GDPR is a complex subject for everyone, and our take on it is similar to many WP plugins you install on your site.
First, AWPCP is neither a data processor nor data controller, and we do not store nor handle any personally identifiable information for your site on our servers. With that said, AWPCP does capture data that you control on your site, which puts you on the hook for GDPR requests from your users.
WordPress provides some GDPR hooks for users who request the “right to be forgotten” and AWPCP uses those WordPress hooks to integrate with your GDPR features provided by WordPress itself.
When a user requests a GDPR export by the site admin, AWPCP includes the following WP information from our listings, if they apply:
- Listings owned by the user, (which means that we export the content of the listing–by default the following fields are included):
- Title
- Website
- Phone
- Fax
- Address
- Zip
- (Other fields in your listings can be included by setting “This field contains sensitive or private information?” option when editing the field. But this is up to YOU and will not happen automatically)
- Additional information:
- Listing images
- Listing attachments
- Payments made by user:
- Payment Transaction ID
- Payer email
- Ratings made by user:
- Rating ID
- Rating Author
- Rating Author Email
- Rating Author IP
- Rating Date
- Rating Value
- Rating Content
- Rated Listing (URL)
When users request that their data be erased, all the matching data above will be removed, including all listings and their data (post metadata) as well as payments and ratings–all completely scrubbed from your database. In addition, media and attachment files are removed from server folders.
PLEASE NOTE: If you have BACKUPS of your data, this removal in WP will not affect them in any way. You will need to remove any backups that contain this data as well to complete your GDPR request.
More information about the WordPress hooks can be found below (which should be integrated with if you are doing a custom plugin with AWPCP to be GDPR compliant):
General Q&A about GDPR
- Does the plugin share personal data with third parties (e.g. to outside APIs/servers). If so, what data does it share with which third parties and do they have a published privacy policy we can link to?
- Akismet
- PayPal
- Authorize.Net
- Stripe
- Does the plugin collect personal data? If so, what data and where is it stored?
- Address, country, state and city stored a user metadata. (user meta)
- Name, email address, phone number, website entered as the contact information for listings. (custom table/posts table/post meta)
- Name and email address entered when leaving a comment. (custom table)
- IP address and qualification when leaving a rating. (custom table)
- Payment email address on payment transaction records and subscriptions (custom table)
- Attachments uploaded to listings.
- Does the plugin access personal data (e.g. using the personal data WooCommerce stores in orders). If so, what data?
- User name and email stored in WordPress user accounts.
- Does the plugin store personal data (including making copies of it). If so, where?
- User name and email stored in WordPress user accounts.
- Additional information as specified by AWPCP, such as Phone, Address, ZIP/Postal code, etc.
- The information stored depends on whether the admin has configured certain fields to be available or not (e.g. Phone Number)
- Does the plugin pass personal data to a SDK? What does that SDK do with the data?
Yes, we pass information such as email and user PII to:
- Akismet
- Payment SDKs (Stripe, PayPal, etc)
- Does the plugin implement the core personal data exporter hook?
Yes.
- Does the plugin implement the core personal erasure hook?
Yes.
- For what reasons (if any) does the plugin refuse to erasure personal data? (e.g. order not yet completed, etc)
If an ad is paid for by a user, we cannot delete their PII as it relates to the payment of the ad.
- Does the plugin enqueue Javascript, tracking pixels or embed iframes from a third party (third party JS, tracking pixels and iframes can collect visitor’s data/actions, leave cookies, etc.)
We support rendering Google AdSense code. However, we only do that if the customer configures the plugin to do it.
- Does the plugin store things in the browser? If so, where and what?
- Cookies to remember active region.
- Does the plugin use error logging? Does it avoid logging personal data if possible? How long are log entries kept? Who has access to them?
We currently do not store error logs that include personal information.
- In wp-admin, what role/capabilities are required to access/see personal data? Are they appropriate?
Administrators, Editors (optionally) and Classifieds Moderators roles.
- What personal data is exposed on the front end of the site by the plugin? Does it appear to logged-in and logged-out users?
- Some personal data on listings.
- Some personal on comments.
- It appears to all users (assuming that the AWPCP plugin is not protected by a membership plugin)
- What personal data is exposed in REST API endpoints by the plugin? Does it appear to logged-in and logged-out users? What roles/capabilities are required to see it?
We don't have REST API endpoints.
- Privacy documentation
- Does the plugin have documented anywhere what personal data it collects, accesses, and shares, why it collects that, and how long it is retained?
Yes.
- Is browser storage (e.g. cookies) also covered?
Yes.
- If the plugin shares personal data with a third party, does that third party have a documented privacy policy (e.g. a URL) that covers the API(s)
Yes.
- Are there separate things you need to declare for administrators and shop managers vs end-users?
No.
- Does the plugin have documented anywhere what personal data it collects, accesses, and shares, why it collects that, and how long it is retained?
- Does the plugin properly remove/clean-up data, including especially personal data:
- during uninstall of the plugin?
- when a user is deleted (e.g. from any user referencing rows in a table)?
We do not delete classified listings when the associated user is deleted. However, if AWPCP is specifically uninstalled via the admin dashboard, this will DELETE all AWPCP data we store in your site. Deleting the plugin from the plugins dashboard will NOT do this.
- Does the plugin provide controls to reduce the amount of personal data required?
Phone number and website URL fields, as well as other extra fields can be made optional.
- Does the plugin share personal data with SDKs or APIs only when the SDK or API requires it, or is the plugin also sharing personal data that is optional?
Only when required (e.g. Payment SDK requires PII for payment processing)
- Does the amount of personal data collected or shared by this plugin change when certain other plugins are also installed?
Yes, premium modules store personal data as well.