30knees

@mockob Have you by any chance tested it with the module Advanced EU Compliance?

They have volume discounts - we could get together and get more than 1!

Do you have the one page checkout activated? If yes, try deactivating it and try the standard checkout.

The one page checkout never worked for me - I always get the 'no carrier available' error, see: https://forum.thirtybees.com/topic/235/no-carriers-available-error/6 I'd love to have something like this: https://forum.thirtybees.com/topic/573/modified-checkout-process-create-account-after-payment/6

@toplakd said in New General Data Protection Regulation 2018-05-25: Just check the links on the button if you have your instalation in folder. if it's www.yourshop.com will be ok. Works perfectly! Thanks :)

Sure, gladly! Maybe as Tips and Tricks contribution: https://forum.thirtybees.com/category/39/tips-and-tricks?

@toplakd said in New General Data Protection Regulation 2018-05-25: This one is linked only from my account. http://thbees.alza-racing.net/info/my-data-protection That's awesome! Really nicely done.

@lesley said in New General Data Protection Regulation 2018-05-25: The official statement is it is being worked on and it is taking longer than expected. I cannot give an ETA because we do not know it. And that's totally fine. I think the vast majority of website owners are unnecessarily panicking. Try to think of it as a risk-based decision. Do I absolutely need something now or can I wait? What's the likelihood of getting into legal trouble? For most countries and websites I think there's a very low risk.

@hubbobubbo said in Nice checkout at https://shop.stripe.com/: I think it is a creative idea. However I am not sure if it is more clear than a good one page checkout where. The summary of your cart in their example is very simple and you would have some issues with leaving a message or seeing the estimated delivery time. But if none of that is an issue you could basically avoid the whole checkout page. That's quite true. The tb checkout is much too long for my taste - I'd love to have it really simple. Does the TB Stripe module use the native stripe checkout popup already? I don't know. Do you have an example?

Does anyone know of something similar for tb, ie start the checkout process already in the cart? https://shop.stripe.com/

I tried it here and it's not blocked: https://shop.stripe.com/

I've not been able to figure out how to search the blocking lists for the rule without opening each and every one. Does your uBlock hide the entry field? I'm wondering whether it's one of the standard lists that does this.

uBlock Origin is a popular ad blocker: https://en.wikipedia.org/wiki/UBlock_Origin Unfortunately, it also blocks the entry field for Stripe: uBlock apparently picks up on the string: &referrer

@colorful-ant said in DSVGO ThirtyBees Modul: trotz vielem lesen und nachforschen - aber benötige ich wirklich für jeden schei.. eine zustimmung (checkbox oder so ein müll) vom kunden ? beziehe mich hier bsp hauptsächlich auf die module von @SLiCK_303 - sendreviewrequest - birthdaygift kann man das ggf auch anders lösen ohne checkbox und die module aktiv lassen? beide module versenden emails, was viele anwälte bzw gesetz als werbung auslegen -> bei stammkunden evtl ok aber neukunden ..... ? Die DSGVO verlangt nicht stets eine Checkbox; die Einwilligung ist nur eine von vielen Rechtsgrundlagen (und muss nicht immer durch eine Checkbox erfolgen). Sie hat keinen Vorrang gegenüber den anderen Rechtsgrundlagen, wie zB berechtigtes Interesse. Konkret zu den genannten Modulen: Sendreviewrequest betrifft eher das UWG, siehe auch: https://www.internetrecht-rostock.de/zulaessigkeit-aufforderung-bewertung-feedback.htm birthdaygift ist ebenfalls Werbung, würde ich sagen, sodass auch hier das UWG einschlägig ist. Die konservativen TrustedShops Leute fordern da übrigens eine Einwilligung, andere nicht: TS: https://support.trustedshops.com/hubfs/1-TSMEM/lp/DE/dsgvo/ts1memdsgvofaqde.pdf?t=1527268370313 (Nummer 5, Seite 9 ff.) Andere: www.it-recht-kanzlei.de/newsletter-datenschutzgrundverordnung-dsgvo.html Andere haben m.E. Recht. :)

Is there anything we should manually change with installed modules from a security perspective?

