Privacy policy acceptance refers to the process of informing shoppers about the privacydetails for your site and prompting shoppers to accept the privacy policy. HCL Commerceprovides a combination of sample store pages, content, and business user functions to help yourorganization create the privacy policy pages for your store. Yourorganization can use the pages as a method to inform your shoppers about the privacy policy detailsfor your site and to prompt shoppers to agree to your policy when they first visit the store. Ifneeded, you can use the privacy policy pages to request and obtain consent from shoppers forcollecting and processing personal and behavior data from the shoppers, such as for marketingpurposes.
If your store needs to inform your shoppers about your store's privacy policy and obtain theiracceptance of the policy before they use your store, enable the store function to add theJust-in-Time Privacy Notice page to your store. Enabling this store functioncan help your organization inform your shoppers about your store's handling of their privacy. Ifyour store needs to inform your shoppers about your store's privacy policy and obtain theiracceptance of the policy before they use your store, enable the store function to add theJust-in-Time Privacy Notice page to your store. Enabling this store functioncan help your organization inform your shoppers about your store's handling of their privacy.
Note: Both privacy policy pages can be updated to include radio buttons for requesting and obtainingconsent from shoppers before they browse your store. For instance, if you need to obtain consentbefore your store collects and uses shopper data for marketing purposes, you can enable the storefunction to add the radio buttons to the pages.
For instance, if your store uses targetedpersonalization, you may need to enable consent management.
Before you begin
- (Data Protection Officer) For eachstore in the site, prepare the privacy policy content.
If your site includes multiplestores, you must create a privacy policy specific to each store. The acceptance of a store's privacypolicy is recorded and applicable for just that store. Any consent that is provided by a shopper fora store to collect and use the shopper's data is provided for only the store where the consent wasgiven by the shopper.
See AlsoHow To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley ActKeep a record of any past versions of the privacy notice content thatyour site uses to request consent and detail the collection and usage of shopper data. The recordingof each version of your store's privacy notices and the historical use of each version, such as forauditing purposes, is the responsibility of your organization. HCL Commerce does notrecord or provide this information.
Your organization's business users can use the Marketingtool with Management Center to create or update the content for the privacy policy pages to includethe policy details for your custom store.
About this task
The page does not display to shoppers every time they visit your store. When the shopper acceptsthe policy, a WC_PrivacyNoticeVersion cookie is created within the shopper'sbrowser that indicates that the store privacy policy is accepted. The cookie is used to pass theconfirmation of the shopper's acceptance of the policy to the store whenever the shopper returns tothe store. Your organization can choose to configure the policy acceptance store function to createthe WC_PrivacyNoticeVersion cookie so that the user's acceptance is stored foronly the current browser session or is store persistently. If the cookie exists for the shopper upona return visit, the Just-in-Time Privacy Notice page is not displayed to theshopper. The page is displayed to shoppers in the following scenarios:
- The Shopper visits your store for the first time.
- The Shopper returns to your store for the first time after your store's privacy policy isupdated.
- The Shopper returns to your store for the first time after the cookie that tracks the policyacceptance expired or was deleted by the shopper. The cookie expires 30 days after creation.
- The Shopper returns to your store for the first time after the configuration of the policyacceptance function is changed.
The behavior of the policy acceptance can be different based on whether the shopper is aregistered shopper, guest shopper, or a generic user that is browsing your store.
- If a shopper accepts the policy as a generic user and then registers for your store, the policyacceptance is remembered. The shopper does not need to accept the policy again.
- If the policy is updated and a shopper accepts the policy as a generic user or guest and thensigns in as a registered shopper, the shopper might need to accept the policy again. If the shopperdid not sign in to the store since the policy was updated, the shopper must accept the policyagain.