User Tools

Site Tools


Sidebar

magento_2:gdpr

For more details see how the GDPR for Magento 2 extension works.

Guide for GDPR for Magento 2

Make your store compliant with the latest EU's GDPR and other legislative requirements. Create and manage privacy policy documentation, add consent checkbox to the registration and checkout pages, and send email consent requests.

  • Collect consents with privacy policy
  • Create multiple consent checkboxes
  • Display Cookie Policy popup
  • Track privacy policy related activity in the actions log
  • Approve or deny requests to delete users' accounts
  • Automatically delete personal data
  • Hyvä-ready (find the package for installing in composer suggest)

:!: NEW: Now the module content is available in the German language! Backend and frontend settings are translated according to the selected locale. The sample files with the content of the privacy policy and cookie descriptions can be found below:

sample-files.zip

Extension Configuration

To configure the extension, you need to adjust GDPR and Cookie settings separately. First of all, please go to Stores → Configuration → Amasty Extensions → Personal Data Protection.

Expand the General tab.

General

See how to comply with multiple laws using a single GDPR extension!

Enabled - set to Yes display the consents on the frontend.

Display Privacy Policy Popup on First Visit - enable the option to display Privacy Policy popup when a new customer opens the website.

If you've just installed the extension, the Privacy Policy template is the following:

Just replace the highlighted text with the data corresponding to your website by visiting the Privacy Policy section in the backend.

Moreover, the option allows you to display a popup with a new version of Privacy Policy to those users who have not accepted the policy yet with the notification about the updates. See how it works:

Log Guest Consent - activate this option to log all consents given by guest visitors. Guest data will be displayed in the 'Consent Log' grid.

Log Auto-Cleaning - enable the automatic Consent and Action Logs cleaning.

Log Auto-Cleaning Period (Days) - the records that were saved for a longer period than the specified here will be automatically removed from Consent and Action Logs.

The new ability to control the privacy policy popup using the keyboard guarantees all users the same experience of interacting with the GDPR information. This means that people with disabilities will be able to use all the functions of the module in full according to the WCAG requirements.

To control the popup using the keyboard:

- Press tab to switch between elements;

- Press enter to open the links and confirm actions;

- Press esc to close the popup.

Customer’s Account Privacy Settings

You can display or hide the following sections in the customers' accounts:

Allow Downloading Personal Data - set to Yes to let a customer download personal data in a CSV file.

Allow Anonymizing Personal Data - enable the option to let customers anonymize their personal data.

Allow Deleting Account - switch to Yes if you want a customer to be able to delete account.

Allow Opting Out from Given Consent - if enabled, the section Given Consent will be added to customer account for customers to be able to opt in or opt out from given consent.

Download Fields with Filled Values Only - if enabled, the fields with empty values will be skipped in downloaded files.

The checkboxes with the enabled option ‘Hide the Checkbox after User Gave the Consent' will be displayed under the Given Consent section. When the option 'Hide the Checkbox after User Gave the Consent’ is disabled for checkboxes, they will not be added to the Given Consent section since the system will always display these checkboxes on selected forms even if the consent was given.
Please mind, that these options are enabled by default as they are strongly recommended according to the GDPR.

Display Data Protection Officer Information - if enabled, customers will be able to get information about your Data Protection Officer added to a separate section at their accounts.

Section Name - specify the frontend title for the extra tab.

Data Protection Officer Email - enter the email to which emails will be sent for Data Protection Officer.

This feature allows the user to quickly contact the DPO by email. With the correct configuration, the “send email” button will appear in the personal account of the customers. When users click on the button, a mail client window appears on the screen with the “recipient name” field filled in.

Data Protection Officer information - provide any information you want to with the help of the editor.

In the customer's account the new tab called Privacy Settings is added:

From this page, customers can:

  • download all their personal data in the CSV format;
  • anonymize their personal information;
  • request for account removal;
  • opt-in or opt-out from optional consent;
  • see the contacts of the DPO.
To improve customers' experience, the module also adds links to policies text in a customer account. See the way it looks like on the screenshot below.

By click on any link, a popup with corresponding policy text appears.

{{ :magento_2:gdpr:5.png |

Privacy Settings for Guests

Guest visitors have also some options to manage their personal data. Guests can't delete their accounts (as they don't have ones), but other options are available for them.

To get the info, guests should go to the Orders and Returns page.

Find a particular order and scroll down.

Here a guest visitor can download the data collected during the particular order processing or anonymise it.

