GDPR compliance

  • Resolved karlemilnikka

    (@karlemilnikka)


    2 years, 8 months ago

    Is there a hook or setting to disable all connections to Stripe’s servers until the user has accepted the terms (so that the GDPR isn’t violated, and the customer can choose to let us make an exception under article 49)? It looks like the plugin currently establishes connections to Stripe without the consent needed for transferring personal data to countries without adequate data protection.

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hello,

    I understand you would like to know if the user needs to accept terms and conditions before making a payment via Stripe, please correct me if I am wrong.

    WooCommerce validates the checkout so that the user needs to read and accept terms and conditions before making the payment.

    [Reference class wc-checkout line 854].

    To learn more about this, please refer to:
    https://woocommerce.com/document/privacy-payments/
    https://stripe.com/gb/privacy

    Let us know if there are any questions ??

    Thread Starter karlemilnikka

    (@karlemilnikka)

    Thanks for your quick reply. No, this is actually regarding the situation before any network connections are made or any Stripe cookies are set. Currently, both network connections and cookies are set before the user has given permission. This could be solved by adding a link in the checkout that has to be clicked before any content is loaded from Stripe’s servers.

    Mirko P.

    (@rainfallnixfig)

    Hi @karlemilnikka,

    It looks like the plugin currently establishes connections to Stripe without the consent needed for transferring personal data to countries without adequate data protection.

    GDPR compliance depends on the country where the business is located and not all countries require a GDPR policy. This is why an option to disable the connection to Stripe isn’t included by default in the plugin unless you disable the payment method.

    It seems that you need to find a way to defer the loading of the stripe.js script which enables Stripe cookies on some pages after the GDPR terms are accepted. It sounds this would require further intervention from a developer as there is no option to do that out of the box. You can find the hooks available with WooCommerce Stripe here:

    https://woocommerce.com/document/stripe/#hooks-actions-filters

    If you require more help with the actual coding, we’d recommend hiring a developer or one of the customization experts listed at https://woocommerce.com/customizations/.

    Another way would be installing a GDPR plugin with a script blocker prior to consent from the user. Search on Google “automatically block all cookie script prior to the users’ consent” and it should fetch some useful resources to get you on the right track.

    Hope this helps.

    Thread Starter karlemilnikka

    (@karlemilnikka)

    Thank you very much for your quick reply and transparency. I’ll look into what we can do and take into consideration that it will require some custom development if we decide to use Stripe for our European customers.

    Mirko P.

    (@rainfallnixfig)

    Glad to hear we could be of help here. Thanks for letting us know!

    Feel free to start a new thread if you have any more questions. In the meantime, if you have a few minutes, we’d love if you could leave a review of our plugin 👇

    https://www.ads-software.com/support/plugin/woocommerce-gateway-stripe/reviews/#new-post

    Cheers!

    Thread Starter karlemilnikka

    (@karlemilnikka)

    I’ve set a reminder to add a review if can find a way to make the plugin work in a GDPR compliant mode.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘GDPR compliance’ is closed to new replies.

Tags