Shoplazza believes strongly in protecting personal information, and understands that doing so is critical in helping you preserve the trust and confidence of your customers. Shoplazza has designed its platform to enable you to offer your customers transparency into and control over their personal information. Shoplazza believes in making it easy for you to use its platform in a manner that complies with privacy and data protection laws around the world.
Shoplazza does what it can to set you up for success, but there are also steps you will need to take on your own. The following documents will help you start thinking about one of the major global legal requirements - the European Union's General Data Protection Regulation.
If you have specific legal questions about which laws apply to you, or questions specific to your business, then consult with a local lawyer who is familiar with data protection laws.
General Data Protection Regulation (GDPR)
The European Union's General Data Protection Regulation (GDPR) came into effect on May 25, 2018. This Regulation lays down rules on the protection of natural persons with regard to the processing of their personal data and imposes new obligations and responsibilities on controllers and processors of data.
GDPR application
The GDPR applies to any company that is based in the European Union or handles the personal data of residents in the European Economic Area (EEA). If you make goods and services available in Europe, whether for free or not, the GDPR might apply to your business, even if you or your business is not located in Europe.
As a merchant, you are generally the controller of your customers’ data. This means that you collect your customers’ data and choose how it is handled. As an e-commerce platform, Shoplazza is generally a processor for your customers’ data following your instructions on how to handle that data. For information about Shoplazza‘s obligations as a data processor for your customer data and how Shoplazza is compliant with GDPR, see our Data Processing Addendum[a].
Suggested Actions for GDPR
There may be some steps you will need to take to make your store fully compliant.
- Create a GDPR compliant privacy policy. Make sure you have a Privacy Policy page on your store. Such privacy policy shall, at a minimum, describe the personal information you collect, how you use it, and who you share it with.
- Install the Customer Privacy App. The App will prompt your customers for their consent to use cookies and other tracking technologies while shopping in your store.
- Explicitly ask for consent for marketing communications. GDPR requires that you obtain the prior affirmative consent of your customers to send them marketing communications. You should request such consent, rather than include the request in your privacy policy or other terms.
- Check the privacy policy of third party APPS you use in your store. Any apps that you use with your online business will also need to be compliant. Shoplazza cannot control the processing of data by third-party applications; you will have to reach out to the vendor directly to confirm if they meet GDPR requirements for compliance.
Cookies and Customer Privacy app
Countries and regions around the world have introduced regulations that dictate how businesses collect, handle, and share their customer’s data. Collecting customer data, especially cookie data and other data related to browsing activity, is essential to merchants looking for insights on their customer’s behavior. This data also helps merchants advertise to customers on third-party marketing platforms.
To help merchants comply with these regulations and build trust with their customers, Shoplazza is planning to provide a variety of apps, features, and developers tools.You can install the Customer Privacy App created by Shoplazza.
When making a decision about what your business needs to do to comply with various privacy regulations it’s important to consult with your lawyer.
Data sharing with ad networks
To improve your marketing campaigns, your customer data is used to optimize and personalize the ads targeting existing and prospective customers. Ad networks require personal information about your customers to match those same customers in their network.
This personal information might include email addresses, phone numbers, IP addresses, names, mailing addresses, and third-party tracking cookies. If any of this personal information matches users in the ad network's database, then ads can be targeted towards those users, or that information can be used for marketing attribution to determine when a campaign should take credit for a sale.
When you share your customer's personal information, make sure that you do so with a marketing partner that you trust. It's important to tell your customers how you share data, and to decide what type of data, or how much data, you want to track and share. Make sure that your privacy policy is up to date to provide this information to your customers.
Tracking European customers and GDPR compliance
Under the European Union’s General Data Protection Regulation (GDPR), European customers visiting your online store must give consent before they can be tracked. The most common way of tracking customers to your online store is using browser cookies. These browser cookies are referred to as non-essential cookies and must be limited in use until consent is given by the customer.
Shoplazza limits customer tracking by downgrading its own non-essential cookies, to session cookies. Session cookies are generally deleted when the customer closes their browser. If a customer consents to tracking, then the non-essential cookies are upgraded to persistent cookies, which are not deleted when the customer closes their browser.
Because Shoplazza can’t control if a third-party app or script tracks a customer,it is your responsibility to review the terms of service and privacy policies of third-party apps and scripts that you’re working with to determine how they are respecting customer consent.
Getting customer tracking consent
Gathering customer consent lets you track customers in countries and regions that require consent before tracking. The most common way of gathering this consent is through cookie banners. These banners often appear at the bottom of websites and prompt the user with the option to accept non-essential cookies for analytics and marketing.You can install Shoplazza‘s Customer Privacy app to help you set up such cookie banners on your store. With our Customer Privacy app, you can collect tracking consent from online store visitors to comply with the General Data Protection Regulation (GDPR) by letting visitors choose if they want to accept cookies or not.
Steps
1. In your Shoplazza admin, click Settings> Store Information.
2. Turn on the Customer Privacy switch.
3. In your Shoplazza admin, go to Apps > Visit App Store.
4. From the dropdown at the header, select Store management > Policy and security.
5. Locate the Customer privacy and click Add.
6. Go back to Shoplazza admin to authorize the App installation.
Comments
Please sign in to leave a comment.