GDPR Storefront Routine

A general overview of how GDPR protection works in the storefront for your customers.

Olga Tereshina avatar
Written by Olga Tereshina
Updated over a week ago

With a General Data Protection Regulation (GDPR) add-on installed and enabled in the online store, visitors from certain countries will have to confirm their consent on using personal data. Later on, they can withdraw their approval or change the cookie settings if they wish so.

Cookie Popup

The first thing your store customers come across would be a cookie popup if you enabled it in the GDPR add-on settings.


The popup allows visitors to select the type of cookies they permit your store to collect.

  • Default cookies - PayPal cookies and cookies that are strictly necessary for the website to operate correctly:

    • xid - unique token, sessional.

    • recent_login - stores your username to auto-complete the sign-in form next time you visit the store. Persistent for three days by default (the store admin can change the setting).

    • viewedResources - holds a list of cached CSS files; this is used to make the store's pages load faster. Persistent for 1 hour.

    • rv - holds a list of products you recently viewed in the store. Does not expire.

    • xc_np_product_#### - holds product identifiers, used to navigate within store's catalog. Persistent for 30 minutes

  • All cookies - All cookies collected by your online store, including 3rd party integrations like Google Analytics, Facebook, MailChimp, Segment, and others.

The cookies popup will keep displaying on every page of your online store until a customer selects one of the suggested variants. Meanwhile, your online store will collect default cookies only.

By clicking the "Click to learn more" link in the popup, the visitors can also check your website Privacy Statement that clarifies how your store collects and uses personal data.

Consent Checkboxes

The next thing your store customers and visitors will have to deal with will be the customer consent checkboxes on the checkout page, the registration page, and the "Contact us" page.

Registered customers will need to tick the checkbox only once, while anonymous buyers will have to confirm their consent each time they place an order or submit a request in the Contact Us form. Otherwise, checkout and sign-up procedures will be inaccessible.

  • Checkout page

  • Registration page

  • Contact us page


Cookie Type Update and Account Deletion

Registered customers can change the type of cookie they allow your store to collect in the Profile Details section of their customer account. For example, if they selected default cookies when first confirming the cookie popup, they could extend it to all cookies and vice versa.

Depending on the current state, the users need to enable or disable the "I consent to the processing of all cookies" checkbox on the profile page and click "Update profile" to save changes.

Registered customers can also delete a profile completely if required. Profile deletion removes all data stored in a profile and communication with the store owner and sellers. However, information on any placed orders will remain. It also deletes all associated accounts registered on the same email address. A store admin gets a notification on account deletion.


Anonymous buyers don't have registered accounts. Thus they can not change the cookie type selected. However, they can clean the stored browser cookies for your website.

Related pages:

Did this answer your question?