Announcement

Collapse
No announcement yet.

The GDPR

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Gdpr

    Please read the above links and take what I say here without warranty express or implied, but...
    GDPR is relatively straightforward and you can modify Sellerdeck/Actinic Desktop versions relatively simply to comply.

    You need to:
    1. Ask before you collect data.
    2. Explain why you need the data
    3. Look after the data
    4. Don't share the data
    5. Delete the data when asked
    (If you want/need to share the data especially if you want to share it outside the EU you need to study the documents in depth and make appropriate decisions.)

    Create a Privacy Policy along the lines of the link above and paste it into SD. You can paste it in addition into the Privacy Policy section of Terms and Conditions in Business Settings, or you can repace this by pasting into the Layout Code Privacy Policy Text.

    In Page type Checkout Page 0 open the Layout 'Both Addresses address Fields RWD'
    Comment out lines 112 and 113: (Moving in One Month RWD and Keep Details Private RWD


    Copy the two layout expressions and paste them above 'Both Address Salutation RWD' line 89ish.


    Open Responsive CSS, look for invoicePrivacy line 1230 and add a reference to inoviceMoving so it looks like this:
    Code:
    .content-area form .checkout label.rememberMeText, .content-area form .checkout label.invoicePrivacy, .content-area form .checkout label.inoviceMoving {width:85%; float:left;}
    Design Text GoTo Phase 0 ID 15

    Tick Show and Required of Invoice Privacy Check Status, and change Current Value to:
    Code:
    We do not share your data with anyone else, but we may email you from time to time with relevant information about our products and services. Please tick this box if you consent to this. <a href="info.html"><em>Privacy</em></a>
    Design Text GoTo Phase 0 ID 13

    Tick Show and Required of Invoice Moving Check Status, and change Current Value to:
    Code:
    To process and deliver your order we need to collect your name, address, email address and telephone number. Please tick here to consent to us doing this. If the box is unticked we will not be able to process your order. <a href="info.html"><em>Privacy</em></a>
    You are now getting consent to collect data and to use the emails for newsletters etc. If you want to do more with the data best check the regulations yourself. We should ask if our payment processors and Mailchimp are GDRP as it is our responsibility if they collect/use data on our behalf.

    Now we need to explain why we need the data.

    At the bottom of the Responsive Outer Layout (or whatever is your outer layout) and before the </body> tag paste:
    Code:
    <script type="text/javascript" src="https://ajax.aspnetcdn.com/ajax/jquery.ui/1.10.0/jquery-ui.js"></script>
        <script>
    $(function () {
        $(document).tooltip({
            content: function () {
                return $(this).prop('title');
            },
            show: null, 
            close: function (event, ui) {
                ui.tooltip.hover(
    
                function () {
                    $(this).stop(true).fadeTo(600, 1);
                },
    
                function () {
                    $(this).fadeOut("600", function () {
                        $(this).remove();
                    })
                });
            }
        });
    });
    </script>
    Note: If you use Fancybox this script will stop the title appearing under the fancybox large image in preference to displaying a tooltip. It is better here to use a blockif"<actinic:variable name="PageType" /> == 'Checkout Page 0'" round the JS code.

    At the bottom of Javascript Header Functions paste this:
    Code:
    <link href="http://ajax.aspnetcdn.com/ajax/jquery.ui/1.10.0/themes/black-tie/jquery-ui.css" rel="stylesheet" type="text/css" />
    At the bottom of Current Stylesheet paste:
    Code:
      .red {
          color: red;
      }
    You then need four bits of code to add popups to the respective checkout inputs:
    Code:
    title="<span class='red'>To process and deliver your order we need to collect your name. <a href='info.html'><em>Privacy</em></a></span>"
    
    title="<span class='red'>To process and deliver your order we need to collect your address. <a href='info.html'><em>Privacy</em></a></span>"
    
    title="<span class='red'>We need to collect your email address to communicate with you about your order. <a href='info.html'><em>Privacy</em></a></span>"
    
    title="<span class='red'>We need to collect your telephone number to communicate with you about your order. <a href='info.html'><em>Privacy</em></a></span>"
    This is where these bits go:

