Merchants needing to set up their stores to adhere to Data Privacy Regulations (such as GDPR and CCPA) can use Shift4Shop's Data Privacy Toolkit to facilitate the process.
The Data Privacy Toolkit offers the following functions for merchants to add to their stores:
Add an automatic Cookie Acceptance popup to the store
(Visitors are advised that the cookie will be used while shopping your site.)
Generates a link that Merchants can give to their customers to review their stored data
(i.e., orders, reviews, blog comments, product offers, etc.)
Upon review of the data, customers can request to have this data deleted.
A similar link allowing customers to request the deletion of their records outright.
(No report of what is stored, but rather just an automatic delete of records)
A running log for the merchant of these customer report and delete requests.
(So you can see when requests were made in case of dispute)
To enable and setup the Data Privacy Toolkit, use the following steps:
Log into your Shift4Shop Online Store Manager.
Using the left navigation menu, go to Modules.
On the Modules page, use the search bar at the top to search for and locate the "Data Privacy" toolkit.
Once the module appears, click on its Settings button.
A popup window will appear with the following settings:
Mark this checkbox to enable policy acceptance checkboxes in various areas where an email address is required for use of the function. This includes:
The Customer Registration page
Newsletter sign ups
Email a Friend
If the site visitor does not mark the acceptance checkbox, the function will not allow them to use it.
Request Data Page URL
This URL can be posted or added somewhere on your site (or perhaps in your email communications) for customers to review their stored customer data. When reviewing their data, customers can also select to have their data deleted from the records. (See next section for a fuller explanation of the Data Report and Delete Functions).
Request Data Removal Page URL
Similar to the URL described above, but rather than generating a report, this option allows the customer to delete their records outright. (See the next section for a fuller explanation of the Data Report and Delete Functions).
Enforce the Use of Cookie Acceptance
View Customer’s Requests Log
Lastly, this link will take you to your store's internal report of Data Report and Deletion requests to your site for reference and record keeping.
Once you have configured your settings on the popup, click Save, and you will be taken back to the Modules page with the Data Privacy module displayed. To complete the setup:
5. Within the Data Privacy module, mark the "Enable" checkbox.
6. Click Save at the top right of the page to finish the set up.
Your store now has the Data Privacy toolkit settings enabled and ready for use.
Data Request and Removal Options
In the case of the Data Request URL; when they visit the page, the customer will enter their email address and receive a confirmation email and a link to confirm that they'd like to have the data compiled for them. Once the data is compiled, they'll receive an additional email with the URL where they can review said data.
The report will list for them any areas of the store that has their email address saved and stored, including:
Blog interactions (comments and replies)
Product-related interaction records, such as
Waiting List records
Product Q&A records
Communication Logs from your Contact Us page (CRM)
Any additional records matching to their email address
On the report, the customer/visitor can then print the report or request that the stored data be deleted* from the store.
Delete Data Requests
In the case of the Data Deletion URL, the same process will occur with the visitor entering their email address and further confirming the request via an emailed link and acceptance button. The main difference, however, is that they will not receive any report of their data, but rather the system will delete* it outright (although the visitor will still get a confirmation email after everything is deleted).
*Important Information About the Deletion of Records
If the customer has unfulfilled orders (orders that have not been shipped or canceled), then the deletion request will not proceed until those orders are closed.
Furthermore, it should be noted that the orders themselves will not be removed from the store. Instead, they will be kept in the store's database (along with their country of origin data) for record-keeping and accounting purposes.
However, all customer identifying information on the orders (email, billing address, shipping address, phone numbers, etc.) will be removed and replaced with the phrase "gdpr-replaced" in its place. This is intended to let you adhere to Data Privacy policies while keeping your store's order information and subsequent business reporting intact.