This guide describes how you can collect customer consent for various purposes. Without going into the legal details, in practise there are a number of things to consider when managing consent in an eCommerce context.
- Consent is freely given, specific and collected in beforehand (opt-in)
- Consent can be withdrawn at any time (opt-out)
- Record changes of consent over time (proof)
- Remove personal data when requested (purge)
In essence, consent should be given by the customers by their own free will, its purpose should be specific i.e by agreeing to the merchants “terms and conditions” allowing them to create an account with personal data and to process orders involving third party processors for payments and shipments.
Regarding
cookie policy, consent is required for any “non essential” functions such as for analytics or advertising purposes. Customer cart and login sessions are considered essential for online shopping.
The consent flags are stored on the customer and can be accessed using the customer object under customer.accepts. For insance, service consent is accessed through customer.accepts.service, when set, consent is active.
These are the available consent flags you can use; service, privacy, license, marketing, tracking, sharing.
However, if when and how to apply them is up to each merchant.
Check the
APIdocumentation in your admin to see the currently available flags.
The following chapters describes when and how to collect consent, then how you can manage it and finally how you can purge the data.
Customer self registration
In the shop settings you can allow customers to self register accounts.
In this case before creating the account, which includes personal data, you need to get customer consent for the provided “online account” service.
In the customer/register template you can setup a checkbox the customer must tick, and agree upon, before the account is created.
{% form 'customer_register' %}
...
<label>
<input type="checkbox" name="customer[accepts]service" required>
{{ 'I accept the' | t }}
<a href="/pages/terms" target="_blank">{{'Terms of Service' | t }}</a>
</label>
...
{% endform %}
In the example above we also added a link to the ToS page.
When the form gets submitted, along with personal data such as name and email address, the system enables consent for the service.
Customer invite
In this case the admin sets up the account manually which presumes customer has given prior consent for the registration through email or other means.
An account invite email is then sent to the customer where you can collect additional consent or record the agreed upon consent. In this example we add checkboxes for the service as well as an optional marketing consent.
In the customer/invite template you can add the following checkboxes.
{% form 'customer_invite' %}
...
<label>
<input type="checkbox" name="customer[accepts]service" required>
{{ 'I accept the' | t }}
<a href="/pages/terms" target="_blank">{{'Terms of Service' | t }}</a>
</label>
<label>
<input type="checkbox" name="customer[accepts]marketing">
{{ 'I agree to receive' | t }}
<a href="/pages/marketing" target="_blank">{{'news, marketing and product updates' | t }}</a>
</label>
...
{% endform %}
In the invite form above we require the customer to tick the service agreement for the account and have marketing consent optional.
Checkout consent
For new customers it’s common to setup an account during the checkout process. But you can enforce customers to self register by activating the shop setting Checkout requires account.
In the checkout template you can add the following for collecting consent.
{% form 'checkout' %}
...
<label>
<input type="checkbox" name="customer[accepts]service" required>
{{ 'I accept the' | t }}
<a href="/pages/terms" target="_blank">{{'Terms of Service' | t }}</a>
</label>
...
{% endform %}
You may add additional checkboxes for privacy, marketing and license (EULA) consent.
Consent management
When the customer has access to the customer/account page you can add toggles for consent management allowing the customer to opt-in or withdraw its consent.
In the customer/account template you can add the following.
{% form 'customer_update' %}
...
<label>
{{'Accept news, marketing and product updates' | t}}
<input type="hidden" value="0" name='accepts.marketing'>
<input type="checkbox" name="customer[accepts]marketing" {% if customer.accepts.marketing %}checked{% endif %}>
</label>
...
{% endform %}
We’ve only added consent update for marketing here, but it can be anything the customer wants to update, except password which requires the password recovery process for authorization.
Note that we included a
hiddeninput field namedaccepts.marketingwith a default value of0. it is required due to a quirk with checkbox values in html forms not being submitted when unchecked.
The admin user can update customer consent flags manually, for instance toggle off marketing when customer has requested to opt-out during a conversation. However you should never enable consent without prior approval and keep the record of approval in writing if possible.
Removal of data
The customer has a right to be forgotten which means you delete the customer account and purge the personal data. However it doesn’t mean you have to delete the order history, since that is required to be kept for tax and accounting purposes. Cradle eCommerce keeps customer data separate from order information by design as we have separated the backend services for this purpose.
So you can delete a customer account and maintain the order history. When an order is created it copies over information from the customer account and the cart object. The customer can infact not update the shipping address on an active order, without contacting the order admin (unless it’s made possible through an integration).
Note that right to be forgotten also involves purging email, address books or chat conversations. This can be done through anonymization where you replace (mask) any personally identifiable information.