    Both Addresses Name RWD - the first input box change to read:
    Code:
    <label><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoiceFirstNameRequired%22%20%2f%3e" ><span id="idINVOICEFIRSTNAMElabel" class="actrequired"></actinic:block><actinic:variable name="InvoiceFirstName" /><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoiceFirstNameRequired%22%20%2f%3e" >*</span></actinic:block></label>
    		<div class="InvoiceField">
    			<input title="<span class='red'>To process and deliver your order we need to collect your name. <a href='info.html'><em>Privacy</em></a></span>" type="text" id="idINVOICEFIRSTNAME" name="INVOICEFIRSTNAME" size="30" maxlength="40" value="<actinic:variable name="InvoiceFirstNameOnline" selectable="false" />" tabindex="NETQUOTEVAR:TABINDEXINVOICEFIRSTNAME">
    		</div>
    Both Addresses Line 1 RWD - the first input box change to read:
    Code:
    <label><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt004Required%22%20%2f%3e" /><span class="actrequired"></actinic:block><Actinic:Variable Name="InvoicePrompt004"/><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt004Required%22%20%2f%3e" />*</span></actinic:block></label>
    <div class="InvoiceField">
    	<input title="<span class='red'>To process and deliver your order we need to collect your address. <a href='info.html'><em>Privacy</em></a></span>" type="text" name="INVOICEADDRESS1" size="30" maxlength="200" value="<actinic:variable name="InvoiceAddress1" selectable="false" />" tabindex="NETQUOTEVAR:TABINDEXINVOICEADDRESS1" />
    </div>
    Both Addresses Phone RWD - the first input box change to read:
    Code:
    <label><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt010Required%22%20%2f%3e" /><span class="actrequired"></actinic:block><Actinic:Variable Name="InvoicePrompt010"/><actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt010Required%22%20%2f%3e" />*</span></actinic:block></label>
    <div class="InvoiceField" >
    	<input title="<span class='red'>We need to collect your telephone number to communicate with you about your order. <a href='info.html'><em>Privacy</em></a></span>" type="tel" name="INVOICEPHONE" size="20" maxlength="25" value="<actinic:variable name="InvoicePhone" selectable="false" />" tabindex="NETQUOTEVAR:TABINDEXINVOICEPHONE" />
    </div>
    Both Addresses Email RWD - the first input box change to read:
    Code:
    	<label><span id="idINVOICEEMAILlabel" <actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt012Required%22%20%2f%3e" /> class="actrequired"</actinic:block> ><Actinic:Variable Name="InvoicePrompt012"/> <actinic:block if="%3cactinic%3avariable%20name%3d%22InvoicePrompt012Required%22%20%2f%3e" />*</actinic:block></span></label>
    	<div class="InvoiceField" >
          <input title="<span class='red'>We need to collect your email address to communicate with you about your order. <a href='info.html'><em>Privacy</em></a></span>" type="email" id="idINVOICEEMAIL" name="INVOICEEMAIL" size="30" maxlength="255" value="<actinic:variable name="InvoiceEmail" selectable="false" />" tabindex="NETQUOTEVAR:TABINDEXINVOICEEMAIL" />
       </div>
    These give popup boxes explaining why you need the data. Try it at http://www.webeg.co.uk/gdpr/

    When you download the order and open the order in 'Orders' the boxes are ticked. The wording ideally needs changing and I think you might need Crystal Reports to do this, however you will know regardless of the caption that if the two boxes are ticked that consent is given.


    If yu want them to appear in the customer email checkout the AUG page 127 http://portal.sellerdeck.co.uk/index...ed-user-guide1

    All without prejudice, and without any warranty express or implied. Please satisfy yourself with the requirements laid out in the documents referred to in above posts.
    Last edited by graphicz; 04-Jan-2018, 09:16 AM. Reason: BlockIf JS for Checkout Page 0 if using Fancybox
    Jonathan Chappell
    Website Designer
    SellerDeck Website Designer
    Actinic to SellerDeck upgrades
    Graphicz Limited - www.graphicz.co.uk

    Comment


      #17
      We recently published a blog article with some useful information:
      http://www.sellerdeck.co.uk/2017/12/14/need-know-gdpr/

      We will be following this up in due course with more tangible information relating specifically to our own products and services
      Bruce Townsend
      Ecommerce Product Manager
      Sellerdeck Ecommerce Solutions

      Comment


        #18
        SSL whole site?

