russell.huffer Posted September 30, 2018 Share Posted September 30, 2018 I have had two requests under the new GDPR rules for two by two of our customers requesting to be forgotten, ie remove their data from my system. I am unable to delete them getting a message saying these customers have placed orders so can not delete. Please advise how to remove them from cubecart as I need to do this by uk law. Kind regards Russell. Link to comment Share on other sites More sharing options...
bsmither Posted September 30, 2018 Share Posted September 30, 2018 There have been discussions about GDPR as it relates to CubeCart and eCommerce sites in general, in the effort to properly implement GDPR. Given that I am no authority on GDPR, I don't have any definitive advice other than my opinion that CubeCart does sufficiently satisfy the requirements - only because I am not aware of any further discussions, or issues left "hanging", about any deficiencies in data scrubbing, or lack thereof. Thus, the task is finished. My lousy understanding is that a merchant needs to keep intact the history of sales (taxes, and what-not). Also, again a lousy understanding, you may not use any data no longer necessary for critical business needs (needs that are not critical: advertising, marketing, feedback request, etc). Personally, I had thoughts of scrambling personal identifiable data in Order Summaries by using a created fake name/account for this purpose. Also, CubeCart does not reveal to the public anyone else's account info, even that if any other account exists (except product reviews). What are your conclusions after having thought this through? Also, what version of CubeCart are you running? A GDPR solution has been implemented in the most recent versions of CubeCart. Link to comment Share on other sites More sharing options...
Al Brookbanks Posted September 30, 2018 Share Posted September 30, 2018 I'm no lawyer but I think that if a financial transaction has taken place then you have to keep this data for X amount of years. On those grounds they can't be forgotten. You could anonymise their account (change name, email etc to something fictional). Link to comment Share on other sites More sharing options...
keat Posted October 1, 2018 Share Posted October 1, 2018 I believe that by law you must keep any transcational details for 6 years. If you were audited by HMRC, and didn't have this information, then HMRC could come down on you like a ton of bricks. My GDPR policy states: 'By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.' Based on this, I should go back to the customer, tell them that you are legally obliged to retain some data for 6 years, I guess this could be internal ?, but you have no problems removing details from your web site. What ever you do, don't inadvertantly send them any marketting stuff. Link to comment Share on other sites More sharing options...
russell.huffer Posted October 15, 2018 Author Share Posted October 15, 2018 Right I have had meetings with fellow club members and cubecart is NOT GDPR complient, we state that we retain our records for ten years, however some of the records in my database are dated 2006 and so need removing, which I can not find a way of doing and there are to many to do manually. Also GDPR states that you have to be able to remove / anomanise data if requested to do so, I can find no way of doing this either. I have seen mention of GDPR tools, what are these and how do I access them, I am running the current version. Kind regards Russell. Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 15, 2018 Share Posted October 15, 2018 You can do all this on the latest version. It has purge tools and look up tool. Once you have looked up an account you can edit manually to anonymise. Link to comment Share on other sites More sharing options...
russell.huffer Posted October 15, 2018 Author Share Posted October 15, 2018 I am running 6.2.2 please confirm how you purge etc and edit manually to anonymise I have 1000s to anonynise can not do this manually. Russell. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted October 15, 2018 Share Posted October 15, 2018 There should be no need to anonymise accounts - for the GDPR tools look at Customers and then the "GDPR Tools" tab ! Link to comment Share on other sites More sharing options...
russell.huffer Posted October 16, 2018 Author Share Posted October 16, 2018 Sorry but I do not have GDPR tools in customers or anywhere else, please advise. Russell. Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 16, 2018 Share Posted October 16, 2018 10 minutes ago, russell.huffer said: Sorry but I do not have GDPR tools in customers or anywhere else, please advise. Russell. Then your store is not at the latest version or is a mix of version code. I'd suggest upgrading manually. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted October 16, 2018 Share Posted October 16, 2018 39 minutes ago, Al Brookbanks said: Then your store is not at the latest version or is a mix of version code. I'd suggest upgrading manually. Agreed - almost certainly a partially failed upgrade and using old admin files Link to comment Share on other sites More sharing options...
