Privacy policy acceptance

Privacy policy acceptance refers to the process of informing shoppers about the privacy details for the site and prompting shoppers to accept the privacy policy. WebSphere Commerce provides a combination of sample store pages, content, and business user functions to help our organization create the privacy policy pages for the store.

Your organization can use the pages as a method to inform your shoppers about the privacy policy details for the site and to prompt shoppers to agree to your policy when they first visit the store. If needed, we can use the privacy policy pages to request and obtain consent from shoppers for collecting and processing personal and behavior data from the shoppers, such as for marketing purposes.

If the store needs to inform your shoppers about the store's privacy policy and obtain their acceptance of the policy before they use the store, enable the store function to add the Just-in-Time Privacy Notice page to the store. Enabling this store function can help our organization inform your shoppers about the store's handling of their privacy. If the store needs to inform your shoppers about the store's privacy policy and obtain their acceptance of the policy before they use the store, enable the store function to add the Just-in-Time Privacy Notice page to the store. Enabling this store function can help our organization inform your shoppers about the store's handling of their privacy.

Note: Both privacy policy pages can be updated to include radio buttons for requesting and obtaining consent from shoppers before they browse the store. For instance, if you need to obtain consent before the store collects and uses shopper data for marketing purposes, we can enable the store function to add the radio buttons to the pages.

For instance, if the store uses targeted personalization, you may need to enable consent management.

Before beginning

• (Data Protection Officer) For each store in the site, prepare the privacy policy content.

  If the site includes multiple stores, we must create a privacy policy specific to each store. The acceptance of a store's privacy policy is recorded and applicable for just that store. Any consent that is provided by a shopper for a store to collect and use the shopper's data is provided for only the store where the consent was given by the shopper.

  Keep a record of any past versions of the privacy notice content that the site uses to request consent and detail the collection and usage of shopper data. The recording of each version of the store's privacy notices and the historical use of each version, such as for auditing purposes, is the responsibility of our organization. WebSphere Commerce does not record or provide this information.

  Your organization's business users can use the Marketing tool with Management Center to create or update the content for the privacy policy pages to include the policy details for our custom store.

Task info

The page does not display to shoppers every time they visit the store. When the shopper accepts the policy, a WC_PrivacyNoticeVersion cookie is created within the shopper's browser that indicates that the store privacy policy is accepted. The cookie is used to pass the confirmation of the shopper's acceptance of the policy to the store whenever the shopper returns to the store. Your organization can choose to configure the policy acceptance store function to create the WC_PrivacyNoticeVersion cookie so that the user's acceptance is stored for only the current browser session or is store persistently. If the cookie exists for the shopper upon a return visit, the Just-in-Time Privacy Notice page is not displayed to the shopper. The page is displayed to shoppers in the following scenarios:

• The Shopper visits the store for the first time.

• The Shopper returns to the store for the first time after the store's privacy policy is updated.

• The Shopper returns to the store for the first time after the cookie that tracks the policy acceptance expired or was deleted by the shopper. The cookie expires 30 days after creation.

• The Shopper returns to the store for the first time after the configuration of the policy acceptance function is changed.

The behavior of the policy acceptance can be different based on whether the shopper is a registered shopper, guest shopper, or a generic user that is browsing the store.

• If a shopper accepts the policy as a generic user and then registers for the store, the policy acceptance is remembered. The shopper does not need to accept the policy again.

• If the policy is updated and a shopper accepts the policy as a generic user or guest and then signs in as a registered shopper, the shopper might need to accept the policy again. If the shopper did not sign in to the store since the policy was updated, the shopper must accept the policy again.

Procedure

1. Updating Privacy-related store pages
   (Developer) Include a Privacy Policy page and a Just-in-Time Privacy policy page to the store.

2. Updating the privacy policy content
   (Business user) Add the privacy policy content that is provided by the Data Protection Officer as e-Marketing Spot content.

3. Optional: Enable privacy policy acceptance
   (Business user) Enable the store privacy policy acceptance function.

4. Optional: Enable privacy policy acceptance by running an SQL statement
   (Developer) Enable the store privacy policy acceptance.


Related concepts
General Data Protection Regulation (GDPR) and WebSphere Commerce