Knowband Blog | Ecommerce Modules

PrestaShop GDPR Module – User Manual

1.0 Introduction

The General Data Protection Regulation (GDPR) is a replacement for the European Union Data Protection Directive which will be enforced on May 25, 2018. The new directives have been passed, as per the new technologies and business advances; a new approach to protection of the personal data has been introduced.

1.1 New Data Protection Rights under GDPR

1) Transparent information, communication, and modalities for the exercise of the rights of the data subject
2) Information to be provided where personal data are collected from the data subject
3) The right of access by the data subject
4) Right to rectification
5) Right to erasure (‘right to be forgotten’)
6) Right to restriction of processing
7) Notification obligation regarding rectification or erasure of personal data or restriction of processing
8) Right to data portability
9) Right to object
10) Automated individual decision-making, including profiling

Under GDPR it is mandatory for the store owners to provide with thorough information about how the personal data of the customers will be processed. This information can be mentioned on the Privacy Policy page. The information given on the Privacy page should be concise, transparent, intelligible, and easily accessible, in clear and plain language, free of charge.

1.2 How Prestashop GDPR module by Knowband helps the sellers to comply with GDPR?

The PrestaShop GDPR Module by Knowband helps the sellers to comply with the GDPR directives without putting any extra efforts. By installing the GDPR module admin can display the GDPR Tools option on the account details page at the front-end of the customer. The GDPR module handles the following requests:

1) Cookies Consent Bar

2)  Right of access to the personal data

3) Right to data portability

4) Right to be anonymous

5) Right to be forgotten

6) Right to data rectification

7) Right to restriction of processing (coming soon)

8) Rights related to the automated decision making

Additional features offered by Prestashop GDPR Module:

Customer Interface of the Prestashop GDPR Module

A logged in customer can access the GDPR rights from My Account section. Here a separate tab, GDPR will be visible to the user by accessing this GDPR tan the logged in user can access the GDPR rights. Please refer to the attached screenshot:

On clicking the GDPR tab a new page will get opened. Here all the GDPR rights of the customer (enabled by the admin) will be listed and customer can access any of these rights with ease.

As per the requirement, the admin has the choice to enable/disable any of these rights.

2.0 Installation of Prestashop GDPR Module

After placing your order for the Prestashop GDPR module you can download the zip file of the module. This zip file contains:

1) GDPR.zip (source code of the module)

2) User Manual

In order to install the extension in your Prestashop store follow the below-mentioned steps:

1) Unzip the gdpr.zip file.

2) Copy the entire content, that is, the files and folders of the unzipped folder. Paste the same into the “Modules” folder of your store’s directory. Follow the below-mentioned address path – Root Directory/modules/.

3) The Prestashop GDPR plugin is all set to be installed in the store. Go to the Store Admin and then to ‘Modules and Services’.

4) Click on the “Install” button just next to your module. It would show a pop-up for your confirmation. Click on “Proceed with the installation” option. This step will install the module and show notification – “Module(s) installed successfully”.

3.0 Admin Interface of Prestashop GDPR Addon

In the admin section of the Prestashop GDPR Customer rights module following options are available:

1) GDPR Settings

2) EU Cookie Law

3) User Consent

4) GDPR Data Portability

5) GDPR Forgot Request

6) GDPR Anonymous Request

7) GDPR Rectification Request

8) GDPR Personal Data Request

9) GDPR Automated Decision Making

10) GDPR Email Templates

11) GDPR Geo Targeting

12) GDPR Crons

3.1 GDPR Settings

The GDPR Settings tab of the Prestashop GDPR Customer Rights module allows the store admin to enable/disable the customer’s rights. As per the settings enabled by the admin, the customer will be able to access the rights from his/her account. Please refer to the attached screenshot below:

The Settings tab of the GDPR module has following options:

3.1.1 Enable the Plugin

As per the requirement, admin can Enable/Disable the Prestashop GDPR Compliance Plugin. If the setting of the Enable the Plugin is yes, only then this module will work.

3.1.2 Maximum request per day

Customers have the right to request the personal data. Admin can set the limit for the requests on daily basis. It will be recommended to set the maximum requests per day to a minimum number to avoid the spam requests.

3.1.3 Enable Right of access to personal data

The right of access to personal data allows the customers to check their personal details which they have shared with the data controller.

If this setting is enabled from the admin interface of the Prestashop GDPR addon only then customers will be able to able to check their personal details by logging into their account. The screenshot of customer end has been attached below:

Step-1:

Request for the GDPR Personal Data report – Prestashop GDPR Addon

As soon as the customer request for the GDPR personal data report, the customer will be notified that an email with the confirmation link has been sent to the entered email address.

Step: 2
Confirm the GDPR Request.

Step: 3
As soon as the customer will confirm the GDPR Personal Data Request, an email with the customer details will be sent to the customer.

3.1.4 Enable Right to Data Portability

Right to data portability allows the customer to download his/her personal data so that he/she can share this data with other data controller with ease.

If this setting is enabled from the admin interface of the Prestashop GDPR Module only then the customer will be able to download their personal data in CSV format. As of now, the Prestashop GDPR Module allows the customers to download their personal data like – Account information, Address details, Order details. The screenshot of the interface at the customer end has been attached below:

Personal Information Report:

3.1.5 Enable Right to be Anonymous

If the setting for the Right to be Anonymous is enabled from the admin panel of the Prestashop GDPR addon then the customer will be able to make a request for data anonymization. As soon as the customer will request for the data anonymization a confirmation email will be sent to the customer. If the customer confirms the data anonymization request, as per the settings enabled by the admin personal details like Name, Email Id will be replaced by random details. To process the data anonymization request the Prestashop admin has the following option:

• Enable Right to be Anonymous: If this setting is enabled from the admin then the customer will be able to request for the data anonymization but in this case, only the name of the customer will be anonymized.

As soon as a customer registers the Data anonymization request customer will be notified to confirm the data anonymization request over email.

Email confirmation:
On request for the data anonymization customer will receive the email at the entered email address with a request to confirm the data anonymization request.

Note:
In case you are using the third-party services and sharing the customer data with third-party, then you need to make the required changes as per the procedure followed by the service provider. This GDPR module will anonymize the data which you have stored in your database only.

3.1.6 Enable to update information in Order

If customer requests to make his/her information anonymous then admin can select the option to enable/disable the changes to the previous orders. If this setting is enabled from the admin interface of the Prestashop GDPR addon then the previous order details will also be replaced.

3.1.7 Enable to generate Fake Email ID

If a customer raises a request for the data anonymization then admin can select the option to replace the email id of the customer by fake email id. Please refer to the attached screenshot:

If the customer submits the request to anonymize the email id also. Then the customer email id will be replaced by a system generated email-id.

The customer can use the system generated email id for accessing the account.

3.1.8 Enable right to be Forgotten

As per the new GDPR Directives customer has the right to be forgotten. If this setting is enabled from the admin interface of the Prestashop GDPR Compliance Module then the customer can request for the deletion of his/her data by accessing his/her account. After receiving the request of the customer a confirmation email will be sent to the customer and as per customer’s approval, entire details of the customer will be deleted from the database.

The forgotten request interface for the customer will be as below:

Customer will be notified that an email with the confirmation request has been sent to the registered email id.

To handle the data deletion option admin has the following options from the back-office:

In order to complete the data deletion request go to the Data Forgot tab of the Prestashop GDPR Addon module and click on the “Process Forgot Request”.

Admin can also set up the cron job to automate the process.

Note:

1) It is recommended to consult with your legal team before enabling data deletion settings. After deleting the customer’s personal data it cannot be retrieved. Admin has the option to enable the delete order setting which has been explained in the next topic.

2) In case you are sharing the customer data with third-party service providers then you need to delete the customer data manually. As of now, this module does not support the feature to delete the data shared with the third-party service providers.

Example: If you are using MailChimp for sending promotional emails then you have to delete the customer details from MailChimp list manually.

3.1.9 Enable the right to data rectification

A customer has the right to update the incorrect personal data. The Prestashop GDPR Customer Rights Module allows the store admin to let the customer modify the personal data like personal details, address etc.

3.1.10 Enable Right to Restriction of Processing

This feature will be updated soon.

3.1.11 Enable Rights in relation to automated decision making and profiling

If this setting is enabled from the admin panel of the Prestashop GDPR compliance module then store admin will be able to list the services which make a decision by automated means.  If a customer requests for the services which make a decision by automated means then the customer will get an email to confirm the request. As soon as the user will confirm the request, the user will be redirected to a new link. Here all the services with the automated decision making will be listed and the user can select the one which he/she would like to continue.

3.1.12 Enable Store Policy Acceptance

If a customer would like to raise a request under GDPR rights then admin can add the condition to accept the Terms and Conditions before requesting for the GDPR request for the Personal Data, Account Deletion or Data Anonymization.

3.1.13 Store Policy Page

Admin can add the URL of the page on which all the Terms and Conditions are listed. The customer can check the Terms and Conditions by clicking the link available with the message at the time of raising the request.

3.1.14 Services/ Other locations where you store customer data

If you use the third-party services and share the customer data with them, then list down all the third-party service providers here. This information will be sent to the customer if he/she request for the Personal Data.

3.1.15 Physical locations of servers where you host your website and other data

You can mention the server location here, where you store the customer data.

3.1.16 Purge Request Day 

This option allows the store admin to set the retention period for the GDPR requests. As per the number of days entered by the store admin the GDPR request data will be deleted from the database. Cron setup is available for automating the process.

3.1.17 Display Header Menu

Display Header Menu option of the Prestashop GDPR compliance addon allows the store admin to display the GDPR option in the header section of the website. By enabling “Display Header Menu” setting of the Prestashop GDPR addon, store admin can allow the guest users to access the GDPR rights.

3.1.18 Header Menu Text

Admin can define the text for the Header Menu.

3.1.19 Admin Email Address

The online store admin can enter his email address for getting GDPR related e-mail notifications. Prestashop GDPR Module provided an option to add admin email in the General setting tab to receive/send the mail using that email address instead of default shop email address.

It is mandatory for the online store owners to display the message that website uses the cookies (if you use cookies for the better customer experience) with the option to accept or discard the cookie acceptance. The Prestashop GDPR Module allows the store admin to display the Cookie Consent Bar at the front end with the option to accept the cookie or discard the message. Admin can easily customize the appearance settings as well as the message on the cookie bar.

The Cookie Consent Bar tab has following settings:

In the new version of the Prestashop GDPR Module, the option to block cookies from the third party module has been added the new admin interface of the module has the option to setup the Cookie Bar Settings and Cookie Blocker option. Please refer to the attached screenshot:

The cookie bar setting tab has the 2 options Configuration and Appearance.

3.2.1.1 Configuration

Admin has following options to set-up the Cookie Consent Bar.

3.2.1.2 Appearance Settings

Admin can easily control the following options for the Cookie Consent Bar.

The Cookie Blocker interface will consist of the Details of the Cookies. Admin will have the option to add the Module category. For example, Strictly Necessary Cookies – Admin can map all the third party modules under this category which are required for the proper functioning of the features of the website. To map the modules under the category admin need to click the drop down option as highlighted in the screenshot below.

How to map the modules with the Module Category?

In order to map the third party modules which use the cookies admin need to click the drop down option and then click on the Add Modules. This will open a new page with the option to select the modules. Please refer to the screenshot.

Now find the module which you would like to map with the Module Category and click on the Module Name. On clicking the Module name option to enter details regarding the Cookie will appear. Please refer to the attached screenshot:

Admin can add the multiple module categories and map the modules to these categories with ease. At the front-end, if the user clicks on the Cookie Settings option then he will be able to activate the cookies of his choice. Please refer to the attached screenshot:

Note: Strictly Necessary Cookies will be enabled by default. All other module cookies can be controlled by the customer.

The user consent option allows the store admin to display the checkboxes on the Signup and Contact form. In order to add the checkboxes on the Registration and Contact form admin need to click on the User consent option. Please refer to the attached screenshot:

Clicking on the User Consent option will open a new window with the option to add the checkboxes on the Registration and Contact form. Please refer to the attached screenshot:

In order to add a new checkbox admin need to click on the + icon as highlighted in the screenshot above. Clicking on the + icon will open a new form to fill the details. Please refer to the attached screenshot:

At the front-end the checkbox will appear like below:

The Prestashop GDPR Addon by Knowband also records the user consent. To verify the customer consent admin need to navigate to the Customers section. Please refer to the attached screenshot:

3.4 GDPR Data Portability

In the GDPR data portability section of Prestashop GDPR Module, admin can check the status of the data portability requests raised by the customers. Customers can download the personal data like Personal Info, Addresses and Orders in the CSV format. Admin can check the reports of the downloaded data in this section.

New Feature:

The new version of the Prestashop GDPR Module allows the store admin to download the customer data from the back-office. This feature will help the store admin to share the customer data if data has been requested from some other communication channel like email instead of using the website. To download the customer data follow steps mentioned below:

On searching for the customer details by Customer Name or Customer email-id the details of the customer with the options to download the details of the customer will appear. Please refer to the attached screenshot:

From here admin can download the customer details. The downloaded data will be in CSV format.

3.5 GDPR Forgot Request

According to the right to be forgotten of GDPR, the customer can request for the deletion of his/her personal details. All the requests registered under “Right to Forgotten” will be listed under the GDPR Forgot Request tab. As per the settings enabled/disabled for the order deletion, order details will be stored or deleted.  Admin can easily check the status of the GDPR Forgot requests from the admin interface of the Prestashop GDPR module under the “GDPR Forgot Request” tab.

Note:

New Feature:

The new version of the Prestashop GDPR Module allows the store admin to delete the customer data from the back-office. This feature will help the store admin to delete the customer data if the data deletion request has been generated from some other communication channel like email instead of using the website. To delete the customer data follow the steps mentioned below:

From here, admin can check the customer details and also select the option to delete the customer data. Admin can also notify the customer regarding the data deletion through email. As per the settings enabled from the General Settings for the data deletion requests order details will be handled in a similar manner.

Note:

1) If any third party module uses the Prestashop hooks (as per the guidelines of the Prestashop to make the Prestashop modules GDPR Compliant) then the Prestashop GDPR Module by Knowband will allow the store admin to delete the customer data from that module as well.

2) As of now, the Prestashop GDPR Compliance Module by Knowband does not keep the record of the data deletion requests processed from the back-office.

3.6 GDPR Anonymous Request

If the customer would like to make his/her information anonymous so that no one can identify the user from the personal details then the customer can request to anonymize the data. In this case, the customer personal data will be replaced by fake details and as per the settings enabled under the GDPR Settings tab of the Prestashop GDPR Compliance Module; a fake email id can also be generated. If the customer wishes he/she can continue to use the services by using the fake email id to access his account details. Admin can check the details of the Data Anonymous Request under the GDPR Anonymous Request tab of the Prestashop GDPR Compliance Module.

3.7 GDPR Rectification Request

The customer has the right to modify the inaccurate information. The Prestashop GDPR Module allows the customer to modify the details like Personal Information, Address, and Password etc. Admin can check the status of the status of the modification made by the customers under the GDPR Rectification Request.

3.8 GDPR Personal Data Report Request

As per the GDPR Rights customer can request for the details of the personal data which has been collected by the store admin along with the details that how the personal data has been used and which other services are using the data of the customer. At the front-end customer gets an interface to request for the personal data under the My Account section. As soon as the user request for the Personal Data an email for the confirmation will be sent to the user to the registered email address. As per the confirmation from the user personal data details will be sent to the user. Admin can check the status and details of the Personal Data Request status under the GDPR Personal Data Report Request.

Note:

As of now the Prestashop GDPR Module by Knowband allows the store admin to share the details like Personal Information, Address Details, Newsletter Subscription, D.O.B, Shopping Cart Contents, Order Details, Admin can also list all the third-party service providers details and the physical location of the server along with the details of the hosting company.

3.9 GDPR Email Templates

The GDPR Module by Knowband allows the admin to sending following emails to the customer on raising a request under the GDPR.

3.9.1 Confirm Your GDPR Account Deletion Request

Admin can update the Subject line and the email text by using the GDPR Email Template Settings.

The default format of the email template is as below:

3.9.2 Confirm Your GDPR Personal Data Anonymous Request

Admin can update the Subject line and the email text by using the GDPR Email Template Settings.

The default format of the email template is as below:

3.9.3 Customer has requested for GDPR

This Email template is used to send a confirmation mail to the customer when a customer has requested for Personal Data Report.

The email at the customer end will be like below:

3.9.4 Your GDPR Personal Data Report

This email template will be used to send the Personal Data of the customer requested under the GDPR Right to the access to the Personal Data.

At the customer end the email design will be as below:

3.9.5 Customer has confirmed GDPR Request

3.9.6 Confirm Your GDPR Decision Making Request

This email template will be used to request the customer for the confirmation of the automated decision-making requests.

Email at the Customer end.

3.10 GDPR GEO Targeting

The online store admin can also select any IP address and country/region for showing selected GDPR functionalities. Thus the admin can hide the GDPR functionalities from the countries where these rules are not compulsory.

3.10.1 GEO Targeting using IP address


3.10.2 GEO Targeting using Country

3.11 GDPR CRONS

In order to help the store admin to automate the Data deletion and Purge Request, cron settings are available in the Prestashop GDPR Module. Please refer to the attached screenshot.

Admin can complete the data deletion and Purge Requests by Clicking the “Forgot Request” and “Purge Requests” button or set up the cron to automate the process.

Note: The purpose of these features is to help you to meet the GDPR requirements. Installing this module only does not guarantee merchant sites’ compliance with the new obligations imposed by the GDPR. It is your responsibility to put in place all the necessary measures to ensure you comply.

You may also like:

Thus with the help of this Prestashop GDPR plugin, the admin can easily handle the GDPR requests and allows the customers to update, delete, download their individual details. The General Data Protection Regulation module offers a user-friendly interface and effortless working. The GDPR module for Prestashop addon is highly customizable. There are email templates available for sending the e-mail. There is a choice to opt-in for cookies.
For more information about this Prestashop addon please visit:
Prestashop GDPR Compliance addon Module Link: https://www.knowband.com/prestashop-gdpr-addon

Knowband GDPR module for Prestashop Admin Demo Link: https://psm.knowband.com/demo/?module=gdpr&demo=admin&referrer=kb&lang=en

Prestashop EU GDPR addon Front Demo: https://psm.knowband.com/demo/?module=gdpr&demo=front&referrer=kb&lang=en

Knowband Prestashop GDPR plugin Addon store link: https://addons.prestashop.com/en/legal/32019-knowband-gdpr-rights-of-individuals.html

Knowband General Data Protection Regulation module YouTube video link: https://www.youtube.com/watch?v=kVCqXyUDfaE&feature=youtu.be

Please contact us at support@knowband.com for any query or custom change request as per your business requirement.