Avensia Storefront do not store any customer information but uses customer information from other systems, such as Dynamics 365 and the identity provider.
GDPR is an abbreviation of General Data Protection Regulation and is a European directive to harmonize data privacy laws across Europe. Detailed information about GDPR is available on the official EU GDPR site at https://www.eugdpr.org.
The versions of Dynamics versions used with Avensia Storefront are:
In this documentation will the expression Dynamics refer to all versions supported by Avensia Storefront that are mentioned above. The abbreviation Dynamics 365will refer to all versions except Dynamics AX.
The Dynamics platforms are supporting business logic through a service or by components that are included in the web solution.
Avensia Storefront doesn’t store any personal information by default. The customer information used in the Avensia Storefront Starter Site is:
In article 4 of GDPR are different roles defined:
The identity provider that is distributed with Avensia Storefront Starter Site uses a Microsoft SQL Database for account information. The database may be a dedicated database, but Identity Provider may also share another database if the namespace and table names do not conflict with other tables.
The account information that may be stored in the identity provider is:
The identity provider information is accessed using the URL https://<identityprovider>/idmfrom a computer that has access to the provider.
Avensia Storefront is designed with privacy by design in the following way.
The processor of personal information is by law required to keep a document of data inventory that describes all processes that involve personal information. The attached PDF document below contains activities that should be included in the record of processing activity by the processor.
The following challenges and issues are known in Avensia Storefront default implementation.
There is always an Episerver Contact created in the Episerver Commerce database. The contact contains fields for a complete person, but only name an e-mail is used by Avensia Storefront. There are some issues that may occur:
The Active and the Locked-out flags of the contact in Episerver is not honoured by default by Avensia Storefront Starter site. A user is logged in even though it’s disabled in Episerver as long as it exists and is verified by the Identity Provider and that the customer entity with the e-mail address exists in Dynamics. Note that the Blocked field of the customer entity in Dynamics is not honoured by default by Avensia Storefront Starter site. Use the Identity provider to disable or enable a user account or make a customization of the login process in Avensia Storefront to validate the contact and customer entity.
For Dynamics 365 NAV there is no identity provider in the solution. All user account validation is made by Dynamics 365 NAV and LS Omni server.
With Dynamics 365 NAV and the product suite, LS NAV and LS Omni are a Member Entity created instead of a Customer Entity when a user registers in Avensia Storefront Starter Site. This is the default behaviour of LS NAV and LS Omni. If a customer entity is required, then the customer entity must be created by LS NAV by a customization that copies the member entity. There is no interface in LS Omni server to create a Customer entity from the website.
Thank you for your message! we will reply as soon as we can!
Best regards Avensia support.
Thank you for your registration to our newsletter!
Best regards Avensia.