GDPR Changes
Last updated: May 25, 2018
At Payhip, we are fully aligned with the spirit of the GDPR for a safe and secure internet. We aspire to embrace privacy by design and, whenever possible, to not collect and store personally identifiable information.
For the personal data we do collect, we have a legitimate interest to use customer provided data for product fulfilment, order processing, fraud prevention, and product support.
What is GDPR?
The GDPR (General Data Protection Regulation) comes into force on 25th May 2018.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy – https://www.eugdpr.org
Here are the main concepts of the GDPR:
- Personal data requires lawful processing
- Customers should specify exactly what communications they want to receive from you
- Customers will have a right to transparency around the collection and processing of their data
- Customers can request the right to be forgotten
Getting all of this right could be complex. So we’re rolling out changes to make it super simple and straightforward for you.
Changes we are making
Apart from the hard work we have been doing behind the scenes with our lawyers. The following are the main changes that you will notice.
When buyers go through the checkout process, before purchasing, we will ask them specifically if it’s OK for their details (email address) to be shared with you, the seller. If the buyer gives consent, we will provide their email address as normal to you in the customer’s area.
If the customer does not give consent, then we will set the email address with the unsubscribe state meaning you can still see the email but you will not be able to use the product updates feature for these customers.
Progress
Updated 24th of May: A new privacy and cookies policy has been added
What’s Next?
If you’re using Payhip to sell your digital products, there isn’t anything else you need to do.
If you have any questions regarding these changes, just contact us, we’re happy to help!
Payhip
Join over 130,000 creators who have launched their businesses selling digital products, online courses, memberships, coaching, and physical products.
Get started for free today
Comments
6 Comments
Is this only served when you detect that the customer is in EU (similar to how VAT is automatically served)? But if it’s default opt out, for customer out of EU and for seller out of EU, how can we identify that GDPR doesn’t apply?
Hi Jeannie, yes that is correct. We only request customers to opt in when they are in the EU (for now). For those that we don’t ask to opt in, you can see their location in the customers section of your dashboard. I hope this makes sense!
Does this work for free products that we put automatically subscribe? I don’t see it, but I’m not in the EU.
Yes this works for free products too.
Hello!
I am in the UK and am currently only marketing my ebook to UK readers. Ideally I would like to remove that opt in box you mention because I don’t want anyone to subscribe to my newsletter in this way. I want it to be more of a conscious decision otherwise they won’t be engaged with my content. There is not enough space in the free text to give a flavour of my newsletters. So I have simply edited that field telling customers to ignore it!
However, I do get to see customer emails on the receipt you send me and in the orders section of my account. I don’t actually “need” this information, do I? So this bothers me a bit for GDPR – I can only state in my Privacy Policy that I won’t use this information for anything.
So far I have only done a test run with the ebook before going live with it next month. If you have any further suggestions I would be grateful. Thanks.
Hi Judith, great question!
The email collected at checkout is primarily used to deliver the purchase and also helps with managing orders, so you don’t need to use it for marketing purposes if you don’t want to. Simply stating in your Privacy Policy that you won’t use customer emails for newsletters or marketing is perfectly fine. 🙂
Leave a Comment