In this article:

The General Data Protection Regulation is a European Union regulation to protect the manner in which the personal data of EU citizens is collected, used and processed. It will be enforced from 25 May 2018.

Despite being an EU-based law, the GDPR will affect companies globally. If your business is based within the EU, or you have customers based in the EU, you will need to be GDPR compliant. For more information on the GDPR click here

LoyaltyLion Ltd. started preparing for GDPR back in June 2017, well in advance of the May 2018 deadline.

LoyaltyLion Ltd. is referred to as a Data Processor within the GDPR legislation. Our responsibilities, therefore, pertain to that role. You can read more about these responsibilities in this article written by our GDPR lawyer.

LoyaltyLion Ltd. has already done the following GDPR recommended activities:

It is important to note, that the definition of what it takes to be GDPR compliant has not yet been finalised and will continue to evolve. LoyaltyLion Ltd. will continue to update and refresh our data handling and processing practices to maintain high standards.

For further information, please refer to our Privacy Policy and Terms of Service.

LoyaltyLion Ltd. is referred to as a Data Processor, meaning we process Personal Data and Non-Personal Data from your store. In your privacy policy, you should disclose the customer data being processed by LoyaltyLion.

The Personal Data we process for your customers includes:

The Non-Personal Data we process for your customers includes:

This data is shared via your e-commerce platform e.g. Shopify, Magento, BigCommerce etc.

When a merchant subscribes to LoyaltyLion, we receive the following data from the merchant:

Under the GDPR, customers have several rights when it comes to accessing their data that you collect, use, and process. It is likely that you will come across customers that are interested in pursuing their Right to Access their personal data, or their Right to be Forgotten (‘Erasure’). These requests can be made verbally or in writing and must be responded to within one month.

As LoyaltyLion is a Data Processor, our customer data is acquired via your e-commerce platform.

If you wish to erase customer's data, please follow the instruction on Shopify HelpDocs. Once you erase your customer from Shopify, they will be automatically erased from LoyaltyLion. 

Please note that if you delete a customer from Shopify without processing a GDPR erasure, this can cause issues with customer merchant IDs if the customer decides to create another account with your store.

We recommend processing a GDPR deletion with every customer that you remove from your store.

Removing your customer on the e-commerce platform won't remove the customer data from LoyaltyLion. The best way to ensure that the customer data is removed is to erase the data in the customer profile.

4. Review the popup and guidance and click "OK" if you wish to proceed

If you have a large number of customer data to erase, please contact support@loyaltylion.com and our team can assist.

Customer personal information is destroyed by overwriting. Non-personal usage data is retained.

Erased customers are still visible in aggregates (e.g. total spending, total points earned) but are not visible in customer search.

We’ve included the following resources for more information on GDPR and how you can prepare for the new legislation.

Please note that this guide and any resources are not legal advice, and are for informational purposes only. Please consult your legal counsel for specifics on how GDPR affects your business.