GDPR and Square - What You Need to Know

tranguyen · ‎03-16-2021

Square is committed to protecting privacy rights under the General Data Protection Regulation. In this post we’re sharing some of the most common questions and resources to help you maintain compliance with GDPR when dealing with your own customers or employees.

Disclaimer: Nothing on this webpage should be construed as legal or data protection advice. Please always consult a knowledgeable professional advisor.

What is the GDPR?

GDPR is the acronym given to the General Data Protection Regulation, a EU law updating and standardising data privacy laws across the EU.

To find out more about GDPR and what information it applies to, visit our Support Centre.

The Information Commissioner's Office - the UK's independent authority which oversees the data privacy rights of individuals - also has a helpline for small businesses to find out more about GDPR which may be of help:

Where can I find Square’s Privacy Policy?

You can find Square’s privacy notice that applies to sellers on our website.

For customers and employees of Square’s sellers, please find the applicable privacy notice here.

My customer is making a Data Request under GDPR, what do I do?

If your customer reaches out to make a data request, here are some steps to consider before you get started.

You can process these using the self-serve GDPR Buyer Request Portal on your Dashboard. To access it:

Login to your Square Dashboard and go to Account & Settings
Under the Business tab, select GDPR

For more information on how to use this, visit our Support Centre.

What’s a cookie banner? Do I need this?

A cookie banner (or preference centre) is the consent management module on websites that allows users to give their consent to which cookies and trackers they will allow on their device. For example, in the European Union, websites and apps that store or access information on a user’s device (e.g. through cookies) must ask for and obtain their explicit consent to do so.

Learn more about GDPR and cookie consent for the European Union.
Learn more about CCPA and cookie consent for the state of California in the United States.
Learn more about APPI and cookie consent for Japan.
Learn more about LGPD and cookie consent for Brazil.

I’m using the Square Online site, how can I maintain the compliance of my website?

Square Online helps you to maintain compliance with consumer privacy data laws by enabling you to work with third-party cookie banner providers. To add a cookie banner to your site, sign up with a third-party cookie banner provider like One Trust.

Once signed up, you will be provided with a code to be placed as the first element in the <head> of your website. To use the code, please follow the directions below:

From your Square Online Overview page, go to Website > Integrations.
Select Cookie banner, and paste your cookie banner code into the textbox.
Select Save when finished.
Publish your site from the Square Online site editor to see the change live.

Screenshot 2021-03-11 at 14.25.14.png

For more information about adding a cookie banner, visit our Support Centre.

My website is not hosted on Square, how can I make it compliant?

If your website is not hosted on the Square Online, it would be best to reach out directly to the e-commerce platform for further clarification on their cookies policy.

Do I need a privacy notice?

As a Square seller, you are the data controller of all your own customers’ and employees’ personal data. This means you are responsible for understanding your responsibilities as data controller under the GDPR. Your Privacy Notice will apply to the processing of the personal data of visitors to your website and your customers.

It’s best to contact a legal expert regarding your obligations under GDPR to provide guidance tailored to your specific circumstances.

What’s the cookie policy for Square Online?

Our Privacy Notice explains the use of cookies and other similar automated technologies on Square Online sites.

How can I make a Data Request to Square regarding my own personal data?

Square sellers can make a data request to Square under GDPR by contacting our Support team directly. Once we receive your request, we will respond within 30 days. Here’s how to contact our Support team.

Tra
Community Manager, Square
Have a burning question to ask in our Question of the Week? Share it with us!

Peanut · ‎04-27-2021

Ive been trying for a while now..

The cookie banner is working well but im trying to add a cookie list to my website.

on OneTrust i need to embed the following code..

<!-- OneTrust Cookies List start -->
<div id="ot-sdk-cookie-policy"></div>
<!-- OneTrust Cookies List end -->

but it I cannot make it work with square online

Also less important to me but the button to bring preferences back up doesn't seem to work either

<!-- OneTrust Cookies Settings button start -->
<button id="ot-sdk-btn" class="ot-sdk-show-settings">Cookie Settings</button>
<!-- OneTrust Cookies Settings button end -->

Valentina · ‎04-27-2021

Sorry for the troubles!

