处理 CCPA 数据请求

CCPA 扩展了个人访问和控制其个人数据的权利。本页介绍:

  • 您如何使用 Shopify 的平台解决数据请求

  • 收到数据请求时,您可能需要独立于 Shopify 执行哪些操作。

本页相关主题

  • 完成申请访问权限

  • 完成删除请求

完成申请访问权限

与 GDPR 类似,CCPA 授予加州居民要求提供其个人信息副本的权利。如果客户要求提供其个人信息的副本,您应在 45 天内回复。如果由于请求的复杂性或数量而无法做到这一点,您应告知客户需要额外 45 天的时间。如果您确定无法满足该要求,则应告知客户您在 45 天内无法满足此要求的原因。

注:只有店主可以申请访问客户数据。

步骤:

  1. 验证请求者的身份是否与请求其数据的客户匹配。

  2. 在 Shopify 后台中,转到客户

  3. 搜索客户的姓名。

  4. 客户隐私下,点击请求客户数据

存储的有关该客户的可识别个人信息将发送到店主的邮箱。

然后,您的请求将发送到您商店中当前安装的第三方应用。第三方应用开发者将就此请求单独与您联系。

接下来,您可以将收到的信息与您可能存储的该客户的任何其他信息合并在一起,并将其提供给客户。提供此信息时,您应向客户就收集的信息类别和特定信息进行说明。

在针对 CCPA 进行准备时,请考虑以下问题:

  • 您是否能够应客户要求提供其所需的所有个人信息?
    尝试通过维护您(或您使用的服务提供商,如 Shopify)存储的所有客户个人信息的映射,提前针对请求进行规划。

  • 您是否考虑过使用可能有权访问客户个人信息的其他服务提供商?
    其中可能包括第三方应用、销售渠道和支付网关。

  • 您是否拥有您使用的且可能存储客户个人信息的所有第三方服务的联系信息?

完成删除请求

CCPA 还允许加州居民要求删除其个人信息。如果您收到请求,则必须执行请求,或告知客户您在 45 天内无法执行请求的原因。

注:只有店主可以请求删除客户数据。

步骤:

  1. 验证请求者的身份是否与要删除其数据的客户匹配。

  2. 在 Shopify 后台中,转到客户

  3. 搜索客户的姓名。

  4. 点击删除个人数据

然后,您的请求将发送到您商店中当前安装的第三方应用。第三方应用开发者将独立执行请求或就此请求与您联系。

Shopify 会在 10 天缓冲期后处理您的请求,在此期间,您可以取消请求。若要取消待处理的删除请求,请联系 Shopify 支持。请确保提供您的商店信息和相关的客户 ID。

当您请求删除时,Shopify 仅会编校可识别个人信息(例如姓名和地址)。您的匿名订单信息将保持不变,以防您需要这些信息用于会计用途。删除相关的个人信息后,您将收到一封确认电子邮件。

默认情况下,如果客户在过去的 6 个月(180 天)内下过订单,Shopify 将不会删除个人信息,以防出现拒付的情况。如果您在该时间范围内提交删除请求,则请求将处于待处理状态,Shopify 会在合理的时间后对其执行操作。您不需要再次提交请求。若要跳过此时间延迟,请联系 Shopify 支持。

在针对 CCPA 进行准备时,请考虑以下问题:

  • 您将所有客户信息都存储在自己的个人计算机上还是通过硬拷贝存储?

  • 您是否可能需要联系其他第三方以请求他们删除客户的个人信息?

  • 是否有任何当地规定(如税法)可能要求即使在客户要求删除其个人信息的情况下,您仍需保留这些信息?
    如果出于以下一种原因需要个人信息,则 CCPA 不会要求删除这些信息:

    • 完成交易或执行合同

    • 检测或抵御安全事件或非法活动

    • 调试或修复服务的功能

    • 行使言论自由、允许他人行使言论自由或行使法律规定的另一项权利

    • 在信息主体提供知情同意书的情况下,基于公共利益开展同行评审的科学、历史或统计研究

    • 根据客户与企业的关系,仅支持按符合客户期望的合理方式进行内部使用

    • 履行法律义务。

有关详细信息,请下载 Shopify 的 CCPA 白皮书(英文版)。

Shopify商户官网原文详情:

Processing CCPA data requests

The CCPA expands on an individual's right to access and delete their personal data. This page includes:

  • How you can use Shopify’s platform to address data requests

  • What you may need to do independently from Shopify if you receive a data request.

