Does your website use third-party services? Get GDPR compliant in minutes.

VP-ASP

PreferencesWebsite

What does VP-ASP do?

VP-ASP is an eCommerce shopping cart software developed by Rocksalt International (Australia), used by merchants to operate online stores with customer accounts, product catalogues and integrated checkout.

What is VP-ASP

VP-ASP is an eCommerce shopping cart software developed by Rocksalt International, headquartered in Sydney, Australia. It powers online stores with product catalogues, customer accounts, order management, integrated checkout and a back office. VP-ASP can be installed on a merchant's own server or hosted in the Rocksalt cloud, and it integrates with a wide range of payment gateways, shipping carriers and marketing tools.

Data and cookies set by VP-ASP

VP-ASP sets first party HTTP cookies for session management, the shopping cart, the customer login, currency and language preferences. The administration backend also relies on cookies. Optional modules add their own cookies: Google Analytics for traffic measurement, Facebook Pixel or Google Ads for marketing, plus cookies set by integrated payment gateways such as PayPal, Stripe or Eway.

GDPR and ePrivacy implications

Cookies used to maintain the cart, authenticate customers and complete the order are strictly necessary and do not require consent. Cookies for analytics, advertising or personalisation require prior consent under Article 5(3) of the ePrivacy Directive and the corresponding national rules. A VP-ASP store selling to EU residents must comply even if the merchant is based in Australia, because the GDPR applies extraterritorially.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

Consent requirements

Implement a consent management platform that blocks analytics, advertising and social tags until the visitor accepts. Record consent with a timestamp, the version of the policy and the choices made. Provide an equally accessible refusal option, and let customers withdraw consent through a persistent link in the footer or in their account.

Data transfers

VP-ASP itself can be hosted anywhere. When the merchant uses Rocksalt cloud hosting in Australia, transfers to a third country occur from the EU perspective and need Standard Contractual Clauses plus a transfer impact assessment, given that Australia is not covered by an adequacy decision. Additional transfers can take place to US payment gateways and analytics providers.

Practical compliance steps

Sign a data processing agreement with Rocksalt International if you use their hosting, and with every payment and marketing integration. Document every cookie. Deploy a CMP, configure granular consent categories, audit checkout flows for unnecessary trackers, set retention periods for order data, and publish a clear cookie and privacy policy linked from every page.

GDPR consent category

Preferences

Websites using VP-ASP must obtain user consent under GDPR regulations.

Legal basisConsent for non essential cookies and marketing, contract for order processing, legitimate interest for fraud prevention

Risk levelmedium

Applicable regulationsGDPR, ePrivacy Directive, UK GDPR, Australian Privacy Act

DPIA considerations

A DPIA is recommended when a VP-ASP store processes large volumes of customer orders, runs profiling, integrates international payment gateways or stores special category data such as health products.

Sample consent text

Our online store uses essential cookies to handle your cart and checkout. With your consent we also use analytics and marketing cookies to improve the catalogue and our offers. You can change your choices at any time from the cookie preferences link.

Technical details

Tracking methodServer side sessions, first party HTTP cookies, optional integration with Google Analytics and payment processors

Server locationCustomer hosted (Australia or chosen hosting provider), or Rocksalt cloud option

Data transferred outside the EUDepending on the chosen deployment, data may be hosted in Australia or in any country selected by the merchant. Payment gateway and analytics modules may transfer data to the United States or other regions.

Third-party domains contacted

vpasp.comrocksaltdigital.com.aushoppingcart.vpasp.comsecure.eway.com.au

Cookies placed

Name	Type	Duration	Purpose
ASPSESSIONID	first_party	Session	Server side session identifier used by the VP-ASP ASP/ASP.NET stack to maintain user state.
vp_cart	first_party	30 days	Stores the unique identifier of the shopping cart so items remain available between visits.
vp_customer	first_party	30 days	Identifies the logged in customer for account access and order history retrieval.
vp_currency	first_party	1 year	Stores the currency preference for stores supporting multi currency catalogues.
vp_admin	first_party	Session	Authentication cookie for the VP-ASP back office administrator account.
vp_lang	first_party	1 year	Persists the language preference for multilingual VP-ASP stores.

VP-ASP uses cookies for user preferences — inform visitors with a consent banner.

Get started free Scan your site

Frequently asked questions

Which cookies does VP-ASP set on a customer's browser?

VP-ASP sets first party cookies for session, cart, customer login, currency and language. The administration backend uses separate cookies. Additional cookies are deposited by enabled modules such as analytics, advertising and integrated payment gateways.

Is visitor consent required before VP-ASP cookies are set?

Strictly necessary cookies (session, cart, login, CSRF) do not need consent. Consent is required for analytics, advertising, social media plugins and any tracking that is not essential to operate the store, including remarketing cookies set by integrated payment gateways.

What legal basis applies to data processed by a VP-ASP store?

Order processing relies on the performance of a contract (Article 6(1)(b) GDPR). Fraud prevention may rely on legitimate interest (Article 6(1)(f)). Non essential cookies, marketing and profiling rely on consent (Article 6(1)(a)) combined with Article 5(3) of the ePrivacy Directive.

Does VP-ASP transfer data to the United States or to Australia?

Yes, depending on deployment. The Rocksalt cloud is in Australia, and integrated US payment gateways or analytics tools transfer data to the US. Both routes require Standard Contractual Clauses and a transfer impact assessment, plus a record in the privacy policy.

Do I need a DPIA for a VP-ASP shop?

A DPIA becomes necessary for large catalogues with extensive customer profiling, when the shop sells health, sports nutrition or financial products, when it combines several data sources, or when it processes data of children or other vulnerable groups.

How do I implement compliance correctly with VP-ASP?

Sign data processing agreements with every vendor, list VP-ASP and its plugins in your record of processing activities, classify every cookie, deploy a CMP that blocks non essential tags until consent, configure retention periods, restrict admin access, and publish a clear cookie and privacy policy.

What are alternatives to VP-ASP for European merchants?

European alternatives include PrestaShop (France) self hosted, Shopware (Germany), Sylius (open source, France), CCV Shop (Netherlands) and WooCommerce on an EU host. Shopify Plus with EU data residency is also commonly considered, although Shopify still involves transfers to North America.

How should I update the cookie policy after enabling a new VP-ASP module?

Identify the new cookies, their purpose, retention, recipient and any data transfer. Update the CMP categories, refresh the consent banner so customers are asked again, version the cookie policy with the publication date and notify the data protection officer if applicable.

Get compliant — Try FlowConsent free

Free plan · 10-min setup