人生就是博·(中国)尊龙AG旗舰厅

GDPR处置惩罚shopify平台客户小我私家资料分哪些情形？？？？？？？？

GDPR shopify隐私

2022/02/22

自建站

客户赞成

凭证 GDPR 的划定，，，，，，您可能需要取得赞成才华处置惩罚客户的小我私家资料，，，，，，或更改您现在取得此赞成的方法。。。。。

例如，，，，，，若是您要向客户发送营销新闻，，，，，，或者您正在使用在线广告或重定向应用，，，，，，则可能需要获得客户的赞成。。。。。

针对您需要获得赞成的情形，，，，，，GDPR 划定必需知足以下条件：

自愿给予：必需是完全自愿的行为，，，，，，不应与其他商品或效劳捆绑在一起。。。。。
详细：必需要有明确诠释的用例。。。。。
知情：只有为数据主体提供了足够的小我私家数据信息，，，，，，数据主体才体现赞成。。。。。
明确：必需通过商家的一定行为来证实（即，，，，，，不但仅是继续使用效劳）。。。。。

这意味着需要向客户提供关于特殊用例的详细信息，，，，，，并需要客户执行一些支持操作来体现赞成。。。。。

最后，，，，，，若是您为客户提供赞成的时机，，，，，，GDPR 还要求您的客户有撤回赞成的途径。。。。。这通常�？？？？？？？赏ü鞣隙┰墓πЮ词迪�。。。。。若是您对应在何时以及怎样获取网络小我私家数据的赞成保存疑问，，，，，，或者对您的客户被允许撤回赞成的水平保存疑问，，，，，，则您应咨询资深数据�；；；；；；；ぶ捶ㄊ�。。。。。

可是，，，，，，赞成只是 GDPR 中可以对处置惩罚小我私家数据举行证实的众多执法基础之一。。。。。您还可以处置惩罚小我私家数据以推行条约要求，，，，，，或者按执法要求对数据举行处置惩罚。。。。。

一些欧洲羁系机构指出，，，，，，若是您第一次征求赞成但客户拒绝了，，，，，，或者客户赞成之后又撤回了赞成，，，，，，那么您可能无法再依赖其他执法依据来处置惩罚小我私家数据。。。。。因此，，，，，，若是您不妄想（或需要）依赖其他执法依据来处置惩罚小我私家数据，，，，，，您只依赖赞成即可。。。。。

备注：您可以在英国信息专员网站上阅读有关支持数据处置惩罚的差别执法依据的详细信息。。。。。

思量以下问题：

您使用或处置惩罚客户数据的每种差别的方法是否有其执法依据？？？？？？？？您处置惩罚数据前是否获得了客户的赞成？？？？？？？？您处置惩罚数据的目的是推行对客户的条约义务，，，，，，照旧增添自己的正当商业利益？？？？？？？？您应该将执法依据纪录为数据实践映射的一部分，，，，，，如网络小我私家数据中所述。。。。。
若是您依赖于客户赞成，，，，，，您获得的赞成是否与您提供的商品或效劳捆绑在一起？？？？？？？？例如，，，，，，凭证 GDPR 的要求，，，，，，可能不再允许使用 by purchasing these goods, you agree to our use of your personal information 这样的语句。。。。。
您是否提供了有关您将怎样使用相关小我私家数据的详细信息，，，，，，从而足以确保征得客户的赞成？？？？？？？？
是否已纪录并存储客户的赞成信息？？？？？？？？
您是否需要获得赞成以向您的客户发送营销信息？？？？？？？？若是您不需要凭证 GDPR 获得赞成，，，，，，外地执法可能要求/不要求您获得赞成才华/即可向客户发送营销信息。。。。。与状师讨论可能适用于您市肆的详细要求。。。。。
若是您以为您需要获得赞成才华发送营销撒播信息，，，，，，那么针对您市肆的营销赞成复选框是否默以为未选中？？？？？？？？思量设置您的店面，，，，，，使向客户提供的营销赞成复选框默以为不会预先选中，，，，，，从而确保您的客户需要自己一定以提供赞成。。。。。

