Personal photo portfolio .NET web application which implements a Blazor and Tailwind CSS user interface with a MongoDb database, and includes integration with Stripe Checkout and Prodigi Print API
At the moment, when a customer places an order from the Checkout page they are taken to Stripe Checkout, where they input their address and payment details.
The application then receives webhook notifications from Stripe, from which details of their delivery address, name and email address are extracted and added to the order in the database (which already contains the items ordered). This obviously falls under Personally Identifiable Information and as such there would need to be a policy setting out how the data is handled.
As this page on storage limitation sets out, there is no fixed time limit on retaining data, but you must be able to justify why you are retaining information for that period of time.
So there needs to be some thought put in around how long the application stores this data for.
For example - should the customer's postal address be stored at all? We could simply retrieve the address from Stripe by supplying the PaymentIntent at the point where we are submitting the order to the Prodigi Print API. This would prevent the user from being able to change the address after submission though. Instead, the user's address could be randomized or removed once we have a notification from Prodigi that the order has been sent/fulfilled.
Also, if we wanted to be able to offer customers the ability to see their previous orders, we would probably need to retain the email address against the order.
Does the security of the Stripe Dashboard login details become an issue for GDPR?
This is an ongoing issue that will need to be considered throught the process of developing the ordering section of the application (and beyond).
At the moment, when a customer places an order from the Checkout page they are taken to Stripe Checkout, where they input their address and payment details.
The application then receives webhook notifications from Stripe, from which details of their delivery address, name and email address are extracted and added to the order in the database (which already contains the items ordered). This obviously falls under Personally Identifiable Information and as such there would need to be a policy setting out how the data is handled.
As this page on storage limitation sets out, there is no fixed time limit on retaining data, but you must be able to justify why you are retaining information for that period of time.
So there needs to be some thought put in around how long the application stores this data for.
For example - should the customer's postal address be stored at all? We could simply retrieve the address from Stripe by supplying the PaymentIntent at the point where we are submitting the order to the Prodigi Print API. This would prevent the user from being able to change the address after submission though. Instead, the user's address could be randomized or removed once we have a notification from Prodigi that the order has been sent/fulfilled.
Also, if we wanted to be able to offer customers the ability to see their previous orders, we would probably need to retain the email address against the order.
Does the security of the Stripe Dashboard login details become an issue for GDPR?
This is an ongoing issue that will need to be considered throught the process of developing the ordering section of the application (and beyond).