Personal Data Deletion and Anonymization

Automatic Personal Data Deletion

In this section you may configure an Automatic Personal Data Deletion for customers that stopped using your website. You can set up the time interval from the last customer's order in days, and after it expires the extension will automatically create a deletion request on the 'Delete Requests' grid.

Delete Personal Data of Abandoned Customer’s Accounts - set to Yes to activate an automatic personal data deletion option.

Abandoned Customer’s Accounts Automatic Deletion Period (Days) - specify the particular number of days after which personal data will be removed.

How it works:

The extension will scan customers and their orders. If a customer’s last order was made earlier than the specified number of days, the extension will create a deletion request. You may approve or reject it on a separate 'Delete Requests' grid.

Prevent Data Deletion of Recent Orders

When a customer asks to delete personal data and the request is approved, the extension deletes their account, subscriptions, and the data in orders, invoices, shipments, and credit memos. Given disabled, it could cause problem for a store owner as these should be stored for a specific period of time.

The feature keeps personal data untouched in orders, invoices, shipments and credit memos for the set period after deleting customer’s account. When the period expires, the personal data in the documents will be automatically deleted.

Deletion of Personal Data in Recent Documents - choose Delete to remove data or set to Don't Delete to keep personal data untouched in documents.

Prevent Data Deletion Period (Days) - if you've chosen not to delete data, specify the particular period to keep the data. When the period expires, all the data will be removed.

Anonymization/Deletion of Personal Data for Orders in Specified Status(es) - if the option is set to Don't Allow for Statuses, a customer won’t be allowed anonymizing and deleting their personal data if the order is now in one of the specified statuses. A store admin won't be able to approve a request for personal data deletion as well.

Order Statuses - select the order statuses to which the feature will be applied.

Privacy Policy Changes Notifications

This option allows you to send an email to customers about changes to the Privacy Policy with information about the changes. Thus, customers will be able to agree to the changes without having to read the entire privacy policy again.

Enabled - set to Yes to send automatic email notification upon the updates in privacy policy

Email Sender - select sender address.

Email Reply To - Specify the email address for customer's replies or leave blank to use the sender address.

Email Template - select the template of the Privacy Policy. You can choose a basic one, which is created automatically, or create your own template of the Privacy Policy.

Notifications are sent only to registered customers.
The emails are sent to customers who have previously agreed to the Privacy Policy, based on the data of the Consent Log
Emails are sent automatically after updating the new version of the Privacy Policy.

Automatic informing of clients about changes in Privacy Policy.

Track and manage the status of automatic mailing about Privacy Policy changes.

If necessary, click Action → Recend to send the changed privacy policy to the user again

Notifications Configuration

The extension supports two types of email notifications. These are:

  • Anonymization Notifications
  • Deletion Notifications

Customers are able to anonymize their personal data. After anonymizing, they will get an email with the new credentials for login their account. For Anonymization Notifications you may specify:

  • Email Sender
  • Email Reply To
  • Email Template

Proceed to Deletion Notifications.

Here you may separately configure notifications for your managers and customers.

For managers it is possible to Notify Manager on Deletion Request and specify:

  • Email Sender
  • Send Email To
  • Email Template

For Customer’s Approval Notification and Customer’s Deny Notification you can preconfigure:

  • Email Sender
  • Email Reply To
  • Email Template
NEW: Now you can translate email templates automatically. Templates will be converted in the appropriate language according to the store view.

To give your customers the opportunity to regulate their cookie usage, please go to Stores → Configuration → Amasty Extensions → Cookie Consent.

The Cookie Consent extension is a suggested module, which comes with the new version of GDPR extension package. Note, that after you install or update the GDPR extension via composer, you should install Cookie Consent module, using the separate command:
 composer require amasty/gdpr-cookie 

Expand this tab to configure the basic setting of the extension.

Check this guide to see how to configure each cookie setting properly.

Cookie Bar Style - choose the cookie bar type suitable for your store:

  • Classic bar. It can be displayed either on top or in the footer of the page. It contains cookie policy text and buttons.

  • Side Bar. Pop Up with Toggles contains additional info about each cookie group and a customer can easily adjust the consent within the first interaction.

  • Pop Up. It is displayed in the center of a page.

If customers accept all cookies regardless of a bar type, the cookie bar automatically disappears.

In case customers decide to reject all cookies at once, they can simply press the Decline Cookies button (button name is customizable). Please note that Decline Cookies button can be disabled in Admin panel if needed.

If they want to find extra information or allow specific cookies by clicking Custom Cookies (button name is customizable), they will see the following popup:

Thus, they can click the toggles and accept the particular cookies only.

