gdpr compliant

Hi there,

I have a couple of Questions regarding GDPR: is “Woocommerce Payments” GDPR compliant? Does it send Data to US Servers?

Yes, WooCommerce Payments is GDPR compliant. I’ve included a section from our Privacy Policy below regarding transferring information:

“Transferring Information
Because Automattic’s Services are offered worldwide, the information about you that we process when you use the Services in the EU may be used, stored, and/or accessed by individuals operating outside the European Economic Area (EEA) who work for us, other members of our group of companies, or third-party data processors. This is required for the purposes listed in the How and Why We Use Information section above.

When providing information about you to entities outside the EEA, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy as required by applicable law. These measures include entering into European Commission approved standard contractual arrangements with entities based in countries outside the EEA.

You can find some more information on WooCommerce and the GDPR here.

Hope this helps, let us know if you have any further questions ??

• This reply was modified 3 years, 1 month ago by Janine - a11n.

Hi Janine
How can WooCommmerce be GDPR compliance in accordance with this article from 2020 – please elaborate:

“Breaking news: On July 16, 2020, the Court of Justice of the European Union (CJEU) has ruled that any cloud services hosted in the US are incapable of complying with the GDPR and EU privacy laws.

In August 2016, the EU-US Privacy Shield framework came into effect, which “protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes. It allows the free transfer of data to companies that are certified in the US under the Privacy Shield.” – European Commission website

However after today’s CJEU ruling, this Privacy Shield framework became invalidated due to significant differences between EU and US privacy laws.”

Please read the full article here:
https://matomo.org/blog/2020/07/storing-data-on-us-cloud-servers-dont-comply-with-gdpr/

Looking forward hearing more as we are looking for Google Analytics alternative, which brought my attention to Jetpack and GDPR compliance. But the GDPR compliance concerns WooCommerce as well.

Br
Henrik

Hey @webministeren

When it comes to the specifics of the application of GDPR, we always recommend reaching out to a lawyer as they will be able to guide you more accurately. While we can give resources to you to help guide you along the way, the exact information you’re looking for is best handled by a law professional.

That said, WooCommerce is open source, which means that it and WooCommerce Payments have many applications and it is largely up to the site admin and their hosting platform. We don’t offer WooCommerce cloud services at this time.

For further details, please refer to our GDPR documentation and the WooCommerce site and data security FAQ for more information as we are not lawyers and cannot interpret the law and its applications, but want to at least point you in the right direction.

• This reply was modified 3 years ago by Erica K. a11n.