GDPR compliancy observations

  • Resolved Duan_d

    (@duan_d)


    5 years, 11 months ago

    Hi,

    Please can you confirm whether it is possible to include 1 or more check boxes (privay policy) to the booking form with the ability to only complete the booking if all check boxes are checked?

    Would I be correct in thinking that this plugin only collects and stores the data that the customer provides in the booking form, and this data is shared directly and exclusively with Paypal? No other end user data is used on any other way?

    Where exactly is the data that the user enters on the booking form stored? How long is it stored for? Can it be deleted if a customer asks? If so, how?

    This would be really useful to know.

    Thanks,

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author codepeople

    (@codepeople)

    5 years, 11 months ago

    Hi,

    In the commercial versions of the plugin there is a visual form builder that allows adding the checkboxes to accept the terms. In the free version the checkbox fields has to be manually added into the plugin file “inc/cpabc_scheduler.inc.php”.

    The plugin only collects the data entered into the form to store it locally in the WordPress website database. This info can be checked in the plugin bookings list.

    No customer data is shared with PayPal or other third party. PayPal only needs the amount to pay, product name and item number. No customer information is passed from the plugin to PayPal. After the PayPal payment, PayPal shares the customer email address used for the payment, that’s the only info stored back from PayPal.

    No other user data is stored or tracked via cookies or other methods.

    The data can be deleted from the bookings list and from the calendar located in the administration area.

    Thank you for your interest in the plugin!

    Thread Starter Duan_d

    (@duan_d)

    5 years, 11 months ago

    Hi there,

    Thank you for a comprehensive and timely reply.

    Please could you clarify the following 5 points (to make sure I understand correctly):

    If no customer data is shared with PayPal, how does PayPal share the customer email address after payment? Surely the email address is shared along with the amount, product name, and item number. Feel free to correct me if I’ve misunderstood.

    When you say “PayPal shares the customer email address used for the payment, that’s the only info stored back from PayPal”, is that email address solely used by PayPal to send the customer their receipt? In that case, would it be advisable to refer the customer to PayPal’s privacy agreement for that?

    Please could you define the difference between the ‘product name’ and ‘item number’ shared to paypal by the plugin, in the context of appointment bookings.

    How long is the ‘transactional data’ stored in the WordPress database? Is it stored until it is manually deleted from the the bookings list?

    Are there any real threats to the data stored in the database? Is it recommended to ask ones hosting company about encryption or anything like that?

    I really appreciate your help.

    Thanks,

    • This reply was modified 5 years, 11 months ago by Duan_d.
    Plugin Author codepeople

    (@codepeople)

    5 years, 11 months ago

    Hi,

    The plugin doesn’t send customer data to PayPal, I mean the customer data entered into the form isn’t sent to PayPal.

    The plugin sends to PayPal the “product name” that appears in the PayPal payment page (booking), an item number to identify the transsaction and the amount to charge at PayPal.

    When the PayPal payment is completed PayPal sends back to the plugin the customer email address entered at PayPal. As mentioned that’s the only customer info saved back from PayPal.

    The data stored in the WordPress database remains stored until manually deleted from the bookings list.

    Database encription isn’t recommended.

    SSL certificate (publish the website over a SSL secure connection) is strongly recommended.

    Thank you for your interest in the plugin!

    Thread Starter Duan_d

    (@duan_d)

    5 years, 11 months ago

    Thank you very much for your information.

    Lastly, to be compliant it is important to offer customers the option to opt out of emails. I understand a big feature of this plugin is to automatically email the customer confirmation of their booking. Is there some way of honoring a customer’s wishes should they want to book an appointment but do not want to receive an email, yet have provided an email address?

    Apologies for all my questions, but thank you for your help.

    Thanks,

    Plugin Author codepeople

    (@codepeople)

    5 years, 11 months ago

    Hi,

    That feature (let the customer remove the confirmation email received after the submission) isn’t currently available in the free version of the plugin. We will add it in a future update.

    Thank you for your feedback!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘GDPR compliancy observations’ is closed to new replies.

Tags