        I do not understand why an ssl certificate needs to be applied for the whole site. We have it applying to the registration/login system and to the Checkout. Customers do not enter any personal information anywhere else. Having it for the whole site messes up existing links in search engines and elsewhere. A couple of years ago I tried to set up an .htaccess file to redirect https to http and it broke the site each time - wasted a lot of time trying to get it to work and had to give up. I guess I will have the same problem with the reverse. I do not want to change to Sellerdeck 365 to get the .htaccess code that will work.

        Sarah

        Comment


          #19
          Been reading up Google's Advice

          I have today, orders being slack, been reading up on Google's advice, straight out of the horse's mouth, about ssl. They say that it must be installed on pages that handle customers' names, addresses, email addresses and telephone numbers, and passwords and any payment details. This means pages handling registrations, logins and Checkout. In Sellerdeck this can easily be done with a tick of a Checkbox. It does NOT say that the whole site needs to be in ssl.

          Sarah

          Comment


            #20
            Hi Sarah

            Who are you hosted with? I will post some alternative http to HTTPS redirects that work. Heartinternet for example needs a particular code.

            These are the redirects I use - uncomment the one (only one) you want to use:

            Code:
            ## Write all pages to https: uncomment if wanted
            #RewriteEngine On
            #RewriteCond %{HTTPS} off
            #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
            
            ##OR
            
            #RewriteEngine On
            #RewriteCond %{HTTPS} !=on
            #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
            
            ## OR ##
            
            #RewriteEngine On 
            #RewriteCond %{SERVER_PORT} 80 
            #RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
            
            ## OR ##
            
            # Forcing HTTPS
            RewriteCond %{HTTPS} !=on
            # Pages to Apply
            RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
            
            #EDIT: ***** Please note – if you’re on a Heart Internet server, you will need to use: ******
            # All calls go to SSL
            #RewriteEngine On
            #RewriteCond %{ENV:HTTPS} !=on
            #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
            It doesn't work if it is too high up the htaccess, it needs to be after pretty much everything else and before the 404/301 page redirects (after domain 301 redirects) like this:

            Code:
            # Turn on Expires and set default to 0 
            ExpiresActive On 
            ExpiresDefault A0 
            ## EXPIRES CACHING ##
            <IfModule mod_expires.c>
            ExpiresActive On
            ExpiresByType image/jpg "access plus 1 year"
            ExpiresByType image/jpeg "access plus 1 year"
            ExpiresByType image/gif "access plus 1 year"
            ExpiresByType image/png "access plus 1 year"
            ExpiresByType text/css "access plus 1 month"
            ExpiresByType application/pdf "access plus 1 month"
            ExpiresByType text/x-javascript "access plus 1 month"
            ExpiresByType application/x-shockwave-flash "access plus 1 month"
            ExpiresByType image/x-icon "access plus 1 year"
            ExpiresDefault "access plus 2 days"
            </IfModule>
            ## EXPIRES CACHING ##
            
            # compress all text, js, css & html:
             AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript 
            
            <IfModule mod_deflate.c>
              # Compress HTML, CSS, JavaScript, Text, XML and fonts
              AddOutputFilterByType DEFLATE application/javascript
              AddOutputFilterByType DEFLATE application/rss+xml
              AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
              AddOutputFilterByType DEFLATE application/x-font
              AddOutputFilterByType DEFLATE application/x-font-opentype
              AddOutputFilterByType DEFLATE application/x-font-otf
              AddOutputFilterByType DEFLATE application/x-font-truetype
              AddOutputFilterByType DEFLATE application/x-font-ttf
              AddOutputFilterByType DEFLATE application/x-javascript
              AddOutputFilterByType DEFLATE application/xhtml+xml
              AddOutputFilterByType DEFLATE application/xml
              AddOutputFilterByType DEFLATE font/opentype
              AddOutputFilterByType DEFLATE font/otf
              AddOutputFilterByType DEFLATE font/ttf
              AddOutputFilterByType DEFLATE image/svg+xml
              AddOutputFilterByType DEFLATE image/x-icon
              AddOutputFilterByType DEFLATE text/css
              AddOutputFilterByType DEFLATE text/html
              AddOutputFilterByType DEFLATE text/javascript
              AddOutputFilterByType DEFLATE text/plain
              AddOutputFilterByType DEFLATE text/xml
            
