GDPR

  • Resolved aristotelisj

    (@aristotelisj)


    3 years, 8 months ago

    GDPR states that the customer should OPT-IN.
    Your plugin is only allowing customers to opt-out.
    This is not compliant as seend here:
    “With GDPR, you need explicit consent to use an individual’s data. ”
    https://www.superoffice.com/blog/gdpr-marketing/

    Maybe some change is needed to the way you acquire consent to use the customer’s email?
    Some other plugins ask for the email as soon as a product is added to the cart.
    What do you think?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support CartFlows Team

    (@cartflows)

    Hello @aristotelisj,

    Our plugin does not ask for the email when users add the product to the cart.

    When users visit the checkout page and enter their email address plugin captures the email.

    If you have enabled the GDPR settings from the plugin, you can see the GDPR message with the no thanks link. If the user clicks on the no thanks link, the user’s data will not be saved.
    So users have the option to whether they want to share their data or not.

    We hope it clarifies.

    Let us know if you have any questions.

    Thread Starter aristotelisj

    (@aristotelisj)

    Actually this is the problem.
    According to the GDPR, the user has to CLICK TO ACCEPT receiving emails.
    The way your plugin works is by CLICK TO REJECT receiving emails.
    This is not GDPR compliant.
    It is the same as receiving newsletters… we cannot add the customer to the newsletter unless they click a checkbox willingly ADDING themselves to the list.
    Contrary to this notion, the way the plugin works now, it is already adding the customer to the abandoned cart email list and he has to click something to REMOVE himself.
    Anyway just bringing it to your attention.
    If you think I am mistaken about the GDPR policy in this regard, please say so.

    Thread Starter aristotelisj

    (@aristotelisj)

    Coming to think of it better, an INPUT field of type TEXT (the email field), is VERY similar to an INPUT field of type CHECKBOX.
    So if we warn the user below a checkbox or below a text field, before they click inside the field to change its value, it is virtually the same thing.

    With GDPR we should inform the user:
    1. if you fill in the email, you acknowledge that we will use it
    2. how we will use it
    3. how to find out more in the privacy policy
    4. and provide an immediate opt-out with ‘NO THANKS’ (similar to unchecking a box)
    5. and provide opt-out in the email (similar to unchecking a box)

    Therefore I changed my GDPR text as follows:

    <span class=”wcf_cf_gdpr_message”>Your email address and cart are saved so we can send email reminders about this order.<br>
    By filling in your email address you certify that you accept our use of your data and that you have read and accept our privacy policy.</span>

    Thank you very much for this plugin.
    5 stars

    Plugin Support CartFlows Team

    (@cartflows)

    Hello @aristotelisj,

    Thank you for more information.

    We will discuss this point with our team members and make the changes accordingly.

    Have a great day.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘GDPR’ is closed to new replies.

Tags