Elastic Path Commerce provides the following additional features for the management of personal data and documentation to maintain compliance with various data protection laws for the collection, storage, and usage of personal data:
- Managing data policies which can be associated with the data policies defined in the Content Management Systems(CMS).
- Managing user permission details, such as time of consent, for each data policy.
- Managing user data when the retention period of the data policies are exceeded.
- Managing deletion of data points. The system runs a scheduled job to delete data points if consent is revoked or retention period of data policy is expired. For more information, see Elastic Path Quartz Jobs. When a data point is used in one or more data policies, data is automatically removed only if the following conditions are met:
- The customer has not provided consent for the data point in any other data policy.
- The retention period for all data policies using the data point is expired.
- Disabling a specific a data policy or deleting data points for an individual or for all shoppers manually.
- Providing information about the personal data of the shopper being used by the store and allowing the customer to change the settings.
- Managing details of the data policies configured in the system and a detailed list of customers and the data policies that are active for a customer.