              # Remove browser bugs (only needed for really old browsers)
              BrowserMatch ^Mozilla/4 gzip-only-text/html
              BrowserMatch ^Mozilla/4\.0[678] no-gzip
              BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
              Header append Vary User-Agent
            </IfModule>
             
             ## Gzip compression
            <ifModule mod_gzip.c>
            mod_gzip_on Yes
            mod_gzip_dechunk Yes
            mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
            mod_gzip_item_include handler ^cgi-script$
            mod_gzip_item_include mime ^text/.*
            mod_gzip_item_include mime ^application/x-javascript.*
            mod_gzip_item_exclude mime ^image/.*
            mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
            </ifModule>
             
            # Set up caching on media files for 1 year (forever?) 
             <FilesMatch ".(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$"> 
             ExpiresDefault A29030400 
             Header append Cache-Control "public" 
             </FilesMatch> 
             
            # Set up caching on media files for 1 week 
             <FilesMatch ".(gif|jpg|jpeg|png|swf)$"> 
             ExpiresDefault A604800 
             Header append Cache-Control "public" 
             </FilesMatch> 
             
            # Set up 7 day caching on commonly updated files 
             <FilesMatch ".(xml|txt|html|js|css)$"> 
             ExpiresDefault A604800 
             Header append Cache-Control "proxy-revalidate" 
             </FilesMatch> 
             
            ## Force no caching for dynamic files 
             <FilesMatch ".(php|cgi|pl|htm)$"> 
             ExpiresActive Off 
             Header set Cache-Control "private, no-cache, no-store,
             Header set Pragma "no-cache"  
             </FilesMatch>
             
            Options +FollowSymLinks
            
            RewriteEngine on
            
            RewriteBase /
            
            ## force "www"
            
            RewriteCond %{HTTP_HOST} ^domain\.co\.uk$ [NC]
            RewriteRule ^(.*)$ http://www.domain.co.uk/$1 [R=301,L]
            ## Add if SSL
            #RewriteCond %{HTTP_HOST} !^$
            #RewriteCond %{HTTP_HOST} !^www\. [NC]
            #RewriteCond %{HTTPS}s ^on(s)|
            #RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
            
            ## remove 'index'
            
            RewriteRule ^index\.(php|html?)$ http://www.domain.co.uk/ [R=301,L]
            
            ## 301 redirect alternate domain names 
            
            RewriteCond %{HTTP_HOST} ^www.anotherdomain.co.uk$ [NC,OR]
            
            RewriteCond %{HTTP_HOST} ^anotherdomain.co.uk$ [NC]
            
            RewriteRule (.*) http://domain.co.uk/$1 [R=301,L]
            
            ## Write all pages to https: uncomment if wanted
            #RewriteEngine On
            #RewriteCond %{HTTPS} off
            #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
            
            ##OR
            
            #RewriteEngine On
            #RewriteCond %{HTTPS} !=on
            #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
            
            ## OR ##
            
            #RewriteEngine On 
            #RewriteCond %{SERVER_PORT} 80 
            #RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
            
            ## OR ##
            
            # Forcing HTTPS
            RewriteCond %{HTTPS} !=on
            # Pages to Apply
            RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
            
            #EDIT: ***** Please note – if you’re on a Heart Internet server, you will need to use: ******
            # All calls go to SSL
            #RewriteEngine On
            #RewriteCond %{ENV:HTTPS} !=on
            #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
            
            
            ##Error Pages
            
            
            ErrorDocument 401 /not-found.html
            
            ErrorDocument 400 /not-found.html
            
            ErrorDocument 403 /not-found.html
            
            ErrorDocument 500 /not-found.html
            
            ErrorDocument 404 /not-found.html
            
            
            ##To redirect the contents of a whole directory to another:
            
            #RewriteRule ^subdirectory/(.*)$ /anotherdirectory/$1 [R=301,NC,L]
            
            ## Page redirects
            
            #Redirect 301 /acatalog/old-page.html http://www.domain.co.uk/acatalog/new-page.html
            The other thing that messes things up is that if you elect to have SSL on the whole site in business settings payment and security, Sellerdeck does NOT rewrite
            Code:
            <actinic:variable name="CatalogURL" />
            to the secure form. So if you have coded any/many URLs with this variable they will break the padlock. Sellerdeck expect you to trawl through the site changing
            Code:
            <actinic:variable name="CatalogURL" />
            to
            Code:
            <actinic:variable name="SSLCatalogURL" />
            which can be a pain.