russell.huffer Posted October 16, 2018 Author Share Posted October 16, 2018 I can only upgrade manually, so have done that for the last 6 plus times upgraded. so how do I get the tools. Just had a look at the upgrade section was version 4 in 2012 but shows nothing before this but my transactions go back to 2006 so must be from even earlier version to start. Russell. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted October 17, 2018 Share Posted October 17, 2018 10 hours ago, russell.huffer said: I can only upgrade manually, so have done that for the last 6 plus times upgraded. so how do I get the tools. It is difficult to say without seeing your installation but it is likely that you haven’t been doing the manual upgrades correctly especially the files in the admin directory if/once your /admin directory was renamed so it was obsfucated Link to comment Share on other sites More sharing options...
russell.huffer Posted October 17, 2018 Author Share Posted October 17, 2018 so should I not have an admin and an admin***** directory then. Russell. Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 17, 2018 Share Posted October 17, 2018 1 minute ago, russell.huffer said: so should I not have an admin and an admin***** directory then. Russell. Yes but the content is not necessarily right. Follow the upgrade instructions and it will be fine. Link to comment Share on other sites More sharing options...
russell.huffer Posted October 17, 2018 Author Share Posted October 17, 2018 2 hours ago, Al Brookbanks said: Yes but the content is not necessarily right. Follow the upgrade instructions and it will be fine. Followed the upgrade instructions on this site but just get the following message your store has already been upgraded no further action is nessacery How do I make it fine, please advise. Russell. Link to comment Share on other sites More sharing options...
russell.huffer Posted October 19, 2018 Author Share Posted October 19, 2018 Please can I have clear instructions to carry out manual upgrade. Many thanks Russell. Link to comment Share on other sites More sharing options...
Al Brookbanks Posted October 19, 2018 Share Posted October 19, 2018 Please see: https://support.cubecart.com/Knowledgebase/Article/View/228/43/how-do-i-upgrade-from-cubecart-v6-to-latest-v6 On 10/17/2018 at 9:35 PM, russell.huffer said: your store has already been upgraded no further action is nessacery Sounds like all is ok now. You should see the GDPR tools now and if not then you haven't uploaded the files correctly. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted October 19, 2018 Share Posted October 19, 2018 What a lot of people miss even when "following" those instructions is the following IMPORTANT: If your admin folder or admin.php file has been renamed please reflect these changes in the extracted package prior to uploading. These must correspond to the values specified in the includes/global.inc.php file. And so still end up with multiple /admin directories and admin.php files with various names Link to comment Share on other sites More sharing options...
russell.huffer Posted October 22, 2018 Author Share Posted October 22, 2018 This is my global.inc.php file <?php $glob['adminFile'] = 'admin_m0gKrt.php'; $glob['adminFolder'] = 'admin_Fs0nS6'; $glob['dbdatabase'] = 'shopgla_ccrt1'; $glob['dbhost'] = 'localhost'; $glob['dbpassword'] = 'a1b2c3d4e5'; $glob['dbprefix'] = ''; $glob['dbusername'] = 'shopgla_store'; $glob['encoder'] = 'ioncube'; $glob['installed'] = '1'; $glob['cache'] = 'file'; ?> I assume that the adminfile is wrong and should read admin.php as I can not find admin_m0gKrt.php anywhere. Russell. Link to comment Share on other sites More sharing options...
bsmither Posted October 22, 2018 Share Posted October 22, 2018 The name of the admin script file and the admin folder name must match the values of the related variables is present in the global.inc.php file. We recommend names having the variant with the hash component as this makes it harder for unauthorized persons to attempt to gain access. Link to comment Share on other sites More sharing options...
russell.huffer Posted October 25, 2018 Author Share Posted October 25, 2018 Right so have now changed name of admin files and directorys and clear cache and GDPR tools now show up and work really well. All problems that I have seen with this software have been caused by upgrades, you really need to work in this area. Russell. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.