Recent Articles

Understanding GDPR support in Storefront

The General Data Protection Regulation (GDPR) is a regulation on data protection and privacy for all individuals within the European Union. Please refer to the GDPR site for more details to ensure you properly comply to all the requirements. To ensure you comply with GDPR, please ensure your site is always running the latest version of the software.

Cookie Requirement

In general, the Storefront relies on a small number of cookies to enable proper checkout functionality as well as to improve the quality of the product browsing experience. By default, we don't employ cookies for tracking analytics other than those explicitly enabled and configured by the merchant (e.g. Google Analytics). The Storefront may rely on generally available cookies made available by the Web site such as cookies to track the preferred language culture or session identifier.

To comply with GDPR, the merchant should offer the user the ability to consent to the use of cookies. Since cookies are generally used throughout the entire Web site, the consent form should be handled outside the scope of the Storefront, preferably on the home page where the user first lands on your site. The consent form should include terms of your privacy policy.

If the user does not consent to use cookies, the user will not be able to complete the checkout since there is no mechanism to associate the visiting user back to the items added to their cart. In such a case, you may want to notify the user the consequences of refusing cookies.

Cookie Declaration

Below are the cookies employed by the Storefront.

Name Description Example value
This is a security cookie used to ensure that any API requests are made from the originating page. vh2SRV3KK4i-pBn9lAMuGa3josMm
AffiliateID Track the affiliate body that should be entitled to commission for directing traffic or sales to your site. This cookie does not personally identify the visiting user. 129
Track the current user session on the Web site. rdtvj35nmfuvkphc3zzlrmx4
language Track the current preferred language of the user browsing the site. en-US
rvdsfcart|x Track the cart session after the user adds a product to cart. rvdsfsoguid=6dde9ecd-8ba4-4e05-a4e6-b4b36f7cb074
rvdsfuserid Tracks the effective user of the cart session. 1878
Allows the merchant to provide a link to resume an open cart session. 6dde9ecd-8ba4-4e05-a4e6-b4b36f7cb074
This cookie is not used for tracking. It is simply used to aide the user interface in displaying success or error message after saving. "Saved successfully"


Personal Data Requirement

By default, the Storefront requires only a small amount of personal information to complete the checkout process. It requires the name, email, phone and address. These are the minimal data requirements that we deem reasonable for a store merchant to contact the customer for support, calculate taxes, process payment, personalize receipt email or to fulfill an order. Additional personal data may be captured if optionally provided by the user (such as address book, company name, custom fields, or other fields that are made available from the general site registration, etc.). The Storefront does not share any customer data with any 3rd parties for marketing purposes, nor does it transmit any customer data back to Revindex. You are responsible for securely storing any personal data following industry best practices.

Personal Data Erasure

Most optional data provided by the customer can be erased or deleted by the customer through the customer management modules such as address book, wish list or saved payments.

The Storefront does not allow deleting an order that has been placed, however, an order can be cancelled. This restriction is to ensure the accounting numbers should balance and needed for any tax audit purposes. Should a customer request for data erasure, you can replace the personal data with bogus data.

Additional data that was made available by the Web site to the Storefront (not directly collected by the Storefront), can also be erased or deleted from the Web site administration as needed.

For more up-to-date information on GDPR support, please visit this topic.