            You cannot enter https in the non SSL bit of network settings but this is the workaround:

            Tick SSL on login and checkout and complete the SL and non SSL parts of the network settings apropriately.

            Export the network settings

            Change to SSL on whole site in business settings.

            Edit all the http in the exported network settings file to https and import.

            All will now be well.

            I have done this a few times now and lknow it to be so. Example network settings follow. To check for causes of broken padlocks use: https://www.whynopadlock.com/

            EG:
            Code:
            HTTPPROXYMODE	0
            HTTPPROXYADDRESS	
            HTTPPROXYPORT	80
            HTTPPROXYUSER	
            HTTPPROXYPASSWORD	
            FTPPROXYMODE	0
            FTPPROXYADDRESS	
            FTPPROXYPORT	21
            FTPPROXYUSER	
            FTPPROXYPASSWORD	
            SCRIPTID	1
            SCRIPTEXT	.pl
            SMTPHOST	localhost
            WEBSITEURL	https://www.webeg.co.uk/abc/
            IGNOREPASSIVEERRORS	true
            USERELATIVECGIURLS	false
            PATHTOPERL	/usr/local/bin/perl
            USEENHANCEFTP	true
            FTPBUFFERSIZE	4
            FTPCLIENTTIMEOUT	15000
            FTPRETRYDELAY	3000
            FTPKEEPALIVEINTERVAL	30000
            FTPSILENT	false
            FTPMAXRETRIES	3
            FTPCONNECTTIMEOUT	25000
            SMTPAUTHREQUIRED	false
            SMTPUSERNAME	
            SMTPPASSWORD	
            COMPRESSIONPACKETSIZE	1024
            COMPRESSEDUPLOAD	true
            SSLCATALOGURL	https://www.webeg.co.uk/abc/acatalog/
            SSLCGIBINURL	https://www.webeg.co.uk/abc/cgi/
            SSLPATHFROMCGITOCATALOG	../acatalog/
            SSLFTPHOST	ftp.webeg.co.uk
            SSLFTPUSERNAME	webegxxxx
            SSLFTPPASSWORD	xxxxxxxxxxx
            SSLPATHTOCGIBIN	public_html/abc/cgi/
            SSLUSEPASSIVEFTP	false
            CATALOGURL	https://www.webeg.co.uk/abc/acatalog/
            ONLINESTOREFOLDERNAME	acatalog
            CGIBINURL	https://www.webeg.co.uk/abc/cgi/
            PATHFROMCGITOCATALOG	../acatalog/
            FTPHOST	ftp.webeg.co.uk
            FTPUSERNAME	webegxxxx
            FTPPASSWORD	xxxxxxxxxxx
            PATHTOCGIBIN	public_html/abc/cgi/
            USEPASSIVEFTP	false
            FTPPATHFROMCGITOCATALOG
            Jonathan Chappell
            Website Designer
            SellerDeck Website Designer
            Actinic to SellerDeck upgrades
            Graphicz Limited - www.graphicz.co.uk

            Comment


              #21
              Problem is people are being told to look for the padlock and not seeing it may be an issue. Also any newsletter signups or anything on an 'ordinary' page will be problematic.

              Also, if SSL is selected for Checkout, Login and Account details pages, the Contact us page (http://www.webeg.net/abc/cgi/mf00000...CTION=SHOWFORM) will be loaded as http and therefore insecure. The input boxes will therefore attract the browsers' increasingly unsettling popup warnings.

              Finally Barclays ran a TV advert through the Christmas season about internet fraud telling people to 'Look for the padlock', the suggestion being that if there is no padlock the site may be suspect:

              https://www.youtube.com/embed/vO1HVvgQCWA

              Jonathan Chappell
              Website Designer
              SellerDeck Website Designer
              Actinic to SellerDeck upgrades
              Graphicz Limited - www.graphicz.co.uk

              Comment


                #22
                Originally posted by brucet View Post
                We recently published a blog article with some useful information:
                http://www.sellerdeck.co.uk/2017/12/14/need-know-gdpr/

                We will be following this up in due course with more tangible information relating specifically to our own products and services
                Will the follow up also address requirements covering the use of cookies considered in your Knowledge Base article: http://community.sellerdeck.com/show...ghlight=cookie? with respect to GDPR Recital 30?

