Announcement

Collapse
No announcement yet.

The GDPR

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by graphicz View Post
    Hi Sarah

    Who are you hosted with? I will post some alternative http to HTTPS redirects that work. Heartinternet for example needs a particular code.

    These are the redirects I use - uncomment the one (only one) you want to use:
    I am cautiously switching over to SSL for the whole site as Jonathan's argument for doing that seems convincing.

    SSL is enabled free on my server by CPanel AutoSSL ( I presume that's OK)

    So I tick the SSL box in Business Settings and publish the site.

    and its good to go?

    I add this to the htaccess file
    Code:
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    and all http are sent to https and I will not lose any search engine rankings... Is that right? and is that all I have to do? Thanks
    Arka Tribal Jewellery

    Comment


    • #32
      These are variously the ones I use, sometimes the hosting company's FAQ have the correct code for their server, sometimes I have to try and error.

      The one with port 80 is used less and less with the increase in cloud hosting as that uses different ports.

      Code:
      ## Write all pages to https: uncomment if wanted
      #RewriteEngine On
      #RewriteCond %{HTTPS} off
      #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
      
      ##OR
      
      #RewriteEngine On
      #RewriteCond %{HTTPS} !=on
      #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
      
      ## OR ##
      
      #RewriteEngine On 
      #RewriteCond %{SERVER_PORT} 80 
      #RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
      
      ## OR ##
      
      # Forcing HTTPS
      RewriteCond %{HTTPS} !=on
      # Pages to Apply
      RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
      
      #EDIT: ***** Please note – if you’re on a Heart Internet server OR Easyspace and 123 apparently, you will need to use: ************
      # All calls go to SSL
      #RewriteEngine On
      #RewriteCond %{ENV:HTTPS} !=on
      #RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
      Be a little careful with hosting companies' 'built in' SSL. Some are OK and actually make your domain name https, others give you a separate URL for their 'built in' SSL which isn't much good for SSL.

      If it is truly https://youractualdomainname.whatever then one of the four options will work. Remember to remove the comments of the one you use.
      Jonathan Chappell
      Website Designer
      SellerDeck Website Designer
      Actinic to SellerDeck upgrades
      Graphicz Limited - www.graphicz.co.uk

      Comment


      • #33
        Hi Jonathan

        Thank you for sharing this useful and informative post on addressing the requirements of GDPR.

        Originally posted by graphicz View Post
        Tick Show and Required of Invoice Moving Check Status, and change Current Value to:
        Code:
        To process and deliver your order we need to collect your name, address, email address and telephone number. Please tick here to consent to us doing this. If the box is unticked we will not be able to process your order. <a href="info.html"><em>Privacy</em></a>
        What happens if the consent box is left unticked?

        Can the customer still complete the fields required to complete the order?

        If the customer does not give consent to the collection of name, address, email and telephone number required to process an order then I consider that there should be a means of preventing them from proceeding further to complete an order that cannot be processed without consent.

        Martin
        Mantra Audio

        Comment


        • #34
          I have moved and used Agree to T &amp; C

          I will be making use of the agreement to t and c prompt in the Checkout, where the customer has to tick it or cannot go to next page. I have commented out the code on Checkout Page 1, and copy pasted it to Checkout Page 0 above the prompts for name and address, so they agree before entering any information. I have also added the words "Privacy Statement" before Terms & Conditions so it reads Privacy Statement and Terms & Conditions. I have tried this on a test site and it appears to be fine. I have commented out the Contact Us form, but kept the Contact Us page with our contact details (no form).

          The drawback of customers having to tick to Agree is that they need to tick it again each time that they are on the page, such as when they have made an error and taken back to the page. I can't see a way around this, other than to add yet more text instructions.

          Sarah

          Comment


          • #35
            Originally posted by graphicz View Post
            (Without prejudice) It seems that there needs to be no inherent change in the software as regards the operation of the site, the privacy policy needs revision and it may be that a revised privacy policy is what SD is going to roll out. You will also need to have systems in place for the supply of data to the customer in an easily machine readable form and show you have the ability to delete it. You must also ensure you keep the data securely. Here is some stuff on privacy policy:
            https://www.econsultancy.com/blog/69...-with-examples
            I have drafted out a new privacy policy statement considering the guidance given and "What you need to do" covered by SellerDeck blog article, http://www.sellerdeck.co.uk/2017/12/14/need-know-gdpr/.

            The new Privacy-Policy can be set up in SellerDeck as a New Brochure Page with New Fragments for each of the heading subject areas covered.

