Support » Plugin: PayPal for WooCommerce » GDPR compliant? and questions about data collection

  • Resolved Jon Fergus

    (@jon-fergus)


    I’m just working through our Privacy Policy and finalizing for the GDPR standards. Where can we find details of how this plugin and PayPal detail how they comply with the GDPR?

    We’re planning to use the REST Credit Card Payments, and Express Checkout. For the REST method, is there a Privacy Policy section somewhere that details how the data is collected and transmitted to PayPal since the credit card data is submitted on-site?

    Thanks for any help you can offer on this.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor angelleye

    (@angelleye)

    At the site level this is going to left mostly up to general WordPress / WooCommerce settings. I know the upcoming WooCommerce updates will have lots of new options related to GDPR and how to provide notices, acceptance boxes, etc. through-out checkout. PayPal will be doing the same within their hosted checkout pages for Express Checkout.

    We really don’t collect or save any data at the plugin level. That’s all handled by the tools around our plugin, so as long as you have those things setup the way you need then all should be good.

    Thanks for the reply. Ya, we’re looking forward to Woo 3.4, and hopefully some better functions in the WP core for GDPR stuff. About your plugin:

    We really don’t collect or save any data at the plugin level. That’s all handled by the tools around our plugin

    I’m not sure which tools you mean exactly. Can you clarify? Do you mean PayPal’s tools?

    I think the Express Checkout is basically a non-issue, as it’s all processed in PayPal’s hosted checkout pages, but the REST credit card payment fields is where I’m still unsure. So, when a customer enters their credit card information into the REST fields on our site, its not the plugin that collects and transmits the data to PayPal? Is the info stored in our site’s database anywhere (even temporarily)? If you don’t collect this data at the plugin level, what does collect it? For our privacy policy, do we just say that PayPal collects it?

    I’m sure it’ll all be fine, but just want to be confident in how we word things in our privacy policy. Thanks again for the help.

    One further question that I just realized. We’re in sandbox mode right now, and under the REST settings under Woocommerce -> Settings -> Checkout, we have NOT enabled logging. However, I can see all transactions made since May 1st in the wc-log, with all credit card details, first and last name, address, etc. shown there in plain text!

    Is this happening because logging is defaulted to “on” when in sandbox mode or something? When we go to live payments will wc-logs still be made like this?

    Plugin Contributor angelleye

    (@angelleye)

    @jon-fergus, We haven’t had any other reports of the log problem, but we’ll check into that and see if we can reproduce that.

    For the tools, yes, I just mean WooCommerce itself and PayPal hosted checkout pages. WC will give you the additional fields to add verbiage however you need to.

    Plugin Contributor angelleye

    (@angelleye)

    The 1.4.9 update will adjust the log files accordingly. Look for it soon!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘GDPR compliant? and questions about data collection’ is closed to new replies.