hjmaier Posted May 25, 2018 Posted May 25, 2018 Hi, thank you for implementing all the GDPR Features. I noticed that for the new download function, not all data from comerce are added to the xml file. I miss purchases and invoices. Could you add them? Best regards Hans-Joachim
Management Matt Posted May 29, 2018 Management Posted May 29, 2018 Are they personal data though? The export contains stored email addresses, credit cards and customer data in the XML. I wouldn't consider data such as: invoice_id: 12345 invoice_total: 12.00 As data required in the export.
hjmaier Posted May 29, 2018 Author Posted May 29, 2018 @Matt I think about adresses. Are they only stored once as a master date? Or are invoice an delivery addresses stored for each invoice/transaction? If yes, this is a personal data. Same is with custom fields for transactions. I can request personal data with custom fields. They need to be included in the download as well. I did not check custom profile fields. Are they in the XML? But thank you very much for your efforts regarding GDPR compliance. edit: Additional: I am not sure if the purchase/ invoice itself is considered a personal data. I guess yes, because I can tell which product a specific user had purchased in the past.
Management Matt Posted May 30, 2018 Management Posted May 30, 2018 We add all the addresses currently on file in the XML, which I think should cover the PI requirement.
bfarber Posted May 30, 2018 Posted May 30, 2018 22 hours ago, hjmaier said: Additional: I am not sure if the purchase/ invoice itself is considered a personal data. I guess yes, because I can tell which product a specific user had purchased in the past. PII covers data that can be used to identify a person - an invoice (absent other data about the person) can't really be used to identify them.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.