FAQ: General Data Protection Regulation (GDPR)

 

The General Data Protection Regulation (GDPR) takes effect on May 25th, 2018. The purpose of the GDPR is to consolidate data protection laws within the European Union and to strengthen the protection of personal data. Shopgate has always actively prioritized the confidential handling and secure storage of sensitive data - this applies equally to the data of our merchants and the data of end customers. As such, we have worked intensively to ensure all our services are fully compliant with the GDPR requirements. 

What does this mean for you as a Shopgate merchant? In the following article, we have summarized all important points for compliance with the GDPR at Shopgate.

 

What has Shopgate done to prepare for the GDPR?

  • Cookie notices
    • A standardized cookie notice is displayed on all Shopgate mobile websites.
    • The previous version of our cookie notice on your Shopgate mobile website has been removed. If this is not the case, please send an email to support@shopgate.com.
    • The cookie notice cannot be customized individually.
  • Tracking opt-out
    • Your end customers can deactivate all native tracking providers via opt-out.
    • End customers will find the opt-out function at the bottom of the Privacy Policy page on the mobile website and in the apps.
    • Please note this opt-out function does not apply to any external providers that you as a merchant have inserted using the "Tracking Codes" tool. 
    • If you have external provider tracking inserted via "Tracking Codes", you are responsible for adding the corresponding opt-out links for the respective providers in your privacy policy.
  • Deletion of customer data
    • Customer data can be deleted at any time. As a merchant, you can delete the data in the Shopgate admin.
    • Your end customers can request the deletion of their data in the apps and on the mobile website. 
    • Customer deletion requests are collected in a table in the Shopgate admin where you can approve them for deletion. You also have the option of adding new requests by logging into your Shopgate admin and navigating to Settings → Delete Customer Data. Delete_Customer_Data
      Important: Please delete the data of the corresponding customers from your shopping cart system first. Then remove the customer data from the Shopgate admin by clicking Delete or Delete All.
    • We will notify you by email if your customers request data deletion in the app and/or on the mobile website.  Upon receiving this email, you must delete this data in your shopping cart system and in your Shopgate admin as soon as possible. This ensures the information is completely deleted.
    • After your approval, the data will be deleted immediately and irrevocably.
    • Orders from deleted end customers will continue to be displayed anonymously in our merchant admin for reporting purposes.
    • As a merchant, you are responsible for compliance with all legal terms within the GDPR. 

Is tracking of your end customers anonymized at Shopgate?

  • Shopgate Tracking
    To continually improve our service, Shopgate tracks only anonymous user data with Google Analytics. 
  • Google Analytics via Shopgate
    We give our merchants the opportunity to use their own Google Analytics account for tracking. For this feature, Shopgate uses the IP anonymization function provided by Google, whereby the last part of a user's IP address is not recorded. This ensures that only anonymous data is collected.
  • Other external tracking providers (Facebook, AppsFlyer, Econda, etracker, Facebook Pixel)
    Shopgate does not make any special configuration for these external tracking services, but we have adopted the standard procedure of the respective provider. If these providers are GDPR-compliant, the data should be made anonymous.
    If you have any questions, please contact the respective provider directly. 
  • Shopgate "Tracking Codes" functionality 
    As a merchant, you can use our "Tracking Codes" function to enter your own tracking scripts from third-party providers. If you use this functionality, you are responsible for verifying that the data collected is anonymized by the respective provider. 

Does Shopgate provide a template for a privacy policy? 

No, Shopgate does not offer any templates for data privacy policies and cannot provide legal advice. Your privacy policy should be checked against our agreement on order data processing and adjusted if necessary.

Do customers actively have to agree to the privacy policy during the checkout process? 

No, your customers do not need to actively agree to the privacy policy when using the mobile website or apps. This would only be necessary if other hidden agreements (e.g. the sale of data) were simultaneously approved with consent. However, this type of hidden consent is not permitted by the GDPR.

Is personal customer information stored in log files?

Yes, Shopgate stores personal information such as customer name, email address and shipping/billing address in our log files. This is necessary for our support and development team to investigate, troubleshoot, and resolve technical issues if they occur. These log files are completely deleted after 60 days. 

 

If you have further questions about Shopgate's commitment to compliance with the GDPR, please contact privacy@shopgate.com