Guide - GDPR Declaration ICM

1 Introduction

The present document lists all personal data of customers that might be recorded, processed and submitted using a web shop based on the Intershop Commerce Management.

Note

Web tracking deactivated by default

As an operator of an ICM-based web shop one may use additional web tracking (e.g., Google Analytics, Piwik, Open Web Analytics or similar). Be aware that you have to inform your customers about the personal data, which is recorded and submitted to such third party service. Be also aware that such information is not part of the present document since all web tracking capabilities of the ICM are deactivated by default.

A web shop operator may use the present document as a blueprint for the web shop's Data Protection Declaration.

1.1 References

2 General Data Protection Declaration

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

We would like to point out that data transmission on the Internet (e.g., when communicating by e-mail) may have security gaps. A complete protection of data against access by third parties is not possible.

2.1 Anonymous Shopping

Browsing our web shop is generally possible without providing personal data. The ICM also supports purchases for anonymous users insofar as personal data (e.g., name, address or e-mail addresses) are required for the fulfillment. These data will not be passed on to third parties without your express consent.

2.2 Customer Profile

Registered customer can log into the system by entering their e-mail address and password. These login credentials are used to identify a user towards the shop system. This is necessary to be able to use all features of the shop to their full extent.

Upon registration, an individual customer is associated with a customer profile. The customer profile aggregates the following types of information:

  • Customer ID (automated)
  • Login data
    • E-mail address (mandatory)
    • Password (mandatory)
    • Security question (mandatory, if configured)
    • Security answer (mandatory, if configured)
  • Address data, like:
    • Salutation (optional)
    • First name (mandatory)
    • Last name (mandatory)
    • ZIP/Postal Code (mandatory)
    • City (mandatory)
    • Phone number (optional)
  • Birthday (optional)
  • Preferred language (mandatory)
  • Activation status (automated)
  • Newsletter activation (optional)

With exception to the activation status and the customer ID all these information can be accessed and changed via the Profile Settings in the My Account section. These data are available until the account is deleted.

2.3 Additional Address Information

Each registered customer has at least one address. This address is referred to as the customer's Contact Address and will be deleted if the entire account gets deleted. An unlimited number of additional addresses can be created as needed. This way a customer may conveniently set preferred shipping and invoice address as default, but also easily pick other addresses during checkout. These addresses are stored to the database with restricted access. A customer can change or delete the addresses at any given time in the My Account section of the web shop.

2.4 Sessions

The Intershop Commerce Management provides a session mechanism to maintain state over a series of requests from the same user across a period of time. Sessions are represented by session IDs, either stored in URLs or as session cookies. In the context of a session also recently viewed items (products, categories, search results) are memorized for the customers convenience. By default these information are deleted as the session expires. According to the default settings sessions automatically time out after 30 minutes of inactivity.

2.5 Shopping Cart & Order

Shopping carts hold a collection of data to allow order creation. Historic shopping carts are stored to conveniently continue where you left off across multiple sessions. The Intershop Commerce Management provides a scheduled job, which removes abandoned basket after a period of time (default 20 days).

Orders contain product data, address data, payment information. Orders are stored to the database with restricted access. Intershop provides a configurable job that allows to delete orders upon a customer's request.

Be aware that web shops based on Intershop Commerce Management usually implement a specific payment provider (e.g., PayPal, Klarna etc.). Since a customer is either redirected to the payment provider's web presence or uses a payment provider's dialog bound into the web shop UI to actually perform the payment all sensible payment data are stored and processed by the payment provider. So the payment information stored with the order is actually the fact that the payment was successful. Besides this, the payment information may also include information about redeemed promotion codes and utilized gift cards / certificates.

Note

If your shop provides payment via a payment gateway provider (e.g., PAYONE, Computop) be aware that your customer has neither a legal contract with the paygate provider nor with possible third party services, which actually process your customer's personal data. Regarding GDPR you, as a shop operator, are responsible for keeping this information accessible and erasable upon customer request.

Intershop strongly recommends to discuss these issues with your paygate provider!

2.6 Gift Cards

Once a customers started using a gift card / gift certificate, the status and the balance of all gift certificates / gift cards can be seen in the My Account section of the web shop. This information is stored to the database with restricted access and will be deleted once the gift card is fully redeemed.

2.7 Wish List, Product Notifications

Registered customers are able to maintain multiple wish lists. Wish list can be set to public to make them searchable for other customers. You may also decide to share the wish list only with your friends by sending them an e-mail with link to your wish list. Such a link can also be invalidated at any given time to stop sharing your wish list. Individual products on a wish list can be set to be hidden for others. Products can be bought from a wish list by the owner or by the visitors of the wish list. Wish list viewers can see if they purchased a product from their wish list or if it was purchased by another customer.

The Intershop Commerce Management platform also supports Price Notifications and Back-in-stock Notifications. The web shop will inform the customer by e-mail when a predefined event happened (e.g., a product is back in stock). A customers can manage the notifications in the My Account section of the storefront.

In both cases product information associated with your personal data are stored to the database with restricted access. A customer can change or delete such data at any given time in the My Account section of the web shop.

2.8 A/B Tests, Promotions

A/B tests are means to analyze the behavior of customer groups to optimize the shop.

In the context of an A/B test or a promotion a customer sees special content and has access to special offers. To implement this technically the customer is assigned (directly or via customer segment) to a target group. To ensure a smooth and seamless shopping experience any time the customer comes back to the shop this assignment is stored to the database with restricted access. This assignment remains valid until the account is deleted.

2.9 Social Plugins

Our web shop provides social media features (Facebook, Twitter, Google+ and others). If you use these features, some browser data including your IP address and the page you visited on the shop's website may be gathered. In addition, a cookie may also be set to allow the function to work properly. Using such social media features, you are able to post information about your activities on our shop website on your profile page in an external social network to alert others within this network. Social media functions are hosted either by a third party or directly on the corporate website. Your interactions with these features are governed by the Company's Privacy Policy, which provides the respective social media features.

Disclaimer

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources
Support Tickets