In the first part of my GDPR post I introduced a set of modules related to customers “Right of access” and “Right to erasure” In this post I’m going to introduce a module that will allow you collect customers consent for collecting and processing their data. Customers consent is required to process personal data by the GDPR regulations

In what cases do you  collect customer data on your online store ? 2 obvious cases are

• your visitors create an account
• your customers place a order

There are more cases of course where you could think/say that a customer/visitor is submitting personal data to the store, like sending a message through the contact form, writing a review, signing up to a newsletter etc.

Having that in mind, I created a flexible module that places a special “accept terms” section to forms where visitors submit their data. You can enable/disable the module for various forms and pages in admin.

The module display a checkbox hat people have to check in order to accept your terms and disables the “submit” button until the checkbox is checked

On the right side of the checkbox is a link to your terms and conditions, clicking on it activate a pop up window that display your terms

The content of the pop up window can be either a static file (like e.g. privacy.php or conditions.php etc) or a page created in admin with the MTS page manager. This you can set in admin, I’ll explain later on.

At the bottom of the pop up window, people can either accept the terms or close the window without accepting. Pressing on accept will close the pop up and check the checkbox.

Checking the checkbox enables the submit button and people can proceed

The module is self contained, there are no files to edit and all settings can be done in admin

You can set on what pages you want to enable the module.

Of course It makes sense only for pages where people submit something, so some of the store files are excluded from the list (like e.g. product_info.php)

You can have the pop up loading automatically upon page load, for this simply turn auto pop up “on”. People will get the terms pop up the moment they visit a page that has the module enabled. This is a good idea if you want to force people read your terms

Next, you can select what the content of the pop up should be. As said, you can either use one of your existing static pages (like privacy.php) or a MTS page created with the MTS page manager. In admin, you can either type in the filename you want to use or simply the ID of the page you created with MTS page manager

It is very easy to create a new page using MTS pages manager, the feature is available only to MTS users

Finally you can make various design decisions in admin and adjust the look of the section to your store design

The accept terms area display very nicely on small screens as well

GDPR compliance is required for all websites and online stores, doesn’t matter if you are located in the European Union or not. The moment your online store is accessible by European Union citizens and you have customers that are European Union residents, you have to adapt.

In case you don’t have already an other solution and want to have that modules for your store, please get in touch. While the module is tailored to MTS stores, there is an alternative solution available for regular stores

This post introduce a set of osCommerce modules that cover the GDPR obligations of:

1) Right of access: It gives citizens the right to access their personal data and information about how this personal data is being processed. A data controller must provide, upon request, an overview of the categories of data that are being processed as well as a copy of the actual data

2) Right to erasure: The data subject has the right to request erasure of personal data related to them

In simple terms, the set of modules being introduced here will allow your customers to:

• see what data you have stored about them
• download that data
• edit parts of that data
• delete parts of that data

Customers are ale to delete and edit anything but their orders, that you are obligated to keep for fiscal reasons

The set of modules create a new page called “account privacy” and a link to it on the accounts overview page. You can of course add more links to the account privacy page anywhere on your store.

The account privacy page, display all GDPR modules that you have installed in admin.

Each module contain a section of the customers data stored on the website. Modules display “collapsed” in order to have a better overview. Displaying all data at once could be confusing for store visitors and cause a lot of scrolling on mobile devices. The visible heading part of each module, display its title and 2 buttons.

• the “show” button expands the details on screen
• the “download” button allow customers to download the data of the corresponding module.

The “account data” module display the basic account data of the customer, like name, email, address, the date the account was created, number of logons etc. It also display any recorded actions of the “action recorder” modules that are included in osCommerce by default.

Customer can delete their account by pressing the “delete” button. In order to prevent accidetial deletion, customers have to confirm the action, since it can’t be undone.

The “address book” module display the main and any additional addresses the customer may have stored. Each address can be edited and each address – beside the main address – can be deleted on this page

The “subscriptions” module display the subscription status to newsletters and global product notiofications and create a list of products your customer has subscribed for, in order to receive individual product notifications and updates.

The customer can easily subscribe / unsubscribe to newsletters and global product notifications and easily remove any individual product notifications.

Its worth to mention that all actions are performed via ajax calls, that mean without page reloads that improve the customer experience specially on mobile devices

The “cookies” module display all cookies that the website stores on customers device. In admin, you can set the cookies that are essential for the store operation, like the “osCsid”, that is the session ID cookie. You can also add a optional description to each cookie to make clear what it is good for.

Your customers vcan delete any cookie by pressing the delete button

The “product reviews” module display all reviews the customer has submitted, regardless their status (you can turn the status of reviews on or off in admin and make them visible to public or not)

Your customer can either delete a review or “anonymize” it. The “anonymize” function replace characters of the customers name with asterisks (*)

The “orders” module display all customers orders. Orders do not really belong to personal data protected by GDPR, but I believe its a good idea to have that information on this page. Its is up to you to install the module in admin or not.

The module display a list of all orders. The customer can see the details of each order by pressing the “show details” button. Order details are shown without any page reload.

The details page display shipping and payment details, a list of the ordered products and the complete order history.

Orders can’t be deleted by the customer, the store has to keep order records or fiscal reasons

The “shopping cart” module display the contents of the customers cart. While this also doesn’t belong to data protected by GDPR, its good to have the option to display it on this page, you can decide your self if you want to show the module or not.

The customer can remove items from the shopping cart, the action is performed without any page reload

GDPR compliance is required for all websites and online stores, doesn’t matter if you are located in the European Union or not. The moment your online store is accessible by European Union citizens and you have customers that are European Union residents, you have to adapt, fines can be very high from what I’m reading.

In case you don’t have already an other solution and want to have that modules for your store, please get in touch.

You can also checkout part 2 about collecting customers consent