A customer asks the shop owner to delete all data stored by him about the customer. However, the merchant still needs some of them, for example for tax purposes or for warranty reasons. Does he still have to delete the data?
There are no changes in this respect with the GDPR. As long as you as a merchant need to store the data for legal reasons, you do not have to delete it.
When do shop owners need their own data protection officer?
Whether a merchant has to appoint a data protection officer depends on several factors. Companies with 10 or more employees always need a representative like that. This is also the case for companies with less than 10 employees when sensitive personal data is processed. These can be, for example, payrolls for employees. Merchants who are not individual entrepreneurs should delve more into this topic. Please note that the data protection officer must be reported to the local supervisory authority.
Do customers have to be automatically deleted from the shop system after a certain time?
There are no precise guidelines for this. Trusted Shops generally recommends deleting all unneeded data after a certain period of time. 3 years are given as a guideline.
Do I need a data processing agreement contract with ePages?
Whether you have to conclude an data processing agreement contract with ePages depends on whether you have booked your shop directly with us or with one of our providers. In the latter case, always make your contract directly with the provider, because the provider is your contractual partner. The provider, in turn, has a data processing agreement contract with ePages because we work on his behalf.
If you have booked your shop with us, you can contact our data protection officer at firstname.lastname@example.org to complete the contract.
How is the automatic deletion of customer, user and order data solved with ePages?
Automatic deletion of data is generally not intended because we cannot automatically decide which customer data must be deleted and when. An exception is data on incomplete orders in which, for example, a customer has already entered his address data in the order process but has not then sent the order. These data are automatically deleted after 30 days.
What has to be considered when passing on customer data to shipping service providers?
A checkbox with which the customer must agree to the transfer of the data during the ordering process is not required. The current implementation in the ePages software is therefore legally compliant.
If you work with a provider like SendCloud, you can determine that the customer’s email address is not shared with the logistics company that carries out the shipment.
Is it questionable under data protection law to use Google Web Fonts in the shop?
What do I need to know to use reCaptchas?
To display your shop version, choose Help in the administration area of your shop in the main menu. The version is displayed at the bottom of the page (ePages Base or ePages Now).
This article contains initial legal pointers but makes no claims in respect to completeness and accuracy. It can under no circumstances serve to replace legal advice on an individual case.