GDPR & LoyaltyLion
Success team avatar
Written by Success team
Updated over a week ago

In this article:

An introduction to GDPR

The General Data Protection Regulation is a European Union regulation to protect the manner in which the personal data of EU citizens is collected, used and processed. It will be enforced from 25 May 2018.

Despite being an EU-based law, the GDPR will affect companies globally. If your business is based within the EU, or you have customers based in the EU, you will need to be GDPR compliant. For more information on the GDPR click here

GDPR & LoyaltyLion

LoyaltyLion Ltd. started preparing for GDPR back in June 2017, well in advance of the May 2018 deadline.

LoyaltyLion Ltd. is referred to as a Data Processor within the GDPR legislation. Our responsibilities, therefore, pertain to that role. You can read more about these responsibilities in this article written by our GDPR lawyer.

LoyaltyLion Ltd. has already done the following GDPR recommended activities:

  • High standards of record keeping

  • Being registered with the ICO

  • Employing a Data Protection Officer

  • Has trained all employees on how to handle personal information

  • Stores data within the EU

  • Keeps records of people’s personal information up to date and not longer than necessary

  • Has measures in place to keep the personal data we hold safe and secure

  • Has processes in place so we can respond to request for personal information we hold

  • Working with suppliers to help them adhere to GDPR regulations

It is important to note, that the definition of what it takes to be GDPR compliant has not yet been finalised and will continue to evolve. LoyaltyLion Ltd. will continue to update and refresh our data handling and processing practices to maintain high standards.

For further information, please refer to our Privacy Policy and Terms of Service.

Data processed by LoyaltyLion

LoyaltyLion Ltd. is referred to as a Data Processor, meaning we process Personal Data and Non-Personal Data from your store. In your privacy policy, you should disclose the customer data being processed by LoyaltyLion.

The Personal Data we process for your customers includes:

  • Name

  • Email

  • Phone Number

  • Address

  • IP Address

  • Date of Birth

The Non-Personal Data we process for your customers includes:

  • Transactional Data

  • Account Creation Date

This data is shared via your e-commerce platform e.g. Shopify, Magento, BigCommerce etc.

When a merchant subscribes to LoyaltyLion, we receive the following data from the merchant:

  • Account holder name

  • Account holder email

  • Company address

  • Company telephone number

The Right to access and/or erasure

Under the GDPR, customers have several rights when it comes to accessing their data that you collect, use, and process. It is likely that you will come across customers that are interested in pursuing their Right to Access their personal data, or their Right to be Forgotten (‘Erasure’). These requests can be made verbally or in writing and must be responded to within one month.

As LoyaltyLion is a Data Processor, our customer data is acquired via your e-commerce platform.

[Shopify] How to erase customer data from LoyaltyLion if you're using Shopify

If you wish to erase customer's data, please follow the instruction on Shopify HelpDocs. Once you erase your customer from Shopify, they will be automatically erased from LoyaltyLion. 

Please note that if you delete a customer from Shopify without processing a GDPR erasure, this can cause issues with customer merchant IDs if the customer decides to create another account with your store.

We recommend processing a GDPR deletion with every customer that you remove from your store.

How to erase customer data if you have a BigCommerce, Magento, or Custom store

Removing your customer on the e-commerce platform won't remove the customer data from LoyaltyLion. The best way to ensure that the customer data is removed is to erase the data in the customer profile.

  1. Log in to LoyaltyLion

  2. Find the customer profile in your base and go to Actions

  3. Select "Erase personal data"

4. Review the popup and guidance and click "OK" if you wish to proceed

If you have a large number of customer data to erase, please contact and our team can assist.

What we do in response to an erasure request

Customer personal information is destroyed by overwriting. Non-personal usage data is retained.

Erased customers are still visible in aggregates (e.g. total spending, total points earned) but are not visible in customer search.


We’ve included the following resources for more information on GDPR and how you can prepare for the new legislation.

Please note that this guide and any resources are not legal advice, and are for informational purposes only. Please consult your legal counsel for specifics on how GDPR affects your business.

Did this answer your question?