My GDPR StatementHere's what I did to comply with the GDPR.
PLEASE NOTE: If you are reading this to get ideas on what you should do, remember (a) I am not a lawyer, and (b) your situation could be different from mine. Please consult your own counsel.
- I am based in the United States
- I don't use tracking cookies.
- I don't use AdSense. My web properties are about my business and helping your business, not advertising for someone else.
- I don't require date of birth for order processing.
- I am using Zen Cart to process orders in my store, MailChimp for email newsletters, Wufoo for forms processing, Salesforce for CRM, YouTube for video display, WordPress for my blog.
includes/templates/MY_TEMPLATE/common/tpl_main_page.php, I modified the call to Google Analytics so that IP anonymization is used. I changed
ga('set', 'anonymizeIp', true); ga('send', 'pageview');
- Under Admin->Configuration->Define Page Status, set Define Privacy Status and Define Conditions of Use both to 1. This adds a link to your privacy page to your Information sidebox.
- Turn off collection of gender and DOB using Admin->Configuration->Customer Details, Email Salutation = false; Date of Birth = false.
- Under Configuration->Regulations, turn on both settings (Confirm during checkout, confirm during account create.)
- I changed the text that starts with "we use Shopify" since I am using Zen Cart.
- Rather than posting my email and address I used a contact form.
- I changed the Canadian spelling of "behavior." :)
- I *do not* use Facebook pixel or any other tracking or retargeting mechanism, so I didn't need to make a statement like that.
Here's what I did *not* do:
- I did not unsubscribe people from my newsletter until they re-opted in; they have already opted in once.