On this page

  • Complete access requests

  • Complete deletion requests

Complete access requests

Similar to the GDPR, the CCPA gives California residents the right to request a copy of their personal information. If a customer requests a copy of their personal information, then you should respond to them within 45 days. If that is not possible due to the complexity or number of requests, then you should inform the customer that another 45 days are necessary. If you decide not to fulfill the request, then you should inform the customer why you will not action the request within 45 days.



Steps:

  1. Verify that the identity of the requester matches the customer whose data is being requested.

  2. From your Shopify admin, go to Customers.

  3. Search for the name of the customer.

  4. Under Customer privacy, click Request customer data.

The identifiable personal information stored about that customer will be sent to the store owner's email address.

Your request is then sent to third-party apps you have currently installed on your store. The third party app developers will independently contact you about this request.

You can then combine the information that you receive with any other information you might store about the customer and provide it to the customer. When providing this information, you should explain to the customer what categories and specific pieces of information you had collected.

In preparation for the CCPA, think about the following questions:

  • Are you able to provide all of the required personal information if a customer asks for it?
    Try to plan for a request in advance by maintaining a map of all of the personal information you (or the service providers you use, such as Shopify) store about your customers.

  • Have you considered other service providers that you might use who may have access to your customers’ personal information?
    These could include third-party apps, sales channels, and payment providers.

  • Do you have contact information for all of the third-party services you use that might store your customers’ personal information?

Complete deletion requests

The CCPA also allows California residents to request deletion of their personal information. If you receive a request, you must action it or inform the customer why you will not action the request within 45 days.



Steps:

  1. Verify that the identity of the requester matches the customer whose data is being deleted.

  2. From your Shopify admin, go to Customers.

  3. Search for the name of the customer.

  4. Click Erase personal data.

Your request is then sent to third party apps you have currently installed on your store. The third party app developers will independently action or contact you about this request.

Shopify processes your request after a 10 day buffer period, during which you can cancel the request. To cancel a pending deletion request, contact Shopify Support. Make sure to include your store information and the relevant customer ID.

When you request a deletion, Shopify redacts only identifying personal information (such as name and address). Your anonymized order information remains intact in case you need it for accounting purposes. After the relevant personal information is deleted, you receive a confirmation email.

By default, Shopify doesn't delete personal information if the customer has made an order in the last 6 months (180 days), in case a chargeback occurs. If a request for deletion is submitted in that time frame, then it will sit pending, and Shopify will action it after the appropriate time has passed. You do not need to submit another request. To override this time delay, contact Shopify Support.

In preparing for the CCPA, think about the following questions:

  • Are you storing any customer information on your own personal computers or in hard copy?

  • Are there other third parties that you may need to contact to request they delete a customer's personal information?

  • Are there any local requirements, such as tax laws, that might require you to retain your customers’ personal information even if they request deletion?
    The CCPA doesn't require personal information to be deleted if it's needed for one of the following reasons:

    • complete a transaction or perform a contract

    • detect or protect against security incidents or illegal activity

    • debug or repair functionality of a service

    • exercise free speech, allow another to exercise free speech, or to exercise another right provided for by law

    • engage in peer-reviewed scientific, historical, or statistical research in the public interest if the subjects have provided informed consent

    • enable solely internal uses that are reasonably aligned with the expectations of the customer based on the customer’s relationship with the business

    • comply with a legal obligation.

For more information, download Shopify's CCPA whitepaper (in English).

文章内容来源:Shopify商户官方网站


(本文内容根据网络资料整理,出于传递更多信息之目的,不代表连连国际赞同其观点和立场)