The General Data Protection Regulation (GDPR) is a regulation on data protection and privacy for all individuals within the European Union. Please refer to the GDPR site for more details to ensure you properly comply to all the requirements. To ensure you comply with GDPR, please ensure your site is always running the latest version of the software.
In general, the Storefront relies on a small number of cookies to enable proper checkout functionality as well as to improve the quality of the product browsing experience. By default, we don't employ cookies for tracking analytics other than those explicitly enabled and configured by the merchant (e.g. Google Analytics). The Storefront may rely on generally available cookies made available by the Web site such as cookies to track the preferred language culture or session identifier.
Below are the cookies employed by the Storefront.
|This is a security cookie used to ensure that any API requests are made from the originating page.
|Track the affiliate body that should be entitled to commission for directing traffic or sales to your site. This cookie does not personally identify the visiting user.
|Track the current user session on the Web site.
|Track the current preferred language of the user browsing the site.
|Track the cart session after the user adds a product to cart.
|Tracks the effective user of the cart session.
|Allows the merchant to provide a link to resume an open cart session.
|This cookie is not used for tracking. It is simply used to aide the user interface in displaying success or error message after saving.
Personal Data Requirement
By default, the Storefront requires only a small amount of personal information to complete the checkout process. It requires the name, email, phone and address. These are the minimal data requirements that we deem reasonable for a store merchant to contact the customer for support, calculate taxes, process payment, personalize receipt email or to fulfill an order. Additional personal data may be captured if optionally provided by the user (such as address book, company name, custom fields, or other fields that are made available from the general site registration, etc.). The Storefront does not share any customer data with any 3rd parties for marketing purposes, nor does it transmit any customer data back to Revindex. You are responsible for securely storing any personal data following industry best practices.
Personal Data Erasure
Most optional data provided by the customer can be erased or deleted by the customer through the customer management modules such as address book, wish list or saved payments.
The Storefront does not allow deleting an order that has been placed, however, an order can be cancelled. This restriction is to ensure the accounting numbers should balance and needed for any tax audit purposes. Should a customer request for data erasure, you can replace the personal data with bogus data.
Additional data that was made available by the Web site to the Storefront (not directly collected by the Storefront), can also be erased or deleted from the Web site administration as needed.
For more up-to-date information on GDPR support, please visit this topic.