怙恃赞成

针对处置惩罚 16 岁以下用户（某些国家/地区的这一年岁可能更低）的小我私家数据，，，，，，GDPR 包括特定的怙恃赞成要求。。。。。

请思量以下问题：

您是否需要更改处置惩罚客户数据的方法，，，，，，更改为阻止处置惩罚 16 岁以下用户的数据，，，，，，或者要获得家长赞成？？？？？？？？要实现这一点，，，，，，您可以使用 Shopify 应用市肆中限制年岁的应用来榨取 16 岁以下的用户会见您的站点，，，，，，或者让访客确认自己凌驾法定成年年岁。。。。。

自动决议

若是您要将客户的小我私家信息用于举行任何自动决议，，，，，，GDPR 要求您通知这些客户。。。。。

自动决议体现使用算法来确定小我私家是否切合使用某些效劳或优惠的条件、是否应按特定价钱付费，，，，，，或者是否可能对某些类型的产品或效劳感兴趣。。。。。

若是您使用的任何流程包括将对客户爆发重大执法效力的完全自动决议（即没有任何人为干预），，，，，，那么您需要获得客户的赞成。。。。。

处置惩罚	要求
自动决议	通知
具有重大执法效力的完全自动决议	赞成

通常情形下，，，，，，Shopify 不加入对客户小我私家数据的完全自动决议。。。。。

Shopify 举行危害和诓骗筛查时是唯一的破例情形，，，，，，Shopify 可能会在特定次数的失败付款实验后自动锁定付款卡号或 IP 地点。。。。。Shopify 以为这不会对客户爆发重大的执法影响，，，，，，由于自动锁定仅一连很短时间。。。。。

思量以下问题：

您是否在隐私政策中包括了以下内容：Shopify 的危害和诓骗筛选可能会使用客户的小我私家信息举行自动决议？？？？？？？？您可以在隐私政策的第 13 部分中阅读有关 Shopify 自动决议实践的详细信息。。。。。您还应凭证您的详细情形向状师确认此效劳对您的客户没有重大执法效力。。。。。
您是否在使用可能加入自动决议的第三方应用？？？？？？？？您应该特殊注重审核是否保存任何第三方危害或是否正在使用与店面相关的诓骗效劳，，，，，，或者是否保存可能天生小我私家资料或者针对您的客户群的任何类型的营销或广告应用。。。。。
若是您使用涉及到自动决议的第三方应用，，，，，，那么您是否需要通知您的客户或获得他们的赞成才华使用这些应用？？？？？？？？

