Code:
<h3><Actinic:Variable Name="PrivacyPolicyLabel"/></h3> <div class="terms-conds"><Actinic:Variable Name="PrivacyPolicy"/></div>
Code:
<!-- <Actinic:Variable Name="PrivacyPolicy"/> -->
-
You can copy your new privacy document and paste it into Business Settings, Terms and Condtions , Privacy policy deleting what is there. It will then appear in the temas and conditions page, or in design view select Terms and conditions. click on Privacy Policy to display:
., Comment out the privacy policy reference () and paste your revised copy. It will need to be html coded. -
I have drafted out a new privacy policy statement considering the guidance given and "What you need to do" covered by SellerDeck blog article, http://www.sellerdeck.co.uk/2017/12/14/need-know-gdpr/.Originally posted by graphicz View Post
The new Privacy-Policy can be set up in SellerDeck as a New Brochure Page with New Fragments for each of the heading subject areas covered.
This is far more comprehensive and detailed than the default half page "Business Settings | Terms and Conditions | Privacy Policy" provided for in the software and would be to lengthy IMO to include under this tab in its entirety.
Is there a way that this could be incorporated, perhaps by editing the default privacy policy as a Privacy Policy summary here with a link out to a Full Privacy Policy?
Also any advice on how I can change the "Privacy and Security Information" link in the page footer that currently links to the same "info.html" used for "Terms and Conds"?
There is a URL variable in it somewhere, but I can't find it.
Finally, I am expecting to be advised of SellerDecks' own Privacy Policy that addresses the requirements of GDPR for the goods and services it provides very soon now, particularly as SellerDeck customers need to be assured that other party services with whom data is shared like SellerDeck Payments will also be GDPR compliant.
MartinLeave a comment:
-
I have moved and used Agree to T & C
I will be making use of the agreement to t and c prompt in the Checkout, where the customer has to tick it or cannot go to next page. I have commented out the code on Checkout Page 1, and copy pasted it to Checkout Page 0 above the prompts for name and address, so they agree before entering any information. I have also added the words "Privacy Statement" before Terms & Conditions so it reads Privacy Statement and Terms & Conditions. I have tried this on a test site and it appears to be fine. I have commented out the Contact Us form, but kept the Contact Us page with our contact details (no form).
The drawback of customers having to tick to Agree is that they need to tick it again each time that they are on the page, such as when they have made an error and taken back to the page. I can't see a way around this, other than to add yet more text instructions.
SarahLeave a comment:
-
Hi Jonathan
Thank you for sharing this useful and informative post on addressing the requirements of GDPR.
What happens if the consent box is left unticked?Originally posted by graphicz View Post
Can the customer still complete the fields required to complete the order?
If the customer does not give consent to the collection of name, address, email and telephone number required to process an order then I consider that there should be a means of preventing them from proceeding further to complete an order that cannot be processed without consent.
Martin
Mantra AudioLeave a comment:
-
These are variously the ones I use, sometimes the hosting company's FAQ have the correct code for their server, sometimes I have to try and error.
The one with port 80 is used less and less with the increase in cloud hosting as that uses different ports.
Be a little careful with hosting companies' 'built in' SSL. Some are OK and actually make your domain name https, others give you a separate URL for their 'built in' SSL which isn't much good for SSL.Code:## Write all pages to https: uncomment if wanted #RewriteEngine On #RewriteCond %{HTTPS} off #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] ##OR #RewriteEngine On #RewriteCond %{HTTPS} !=on #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ## OR ## #RewriteEngine On #RewriteCond %{SERVER_PORT} 80 #RewriteRule ^(.*)$ https://www.example.com/$1 [R,L] ## OR ## # Forcing HTTPS RewriteCond %{HTTPS} !=on # Pages to Apply RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] #EDIT: ***** Please note – if you’re on a Heart Internet server OR Easyspace and 123 apparently, you will need to use: ************ # All calls go to SSL #RewriteEngine On #RewriteCond %{ENV:HTTPS} !=on #RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
If it is truly https://youractualdomainname.whatever then one of the four options will work. Remember to remove the comments of the one you use.Leave a comment:
-
I am cautiously switching over to SSL for the whole site as Jonathan's argument for doing that seems convincing.Originally posted by graphicz View Post
SSL is enabled free on my server by CPanel AutoSSL ( I presume that's OK)
So I tick the SSL box in Business Settings and publish the site.
and its good to go?
I add this to the htaccess file
and all http are sent to https and I will not lose any search engine rankings... Is that right? and is that all I have to do? ThanksCode:RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Leave a comment:
-
Bruce
Will there be a need for encryption of personal data accessible on back office systems?Originally posted by brucet View Post
If so are there any plans to upgrade the ActinicCatalog database from the MS Access 2003 ".mdb" format the the later MS Access 2007 forward ".accdb" format to enable password encryption of the database?
Perhaps this could be incorporated as part of the SellerDeck "Enable Logon And Card Encryption" provision and still allow authorised users direct access to interogate and update the database for stock management, product and price updates etc.
Martin
Mantra AudioLeave a comment:
-
Hi Jonathan and everyrone
We are still working towards publishing a statement. We are not reluctant to give information, just reluctant to give information that we haven't fully processed and understood, and cannot confidently defend. We don't want to be guilty of either scaremongering or complacency.
