Customer Personal Data

I Know we cant delete Entity attached to ticket but i got a mail from gloria food that customer requested to delete his personal data , may some countries have privacy policies , we may cant hold save personal info in system for future without consent. as am changing the name deleting mail , removing some numbers from phone number which already have huge data , this been used specailly duplicate entities as my format and gloria format of saving entites not same . anyone have other option to delete information ? this been requested earlier for future pos updates, not sure this happens . any recommendatins ?

Just change it to fake data.

Honestly, if you take an order from a customer, you have the right to store their personal data to the minimum required to process the order. This is allowed under GDPR in Europe and I would expect same anywhere as this would be acceptable use. How about if a customer buys something, then comes back tomorrow and says they wanted a refund? If their details were forcefully deleted, how could you do that, they would be unknown to you! This is not how business or data privacy works. I am 100% against the forceful way Gloriafood do this and would go as far as to say they are actually in breach of many of the data protection laws by just blatantly deleting the customer details the moment a customers asks. You are allowed to keep customer data for the sake of processing and storing an order. The customer can say they don’t consent to marketing which is fine. The customer can request you delete their data however you as a business owner must first ensure you abide by all laws you must follow as a business owner, such as for tax or other audit purposes, which may include keeping minimal details of your customer (so in such case their request to delete would be invalid - if they did not want their details stored, they should not have purchased something from you). I know if I had a customer who bought something from me, and they asked to delete their details I would have to refuse because I need to keep all accounting records for at least 7 years for tax purposes.

Just to add to my last comment, let’s look at an example where a customer were to plan to deliberately fraudulently order with the intent to claim they did not do the transaction and attempt a chargeback…

  1. Customer places order

  2. Customer requests deletion of data via gloriafood. Gloriafood deletes all customer data and replaces with * or other partial info (address is gone)

  3. Customer claims to their bank that they are unaware of the transaction, disputes it and a chargeback is initiated

  4. If you only use gloriafood standalone and have no details of the order stored anywhere else, you no longer have the customer details like name, address, email, etc., therefore you are in a position that you cannot properly respond to the chargeback with evidence showing proof the customer ordered etc.

Even if you use with SambaPOS and you have customer data stored in SambaPOS related to the transaction, the fact the data has been mostly deleted in gloriafood greatly hinders your process to appeal the chargeback. (Yes, I know it’s also very difficult in general to appeal a chargeback when you delivered the order yourself as there is no proper proof of delivery etc, but this deletion of customer data would make it even worse if not impossible)

This is why I say Gloriafood should not be deleting customer data just on the basis of the customer requests it. Gloriafood has taken the stance of what they believe is right and, as with most things gloriafood, are uninterested in any other opinions. They just do this to “cover themselves” without much thought of anyone else.