From this popup, they can also find extra details about each cookie type by clicking More Information in the popup and see the info:

Extra Frontend Option

The extension also adds a special link to the store footer so that customers could find information about cookies and revoke prevously given consents any time. The data is also displayed in the pop-up.

See possible customization options and frontend examples in this guide.

Geo IP Data Configuration

The extension uses Geo IP Database to detect site visitors' location. Please, go to Stores → Configuration → Amasty Extensions → Geo IP Data.

Databases are required for the correct work of the GDPR module. Also you need to install php bcmath or gmp extension on your server.

You can get the databases automatically or import your own data.

Hit the Download and Import button to make the extension download the updated CSV dump file and import it into your database automatically.

To import the files from your own source, use the Import option. Path to the files should look like this (the part 'var/amasty' should be replaced with your folders’ names):

var/amasty/geoip/GeoLite2-City-Blocks-IPv4.csv 
var/amasty/geoip/GeoLite2-City-Blocks-IPv6.csv 
var/amasty/geoip/GeoLite2-City-Locations-en.csv
In the Import section, the Import button is grayed out by default. It will be available right after you upload the CSV files. The red error notification will switch to green success notification when the import is completed.

Debug Mode

You can enable IP forcing, which makes it possible to set a specific IP address that will be used instead of the visitor's real IP address when determining geolocation. The feature is useful while configuring or testing the extension.

Enable Force IP - set to Yes to replace the real IP address.

Force IP Address - specify the address to use instead of a real one.

Data Management from the Admin Panel

With the extension, you can download, delete or anonymise customers' data from the admin panel. For example, if a customer can't log in to an account and asks you to anonymise the data, you can easily do it.

Proceed to Customers → All Customers and choose a particular one.

In the Personal Data dropdown you can choose the appropriate action to be done with a customer's data. For example, click Anonymise and confirm the action. Check the result.

To manage all the existing cookies, go to Customers → Cookies.

With the extension you can easily track and sort all cookies on a separate grid by its ID, Name, Group, Description and the Lifetime.

To view or change the configuration of a cookie, click Edit in the Action column.

To delete cookies, tick them and choose Delete option in the Actions dropdown menu.

To create a new cookie, hit the Add New Cookie button.

Cookie Name - specify the title of the cookie.

Description - fill in some information about the usage of the cookie.

Cookie Lifetime - set the lifetime of a cookie that will be displayed to customers on the Cookie CMS page.

Cookie Group - assign the cookie to a particular group.

To arrange cookies into essential and optional categories, go to Customers → Cookie Groups.

With the extension you can manage all your cookie categories in a handy grid.

On the grid the ID, Cookie Group Name and Description are displayed. Also you can see if each group Is Essential and Is Enabled.

To configure any group, click Edit in the Action column.

To delete several groups in one click, tick them and choose Delete option in the Actions dropdown menu.

To create a new category, click Add New Group.

Enabled - choose Yes to activate the group.

Is Essential - set to Yes to make the group obligatory. In this case the customers will have to allow this cookie group to get access to the website.

Cookie Group Name - specify the title of the cookie group that will be displayed to the customers on the frontend and on the grid in admin panel.

Description - fill in the information about the usage of the group so that the customers could decide whether to allow this group or not.

Assigned Cookies - select the cookies to include in the group.

Save the configuration.

Here customers can choose which cookie categories they allow to process:

The extension adds a ‘Cookie Settings’ link to the footer so that the customers can easily reset cookie usage conditions any time they need:

To find the list of all consents and customers data, go to Customers → Cookie Consents.

You can find all needed info in one place. The grid allows to track consents by customer Name, Email, IP Address, Website, Consent Type, Date and Consent Status. This data can be useful for different consents analysis.

GDPR Management Grids

The module contains the number of grids needed for efficient GDPR management.

Checkboxes Management

With the extension it is possible to create multiple independent checkboxes on a form with their own settings. Please navigate to Amasty → Personal Data Protection → Consent Checkboxes grid to view and manage all checkboxes.

On the grid you can see each checkbox settings.

To remove them in bulk, tick the necessary ones and choose the Delete option in the Actions dropdown.

To create a new one, hit the New Checkbox button.

Checkbox Name - specify the title of a checkbox for internal use.

Checkbox Code - set the code of the checkbox.

Enabled - switch to Yes to activate the check on the frontend.

Confirmation Required - if enabled, a customer will have to give the consent to submit an action.

Hide the Checkbox after User Gave the Consent - if enabled, the system will always log consents to the checkbox. Moreover, the checkbox will be also added to customer account under the section 'Given Consent' to opt in or opt out from consent. The checkbox will be displayed again in case you introduce changes to the privacy policy. If the option is disabled, an admin can choose whether to log the consents or not.