                Martin Nichols
                Martin
                Mantra Audio

                Comment


                  #23
                  Martin

                  We are looking at all aspects of GDPR, including that one
                  Bruce Townsend
                  Ecommerce Product Manager
                  Sellerdeck Ecommerce Solutions

                  Comment


                    #24
                    Cookie Banner

                    I thought I had posted a Cookie Banner code but it doesn't come up on search, so here it is:

                    This goes in the <head></head> section:

                    Code:
                    <style>
                    #asterix_cookie_widget .cookie-container {
                        margin: 0 auto;
                        overflow: hidden;
                        padding: 6px 0;
                        width: 100%!Important;
                    }
                    
                    #asterix_cookie_accept {
                    	font-weight: bold;
                    	cursor: pointer;
                    	text-decoration: underline;
                    	color:blue;
                    }
                    #asterix_cookie_accept:hover {
                    	color:red;;
                    }
                    </style>
                    This goes immediately after the opening <body> tag:

                    Code:
                    <!-- Cookie Banner -->
                    <actinic:block if="%3cactinic%3avariable%20name%3d%22IsNotPreviewMode%22%20%2f%3e">
                    <div id="asterix_cookie_widget" style="display: inline; text-align: center; font-size: 13px; color:#313131;line-height: 140%; position: fixed; bottom: 0; right: 0; margin: 0; padding: 3px; background:#c0c0c0; border-top: 1px solid #000066; z-index: 100000; opacity: 0.9; filter: alpha(opacity=9);width:100%;">
                        <div class="cookie-container" style="text-align:center;">
                            <span>This site uses cookies to make it work and to collect analytics data. <a href="info.html">Find out more.</a></span>&nbsp;-&nbsp;<span id="asterix_cookie_accept" onclick="asterix_cookie_accept();return false;">OK - Carry on!</span><span id="asterix_cookie_wait" style="vertical-align: middle;" onclick="clearTimeout(asterix_cookie_timer);return false;">Please Wait</span>
                      </div>
                    </div>
                    
                    <script type="text/javascript">
                    //<![CDATA[
                        var asterix_cookie_timeout = 0;
                        var asterix_cookie_functions = [];
                        var asterix_cookie_widget = document.getElementById('asterix_cookie_widget');
                        var results = document.cookie.match('(^|;) ?asterix_cookie_widget=([^;]*)(;|$)');
                        if (results) {
                            if (1 == unescape(results[2])) {
                                asterix_cookie_accept();
                            }
                        } else {
                            window.onload = function () {
                                for (var i = 0; i < document.links.length; i++) {
                                    var link_href = document.links[i].getAttribute('href');
                                    if ('privacy' != document.links[i].getAttribute('rel') && (!/^[\w]+:/.test(link_href) || (new RegExp('^[\\w]+://[\\w\\d\\-\\.]*' + window.location.host)).test(link_href))) {
                                        var current_onclick = document.links[i].onclick;
                                        document.links[i].onclick = function () { asterix_cookie_accept(); if (Object.prototype.toString.call(current_onclick) == '[object Function]') { current_onclick(); } };
                                    }
                                }
                            };
                        }
                    
                        var asterix_cookie_timer;
                        if (asterix_cookie_timeout > 0) {
                            asterix_cookie_timer = setTimeout('asterix_cookie_tick()', 1000);
                        } else {
                            var asterix_cookie_wait = document.getElementById('asterix_cookie_wait');
                            if (null != asterix_cookie_wait) {
                                asterix_cookie_wait.parentNode.removeChild(asterix_cookie_wait);
                            }
                        }
                        function asterix_cookie_tick() {
                            if (0 >= --asterix_cookie_timeout) {
                                asterix_cookie_accept();
                                return;
                            }
                            var asterix_cookie_accept_button = document.getElementById('asterix_cookie_accept');
                            if (null != asterix_cookie_accept_button) {
                                asterix_cookie_accept_button.innerHTML = 'Yes (' + asterix_cookie_timeout + ')';
                                asterix_cookie_timer = setTimeout('asterix_cookie_tick()', 1000);
                            }
                        }
                    
