Collect data

Contact Data – Ecommerce customer registers or is registered by the Customer Service Department.
Order Data – Ecommerce customer completes a purchase or is registered by the Customer Service Department.
Shopping Cart – Ecommerce customer adds items to shopping cart. This is viewable by different default admin roles in Commerce Manager.

📘
Note
Avoid storing this data in other custom locations, or you will be responsible for keeping track of PII data that could be susceptible to GDPR compliance.

Any page requesting input of PII data should be using HTTPS protocol, TLS 1.2 or later.

Ask for consent

You should activate double opt-in, informing users of their rights and ask for consent. An example of double opt-in is available in the Optimizely Commerce Connect reference site Quicksilver.

Store data

On-premises installations require encryption of your database instance TDE and encryption at rest.

In Optimizely DXP, TDE is enabled by default. See also Store data.

Use data

You should inform the end user about how the user data is used.

Fetch data

You should be able to fetch most data types by querying the Commerce Connect database. You can request the Managed Services team to fetch data about a user in cases where you cannot fetch the data yourself.

Delete data

You should be able to delete most data types by querying the Optimizely Commerce Connect database. You can make a request to the Managed Services team for deleting data in cases where you cannot delete the data yourself.