Log the Consent - if enabled, customer’s consent will be saved in the ‘Consent Log’ grid.

Keep in mind, that if you disable Hide the Checkbox after User Gave the Consent, the checkboxes will not appear in the customer account settings, as customers will have to give their consents every time on the store pages.

Checkbox Position - define the checkbox position among other checkboxes on the frontend. The feature helps to set the order of several checkboxes in case they are displayed in one place. 0 is the highest priority.

Checkbox Location - select the pages and forms to which a particular checkbox will be applied.

Checkbox Text - provide the content of the checkbox. You can use the <a> tag in the text and also the {link} variable to insert the privacy policy link into the checkbox text. Example: I have read and accept the <a href=“{link}”>privacy policy</a>.

Consent Link Type - choose the type of the link: it can be either GDPR Privacy Policy link or link to any CMS Page. If the second variant is chosen, select the page to which link will direct customers.

This is how checkboxes are displayed on the registration page:

If a customer clicks on any policy, a CMS page will be displayed in a popup. For instance, click on the Terms & Conditions link:

Countries Restrictment - it is possible to adjust each checkbox visibility according to a customer location. Enable the checkbox for All Countries, EEA Countries or provide Specified Countries in the list below.

Collect and track all customer consents in one grid. Here you will also see if a customer has revoked optional consents at Account Privacy Settings.

See each Customer Name, Remote IP Address, Email, Checkbox Location, Policy Version, Websites and a customer Action.

For guests, the extension gets all possible data. If, for example, email is not specified, on the grid it will be displayed as '-'. Also, guests will see the checkboxes even though they have already given their consents.

To delete consents in bulk, just tick the necessary ones and choose the Delete options from the Actions dropdown.

You may also apply multiple filters to sort out specific consents.

Action Log

To check customers’ actions, go to Customers → Personal Data Protection → Action Log.

On the grid you can see all actions performed by store users and admins regarding privacy policy consents and the GDPR-related account management.

Filter the data by the following actions:

Delete Requests Management

When a customer requests for account removal, the request appears on the special grid. Please, go to Customers → Delete Requests.

On the grid you can see all incoming requests. You can approve or deny any request:

  • Select the requests you want to reply;
  • Choose the appropriate option from the Actions dropdown menu;
  • Hit the Submit button.
When a new delete request appears, store admin will see the notification in the admin panel.

Keep in mind that a deleted customer will still be visible in the “All Customers” list, but without any personal data. It is necessary for the correct work of the database as some customers' data still may be necessary for order processing or other documentation.

Privacy Policy Document Management

To manage the privacy policy documentation, please, go to Customers → Privacy Policy.

On the grid you can manage the existing privacy policy documents: create, update, and delete them. For your convenience, the inline edit is available:

Kindly be informed that Active or Disabled Privacy Policy cannot be amended. Please use the CLONE function to create a new Privacy Policy version and amend the text.

Hit the Add New Policy button to create a new privacy policy document.

Comment — specify the privacy policy title;

Policy Version — set the privacy policy version;

Policy Status — change the privacy policy status;

Policy Content — fill in the privacy policy text using the WYSIWYG editor.

To create the privacy policy documentation in additional language, please, switch to another store view using the Store View dropdown menu. Choose the required store view and specify the policy in the corresponding language.
Privacy Policy popup is designed to provide GDPR-related information only. Please, mind that some widgets added to the policy (e.g. catalog product list) may work incorrectly.

When the privacy policy document is ready, hit the Save button to return to the grid. Also, you can state the version as Draft if it is not completely ready.

This is how the privacy policy document looks for store visitors:

To place a link to your Privacy Policy to any store CMS page/block, please, complete the next steps:

1. Create a CMS page and add the 'Amasty Privacy Policy' widget to this page. The widget will automatically display an active Privacy Policy text.

If you want to assign different URLs to multilingual Privacy Policy texts, you should create multiple CMS pages with different URLs and assign each page to a particular store view. Remember to insert the 'Amasty Privacy Policy' widget to each CMS page.

2. Choose any existing CMS page/block to which you want to add a link to a Privacy Policy. Then, via the 'Link to CMS Page' widget, place to this page a link to a CMS page (with a Privacy Policy text), created on the previous step.

3. Check how the link displays on the frontend:

When a customer clicks the link to a CMS page with Privacy Policy, the widget loads the Privacy Policy text according to the store view.

Creating Widgets on Magento 2.4.3

To insert a widget in Magento 2.4.3, you need to do some extra steps.