@mockob said in What's the best way to optimize product pages?: From my experience with my current ps 1.5 shop it is hard to optimize product pages for search engines. The only thing that google sees is the meta title and description, nothing about long description. I made my short description as rich snippet but what about the description, google doesn't care about it. For my products I have decent unique descriptions, some are more than 1000 words. Submitted manually the pages in webmaster tools etc. Is it true that product page content isn't properly indexed for SEO in tb? It seems hard to imagine.

Volume discount pricing isn't working for one product where I have it apply to only a specific combination. It works for other products (and the same product) where I choose all combinations. Might this be a bug for volume discounts and specific combinations? This is what I have in the backend: This is what is shown in the front-end (and the 12% for 5x is also not calculated):

Hallo, hat hier jemand mit remarketing Diensten im deutschsprachigen Raum Erfahrungen, zB AdRoll, Tapad, etc.?

@manisch said in DSVGO ThirtyBees Modul: Kennt ihr euch eigentlich mit Verträgen zur Auftragsdatenverarbeitung aus? Habe gerade die Diskussion, wann man das mit Google (Analytics) und Facebook (Pixel) abschließen muss. Mein Verständnis ist es, dass es jeden betrifft, der so einen Dienst nutzt, weil Kundendaten von externen Firmen weiterverarbeitet werden. Das Gegenargument sei, dass das nur wichtig sei, wenn noch eine Agentur dazwischen geschaltet ist. Wenn sich ein Shop-Betreiber direkt bei Analytics anmeldet, dann würde es ohne Vertrag gehen... Ein Vertrag ist bei beiden Varianten erforderlich. Bei Google kann man einen ADV ganz einfach abschließen: https://support.google.com/analytics/answer/3379636?hl=en

@drmasterchief said in New General Data Protection Regulation 2018-05-25: Would it be possible to remove the tickbox - but leave the text- from - Block customer privacy (module) - checkout last step (i agree to terms and conditons....) because customers must not be forced to tick any of these. They just have to read it. This is why the text (with link) should be there, but no tickbox. Would this be possible with the tb GDPR module? Agree - no tickbox needed from a data protection perspective. The information just needs to be there.

@mdekker said in New General Data Protection Regulation 2018-05-25: An unsubscribe option by email (w/o account) is more important. From the Dutch GDPR regulator's website (www.autoriteitpersoonsgegevens.nl): Correct - unsubscribe is super important. The unsubscribe link should also be in every newsletter sent, etc.

@datakick said in Question: GDPR for module developers: I have two modules that I believe could be affected - revws module that collects product reviews, and price alert that notifies your customer when prices drops below some threshold. Both these modules collect personal information, specifically email addresses. But you don't get any personal data, only the shop owner does, right? This should be covered in the privacy notice towards the customer. What you want to make sure is covered is: - Export of the data supplied, eg in a CSV - Data deletion - Data correction The PS guidelines say you need a consent tick box. That is incorrect. Consent need not be indicated by a tick box. If the customer submits a review it's clear that they consent to that processing.

@lesley said in New General Data Protection Regulation 2018-05-25: I personally do not think a contact form needs a consent. A user knows what they are doing when they trigger that form. They know emails are stored. Quite right, no tick box needed. Two possible legal bases here: 1) Consent, which is indicated by contacting you. 2) In order to take steps at the request of the customer prior to entering into a contract. A lot of people think consent is something the GDPR requires. That's a huge misunderstanding. It's one of a couple of legal bases for any processing.

One solution for 'services' like social sharing, send to friend, etc, if technically possible, would be to drop the cookie only when the service is requested. I think there's a good argument then that no consent is required.

Nope, haven't found any solution yet. :(