Sidebar

magento_2:california_consumer_privacy_act

For more details see the California Consumer Privacy Act for Magento 2 extension page.

Guide for California Consumer Privacy Act for Magento 2

Cover all California Consumer Privacy Act requirements with a single solution. Employ the Magento 2 CCPA extension to make your store fully compliant with the CCPA bill without any hassle. Ensure online privacy and strengthen customer trust.

  • Adjust privacy settings for California residents
  • Let visitors know what data is being collected
  • Let users reject the sale of their personal data
  • Provide buyers with the ability to download their data
  • Allow customers to delete their info in one click

General Settings

To configure the extension, please go to Stores → Configuration → Amasty Extensions → CCPA.

Expand the General tab.

Enable - set to Yes to allow the extension to work.

Log Auto-Cleaning - set to Yes to allow the extension automatically delete log records after a specified period.

Log Auto-Cleaning Period - set the number of days, after which log records will be cleaned. Be default, the number is 180.

Customer's Account Privacy Settings

In this tab, you can configure settings related to customer's account Privacy Settings block. Enable or disable certain features to match law requirements.

Allow Downloading Personal Data - set to Yes to let registered users download their personal data in a portable format.

Allow Opt-Out from Personal Information Selling - set to Yes to allow displaying an opt-out checkbox in customers' accounts.

Allow Deleting Account - set to Yes to let users create requests to delete their accounts.

To see how these options look in Customer's account on the frontend, please navigate to the Frontend Examples section of this User Guide.

Personal Data Deletion

This tab has two dropdowns, in which you can meticulously adjust automatic data deletion and restrict data removal for specific cases. It is especially handy if you are required to store certain data for a set period of time to report taxes or other legal cases.

Automatic Personal Data Deletion

This setting helps you configure automatic personal data deletion.

Delete Personal Data of Abandoned Customers’ Accounts - set to Yes to automatically create deletion requests for customer accounts that were last active long time ago.

Abandoned Customers’ Accounts Automatic Deletion Period (Days) - enter the number of days to mark the timeline for inactive accounts. If a customer last activity was more than X days specified in this setting, the deletion request will be created.

Prevent Data Deletion of Recent Orders

When the customer asks to delete personal data and the request is approved, the extension deletes their account, subscriptions, and their data in orders, invoices, shipments and credit memos. If this data is deleted, it could cause a problem for store owners, as these should be stored for a specific period of time. To adjust the deletion restriction in particular cases, please configure this tab.

Don't Delete Personal Data in Recent Documents - set to Yes to enable saving data in recent documents.

Prevent Data Deletion Period (Days) - enter the number of days. After a customer deletes the account, personal data will stay untouched in orders, invoices, shipments and credit memos for the set period. When the time expires, the personal data will be automatically deleted.

Don't Delete Personal Data for Orders in Specified Status(es) - set to Yes if you want to preserve data for specific order statuses.

Order Statuses - choose the order statuses for which personal data will be preserved for a set amount of time.

Email Notifications

In this tab, you can configure how email notifications on deletion requests will be handled. You can notify manager(s) and customers on deletion request approval or denial.

Manager Notifications

Your Magento store admin user will get an email when a customer submits a new request for deleting their account.

Notify Manager on Deletion Request - set to Yes if you want to generate auto-notifications for the admin user.

Email Sender - choose the contact for sending the email.

Send Email To - enter the email or several emails. In case of adding several emails, each one should be written on a separate line.

Email Template - choose the email template that will be used for automatic email notifications.

Customer's Approval Notification

Set the way email notifications for customers on their deletion requests approval will be handled.

Email Sender - choose the contact for sending the email.

Send Reply To - enter the email that will be used for this purpose.

Email Template - choose the email template that will be used for automatic email notifications.

Customer Deny Notification

Set the way email notifications for customers on their deletion requests denial will be handled. The settings are similar to the Customer's Approval Notification.

Email Sender - choose the contact for sending the email.

Send Reply To - enter the email that will be used for this purpose.

Email Template - choose the email template that will be used for automatic email notifications.

Privacy Policy Editor

The extension allows you to create and manage several Privacy Policies. To access the editor, please to Configuration → Customers → CCPA → Privacy Policy.

All Privacy Policies are displayed on a single grid. You can sort them or delete. To create new Privacy Policy, please click the orange Add New Policy button.

Comment - enter the working name of the policy that will be displayed on the grid. It is more convenient to use readable names, as you can quickly find the needed Privacy Policy. Note that Comment won't be displayed on the frontend to customers.

