Customer account data sent to Stripe

  • Resolved dtakriti

    (@dtakriti)


    2 years ago

    When a customer makes an account in WordPress/Woocommerce all data ist sent to STRIPE automatically. How to prevent this?

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author Payment Plugins

    (@mrclayton)

    Hi @dtakriti

    all data ist sent to STRIPE automatically

    Can you explain what you mean by all data? The code is written to create a customer ID in Stripe and information like their email address and billing address are provided.

    Why do you want to prevent a customer being created or the data associated with that customer being sent to Stripe?

    They have already consented to creating an account on your site so can you help me understand why you want to alter that behavior?

    Kind Regards

    Thread Starter dtakriti

    (@dtakriti)

    Customers agree to have an account on the shopping website, but sending the customer data automatically to Stripe is against general GDPR. It must be kept just at the store website.

    GDPR ist everywhere, so no merchant ist allowed to store data at another place without asking the customer again to do that. And it’s not necessary as most customers do not use Stripe payment at our site. Why does Stripe need this information? Why you programmed it this way?

    It is a big GDPR concern here in Germany. If Stripe or payment providers will check this, they may ban the plugin.

    How can we prevent this behaviour?

    • This reply was modified 2 years ago by dtakriti.
    • This reply was modified 2 years ago by dtakriti.
    Plugin Author Payment Plugins

    (@mrclayton)

    Customers agree to have an account on the shopping website, but sending the customer data automatically to Stripe is against general GDPR. It must be kept just at the store website.

    Can you explain how it would be possible for Stripe to process a customer’s saved payment methods then without creating a customer ID? Or to associate a payment with a customer?

    It is a big GDPR concern here in Germany. If Stripe or payment providers will check this, they may ban the plugin.

    We have worked closely with Stripe and their GDPR legal team and our solution architecture was approved so Stripe saw no legal issue with how our plugin is designed.

    Here is how you can remove that feature. Test before implementing

    remove_action('wp_loaded', [WC_Stripe_Customer_Manager::instance(), 'wp_loaded']);
		remove_action('woocommerce_checkout_update_customer', [WC_Stripe_Customer_Manager::instance(), 'checkout_update_customer']);

    Please keep in mind without a Stripe customer ID, your customer’s won’t be able to save payment methods, process subscriptions etc.

    Kind Regards,

    Thread Starter dtakriti

    (@dtakriti)

    Thank you very much, I will try this.

    Here is one of the GDPR rules: The client has to be informed. That’s the problem. GDPR is really something we cannot discuss here. I understand, but nobody can work in Germany against the laws.

    https://europa.eu/youreurope/business/dealing-with-customers/data-protection/data-protection-gdpr/index_en.htm

    >

    Data transfer outside the EU

    When personal data is transferred outside the EU, the protection offered by the GDPR should travel with the data. This means that if you export data abroad, your company must ensure one of the following measures are adhered to:

    • The non-EU country’s protections are deemed adequate by the EU.
    • Your company relies on specific grounds for the transfer (derogations) such as the consent of the individual.

    Consent should be given by an affirmative act, such as checking a box online or signing a form.

    >> Just sending data to another provider is not allowed without an ack from the customer… Same with sending email to Transportation Company like DHL.

    It’s so complicated here. That’s a fact. ??

    • This reply was modified 2 years ago by dtakriti.
    Thread Starter dtakriti

    (@dtakriti)

    I do not mange to get the code excecuted. Can you help me where an how to insert it, please. I have a snippet plugin.

    Plugin Author Payment Plugins

    (@mrclayton)

    @dtakriti You should ask the developers of your snippet plugin how to add code snippets to their plugin.

    In general, it’s a straightforward process of creating a snippet and then copy/pasting the code in.

    Thanks

    plexusllc

    (@plexusllc)

    Here’s a full code snippet which should work to disable the above mentioned functionality:

    add_action ('init', function(){
    if (class_exists("WC_Stripe_Customer_Manager")) {
    remove_action('wp_loaded', [WC_Stripe_Customer_Manager::instance(), 'wp_loaded']);
    remove_action('woocommerce_checkout_update_customer', [WC_Stripe_Customer_Manager::instance(), 'checkout_update_customer']);
    }
    });

    Thread Starter dtakriti

    (@dtakriti)

    @plexusllc This solved the problem. You are the boss!

    THX

    Daniel

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Customer account data sent to Stripe’ is closed to new replies.