Shopping Basket


Cart empty

Log In

Find Us Elsewhere


Forum Search


We were recently asked if our Amazon extensions were GDPR compliant. We believe so, they should not create any issues for your business in being GDPR compliant.

For your information we will spell out exactly what the extensions do in terms of gathering personal data. Basically they do not gather any at all, any data sent to Amazon does not include any personally identifiable information, so there should not be an issue. In some cases the extensions set some browser cookies in order to function, but these do not include any personal information. However you may want to include this in your privacy policy. In more detail, this is what the extensions do (and you are welcome to link to this page if you want to spell this out to your users in your privacy policy).

AmazonWS Light Content Plugin

This extension does not set any cookies at all, nor send any personal information to Amazon.

AmazonWS Content Plugin Pro Version

This plugin does not send any personal information to Amazon.

If you are using the multi-country options it does need to set some cookies in order to remember which country site the customer is currently browsing. This may or may not be related to the country they are actually in. If you don't like this behaviour then don't use the multi-country options.

But if you want to use the mult-country options, the only thing that might cause an issue is if you use the customer's IP address to detect their country automatically. It depends if you regard an IP address as personal information. Our view is that the case for regarding the IP address as personal information is extremely weak:-

  • Many people use dynamically assigned IP addresses so they are only linked to them personally for a very short space of time
  • If you want to find out who is using an IP address you normally have to get a court order

However you might want to be cautious about this depending upon which country you are in. If you do then you might want to get your users consent to do this in your privacy policy, or, in the AmazonWS API plugin, leave the option 'Country Selection' at 'User Can Select Country', then the user's IP address will not be used anyway.

The cookies that the plugin sets are these:-

  • com_amazonws_country (the country site currently being browsed, not the customer's actual location)
  • com_amazonws_tag (which records your associates id, nothing to do with the customer)

If you don't use the multi-country options it does not set any cookies.

Amazon Shopping Cart

This plugin does not send any personal information to Amazon.

The same comments apply as above for the multi-country options.

The cart also uses cookies to function. They are essential because otherwise the extension has no way of maintaining the cart between page loads. The cookies that it sets are these:-

  • com_amazonws_cartid (used for identifying the cart)
  • com_amazonws_hmac (used for identifying the cart)
  • com_amazonws_storageids (used for saving the cart ids if the customer changes the country site to browse, so not often actually used)

None of these contain personal information. What happens is that when a customer decides to place an item in their cart, a request is sent to Amazon to create the cart. Amazon returns a unique id for the cart which the extension needs to store in order that the cart can subsequently be identified if the customer wants to modify its contents or check out. There is no personal information attached, not even an IP address. The cart becomes identified with a customer when they decide to check out, and are directed to the Amazon site, where they log into their account. Which they can of course choose not to do.

So there is no issue with personal privacy here, it is all anonymous right up until the customer is redirected to the Amazon site. In fact, because of the way this works, the customer's privacy is probably a lot better protected than if you use some of the available Amazon widgets, which use javascript to load content on your site, and may place tracking cookies on the customer's browser. In fact, because this is Amazon, they probably do.