In this article:

An introduction to GDPR

The General Data Protection Regulation is a European Union regulation to protect the manner in which the personal data of EU citizens is collected, used and processed. It will be enforced from 25 May 2018.

Despite being an EU-based law, the GDPR will affect companies globally. If your business is based within the EU, or you have customers based in the EU, you will need to be GDPR compliant. For more information on the GDPR click here

GDPR & LoyaltyLion

LoyaltyLion Ltd. started preparing for GDPR back in June 2017, well in advance of the May 2018 deadline.

LoyaltyLion Ltd. is referred to as a Data Processor within the GDPR legislation. Our responsibilities, therefore, pertain to that role. You can read more about these responsibilities in this article written by our GDPR lawyer.

LoyaltyLion Ltd. has already done the following GDPR recommended activities:

  • High standards of record keeping

  • Being registered with the ICO

  • Employing a Data Protection Officer

  • Has trained all employees on how to handle personal information

  • Stores data within the EU

  • Keeps records of people’s personal information up to date and not longer than necessary

  • Has measures in place to keep the personal data we hold safe and secure

  • Has processes in place so we can respond to request for personal information we hold

  • Working with suppliers to help them adhere to GDPR regulations

It is important to note, that the definition of what it takes to be GDPR compliant has not yet been finalised and will continue to evolve. LoyaltyLion Ltd. will continue to update and refresh our data handling and processing practices to maintain high standards.

For further information, please refer to our Privacy Policy and Terms of Service.

Data processed by LoyaltyLion

LoyaltyLion Ltd. is referred to as a Data Processor, meaning we process Personal Data and Non-Personal Data from your store. In your privacy policy, you should disclose the customer data being processed by LoyaltyLion.

The Personal Data we process for your customers includes:

  • Name

  • Email

  • Phone Number

  • Address

  • IP Address

  • Date of Birth

The Non-Personal Data we process for your customers includes:

  • Transactional Data

  • Account Creation Date

This data is shared via your e-commerce platform e.g. Shopify, Magento, BigCommerce etc.

When a merchant subscribes to LoyaltyLion, we receive the following data from the merchant:

  • Account holder name

  • Account holder email

  • Company address

  • Company telephone number

The Right to access and/or erasure

Under the GDPR, customers have several rights when it comes to accessing their data that you collect, use and process. It is likely that you will come across customers that are interested in pursuing their Right to Access their personal data or their Right to be Forgotten (‘Erasure’). These requests can be made verbally or in writing, and must be responded to within one month.

As LoyaltyLion is a Data Processor, our customer data is acquired via your e-commerce platform. To erase customer data from LoyaltyLion, please contact us at

[Shopify] How to erase customer data from LoyaltyLion if you're using Shopify?

If you wish to erase customer's data, please follow the instruction on Shopify HelpDocs. Once you erase your customer from Shopify, they will be automatically erased from LoyaltyLion. 

Please note that if you delete a customer from Shopify without processing a GDPR erasure, this can cause issues with customer merchant IDs if the customer decides to create another account with your store.

We recommend processing a GDPR deletion with every customer that you remove from your store.


We’ve included the following resources for more information on GDPR and how you can prepare for the new legislation.

Please note that this guide and any resources are not legal advice, and are for informational purposes only. Please consult your legal counsel for specifics on how GDPR affects your business.

Did this answer your question?