            This is far more comprehensive and detailed than the default half page "Business Settings | Terms and Conditions | Privacy Policy" provided for in the software and would be to lengthy IMO to include under this tab in its entirety.

            Is there a way that this could be incorporated, perhaps by editing the default privacy policy as a Privacy Policy summary here with a link out to a Full Privacy Policy?

            Also any advice on how I can change the "Privacy and Security Information" link in the page footer that currently links to the same "info.html" used for "Terms and Conds"?

            There is a URL variable in it somewhere, but I can't find it.

            Finally, I am expecting to be advised of SellerDecks' own Privacy Policy that addresses the requirements of GDPR for the goods and services it provides very soon now, particularly as SellerDeck customers need to be assured that other party services with whom data is shared like SellerDeck Payments will also be GDPR compliant.

            Martin

            Comment


            • #36
              You can copy your new privacy document and paste it into Business Settings, Terms and Condtions , Privacy policy deleting what is there. It will then appear in the temas and conditions page, or in design view select Terms and conditions. click on Privacy Policy to display:

              Code:
              <h3><Actinic:Variable Name="PrivacyPolicyLabel"/></h3>
              <div class="terms-conds"><Actinic:Variable Name="PrivacyPolicy"/></div>
              ., Comment out the privacy policy reference (
              Code:
              <!-- <Actinic:Variable Name="PrivacyPolicy"/> -->
              ) and paste your revised copy. It will need to be html coded.
              Jonathan Chappell
              Website Designer
              SellerDeck Website Designer
              Actinic to SellerDeck upgrades
              Graphicz Limited - www.graphicz.co.uk

              Comment


              • #37
                Originally posted by graphicz View Post
                You can copy your new privacy document and paste it into Business Settings, Terms and Condtions , Privacy policy deleting what is there. It will then appear in the temas and conditions page, or in design view select Terms and conditions. click on Privacy Policy to display:

                Code:
                <h3><Actinic:Variable Name="PrivacyPolicyLabel"/></h3>
                <div class="terms-conds"><Actinic:Variable Name="PrivacyPolicy"/></div>
                ., Comment out the privacy policy reference (
                Code:
                <!-- <Actinic:Variable Name="PrivacyPolicy"/> -->
                ) and paste your revised copy. It will need to be html coded.
                Thank you for your response that guided me to a solution.

                The privacy policy statement that I have in preparation is to lengthy to incorporate under the Business Settings | Terms and Conditions | Privacy Policy part so I have set this up as a brochure page with fragments for key heading parts introducing a new Privacy-Policy.html page.

                I have found that I can link out to the new Privacy-Policy.html URL by adding the html code into the Business Settings | Terms and Conditions | Privacy Policy part:

                Code:
                !!<<a href="acatalog/Privacy-Policy.html"> Privacy Policy Full</a>>!!
                This code line (part) can also be used to replace the Design Library | Page Areas | Deep Footer Layout Line 17 code (part).

                Code:
                <a href="<actinic:variable name="InfoURL" />">Privacy &amp; Security Information</a>
                with amended wording so that the Privacy & Payment Security Information link in the page footer links out to the Privacy-Policy.html URL.

                There is also another option to incorporate the complete new Privay Policy statement under the Business Settings | Terms and Conditions | Privacy Policy part by using See More... links to break the text down into sizeable chunks that can be expanded and hidden as required - see Norman Rouxel's excellent post
                https://community.sellerdeck.com/showthread.php?t=54937 on how to do this.

                Thank you Norman for bringing this to my attention.

                I have used this code in some of the Privacy Policy brochure fragment text and verified that it also works fine when pasted into the Business Settings | Terms and Conditions | Privacy Policy part.

                That's the structure in place for the privacy policy that is still work in progress as there are points now being aired daily on this forum that need to be considered and addressed.

                I just need to consider how I address the consent bit.

                I am attracted to Sarah's solution possibly combined with the coding that you have already shared.

                Martin

                Comment


                • #38
                  Most of the sample GDPR-ready Privacy and Security Policies I've seen on the web have been rather long and difficult to read, often regurgitating the GDPR itself in large chunks to no particular purpose.

                  I've had a go at a policy suitable for very small businesses with normal human beings (or data subjects if you will) as customers, and it's on my website if you want a look. I'd welcome any comments, and by the same token you're welcome to copy it if you like. No warranty implied! Bear in mind the HMRC record retention period will probably be different if you're a limited company etc.

                  I haven't got round to changing the wording in the checkout re consent, but will do so over the next couple of days.

