In this article:
An introduction to GDPR
The General Data Protection Regulation is a European Union regulation to protect the manner in which the personal data of EU citizens is collected, used and processed. It will be enforced from 25 May 2018.
Despite being an EU-based law, the GDPR will affect companies globally. If your business is based within the EU, or you have customers based in the EU, you will need to be GDPR compliant. For more information on the GDPR click here
GDPR & LoyaltyLion
LoyaltyLion Ltd. started preparing for GDPR back in June 2017, well in advance of the May 2018 deadline.
LoyaltyLion Ltd. is referred to as a Data Processor within the GDPR legislation. Our responsibilities, therefore, pertain to that role. You can read more about these responsibilities in this article written by our GDPR lawyer.
LoyaltyLion Ltd. has already done the following GDPR recommended activities:
High standards of record keeping
Being registered with the ICO
Employing a Data Protection Officer
Has trained all employees on how to handle personal information
Stores data within the EU
Keeps records of people’s personal information up to date and not longer than necessary
Has measures in place to keep the personal data we hold safe and secure
Has processes in place so we can respond to request for personal information we hold
Working with suppliers to help them adhere to GDPR regulations
It is important to note, that the definition of what it takes to be GDPR compliant has not yet been finalised and will continue to evolve. LoyaltyLion Ltd. will continue to update and refresh our data handling and processing practices to maintain high standards.
Data processed by LoyaltyLion
The Personal Data we process for your customers includes:
Date of Birth
The Non-Personal Data we process for your customers includes:
Account Creation Date
This data is shared via your e-commerce platform e.g. Shopify, Magento, BigCommerce etc.
When a merchant subscribes to LoyaltyLion, we receive the following data from the merchant:
Account holder name
Account holder email
Company telephone number
The Right to access and/or erasure
Under the GDPR, customers have several rights when it comes to accessing their data that you collect, use, and process. It is likely that you will come across customers that are interested in pursuing their Right to Access their personal data, or their Right to be Forgotten (‘Erasure’). These requests can be made verbally or in writing and must be responded to within one month.
As LoyaltyLion is a Data Processor, our customer data is acquired via your e-commerce platform.
[Shopify] How to erase customer data from LoyaltyLion if you're using Shopify
If you wish to erase customer's data, please follow the instruction on Shopify HelpDocs. Once you erase your customer from Shopify, they will be automatically erased from LoyaltyLion.
Please note that if you delete a customer from Shopify without processing a GDPR erasure, this can cause issues with customer merchant IDs if the customer decides to create another account with your store.
We recommend processing a GDPR deletion with every customer that you remove from your store.
How to erase customer data if you have a BigCommerce, Magento, or Custom store
Removing your customer on the e-commerce platform won't remove the customer data from LoyaltyLion. The best way to ensure that the customer data is removed is to erase the data in the customer profile.
Log in to LoyaltyLion
Find the customer profile in your base and go to Actions
Select "Erase personal data"
4. Review the popup and guidance and click "OK" if you wish to proceed
If you have a large number of customer data to erase, please contact firstname.lastname@example.org and our team can assist.
What we do in response to an erasure request
Customer personal information is destroyed by overwriting. Non-personal usage data is retained.
Erased customers are still visible in aggregates (e.g. total spending, total points earned) but are not visible in customer search.
We’ve included the following resources for more information on GDPR and how you can prepare for the new legislation.
Please note that this guide and any resources are not legal advice, and are for informational purposes only. Please consult your legal counsel for specifics on how GDPR affects your business.