Step 1. Click the Edit with Page Builder button

Step 2. Expand the Elements tab and drag the HTML Code element.

Step 3. Click Edit.

Step 4. Insert the widget.

Then choose the Amasty Privacy Policy widget and save the changes.

Cron Tasks List

To manage all existing cron tasks, please, go to System → Cron Tasks List.

Here, you can see all the existing cron tasks and their statuses. Run cron tasks and generate their schedule by clicking the ‘Run Cron’ button. Also, delete tasks in bulk, apply filtering and sorting options when it is needed.

PWA for GDPR Add-On

The PWA add-on helps you maintain compliance with the GDPR requirements and ensure an even and fast shopping experience for customers browsing from tablets and smartphones.

Before purchasing the PWA for GDPR Add-On, please, acknowledge, that it requires
  • the GDPR Extension;
  • PWA theme and PWA Studio installed.
In order to correctly install a PWA add-on, please install the corresponding GraphQL system package first. For the correct name of it, please check the composer.json file of the main module. For example, the GraphQL system package name of the PWA add-on for the Blog Pro extension would be the following: amasty/blog-graphql

The add-on helps you collect, store and manage all the necessary consents. It provides a smooth and fast interaction with the website for customers shopping from mobile devices, improves responsiveness and the overall client experience. You can place the checkboxes on registration or checkout pages. The text of the policies will appear in a nice pop-up window without redirecting users to a new page.

Please, note a few limitations when purchasing PWA for GDPR Add-On:
  1. Anonymization and order data downloading are not available for guest visitors. To enjoy all the data protection capabilities a user needs to create an account.
  2. Policy checkboxes cannot be placed in the newsletter subscription field or on the Contact Us page.
  3. The software doesn’t support widgets, that link your Privacy Policy to any store CMS page/block.

Ready-made Integrations

GDPR extension is compatible with the number of other Amasty extensions.

FAQ and Product Questions

Apart from the possibility to insert a FAQ widget into the Privacy Settings tab, the integration with the FAQ and Product Questions extension lets you add multiple checkboxes to the Ask a Question form.

If you have both extensions installed, you can choose this form while creating a checkbox.

Social Login

Get consents for Privacy Policy while registering using a popup generated by Social Login.

Custom Form

Add checkboxes to custom forms generated by Amasty Custom Form extension.

Blog Pro

Display a Cookie Bar and a Privacy Policy popup on Blog Pro pages.

Additionally, equip comment forms with the necessary checkboxes.

Out of Stock Notifications

Equip Out of Stock Notification forms with checkboxes.

One Step Checkout

Collect consents on the last step using the integration with the One Step Checkout extension.


Find more information on how to devise Magento GDPR strategy.

GDPR Premium

Use statistics on accepted and rejected cookie groups.

To view visualized cookie reports on accepted and rejected cookie groups proceed to:

Amasty → Consent to the Use of Cookies → Cookie Content Log.

The data is displayed in the form of a graphical report, which contains information on all existing cookie groups on the site, indicating the number of accepted and rejected cookies for each group.

You can also upload statistics as a report in the following formats: CSV or EXCEL XML.

Advanced Pop-up

The Premium package includes an advanced all-in-one cookie popup. Using this type of bar, customers can see all the information about cookies in details without visiting additional pages.

How to set up an advanced pop-up:

Amasty → Cookie Consent → Configuration → Cookie Bar Customization → Cookie Bar Style → Upgraded.

Pop-up contains all the necessary information, which is displayed in three tabs:

1. The text for the tab Consent is set by the admin in the Notification Text setting.

2. In Details tab displays groups of cookies created by the administrator in the Cookie Groups grid with an indication of the number of cookies in the group:

Buttons:

Accept Cookies - the user agrees with all groups of cookies.

Allow Selection - the user agrees to a custom selection of cookie groups with which he agreed through toggles.

Decline Cookies - the user rejects all cookie groups except Essential.

The customer has the opportunity to expand each group and get acquainted with detailed information.

3. The text in About tab is set by the admin in the 'About' content setting.

Buttons:

Accept Cookies - the user agrees with all groups of cookies.

Custom Settings - redirects the user to the Details tab.

Decline Cookies - the user rejects all cookie groups except Essential.

FAQ

* What is the difference between CCPA and GDPR?

* How to translate the privacy policy text?

* How do I restore anonymized data to process the incoming orders?


Find out how to install the GDPR extension via Composer.

Rate the user guide
 stars  from 3 votes (Details)
magento_2/gdpr.txt · Last modified: 2022/10/20 13:26 by kkondrateva