x

GDPR - Weebly collecting shipping details for digitally delivered goods - it's non compliant

I've just had an email back from www.itgovernance.co.uk,  and may I suggest that everyone who collects any information from an EU based person,  reads the information on https://www.itgovernance.co.uk/data-protection-dpa-and-eu-data-protection-regulation

It appears that any information such as:-

Name
Address
Email address
Photo
IP address
Location data
Online behaviour (cookies)
Profiling and analytics data

Any or all of these details are subject to the law. This information must not be stored unless certain circumstance apply.

 Also read on this page:

  • Data protection principles
  • Accountability and governance
  • Lawful processing
  • Valid consent

Then have a look at :- Preparing for the GDPR https://www.itgovernance.co.uk/preparing-for-gdpr     There is a useful video and it clearly states that any formation collected must be consensual, they must have actually given permission for you told hold the details you have, you must also justify why you need them, you have to have legitimate reason for collecting it in the first place and secondly, for keeping it.

The issue we have with Weebly is that although we sell digitally delivered goods, Weebly collects the shipping details of our customers. We don't need these and they shouldn't have to give them. There is no legitimate reason for them having to give this, but we can't access this part of the order process once a customers starts buying.

We will now have to go into our orders section and delete each order so that we do not have this information stored in our Weebly system. It makes no difference that Weebly is a USA based company. If you collect any information from anyone based in an EU country you are subject to the new GDPR regulations that come into force in May 2018. The fines for non-compliance are hefty.

We also need to be able to disable cookies being used on our site as this contravenes the law too .

I can't understand why these new regulations haven't been shouted from the rooftops and every UK business sent an information pack! I found out about this quite by accident when talking to a colleague that has just been to a conference about it

3,045 Views
Message 1 of 12
Report
11 REPLIES 11
Square

We also have our own FAQ on GDPR that I would recommend people look at:

https://hc.weebly.com/hc/en-us/articles/360000488108-GDPR-FAQ

3,032 Views
Message 2 of 12
Report

But how do we stop you (Weebly) collecting data we don't want or need? I don't need names, addresses or phone numbers of customers that buy our downloads, but your system won't allow this to be stopped, even though I don't have any shipping details filled in (as we don't ship anything). I can't even delete the order information. I can only control what we do, not what you do!!! Please make it so that we can determine what information is collected and allow us to delete it so that we are compliant. 

3,007 Views
Message 3 of 12
Report

It can't be that difficult for developers to enable site owners to delete their own orders. If the seller doesn't want them, then who are they for.

2,975 Views
Message 4 of 12
Report

Same here, we  don't ship product so we have no requirement for Address fields. I've been on to Weebly in the past but its like talking to people who haven't a clue. They either don't know, or don't want to know. I reckon all those unnecessary fields on the checkout page are negatively impacting our conversion rate, especially on mobile devices. But Weebly don't care. And now GDPR has further compliacted the situation for us. 

2,962 Views
Message 5 of 12
Report
Square

I can assure you that we definitely do care about the rammifications of GDPR for you, and we're working on tools now to make sure that you can comply with it once it launches.

2,945 Views
Message 6 of 12
Report

Well it comes in on May 25th and we are supposed to be ready before then  and compliant by the 25th, not still working on it! I've been getting emails for weeks now from things I have subscribed to in the past or companies I bought from,  asking me to confirm that I 'want' my details kept and to be contacted in the future.

The idea being that we are all automatically 'opted out ' unless we chose to opt in. How can we offer this to our past, present or future customers when we don't  have access to the back-end of the whole order system that collects data?

2,902 Views
Message 7 of 12
Report
Square

Hi @shaz1953! I'm so sorry we didn't see your previous post. I'm checking for a status update for you. 

2,800 Views
Message 8 of 12
Report

Well here we are, past the GDPR deadline and today I get an email confirming a customer's digital order and in the email are the names of the files they have downloaded and their email address. I DON'T NEED TO SEE THIS IN AN EMAIL FROM YOU, I JUST NEED A MESSAGE SAYING 'YOU HAVE MADE A SALE, LOG IN TO SEE THE DETAILS' - is that so difficult to do?  We are both breaking  EU law now, are you aware of this? I can't stop this but you can!

2,766 Views
Message 9 of 12
Report
Square

Both the files and email address are both permissable under GDPR as they are needed for record keeping and performance of a contract.

2,762 Views
Message 10 of 12
Report

The way I understand it, you do need a physical shipping address for digital goods. If you're selling digital goods to EU citizens, you are required to be able to prove their location to determine how much VAT to charge and that you are legally able to charge that amount. And you have to keep the info on file for years and years for tax purposes. 

1,575 Views
Message 11 of 12
Report

I don't charge VAT  but besides that, all order payments go through PayPal so all records of the sale of safely stored on their server, not mine!

1,537 Views
Message 12 of 12
Report