, or sells personal information of 50,000 of more consumers, households, or devices, or (3) derive 50% or more of their annual revenue from selling consumers’ personal information. The CCPA also applies to entities that share common branding with a qualifying “business” and that controls or is controlled by that business. (fwiw) PS: Some more "interesting" reading ... https://digiday.com/media/wtf-california-consumer-privacy-act/ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.