GDPR Compliance and Osclass script

[Aficionado]

Just a question, this is a European law, right?

It is yes. For all business/sites that have offices in Europe and also for all business/sites that deal with people in Europe, no matter where their office actually is.

Now, some claim that for US based hosting and companies, this law is not applicable. Not sure if it is correct. There is plently of information about all that on the net.

[p206ab]

Will this stand also on item inquiry form? Although it doesn't save any data when email is sent, some data is processed and if you use More edit plugin a get a copy of each inquiry, does this counts as storing the data then? 

Also, the cookie plugin Cookie Consent offers only "I understand" button for cookies, which are loaded regardless of you would want to accept them. By the new rules, none of the cookies will be automatically installed, if user does not click I accept. Not even analytics tracking, so expect some noticeable falls in visitor stats.

[marius-ciclistu]

Hi. I saw that some export of all personal data is added to some of the websites to comply to GDPR.

My question is, if all data stored is available on the osclass installation pages and only the logs-activity data, pasword and IP isn't, is that module really necessary?
I mention that the logs are cleared once every 8 weeks automatically.

[Aficionado]

Hi. I saw that some export of all personal data is added to some of the websites to comply to GDPR.

My question is, if all data stored is available on the osclass installation pages and only the logs-activity data, pasword and IP isn't, is that module really necessary?
I mention that the logs are cleared once every 8 weeks automatically.

I suggest you read in depth what really GDPR actually is, you can use Wordpress info for example (almost same with Osclass).

At Osclass we don't even have an New Signup acceptance page. Also all those questions SHOULD HAVE BEEN answered by Osclass team. EXTREMELY unprofessional from their side not to provide some information.

Also GDPR is also for what exactly is collected and stored in THEIR servers (Osclass market).

Personally i have told to 5 old customers of mine, that i used to manage their Osclass sites, that Osclass is NOT compliant with all that. As for mines, i trying to see what i will do since i have less than two months.

[marius-ciclistu]

In my case all is a litle easier. I don't use plugins and I don't connect to the market (never did) so the list of info about the users is verry small and except the above mentioned infos, all of the info that my osclass stores can be viewed by the user in it's dashboard or on the website.
The right to be forgotten is there, the delete item or account.

So the only question remains about that export.

Regarding the checkbox with the GDPR near the terms and conditions I solved it by theme mods, that was the easy part.

The hard part is the legal stuff.

[marius-ciclistu]

Anyway this forum must comply to GDPR as well so...

[Aficionado]

In my case all is a litle easier. I don't use plugins and I don't connect to the market (never did) so the list of info about the users is verry small and except the above mentioned infos, all of the info that my osclass stores can be viewed by the user in it's dashboard or on the website.

Connected to Osclass Market or NOT, doesn't matter, the data IS collected in either cases.

[marius-ciclistu]

I know, but it's collected only by my website:
Look:

EDITED
GDPR

PERSONAL DATA PROTECTION POLICY

 

I. INFORMATION COLLECTED

1. Regarding the user

- name

- Email Address

- phone

- password

- user type (private or company)

- the country

- County

- locality

- neighborhood

- Address

- website

- description

- user name (username)

- IP address

- Account registration date

- change account changed

- last accessed

- user id

- number of ads

OBS.

          This information can be exported / copied / seen by entering the account management area (the password will not be exported because it is not kept in legible format).

 

- user actions (deleting, modifying or adding information):

    date,
    the section in which the action was taken (ad or user)
    action (deletion, modification or addition),
    the user ID or ad that is the purpose of the action,
    details about the ad or the user who is the purpose of the action (email or title)
    IP address of the author,
    author id.

 These actions are kept for 8 weeks, after which they are automatically deleted, and the user can not access, view, modify or delete them.

 

2. With regard to ads

- title

- description

- category

- price

- coin

- images

- County

- locality

- added time

- Date modified

- expiration date

 

II. USING COLLECTED INFORMATION

 The information collected is used for the good functioning of the bazaar.

