HomeGuidesAPI ReferenceGraphQL
Submit Documentation FeedbackJoin Developer CommunityOptimizely GitHubOptimizely NuGetLog In

Optimizely Commerce Cloud

This topic describes the GDRP guidelines for Optimizely Commerce Cloud.

Collecting data

  • Contact Data. E-commerce customer registers or is registered by the Customer Service Department.
  • Order Data. E-commerce customer completes a purchase or is registered by the Customer Service Department.
  • Shopping Cart. E-commerce customer add items to shopping cart. This is viewable by different default admin roles in Commerce Manager.

📘

Note

Avoid storing this data in other custom locations, or you will be responsible for keeping track of PII data that could be susceptible to GDPR compliance.

Any page requesting input of PII data should be using HTTPS protocol, TLS 1.2 or later.

Asking for consent

You should by default enable double opt-in informing the end user of their rights and asking for consent. An example of double opt-in is available in the Optimizely Commerce reference site Quicksilver.

Storing data

On-premises installations require encryption of your database instance TDE and encryption at rest.

In Optimizely DXP, TDE is enabled by default. See also Storing data.

Using data

You should inform the end user about how the user data is used.

Fetching data

You should be able to fetching most types of data by querying the Commerce database. You can make a request to the Managed Services team for fetching data about a user in cases where you cannot fetch the data yourself.

Deleting data

You should be able to delete most types of data by querying the Optimizely Commerce database. You can make a request to the Managed Services team for deleting data in cases where you cannot delete the data yourself.


Next