Er du tilfreds med indholdet i denne her guide?

Hvis ikke, så vil vi meget gerne høre dine kommentarer.

Skriv dem herunder, så gør vi det bedste, vi kan for at forbedre manualen.

Tak for din kommentar!

Send ny?

Dansk English

SmartWeb Help | CMS & Shop

1.21. General Data Protection Regulations (GDPR)

The purpose of GDPR is to protect personal information of citizens of the European Union (EU) and provide them with more control of that information. A single set of regulations for all companies also implies a more even playing field for everyone running a business in the EU.

Thus, the GDPR renders companies subject to a number of requirements regarding how to protect and process personal information. This applies not only to SmartWeb, but also to you, the customer.

Here you can read the functionality that our platform supports, which make it possible for our customers to comply with the regulations.


Consent requirements

Standard consent

Every form on the website contains a description at the bottom, which explains what is consented to, and how to revoke it.

We recommend reading through these and adapting them to your company.

Consent, in this context, depends on the data that is created/saved and when it is created.


Extended consent

In addition to standard consent, it is also possible to add "extended consent", such that a button for approving consent appears on every form, along with a link to the privacy policy. The label text of this button or the privacy policy can then be used to describe why the extended consent is required. To activate this functionality, go to Control Panel > Settings > Approve privacy policy. It is possible to toggle this functionality for specific forms.

The extended consent is saved along with users and newsletter subscribers and is visible under Edit User and Import/Export.

Since we, as a platform provider, cannot assess when to use this extended consent it is important for you to make this assessment on the basis of your business.



Right to be forgotten

Delete customer accounts

The right to be forgotten is first and foremost about the customer being able to request that their personal information is removed, i.e. "revoking their consent".

If the customer has an account on your website they can log in and use the "Delete account" function, which delete all their data, except for orders. Because order data is necessary to run your business, this information is only deleted via the automatic data handling functionality (more on this below).

If the customer does not have an account on your website the amount of information stored about them is much more limited. Note that, like customers with an account, orders by customer without one will also only be deleted through the automatic data handling functionality. Beyond this, publicly visible forms such as product reviews, customer comments, etc. are the only places where personal information is saved. This means that a customer without an account do not have "delete account" functionality, and thus you can help the customer with the deletion functionalities found in the administration.

When unsubscribing from a newsletter, the associated account is not deleted because of external integrations, and thus to remove this data one should also use the automatic data handling (more on this below).


Automatic data handling

This functionality ensure that only customer information, which is relevant to your business, is saved. The functionality can be tailored to fit the needs of your business.

With this functionality it is possible to set up how long to save inactive users, cancelled newsletter subscriptions, order and invoices. For example, it might be relevant to save users and orders for two years, cf. the Sales Law and invoices for five years, cf. the Financial Statements Law. However, this is up to you to decide.

For orders and invoices we use anonymisation, so that you still have a history of sales data, though without personally identifiable data. Every six months -- in January 1st and July 1st -- the procedure is performed and you will need to approve the data to be deleted or anonymised.



Data portability

Export user accounts (pending release)

This functionality enables you to click "Export data" on the Edit User page of the administration. All data related to that user will be collected in a number of HTML documents, a notification e-mail with a link is then sent to the customer, which enables them to download these files (requiring a login on your website).

In this way the customer can see what data is stored about them, and possibly move it to somewhere else.

If the customer does not have an account, this functionality cannot be accessed. The easies thing would then be for the customer to create an account an order data be tied to that account.



Privacy by design/default

SmartWeb is developed with a high standard of IT security and privacy in mind. This is an on-going process which changes along with the developments in the area.

We aim to maintain a high level of security as a standard in the system. However, some functionality may require input from you, as the customer. For example, SSL certificates is an option, which we recommend enabling, as it provides additional encryption of the data entered on the website.

We recommend keeping an eye on the news list in the administration where new actions taken in this area will also be mentioned.