What is GDPR?
The General Data Protection Regulation (GDPR), is a European Union regulation that was launched on May 25, 2018. The regulation is meant to provide better guidelines for how companies handle, collect, use and process customer's private data.
You can review the entire GDPR legislation by clicking here.
Lootly, is fully GDPR compliant, including employing a dedicated data compliance officer to ensure all customer data is protected and handled appropriately.
What do you need to know when using Lootly?
It's important to understand that Lootly is a Data Processor which means that we process the data that you collect on your store, including Personal Data and Non-Personal Data. This data includes both private information such as the customer's name, and transactional data such as the order amount or date.
Each eCommerce integration has different variances in the type of data that is sent to our system, but overall below are the types of private & non-personal data we collect & process today:
Private Customer Data
Date of Birth
Account creation date
Even though an order in a typical eCommerce platform saves the Address & Phone Number of their customers, Lootly does not pull this data from the cart.
In order for Lootly to work properly, we need the bare minimum of data.
How do I remove customer data from Lootly?
Merchants can request customers' data to be removed at any time simply by contacting Lootly.
Since Lootly does not have separate accounts (we simply stream data from the ecommerce platform), we would recommend to remove the data from the ecommerce platform directly.
Lootly, can then in turn make sure all data is removed from our end as well.
Note: If a user of a store (ie: customer who purchases from a store), contacts Lootly directly, we will refer them back to the merchant (ie: store), to perform this action first.