EasyCart is designed to handle a lot of personal information (PI) for users who visit, shop, and ultimately purchase. As countries implement more data protection policies, it is important we clearly state what data is stored, saved, and utilized so you can better build a policy and terms for your website and specific country legal needs.
We are providing this information so that you may better know what data is stored and used within the EasyCart system. It is ultimately up to you to build a policy and terms that use this information as you need to meet your own personal requirements and situation. EasyCart does not imply our software will work for every situation and need and this information is provided strictly as informational purposes, not as a legal means, and may change or be altered at anytime. We make every effort to best provide accurate information when available.
In 2018, the European Union’s General Data Protection Regulations (GDPR) released standards for personal information handling that used to be considered fairly benign. This shift required companies to revisit how they handle personal information and also WHAT personal information is being used. This includes any information that can ??directly or indirectly? identify a person, including real names and screen names, identification numbers, birth date, location data, network addresses, device IDs, and even characteristics that describe the ??physical, physiological, genetic, mental, commercial, cultural, or social identity of a person.? This conceivably could include any piece of information about a person that isn??t anonymized.
In 2020, the United States released the California Consumer Privacy Act (CCPA) released its standards for personal information and expanded a little on the GDPR. Under the CCPA, personal information is ??information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.? This includes a host of information that typically don??t raise red flags but which when combined with other data can triangulate to a specific individual like biometric data, browsing history, employment and education data, as well as inferences drawn from any of the relevant information to create a profile ??reflecting the consumer??s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.?
While we know that EU’s GDPR applies to any company that does business within the EU, either offers goods/services (paid or for free) or is monitoring the behavior of individuals in the EU… California’s CCPA is much different.
CCPA is a bit larger scale and currently applies to companies with annual revenue over $25 million or has over 50,000 people that it collects data on. Companies do not have to be based in California or have a physical presence there, or even based in the United States to fall into this category. This for most users will mean they do not need to worry about the CCPA, however, more national trends may soon include this for everyone… so worth following and gearing up.
If you are a small or mid sized business selling under $25 million annually or do not have 50,000 people you collect information on, then there is not much you need to do to actually comply. If you do have over this figure, you likely have a legal team and/or are already aware of what is needed by working with professionals. Typically you will need to have a clear link on your footer or site that allows people to delete and opt out of any data collection at any time. This will be difficult for many individual companies who know that data like this can be stored across multiple systems, terabytes of data, and no clear path to just remove.
More importantly, all sites really should contain a data policy that is available on their site showing specifically what data is collected and how it is used by your company. If you sell to third parties your lists, what other companies may have access to users data, and if users are not able to clearly get access to this information you can be sued under the CCPA. This is a particularly important element and something all companies should start implementing as it is implied that this policy could easily become a federal law and required by all businesses and companies doing business online.
While a wordpress website with EasyCart does not store full credit card information, it important to all companies using this setup to understand what data IS actually stored and used. This data is considered personal information and identifiable information. Much of this information is used for payment API systems, shipping API systems, Tax API systems, and fraud detection systems and is considered normal data collection for any eCommerce site. This information should be useful for building a policy around your company that users can clearly see.
Keep in mind that peripheral data can always be collected on top of what our software or EasyCart collects as it integrates into a WordPress website… therefore, other plugins, themes and WordPress itself can and most likely will collect more data. You should reference all of those companies, plugins, themes, and related software for what data collection is returned on their part as well.
Now that you know what the data protection policies are and general guidelines for each, you should begin building a company policy and strategy surrounding your particular needs. We highly recommend all online ecommerce sites build and implement an easy to access policy statement that outlines what data they handle, how they handle it, and with whom they share data with. The above information should help formulate part of that policy with regards to EasyCart.
Businesses and online companies would be further ahead of the game to implement a plan to allow users to remove their data as it is becoming more and more evident that users will have a full right to control and manage that data. It may be as simple as developing a link on your footer or site to allow users to ‘Opt Out’ and request their data removal or usage report. While this may be a larger struggle for companies to build, it is clear that the future will head more and more in this direction.
EasyCart is providing this information to the best of our knowledge and is not claiming to be a legal authority or fully compliant solution but strives to follow best practices where it can. As more information and companies fall into these regulatory rules, we will continue to monitor and build systems for our users. For more resources and legalities, it is always important to consult with a legal professional should you need.
General Data Protection Regulation: https://gdpr.eu/
California Consumer Privacy Act: https://oag.ca.gov/privacy/ccpa