                    
                        function asterix_cookie_accept() {
                            clearTimeout(asterix_cookie_timer);
                            document.cookie = 'asterix_cookie_widget=1; path=/; expires=Mon, 18 Jan 2038 03:14:00 GMT';
                            asterix_cookie_widget.parentNode.removeChild(asterix_cookie_widget);
                            for (var i = 0; i < asterix_cookie_functions.length; i++) {
                                asterix_cookie_functions[i]();
                            }
                        }
                    //]]>
                    </script>
                    </actinic:block>
                    <!-- End Cookie Banner -->
                    Without warranty express or implied.

                    Thank you
                    Jonathan Chappell
                    Website Designer
                    SellerDeck Website Designer
                    Actinic to SellerDeck upgrades
                    Graphicz Limited - www.graphicz.co.uk

                    Comment


                      #25
                      Thanks Jonathan. Although it's worth being aware that GDPR is likely to make cookie popups obsolete, by transferring the responsibility for compliance from the site owner to the browser settings. See eg https://webdevlaw.uk/2017/01/10/cook...-announcement/
                      Bruce Townsend
                      Ecommerce Product Manager
                      Sellerdeck Ecommerce Solutions

                      Comment


                        #26
                        Just read this

                        Right to be forgotten

                        A big area for investment (of time and possibly money) is understanding what data you have and where it is. The GDPR gives a EU resident the right to see, have amended or delete all personal data held. This includes backups and archives, and the whole process from request to completion has to be audited/proved, and completed within 30 days. Failure to do so is classed as a major breach and will incur the fine of up to €20 million.
                        What about our Snapshots? it would seem we have to somehow remove data from past snapshots.
                        Regards

                        Jason

                        Titan Jewellery (Swift Design)
                        Damascus Steel Rings

                        Comment


                          #27
                          Indeed. Possibly just keeping the past three snapshots on an encrypted drive?

                          Help , troubleshooting, support backup gives the option to remove data but if the snapshot is for a company to backup incase of hardware failure/fire/theft the data must be on it.

                          I think we just have to destroy old snapshots?

                          We also need to explore how secure Dropbox/Google Drive is as up until now these are good, safe places to keep two or three current snapshots.
                          Jonathan Chappell
                          Website Designer
                          SellerDeck Website Designer
                          Actinic to SellerDeck upgrades
                          Graphicz Limited - www.graphicz.co.uk

                          Comment


                            #28
                            And how do you prove that you have removed someones data without showing them your database, and compromising others data?
                            Regards

                            Jason

                            Titan Jewellery (Swift Design)
                            Damascus Steel Rings

                            Comment


                              #29
                              Hi Jonathan and everyrone

                              We are still working towards publishing a statement. We are not reluctant to give information, just reluctant to give information that we haven't fully processed and understood, and cannot confidently defend. We don't want to be guilty of either scaremongering or complacency.

                              GDPR has to be held up alongside the impending ePrivacy regulations, which will inform and complement it. The key thing is to understand the legal basis on which you are processing personal information. If you can process customer information on the basis of legitimate interest, then the requirements are less stringent than if the basis is informed consent; although they are still a bit more stringent than at present.

                              It's complicated. Please give us a bit more time - thanks.
                              Bruce Townsend
                              Ecommerce Product Manager
                              Sellerdeck Ecommerce Solutions

                              Comment


                                #30
                                Bruce

                                Originally posted by brucet View Post
                                We are looking at all aspects of GDPR, including that one
                                Will there be a need for encryption of personal data accessible on back office systems?

                                If so are there any plans to upgrade the ActinicCatalog database from the MS Access 2003 ".mdb" format the the later MS Access 2007 forward ".accdb" format to enable password encryption of the database?

                                Perhaps this could be incorporated as part of the SellerDeck "Enable Logon And Card Encryption" provision and still allow authorised users direct access to interogate and update the database for stock management, product and price updates etc.

                                Martin
                                Mantra Audio
                                Martin
                                Mantra Audio

                                Comment

                                Working...
                                X