We'll get back to you here shortly, @Peanut.

Valentina
Community Moderator, Square
Sign in and click Mark as Best Answer if my reply answers your question.

tranguyen · ‎04-28-2021

Hey @Peanut, sorry to hear you are running into an issue with adding code to the cookie banner. When you try to add the following, do you get an error message or what seems to be happening?

Tra
Community Manager, Square
Have a burning question to ask in our Question of the Week? Share it with us!

Peanut · ‎04-28-2021

The cookie banner itself works fine. adding the code as per your instructions above.

The code I have listed above is from OneTrust to compliment the cookie banner and create a list of cookies and a button to get back to the cookie preferences, which don't work when adding to an embedded code section as per their instructions.

The cookie list code does nothing and the button code shows a button but its not clickable.

tranguyen · ‎04-28-2021

Thanks for letting me know @Peanut!

It's a bit hard to troubleshoot 3rd-party code but I'll do my best. From reading the support resources from OneTrust, it looks like the Production CDN script which is the cookie banner scrip must also be included on the page where the cookie setting and cookie list code are added.

I think I got the cookie list code to work but I'm trying to ascertain how the cooke settings button can also be added so please bear with me on this one!

With regards to the cookie list, I ended up creating a standalone cookie list page. On this, I only added an embedded code section.

For it to show the full cookie list, I added both the cookie banner scrip and and cookie list script, which showed the below which I hope will help.

Tra
Community Manager, Square
Have a burning question to ask in our Question of the Week? Share it with us!

Peanut · ‎04-28-2021

Strange. I though with the other bit being in head it would just work.

The cookie settings seems to works in the same way but it stays contained within section div so it wont work on its own because that section is too small. I guess that's because of the head script being added here too?

If you put all 3 bits of code banner, button then list code then you get something functional even though its not right.

I'm amazed I'm the first to try this (or at least ask about it)

Peanut · ‎04-28-2021

It also causes the cookie banner to load twice if you were to go on the cookie list page before accepting the banner

tranguyen · ‎04-29-2021

Hey @Peanut, thanks for sharing this! I'm unable to reproduce the double-banner on my end but I've reached out to our ECOM specialist team to get some clarification on how we can add the additional cookie list and cookie settings to work as OneTrust outlined here.

Once I have more information to provide, I'll be sure to follow up on this thread.

Tra
Community Manager, Square
Have a burning question to ask in our Question of the Week? Share it with us!

Peanut · ‎04-29-2021

Ok Thanks.

Is there any estimate on how long they will or usually take to respond?

tranguyen · ‎04-30-2021

Hey @Peanut, depending on the issue it can take 1-2 days for the team to work it out fully. I've sent them a follow up on my end as well so hopefully we'll get some additional information soon.

Tra
Community Manager, Square
Have a burning question to ask in our Question of the Week? Share it with us!

Peanut · ‎06-28-2021

Any update on this? The problem still exists and as its compliance related I would have thought square would be a little quicker than this.

tranguyen · ‎07-02-2021

Hi @Peanut, apology for the delay on getting back to you and that this took longer than we expected!

From testing with the team, because the cookie banner script is being added to the header of the site, it will be included on every page. As such, before you accept the cookie, it's expected that the banner will appear on every page. Once the cookie has been accepted, it shouldn't appear again. Does this sound similar to what you are experiencing?

The team don't generally troubleshoot 3rd-party code but they dig into the implementation for the Cookie Setting Button and the Cookie List as advised by OneTrust, and it looks like the lists are generally embed on a dedicated cookie list page or in privacy policy page, so our approach of adding it on a new page is in line here.

Tra
Community Manager, Square
Have a burning question to ask in our Question of the Week? Share it with us!

mariathomas · ‎05-16-2023

Learn more about GDPR and cookie consent for the European Union.