The GDPR is in full swing! We’ve already talked about how you can make your company GDPR compliant by applying technical and organizational measures in previous blog posts. Are you still unsure about the best way to approach this? Then request a AVG Advice process from Data Privacy Partners! But what about web shops?
Most web shops require a number of personal data, including email address and (sometimes) telephone number. Now it may be useful to have this information, for example to send a newsletter or call to inform us that something is wrong with the order, but it is not the intention that you use this information for other purposes. use. And even in the case of the newsletter, the option “Sign me up for the newsletter” should not be enabled by default, the user must give explicit permission for this.
If you nevertheless want to use the data you collect in your webshop (for example through cookies) for “Targeted advertising” (tailor-made advertisements). Make sure again that A) This is properly described in your cookie statement and privacy statement and that B) the user can easily say “No” to this. For example, create a button for custom cookie settings where only the cookies that are necessary for the functioning of the webshop are placed, and if you use, for example, Google Ads, you may not generate a notification in the trend of “Disable your adblocker to to be able to use this website “. This has to do with one of the rights of data subjects, namely the right to object. A data subject can object through an adblocker to the fact that his or her personal data is being processed because some ads contain a “Tracking Pixel” that keeps track of which people have all seen the ad.
If you would nevertheless like to use this data for advertising, for example, you must request permission from the customers of your webshop before passing on the data to a third party. Also make sure that you do not keep the data longer than the legal retention period. It is also important that you also let your customers know that if you pass on personal data to third parties, they may stop this at any time by indicating that they prefer not to. According to the GDPR, withdrawing consent should be as easy as giving consent. Therefore, keep in mind that if you have such a request to stop processing the personal data, you must also pass this on to the parties to whom you have transferred the personal data. After all, these are also obliged to delete the data. In order to properly map out who has which personal data, it is wise to include all this in your processor agreements.