Managing and verifying consent
This article explains how the our app for Shopify stores handles consent entries, merchant access, and visitor verification.
How consent is stored
Our application stores consents records from store visitors after they interact with our banner. This is done in both sides.
Consent Recording: When a visitor gives consent, our app records it in the app's database which is on the cloud.
Data Format: The consent data includes a unique ID, the date & time, the consent status, the exact preference, the country of the visitor and the IP address masked (this is visible on the export).
Security: We ensure the data is securely stored and encrypted to maintain privacy and compliance.
Inside the application there is a report that presents all the consent records. From this page a merchant you can view consent receipts about the consent choice of the store visitors. More about this report here.
Also merchant can select some records to be exported in csv format.
Visitor side this is
Store visitors are identified by the unique and anonymous cookie _pandectes_gdpr set on their devices after expressing their consent preferences. The cookie does not contain any personally identifiable information at this point. More about how to decrypt this cookie can be found here.
This activity of the visitor is also visible inside the Data Subject Requests (DSR) page. The DSR page is a feature that our application is offering to accept these requests. On this page on the top after a visitor gives consent he can see his choice there and be able to change it.
On this area the visitor can see the consent ID and use it as a reference in case of a claim to the store.
How can the user validate his consent?
To verify their consent, a user is required to present their unique Consent ID key. This identifier, distinct for every consent instance, is logged in the first column of the consent record. Users can locate their specific Consent ID key in several designated areas. The first way to find this ID is from the cookie that our app is creating on their browser or by viewing it in the DSR page as described above.
Once a user requests to confirm their consent using the Consent ID key, you can locate their specific consent details in the concent tracking report by referencing this unique identifier.
Understanding consent management is key to GDPR and other regulations compliance. Our app ensures that both merchants and visitors can easily manage and verify consent, maintaining transparency and trust.
Updated on: 20/02/2024