GDPR has to be held up alongside the impending ePrivacy regulations, which will inform and complement it. The key thing is to understand the legal basis on which you are processing personal information. If you can process customer information on the basis of legitimate interest, then the requirements are less stringent than if the basis is informed consent; although they are still a bit more stringent than at present.
It's complicated. Please give us a bit more time - thanks.Leave a comment:
-
And how do you prove that you have removed someones data without showing them your database, and compromising others data?Leave a comment:
-
Indeed. Possibly just keeping the past three snapshots on an encrypted drive?
Help , troubleshooting, support backup gives the option to remove data but if the snapshot is for a company to backup incase of hardware failure/fire/theft the data must be on it.
I think we just have to destroy old snapshots?
We also need to explore how secure Dropbox/Google Drive is as up until now these are good, safe places to keep two or three current snapshots.Leave a comment:
-
Just read this
What about our Snapshots? it would seem we have to somehow remove data from past snapshots.Right to be forgotten
A big area for investment (of time and possibly money) is understanding what data you have and where it is. The GDPR gives a EU resident the right to see, have amended or delete all personal data held. This includes backups and archives, and the whole process from request to completion has to be audited/proved, and completed within 30 days. Failure to do so is classed as a major breach and will incur the fine of up to €20 million.Leave a comment:
-
Thanks Jonathan. Although it's worth being aware that GDPR is likely to make cookie popups obsolete, by transferring the responsibility for compliance from the site owner to the browser settings. See eg https://webdevlaw.uk/2017/01/10/cook...-announcement/Leave a comment:
-
Cookie Banner
I thought I had posted a Cookie Banner code but it doesn't come up on search, so here it is:
This goes in the <head></head> section:
This goes immediately after the opening <body> tag:Code:<style> #asterix_cookie_widget .cookie-container { margin: 0 auto; overflow: hidden; padding: 6px 0; width: 100%!Important; } #asterix_cookie_accept { font-weight: bold; cursor: pointer; text-decoration: underline; color:blue; } #asterix_cookie_accept:hover { color:red;; } </style>
Without warranty express or implied.Code:<!-- Cookie Banner --> <actinic:block if="%3cactinic%3avariable%20name%3d%22IsNotPreviewMode%22%20%2f%3e"> <div id="asterix_cookie_widget" style="display: inline; text-align: center; font-size: 13px; color:#313131;line-height: 140%; position: fixed; bottom: 0; right: 0; margin: 0; padding: 3px; background:#c0c0c0; border-top: 1px solid #000066; z-index: 100000; opacity: 0.9; filter: alpha(opacity=9);width:100%;"> <div class="cookie-container" style="text-align:center;"> <span>This site uses cookies to make it work and to collect analytics data. <a href="info.html">Find out more.</a></span> - <span id="asterix_cookie_accept" onclick="asterix_cookie_accept();return false;">OK - Carry on!</span><span id="asterix_cookie_wait" style="vertical-align: middle;" onclick="clearTimeout(asterix_cookie_timer);return false;">Please Wait</span> </div> </div> <script type="text/javascript"> //<![CDATA[ var asterix_cookie_timeout = 0; var asterix_cookie_functions = []; var asterix_cookie_widget = document.getElementById('asterix_cookie_widget'); var results = document.cookie.match('(^|;) ?asterix_cookie_widget=([^;]*)(;|$)'); if (results) { if (1 == unescape(results[2])) { asterix_cookie_accept(); } } else { window.onload = function () { for (var i = 0; i < document.links.length; i++) { var link_href = document.links[i].getAttribute('href'); if ('privacy' != document.links[i].getAttribute('rel') && (!/^[\w]+:/.test(link_href) || (new RegExp('^[\\w]+://[\\w\\d\\-\\.]*' + window.location.host)).test(link_href))) { var current_onclick = document.links[i].onclick; document.links[i].onclick = function () { asterix_cookie_accept(); if (Object.prototype.toString.call(current_onclick) == '[object Function]') { current_onclick(); } }; } } }; } var asterix_cookie_timer; if (asterix_cookie_timeout > 0) { asterix_cookie_timer = setTimeout('asterix_cookie_tick()', 1000); } else { var asterix_cookie_wait = document.getElementById('asterix_cookie_wait'); if (null != asterix_cookie_wait) { asterix_cookie_wait.parentNode.removeChild(asterix_cookie_wait); } } function asterix_cookie_tick() { if (0 >= --asterix_cookie_timeout) { asterix_cookie_accept(); return; } var asterix_cookie_accept_button = document.getElementById('asterix_cookie_accept'); if (null != asterix_cookie_accept_button) { asterix_cookie_accept_button.innerHTML = 'Yes (' + asterix_cookie_timeout + ')'; asterix_cookie_timer = setTimeout('asterix_cookie_tick()', 1000); } } function asterix_cookie_accept() { clearTimeout(asterix_cookie_timer); document.cookie = 'asterix_cookie_widget=1; path=/; expires=Mon, 18 Jan 2038 03:14:00 GMT'; asterix_cookie_widget.parentNode.removeChild(asterix_cookie_widget); for (var i = 0; i < asterix_cookie_functions.length; i++) { asterix_cookie_functions[i](); } } //]]> </script> </actinic:block> <!-- End Cookie Banner -->
Thank youLeave a comment:
-
Will the follow up also address requirements covering the use of cookies considered in your Knowledge Base article: http://community.sellerdeck.com/show...ghlight=cookie? with respect to GDPR Recital 30?Originally posted by brucet View Post
Martin NicholsLeave a comment:
Leave a comment: