GDPR Support in Ucommerce

What you should know about the legalities

In general, GDPR is a set of rules mandated by the EU for any company doing business with persons within the EU. This is true regardless of the location of the company conducting the business. Effectively this means that even as a company outside the EU, you are subject to GDPR if you sell to a person residing within the EU.

Among other things GDPR mandates that:

 

Please note the above is not a complete list of GDPR requirements, but rather the subset important for how Ucommerce can help establish GDPR compliance for customers.

What we will do in the platform

Most of the requirements of the GDPR deal with documenting internal business processes and so cannot directly be supported by Ucommerce. The responsibility to support GDPR rests solely with the company using Ucommerce.

To help support GDPR compliance for our customers we are making the following available:

  1. Documentation outlining which personal information Ucommerce stores about a customer and where, e.g. order information, addresses, and more.
  2. Documentation outlining where this personal data is made available within Ucommerce, e.g. order management tools.
  3. Documentation outlining how to look up personal information about a customer within Ucommerce.
  4. A tool to display customer information within Ucommerce, i.e. the order management tool, which displays information about the customer.

What Ucommerce will not provide

  1. Tools to display personal information in a machine readable format. These can be created using the API of Ucommerce if required.
  2. Tools to delete personal information. These can be created using the APIs of Ucommerce if required.

As always we will gather feedback from partners and customers. Should the need for these types of features increase we will add them to the roadmap.

Which role does the CMS play

Because customer consent is primarily going to be required for marketing activities, we expect consent to be stored in one central repository in the CMS or externally in a CRM system. In the case of both Umbraco and Kentico tools are available for the CMS to gathering consent and store them, e.g. Forms for Umbraco and GDPR support in Kentico 11 EMS Edition.

Keep in mind that the CMS stores additional personal information for marketing and personalization purposes, e.g. contacts in Kentico and Sitecore will hold additional personal information. It is up to the CMS vendors to document and provide tools to support GDPR for these areas.

Data processing agreements

Because Ucommerce does not host the solution on behalf of you as a customers, you do not need a data processing agreement with Ucommerce. However, you will need a data processing agreement with the hosting provider you select, e.g. Microsoft for Azure or with Umbraco for Umbraco Cloud.




{{lineitem.ProductName}}

{{lineitem.VariantName}} - {{lineitem.Quantity}} x {{lineitem.FormattedPrice}} {{lineitem.FormattedPrice}}

Your cart is empty ;(
Total {{basket.FormattedProductsTotal}}
Checkout