eCommerce Advice

Cate

Creating a Privacy Policy

1 CommentFriday, 6 April 2018  | 

Privacy Policy

What is a Privacy Policy?

A Privacy Policy is a legal statement that is available on your site for your customers to read. It explains what data is collected whilst they are browsing and purchasing from your online shop, such as name and address, as well as how it is stored and how it is used. Having a Privacy Policy on your website is a legal requirement, especially through GDPR, so, even though it may seem daunting, this should not be ignored.

Below we have put together details of how data is processed and stored on all Bluepark sites for your reference. The amount of personal data that is processed and stored will be unique to your website, because this will depend on whether you ask for details such as Company Name, VAT Number, etc.

Can I Use a Template?

There are Privacy Policy templates and generators available on the internet and we have listed a few below. However, as this is a legal document, and can be called upon in any related dispute, we would highly recommend having it checked by a relevant solicitor before publishing it on your website. What may be suitable for one business may not be suitable for yours, so making sure you're covered from the start is vital.

Ecommerce Privacy, Terms & Conditions Policy Generator

Free Privacy Policy Generator

Privacy and Cookies Policy - Website Contracts

TIP: Please have read of The ICO's guide to Privacy Policies to find out what exactly is required.


Cookie Information

The two cookies that are used within the Bluepark software are as follows:

PHPSESSID - Contains a PHP "session ID", expires when the browser is closed

The "PHPSESSID" cookie is required so that the site can recognise the same user clicking from page to page. Without it, every page would be treated as the first visit to the site, and anything added to the shopping basket would be instantly forgotten. Online shopping would, therefore, be impossible.

Session - Contains a PHP "session ID", can also contain an email address and encrypted password, expires after one year

The "session" cookie is intended for the user's convenience, Bluepark creates this with a copy of the initial session ID so that they can be classed as "returning" and the contents of their shopping basket will still be available. If the user signs in with an email address and password, these login details are are also saved so that they can remain logged in when returning (the password is encrypted). If the user signs out, their login details are removed from the cookie.

Any other cookies are created by 3rd party scripts, such as Google Analytics, and any information about the cookies they use can be obtained through them.


What Data You Store

When a customer signs up for an account, no matter whether they're purchasing or not, the system will store the details they have provided within the User Manager. If the account is created by your staff, the minimum amount of data this can contain is the customer's email address, password (which is encrypted), the date they registered and the date they last visited. If the customer created the account themselves, then it will also contain the IP address and Host Name they used the last time they logged in. If the customer types in further information, such as their address and telephone number, this will also be stored on their account.

All customer accounts can be deleted at any point, via the User Manager. We recommend adding a Right to be Forgotten page to your website that contains a form to allow your customers to request this. Please note, if the customer has placed an order prior to the deletion, their details will still remain on that order within the Order Manager. This is due to VAT regulations, which request that you keep all records of VAT transactions for a minimum of six years.

When a customer places an order, the information they enter, such as their name, email address, billing address, delivery address, telephone number, company name, and VAT number will be stored within the order. The other information that is stored is as follows:

  • their IP address, its host name and its country location
  • the type of device they used, such as mobile or desktop
  • the date and time they ordered
  • their payment method
  • how much they paid
  • the shipping method
  • the number of loyalty points they earned, if applicable
  • any activity on the order, such as the date and time the order was completed by your staff
  • whether they are a new customer, a returning one or a guest
  • the products they ordered

Please note: No payment information, such as credit card number, is ever stored within your site or the Bluepark's servers. This information is always stored separately by your payment provider(s).


Social Media Plugins

The social media share buttons, which can be added to all product pages and blog pages, and the Facebook share for discount button, only transmit data once they have been clicked. Therefore, the button only becomes active once the customer has clicked on it and at this point they will be using the social media's website. The only data the social media's servers receive from your site is referral information from the page, such a product title and image. No personal data is transmitted.

The Facebook login feature works in a similar way, and no personal information is transmitted to Facebook. However, once the customer has clicked on the button, any data that is gathered from their Facebook account, such as name and Facebook ID, will be stored within their User Account. This can be deleted as usual, if requested.


Sam Briggs
Thursday, 3 May 2018  |  12:12

Really useful blog, will be sending the URL to one of my clients who's been struggling with this.

Thanks!
Sam