They are NOT meant to be sold or disclosed to third parties, except for the competent bodies that may request such information under the legal conditions in force at the time of the request.

 

III. DELETE COLLECTED INFORMATION

 It is possible to delete your ads or account by entering the administration panel.

 

IV. SECURED INFORMATION COLLECTED

 The information collected is public and is displayed on the site's pages, except:

- IP address

- password

- user actions

- the email address - stating that when using the contact form, the sender's email address will be visible in the recipient's email, and the messages between the users are not stored or verified.

 

V. USER AGREEMENT ON COLLECTED PERSONAL INFORMATION

By using this site you agree to these terms and conditions.

EDIT

And if that export is really needed, it could be done in account page (/user/profile) to avoid sending sensitive data over email. In that way the user can collect his data via plain text, and copy it into a csv or text file.

[Aficionado]

Also Contact forms must be compiant and Comments/Rating also.

Anyway not easy to know and handle all that.

[marius-ciclistu]

It must be taken step by step. I wrote above the infos that my site collects. It's a start.
Now if many users cotribute to this, this should be not so hard.

edit
in user-profile.php there is a hook
<?php osc_run_hook('user_form', osc_user()); ?>

so a function in functions.php file of the theme should be easy to do...

EDIT

that function would be

Code: [Select]

<?php function mc_export_csv_info_user($user) {
unset($user['s_secret']);

foreach($user as $k => $v)
{ if(!is_array($v))
    echo "<b>$k: </b>$v<br>";
    else
    {
        echo "<b>$k: </b>";
        print_r($v);
    }
    
}

}
osc_add_hook('user_form', 'mc_export_csv_info_user');
?>

[Aficionado]

Anyway this forum must comply to GDPR as well so...

I ask for anybody to read this:

https://wptavern.com/why-gutenberg-and-why-now

You may think it is irrelevent to Osclass because it talks about Wordpress and Project Gutenberg (their new editor thing).

But if you read all the article, you will understand how it totally connects to Osclass also.

[marius-ciclistu]

Any good script doesn't have to die...the need for new and money makes the good scripts die....saddly.
Can you imagine how much money are involved in these GDPR terms... opencart has a plugin already, not 100% perfected, but it's not free:)

EDIT. I think i covered all of the aspects of GSPR for my oasclass with the above export.

[muratbora]

I have checked major ads pages in UK, NL, DE, IT, ES, FR countries, I could not see something about GDPR on  register page or any other pages...
May be they will implement when it closes to law starting date.

[Aficionado]

I have checked major ads pages in UK, NL, DE, IT, ES, FR countries, I could not see something about GDPR on  register page or any other pages...
May be they will implement when it closes to law starting date.

Me also i haven't see anything like that anywhere, but i DO know people that are preparing for it heavily. Especially BIG company sites with Ecommerce etc etc.

[Aficionado]

@marius-ciclistu

I had a long meeting and talk with IT people in my country running mainly Wordpress and we exchanged opionions and ideas.

It seems that nobody is ready and everybody is NOW starting to understand what it means all that and taking steps. Also it seems that EVERYBODY is affected by this, in all over the world (the civilized world). Even having a webserver that keeps some logs is considered as "data collection and proccessing). So you are traped.

Also i read the everybody need to register (and pay) for an ICO and also put all the personal details of the owner (name, address etc) online for public view.

For Wordpress all plugins that record personal info must be also GDPR compliant, so do plugins for Osclass. Comments must display a warning, registration also some tos, AGE compliance (16). Also a complete list of affiliates, google services (adsense or Analytics) and the rest.

I think for Osclass should be that hard since the users can delete their ads, their account themselfves and all is gone. No need to anonymize anything like the forums for example. So a clear page with help should be enough.

Even better a plugin that allows a registered and logged in user to Request to be "forgotten" and the admin should just delete him (just to be gentle with the users and the admin to do the job with an automated email that all is gone).