If there is a type of web page that collects and processes personal data of its users, those are online stores; It doesn’t matter which platform you have your ecommerce hosted on, every time a user makes a purchase, subscribes or leaves a comment, they are providing personal data that must be treated in accordance with data protection regulations.
Adapting your WooCommerce store to the RGPD will prevent you from receiving sanctions from the AEPD, but it will also give confidence to your users and buyers, who will see that your e-commerce complies with current regulations regarding data protection.
Steps to apply the RGPD if you use WooCommerce
As the owner of a WooCommerce store, you will be responsible for processing the personal data that you collect from your visitors and, therefore, you must comply with a series of requirements and obligations demanded by both the RGPD and the LOPDGDD as well as the LSSI-CE.
Specifically, you must inform your visitors, users or clients of what type of personal data you collect, how and for what purpose you collect this data and for how long you will keep it, in addition to having the necessary security measures to guarantee the protection of said data. (something that falls partly on WordPress and the WooCommerce plugin, but you should be familiar with it, if you don’t want to incur any violations).
Draft and link legal texts
The purpose of these texts is to inform users of:
- Who is the owner of the store
- Who is responsible for the treatment (and the person in charge, if any)
- What personal data is collected, for what purpose, for how long it is kept
- Where and how users can exercise their ARSULIPO rights (access, rectification, deletion, limitation, portability and opposition)
- If your data will be transferred to third parties (including international data transfers)
Apart from these texts, another of the legal requirements of an online store is to have a page or subpage with the terms and conditions of the store, where users and customers are informed of everything related to the process of buying and selling the store. store; payment method, shipping method, returns, customer service or after-sales service, information on the right of withdrawal, etc.
To place the terms and conditions in WooCommerce you will first have to create a new page in WordPress, in which you will write all the relevant information. Then, from the plugin options menu, you will have to go to “Settings> Advanced> Terms and Conditions” and choose the page you have created for them.
Once this is done, when a customer arrives at the purchase process, a checkbox will appear with the message “I have read and accept the terms and conditions” (or similar), with a link to them. This checkbox must be unchecked, since the customer must mark it to expressly accept the terms and conditions and be able to place the order.
Configure privacy options
This can be done in the WooCommerce menu, under “Settings > Accounts & Privacy”.
Configure the forms according to the RGPD
Your WooCommerce store will use different types of forms, such as user registration, purchase or comments or product ratings. All of them collect personal data and, therefore, it is necessary that they comply with the requirements of the RGPD.
Obtain consent to send commercial communications
If you want to send commercial communications to the customers of your WooCommerce store and do so in accordance with the RGPD, the LOPDGDD and the LSSI-CE, you must obtain the express consent of the users to do so. This also applies to newsletters and any other type of communication that is not legitimized by the commercial relationship that has been established (such as a call from the after-sales service that has previously been requested).
As with the other forms, you can use a plugin to comply with the RGPD in WordPress.
The cookie notice or cookie notice must appear whenever a new user enters your online store or when they have deleted the cookies after a previous visit. These code files are installed in the user’s browser and collect different types of personal data, so it is necessary not only to report them, but also to obtain express consent for their use (except in the case of technical cookies).
The different cookie plugins for WordPress will make it much easier for us to create and configure the cookie notice, but it is essential to make sure that they block cookies until the user accepts or rejects them, in which case they will not be installed. In addition, we must allow the user to configure them as they wish, that is, activate or deactivate them according to their privacy preferences, something that, in addition, they can do at any time (that is, they can accept some cookies and then revoke their consent whenever they want). ).
The plugins you use must also be GDPR compliant
Finally, if you use plugins in your WooCommerce store, you should also make sure that they comply with the GDPR requirements, because some of them collect and store personal data of your users and customers automatically.
If you use a plugin that does not allow you to configure the privacy management options according to the RGPD in your WooCommerce store, we recommend that you remove it.