Version - enter the policy version in any convenient for you format.

Status - set the status for current policy. Choose from Enabled, Disabled, Draft.

Only one Privacy Policy version can be active at any given moment. After assigning the 'Enabled' status to other policy copy, the previous copy will be automatically switched to 'Disabled' status. To edit the previous version, please use a Clone button to create a new copy in the 'Draft' status that is available for edits.

Policy - in the WYSIWYG editor below, insert the text of your Privacy Policy. We strongly advise consulting a legal specialist to create policy based on your local laws.

After finishing adjusting the Privacy Policy, press the Save button. The policy now will be always accessible on the Privacy Policy grid.

The California Consumer Privacy Act extension for Magento 2 allows you to create custom checkboxes for asking users' consents. To do that, navigate to Configuration → Customers → CCPA → Consent Checkboxes.

On the grid, you can oversee all checkboxes you've already created, and manage them. To add a new checkbox, press the New Checkbox orange button.

Checkbox Name - enter the checkbox name that will be visible on the frontend.

Checkbox Code - enter the unique code name for checkbox element. E.g. 'privacy_policy' or 'underage_18', etc.

Enabled - set to Yes to enable the checkbox to display on the frontend.

Confirmation Required - set to Yes if this checkbox should be treated as mandatory and marked with an asterisk '*'

Log the Consent - set to Yes if the checkbox consent should be logged in.

Hide the Checkbox After User Gave the Consent - set to Yes if you want to receive this consent only once. Note that, after Privacy Policy updates, checkbox still will be triggered to receive the most recent to Privacy Policy version consent.

Checkbox Position - set the position for checkbox, where the 0 is the highest.

Checkbox Location - choose where the checkbox will be displayed.

Checkbox Text - enter what will be displayed on the frontend for user. You can also add links to Privacy Pilicy or CMS pages.

Consent Link Type - if in the Checkbox Text you've added link, please specify its type for a correct processing.

Countries Restrictment - choose visitors from which regions will be able to see the checkbox. For example, you can show certain checkbox only for California residents.

After configuring the checkbox, press the Save button.

This is an example of how custom checkboxes look on the frontend. In the image below, checkboxes are shown on the Registration Form.

tip

The module allows tracking all customer's privacy-related actions, e.g. giving consent via checkboxes and accepting Privacy Policy. To access the Consent Log, navigate to Configuration → Customers → CCPA → Consent Log.

Delete Requests

According to the California Consumer Privacy Act, every person has the right to delete their personal data. After submitting the deletion request via customers' account Privacy Settings block, the request will be displayed in the Delete Requests grid. Here, the manager can oversee all requests and approve or deny them in bulk.

To use the Delete Requests grid, navigate to Configuration → Customers → CCPA → Delete Requests.

Action Log

When a user submits an account deletion request, it is automatically registered in the Actions Log grid. To access the grid, please go to Configuration → Customers → CCPA → Action Log.

Frontend Examples

After the module installation, this is the way customer's account Privacy Settings block looks like.

Download Personal Data - a customer can download their personal data in a portable format. After confirming their identity, the data will be packed in a file and automatically downloaded.

Don't Sell My Personal Information - here, user can opt-out from selling their personal information to 3-rd parties.

Delete My Account - in this section, a user can create a request to delete their account. After checking the checkbox, the user will have to confirm their identity by entering the account password. After that, a deletion request will be created on the Delete Requests grid in Admin's backend.

GeoIP Database Installation

To install the GeoIP database, go to Stores → Configuration → Amasty Extensions → GeoIP Data.

Databases are required for the correct work of the GeoIP Redirect module. Also, you need to install php bcmath or gmp extension on your server.

You can get the databases automatically or import your own data.

Hit the Download and Import button to make the extension download the updated CSV dump file and import it into your database automatically.

To import the files from your own source, use the Import option. Path to the files should look like this (the part 'var/amasty' should be replaced with your folders’ names):

var/amasty/geoip/GeoLite2-City-Blocks-IPv4.csv 
var/amasty/geoip/GeoLite2-City-Blocks-IPv6.csv 
var/amasty/geoip/GeoLite2-City-Locations-en.csv
In the Import section, the Import button is greyed out by default. It will be available right after you upload the CSV files. The red error notification will switch to green success notification when the import is completed.

If you face any difficulties with importing the location database, please see the following solution.


Find out how to install the California Consumer Privacy Act extension via Composer.

Rate the user guide
 stars  from 0 votes (Details)
magento_2/california_consumer_privacy_act.txt · Last modified: 2020/03/16 15:35 by arhipenko