                  John
                  John Ennals
                  www.tortoys.co.uk

                  Comment


                  • #39
                    Originally posted by John Ennals View Post
                    Most of the sample GDPR-ready Privacy and Security Policies I've seen on the web have been rather long and difficult to read, often regurgitating the GDPR itself in large chunks to no particular purpose.
                    I reached the same conclusion and had a go at developing a policy for our small business which I hope is easier to read and understand than some of the policies I've seen.

                    It has some similarities to yours except I have incorporated the 'Cookie' part into my Privacy Policy - it is not as specific as yours. Thank you for sharing and your offer to copy. I may incorporate some of your ideas across into my policy, I quite like the references to GDPR Arcticle Nos. and some other aspects regards layout, wording, appearance etc.

                    I too would welcome any comments and would have no objection to members copying it to develop and and tailor for their particular business - no warranty implied.

                    I haven't got round to changing the wording in the checkout re consent, but will do so over the next couple of days.
                    Nor me but it will take more than a couple of days as it has been very time consuming task and I feel like I need to take a break.

                    I am also waiting to see if SellerDeck come up with anything new - it has been very quiet on that front lately!!

                    Martin
                    Mantra Audio

                    Comment


                    • #40
                      Martin,

                      I like what you've done, and I think I will probably follow your lead and incorporate the Cookie Policy rather than making it separate.

                      I also need to expand the data sharing bit to include and explain Statcounter as a third party, and to mention our legitimate interests somewhere.

                      I'm treating the Privacy Policy very much as a live document and I expect to carry on tweaking it indefinitely.

                      John
                      John Ennals
                      www.tortoys.co.uk

                      Comment


                      • #41
                        Originally posted by saucysal View Post
                        I will be making use of the agreement to t and c prompt in the Checkout, where the customer has to tick it or cannot go to next page. I have commented out the code on Checkout Page 1, and copy pasted it to Checkout Page 0 above the prompts for name and address, so they agree before entering any information. I have also added the words "Privacy Statement" before Terms & Conditions so it reads Privacy Statement and Terms & Conditions. I have tried this on a test site and it appears to be fine. I have commented out the Contact Us form, but kept the Contact Us page with our contact details (no form).

                        The drawback of customers having to tick to Agree is that they need to tick it again each time that they are on the page, such as when they have made an error and taken back to the page. I can't see a way around this, other than to add yet more text instructions.
                        Hi Sarah
                        I think the agreement to T & C is perhaps best left where it is on Checkout Page 1.
                        The wording "I Accept the Terms and Conditions" can still be changed to something like "By placing this order, I agree to [COMPANYNAME] Terms and Conditions and Privacy Policy".

                        Amazon have something like this in place that flags up when you place an order. Their's also includes a reference to Cookies and Internet Advertising that may not be needed if already incorporated into the Privacy Notice.

                        Can anyone advise on how to change the following:

                        1. The section heading on the checkout page to read say "Terms and Conditions and Privacy Policy" whatever?

                        2. The Terms and Conditions link to read say "Click here to read say "Click here to view Terms and Conditions and Privacy Policy" for consistency?

                        Martin
                        Mantra Audio

                        Comment


                        • #42
                          If this is where you mean, here are some images of where they are. I inserted 2 and 3 to show which is which.

                          Terms and conditions header (where I have put test) is phase -1 ID 2386
                          Attached Files
                          Regards

                          Jason
                          Silver Jewellery from Tianguis Jackson and Geti Titanium Rings
                          Titan Jewellery Men's Titanium Wedding Rings and Tungsten Wedding Rings
                          Titanium Jewellery

                          Comment


                          • #43
                            Originally posted by John Ennals View Post
                            I'm treating the Privacy Policy very much as a live document and I expect to carry on tweaking it indefinitely.
                            John
                            I have copied my Privacy Policy over into Business Settings | Terms and Conditions | Privacy Policy - section and removed the link out to the separate Privacy-Policy.html page.

                            The text in the existing Business Setting Privacy Policy is headed up "Summary" and ended "Privacy Policy - Full - See More..." using Norman's code to expand and hide this protracted policy part whilst keeping it within the overall Terms and Conditions.

                            Not sure why though the "See More..." and "Hide" function correctly on clicking the "Terms and Conds" link to the "info.html" page from the page header and footer but not for the check out link "Click here to view Terms and Conditions" link to "infopopup.html". I think it is still OK because it defaults to the Privacy Policy - Full notice but I would welcome any suggestions to get round this as I may be missing something obvious.

                            I have also taken up Sarah's suggestion to change the wording on the checkout page "Terms and Conditions Agreed RWD" design layout (V16 Line 9) to read "By placing this order, I agree to [COMPANYNAME] Terms and Conditions and Privacy Policy."

                            This should ensure the Privacy Policy is visible to obtain customer consent before an order can be placed.

                            I still need to look at the marketing bit but as this is likely to consist of email follow ups to existing customers and online enquiries, I am tempted towards the Ligitimate Consent soft opt in approach put forward by James in the below post:

                            https://community.sellerdeck.com/sho...7&postcount=30

                            Martin
                            Mantra Audio
                            Last edited by Mantra; 02-May-2018, 05:17 PM. Reason: Correction to Terms and Conditions Agreed layout referenced thanks to Jason plus a para concerning See More function

                            Comment


                            • #44
                              Originally posted by graphicz View Post
                              Open Responsive CSS, look for invoicePrivacy line 1230 and add a reference to inoviceMoving so it looks like this:
                              Code:
                              .content-area form .checkout label.rememberMeText, .content-area form .checkout label.invoicePrivacy, .content-area form .checkout label.inoviceMoving {width:85%; float:left;}
                              Jonathan
                              I could not find this particular code line in the Smart Responsive Current Stylesheet which stops at line 1090 for my site.

                              The Current Stylesheet lines 1 to 4 has comment and code to Pull in Core Styles, Responsive CSS, Responsive CSS Part 2 but I cannot figure out how to open the Responsive CSS.

                              Have you any suggestions on how to do this or do I need to add some code to the Smart Responsive Current Stylesheet to cover this?

                              I am considering using the "invoicePrivacy" part of your suggested coding changes as a Legitimate Interest soft opt-in option to recieve emails - so that customers have to check this to opt out which is similar to existing invoicePrivacy.

                              At the moment I do not see a need to adopt the "Moving in One Month" part for consent to collect name, address and email details as I think this can be covered by the consent to agree Terms and Conditions and Privacy Policy on check out when an order is placed, however, it would be useful to incorporate the text message here without the check box drawing attention to this but I am not sure how to do this at the moment.

                              I have added our site Privacy Policy to the existing Business Settings | Terms and Conditions | Privacy Policy part together with a new paragraph to cover the above consent that could be repeated on the Checkout Page 0.

                              Your tool tips explaining the reasoning why the information is required will also be useful add-ons.

                              Martin
                              Mantra Audio

                              Comment


                              • #45
                                I have tried to edit post https://community.sellerdeck.com/sho...6&postcount=16 above but keep getting this whatever browser I use:
                                Code:
                                Forbidden
                                You don't have permission to access /editpost.php on this server.
                                So here it is as a new post.

                                POST SCRIPT ADDED 03 May 2018

                                There are two issues with my suggested prompts above. The 'Moving in one month' even when marked as required is not in fact required and the sequence will continue if the box is not ticked. Secondly, the phrase 'Moving in one month' appears in the orders tab and on the printed invoice.

                                Gary Green and the Developers have produced a modified orderscript.pl which makes the moving in one month box truly required. Download (for v16) here: https://www.webeg.net/OrderScript.zip
                                What the developer has done is modify the OrderScript.pl script to reject the Invoice Address 'Moving in One Month' flag if marked as required but not ticked by the buyer.
                                Note that this field is only present for unregistered customers. It is also not used if payment is by PayPal Express.
                                You will need to edit the error text in OrderScript.pl to suit your/their requirements.
                                The text to replace is 'Moving Status must be ticked'.
                                Go to 'Design', 'Text' and GoTo 'Phase:' -1 'ID:' 802 and change 'Moving In One Month' to 'Consent to data?'

                                Crystal Reports draws on this text so the printed invoice will reflect the true value and confirm consent has been gained.

                                Use the 'Terms and Conditions Agreed RWD' layout instead of 'Moving in One Month'.

                                An arguably better method is to move the 'Terms and Conditions Agreed RWD' from Checkout 1 to the top of both address fields in Checkout 0 and it still works. You will not now need the 'Moving' layout. By altering the label text you can achieve what I was trying to do above and have the checkout sequence depend on a positive response. I will have a working example linked from the forum shortly.
                                Jonathan Chappell
                                Website Designer
                                SellerDeck Website Designer
                                Actinic to SellerDeck upgrades
                                Graphicz Limited - www.graphicz.co.uk

                                Comment

                                Working...
                                X