Plugin Contributor
Ewout
(@pomegranate)
Hi! The plugin only reads user data from the WooCommerce order, it does not store anything in and of itself. The PDF invoice can be attached to any WooCommerce email so you will probably want to check those settings to check if there are any potential issues there.
The plugin does store the PDF attachments in a temporary folder on your server, but we will have an update that will periodically clean this folder before the 25th. You can already clean the folder manually from the Status tab of the PDF invoice settings, so if anyone requests to have their data removed you can simply clean from their. Same applies here, the user data comes from / is stored in WC (and WP) itself.
Let me know if you have any additional questions!
Ewout
Hi there, really like your plugin am using it for years now.
Have just reviewed my database and found there a table called “wcpdf_invoice_number” and it stores “order_id” taken from woocommerce. I think your plugin creates this table, at least in class-wcpdf-sequential-number-store.php there is an “$sql = “CREATE TABLE .
order_id is PII data as it enables one to identify the person by combining this order_id to the user_id stored in Woocommerce.
IMHO to be GDPR compliant you should purge the content of this “wcpdf_invoice_number” table after some time. Maybe you could use one of the data retaining settings under Settings->Accounts&Privacy in WC 3.4
What is your opinion?
Plugin Contributor
Ewout
(@pomegranate)
Hi!
In my opinion, the order ID cannot be seen as PII. You mention “combining this order_id to the user_id stored in Woocommerce”, but this already shows that the true PII is the WooCommerce data. Which can be periodically purged or erased by request of the user, making the order_id stored in the invoice number table orphaned from the data.
In other words – if your configuration of WooCommerce complies with GDPR, your concerns are already addressed by that in my opinion.
I am not a lawyer or privacy/GDPR expert so if you have concerns about being compliant I recommend consulting a professional.
Thanks for the answer!
Let me cite Article 4 (1) of the regulation that defines what is “personal data”:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
I think the situation is 100% clear and there is no need for an expert. You get the order_ID from the datatable of Woocommerce and store it as a copy in your own table independently from Woocommerce. That means Woocommerce will not delete it in any way from your table.
As you can build a correlation between order_ID from your table and between user_ID in Woocommerce table, order_ID stored in your own table is personal data.
I think it would be really easy to purge your own table with the new hooks in Woocommerce that is why i suggested it. Otherwise your plugin is not GDPR-compliant and i will have to remove it from my website. That is the advice of my lawyer.
Plugin Contributor
Ewout
(@pomegranate)
Thank you for your input. I’m going to reiterate what I already wrote in my previous reply and try to clear up some confusion.
While the order ID may be linked to the order which in turn may lead to the personal information, in itself is not PII. As long as you make sure the WooCommerce settings are GDPR compliant, it means that the Order ID will not be linked to any personal information because WooCommerce will have already cleared it when required (either by periodic removal or upon request by the owner). This means that ALL links from the order ID to PII have been broken and it has become as meaningless – it is no longer a reference/identifier to any personal data because the data is deleted.
If this concerns you, you may want to contact WooCommerce too, because even the core functions do not erase the order ID when anonymizing orders. They simply remove all personal information but the order ID (which is a post ID in WordPress) will not be deleted. In my personal opinion, this is not a problem because the order ID is no longer a reference/identifier because the data itself is gone.
That said, I’ll look into hooking into the WooCommerce/WordPress hooks, but in my opinion this is redundant.
-
This reply was modified 6 years, 2 months ago by
Ewout. Reason: further clarifications
-
This reply was modified 6 years, 2 months ago by Ewout.
Plugin Contributor
Ewout
(@pomegranate)
will be included in the next release:
- 99940b0 – remove invoice data when orders are anonymized
- 69a8a5f – Include invoice number & date in privacy data export
