When you have a Webshop you need to store personal information like name, address for legal obigations (invoices) and to fullfill your contract (the order).
- use SSL for your website so that all communication is transported through a secured line
- inform your visitors and customers about cookies
- only collect necessary data
- check for payment providers - they are processors and you need processor contracts with them
- inform what data is stored and how long
- if you store IP-address inform people
- Safe path
You can configure the folder ("Safe path") that VirtueMart uses for storing invoices and downloadable files. For security reasons it is recommended to put that "safe path" folder outside of the public website folders. You should specify that folder in the Virtuemart configuration: VM Configuration > Templates > Media File Settings
Visit the Virtuemart documentation for more information.
- In the HikaShop configuration you can add a "terms and conditions" view to your "checkout workflow" to get a checkbox during the checkout. You can customize the text using a translation override.
- Information about How to make your J2Store GDPR compliant
- J2Store released a free GDPR Compliance Tool for J2Store with the following functionality:
You can use this to ask consent of a EU customer to store his personal data (like address)
- Delete address button. So customer can choose to delete the address stored in the site.
- Adds Delete All Addresses button.
One click deletion of all addresses of the customer (Only for registered users).
NOTE: The address associated with an order would not be deleted.
- A request form that the customer can use to request all his personal data associated with the orders to be deleted.
- Editing / deleting activities can be logged and/or notified to both the customers and/or administrators.
- email notifications about activities in the app settings can be turned on/off
- the activity log can be turned on/off
- More information about this extension: https://www.j2store.org/extensions/apps/gdpr-compliance.html