Privacy policy acceptance
Privacy policy acceptance refers to the process of informing shoppers about the privacy details for your site and prompting shoppers to accept the privacy policy. WebSphere Commerce provides a combination of sample store pages, content, and business user functions to help your organization create the privacy policy pages for your store. Your organization can use the pages as a method to inform your shoppers about the privacy policy details for your site and to prompt shoppers to agree to your policy when they first visit the store. If needed, you can use the privacy policy pages to request and obtain consent from shoppers for collecting and processing personal and behavior data from the shoppers, such as for marketing purposes.
If your store needs to inform your shoppers about your store's privacy policy and obtain their acceptance of the policy before they use your store, enable the store function to add the Just-in-Time Privacy Notice page to your store. Enabling this store function can help your organization inform your shoppers about your store's handling of their privacy. If your store needs to inform your shoppers about your store's privacy policy and obtain their acceptance of the policy before they use your store, enable the store function to add the Just-in-Time Privacy Notice page to your store. Enabling this store function can help your organization inform your shoppers about your store's handling of their privacy.
For instance, if your store uses targeted personalization, you may need to enable consent management.
Before you begin
- You must apply interim fix JR59223, which includes enhanced back-end services and logic that you can use on your journey to GDPR readiness.
- (Data Protection Officer) For each
store in the site, prepare the privacy policy content.
If your site includes multiple stores, you must create a privacy policy specific to each store. The acceptance of a store's privacy policy is recorded and applicable for just that store. Any consent that is provided by a shopper for a store to collect and use the shopper's data is provided for only the store where the consent was given by the shopper.
Keep a record of any past versions of the privacy notice content that your site uses to request consent and detail the collection and usage of shopper data. The recording of each version of your store's privacy notices and the historical use of each version, such as for auditing purposes, is the responsibility of your organization. WebSphere Commerce does not record or provide this information.
Your organization's business users can use the Marketing tool with Management Center to create or update the content for the privacy policy pages to include the policy details for your custom store.
About this task
The page does not display to shoppers every time they visit your store. When the shopper accepts the policy, a WC_PrivacyNoticeVersion cookie is created within the shopper's browser that indicates that the store privacy policy is accepted. The cookie is used to pass the confirmation of the shopper's acceptance of the policy to the store whenever the shopper returns to the store. Your organization can choose to configure the policy acceptance store function to create the WC_PrivacyNoticeVersion cookie so that the user's acceptance is stored for only the current browser session or is store persistently. If the cookie exists for the shopper upon a return visit, the Just-in-Time Privacy Notice page is not displayed to the shopper. The page is displayed to shoppers in the following scenarios:
- The Shopper visits your store for the first time.
- The Shopper returns to your store for the first time after your store's privacy policy is updated.
- The Shopper returns to your store for the first time after the cookie that tracks the policy acceptance expired or was deleted by the shopper. The cookie expires 30 days after creation.
- The Shopper returns to your store for the first time after the configuration of the policy acceptance function is changed.
- If a shopper accepts the policy as a generic user and then registers for your store, the policy acceptance is remembered. The shopper does not need to accept the policy again.
- If the policy is updated and a shopper accepts the policy as a generic user or guest and then signs in as a registered shopper, the shopper might need to accept the policy again. If the shopper did not sign in to the store since the policy was updated, the shopper must accept the policy again.