Shopify商户官网原文详情：

Customer consent
Under the GDPR, you might need to obtain consent to process the personal data of your customers or change how you currently obtain that consent.
For example, you might need to obtain consent from your customers if you are sending your customers marketing messages, or if you are using online advertising or retargeting apps.
Where you need to obtain consent, the GDPR says that it must be:
Freely given: it must be entirely voluntary, and should not be bundled with other goods or services.
Specific: it must be tied to clearly explained use cases.
Informed: it can only be given if the data subject is provided enough information about the personal data that will be collected and used.
Unambiguous: it must be demonstrated by an affirmative act by the merchant (that is, not simply by continuing to use the services).
This means that the customer needs to be given detailed information about the particular use case, and some affirmative action needs to be taken by the consumer to show consent.
Finally, if you offer your customers the opportunity to provide consent, the GDPR also requires that your customers have a way to withdraw consent. This can often be accomplished through an unsubscribe functionality. If you have questions about when and how you should obtain consent for collection of personal data, or the extent to which your customers should be allowed to withdraw their consent, then you should speak with a lawyer familiar with data protection laws.
However, consent is only one of many legal bases in the GDPR that can justify processing of personal data. You might also process personal data to fulfill contractual requirements, or if you are required by law to process data.
Some European regulators have suggested that if you at first ask for consent and your customer declines or agrees but then withdraws their consent, then you may no longer be able to rely on any other legal basis to process personal data. As a result, you should only rely on consent where you do not intend to (or need to) rely on another legal basis to process personal data.
Note
You can read more about the different legal bases to support data processing on the UK Information Commissioner’s website.
Think about the following questions:
For each different way that you use or process your customers’ data, what is the legal basis for doing so? Are you processing based on their consent? Are you processing to fulfill a contractual obligation to the customer? Are you processing to further your legitimate business interests? You should record the legal basis as part of your map of your data practices, described in Collecting personal data.
Where you are relying on consent, is the consent you are getting bundled with the goods or services you are offering? For example, statements like by purchasing these goods, you agree to our use of your personal information may no longer be allowed under the GDPR.
Are you providing enough details about how you will be using the personal data at issue to make sure that the customer’s consent is informed?
Is the customer’s consent recorded and stored somewhere?
Do you require consent to send marketing communications to your customers? Even if you do not need consent under the GDPR, local laws may or may not require you to obtain consent to send marketing communications to your customers. Speak with a lawyer about the specific requirements that might apply to your store.
If you believe you require consent to send marketing communications, then is the marketing consent checkbox for your store unchecked by default? Consider setting your storefront up so that the marketing consent checkbox presented to customers is not pre-checked by default to ensure that your customers have to act affirmatively to provide consent.
Parental consent
The GDPR includes specific parental-consent requirements for processing the personal data of users under the age of 16 (although this age can be lower in certain countries).
Think about the following question:
Do you need to change how you process customer data to either stop processing the data of those users under the age of 16, or to get parental consent? You might do this by prohibiting users under the age of 16 from accessing your site using an age-gating app from Shopify's App Store, or by asking visitors to confirm that they are over the age of majority.
Automated decision-making
The GDPR requires you to notify customers if you are using their personal information to engage in any automated decision-making.
Automated decision-making means using automatic algorithms to make a decision about whether an individual is eligible for certain services or offers, should be charged a particular price, or is likely interested in certain types of goods or services.
If you are using any processes that include fully automated decision-making (that is, without any human intervention) that will have a significant legal effect on the customer, then you need the customer’s consent.
Process Requirement
Automated decision making Notification
Fully automated decision making with significant legal effect Consent
In general, Shopify does not engage in fully automated decision-making with your customers’ personal data.
The one exception is Shopify's risk and fraud screening, where Shopify might automatically block a payment card number or IP address after a certain number of unsuccessful payment attempts. Shopify does not believe this has a significant legal effect on customers because the automated blocking lasts only for a short period of time.
Think about the following questions:
Have you included in your privacy policy that Shopify's risk and fraud screening might use customers' personal information for automated decision-making? You can read more about Shopify's automated decision-making practi ces in Section 13 of the Privacy Policy. You should also confirm with a lawyer based on your particular circumstances that this service doesn't have a significant legal effect on your customers.
Are you using any third-party apps that might be engaged in automated decision-making? You should pay particular attention to reviewing any third-party risk or fraud services you are using in connection with your storefront, or any types of marketing or advertising apps that might build profiles or that target segments of your customers.
If you use third-party apps engaged in automated decision-making, then do you need to notify your customers or gather consent to use these apps?

文章内容泉源：Shopify商户官方网站

上一篇：Shopify开店流程及账户注册全指南

下一篇：shopify隐私�；；；；；；；ぁ狦DPR生效时间以及数据

最新

热门

入口电商

Amazon

Shopee

Ozon

TikTok

Temu

美客多

Lazada

自力站

AliExpress

Wish

eBay

本土店

沃尔玛

其他资讯

更多

热门搜索

热门文章

最新文章

在线客服
实时相同，，，，，，快速解决您的问题
客服电话 400-091-0999
事情日09:00~21:00
非事情日09:00~18:00
人生就是博·(中国)尊龙AG旗舰厅
出海热门，，，，，，尽在掌握

【网站地图】【sitemap】