GDPR compliance needed ASAP

Hi,

Thank you for raising concerns about GDPR. To our knowledge, the plugin is not storing or sending any personal information. Could you specify which information that is in conflict with the regulation?

If you are referring to the booking functionality in the PRO version then consent should be acquired from the user before they place any orders in your shop. This consent should be obtained regardless if you use this plugin or not. We’ll write a section on GDPR which explains this in more detail which will accompany the next version of the plugin.

Please note that all communication with the bring.com API is encrypted with SSL. We’re not a subsidiary of Bring, but a third party. Every customer of Bring should sign a data processing agreement with them directly. In terms of the right to access, rectification, erasure and restriction of processing then this can be achieved by manual operation on the order in the admin panel in WordPress or in the mybring.com admin interface.

The plugin is not illegal to use. Compliance with GDPR is up to the website that chooses to use this plugin. As far as we know there is nothing in the plugin that compromise compliance with GDPR.

I’ll also mention that GDPR has been delayed in Norway and other EEA countries because this might be relevant if you’re working on compliance which means that you can extend your deadline. https://rett24.no/articles/gdpr-forsinkes-igjen–na-er-datoen-1.juli

Thanks for clearing things up. So you don’t store any data at all?

What about the users and their information, clearly it is that what is sent, not about me and my site.
If a user want the personal data deleted, is it Bring he has to reach?

• This reply was modified 6 years, 10 months ago by baggyno.
• This reply was modified 6 years, 10 months ago by baggyno.

The only information that is sent to bring for the shipping calculation is the postcode, country and package dimension + weight. This information is not personal information on its own. There is no other connecting data which would classify it as personal data. When talking about the Booking feature in PRO, then yes this is personal data, but this information would be sent to them regardless of whether or not you use this plugin or not. You should describe how data is processed in your terms and conditions. The plugins itself does not store any data. It just facilitates communication between your website and bring.com / mybring.com.

If a person wants their data deleted then they would need to send a request to the company that they registered their data with. That company should have established routines to handle such requests. So if we had a WooCommerce shop and used Bring Fraktguiden you could send a request to us, and then we would send a request on your behalf to bring in accordance with the data processor agreement we would have with bring. Please note that GDPR does not interfere with other laws such as bookkeeping. So, in this case, we would most likely not be able to accommodate the request. Likewise, a request to rectify data would only be able to be handled if the systems have not already processed the order, which is seldom the case because a lot of these systems are automated to process orders immediately.

WooCommerce by default requires consent to the terms and conditions on the checkout. As long as the terms of conditions are compliant with GDPR then I don’t see any problem.

• This reply was modified 6 years, 10 months ago by Driv Digital.
• This reply was modified 6 years, 10 months ago by Driv Digital.
• This reply was modified 6 years, 10 months ago by Driv Digital.