All Collections
Getting Started
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)

Overview of how Lootly handles GDPR

Ryan avatar
Written by Ryan
Updated over a week ago

What is GDPR?

The General Data Protection Regulation (GDPR), is a European Union regulation that was launched on May 25, 2018. The regulation is meant to provide better guidelines for how companies handle, collect, use and process customer's private data.

You can review the entire GDPR legislation by clicking here

Lootly, is fully GDPR compliant, including employing a dedicated data compliance officer to ensure all customer data is protected and handled appropriately. 

What do you need to know when using Lootly?

It's important to understand that Lootly is a Data Processor which means that we process the data that you collect on your store, including Personal Data and Non-Personal Data. This data includes both private information such as the customer's name, and transactional data such as the order amount or date.

When editing your privacy policy, you will need to mention that your customer's data is being shared with Lootly for the purpose of the loyalty program, including what data is being collected.

Each eCommerce integration has different variances in the type of data that is sent to our system, but overall below are the types of private & non-personal data we collect & process today: 

Private Customer Data

  • Customer Name

  • Email Address

  • Date of Birth

  • IP Address

Transactional Data

  • Order Amount

  • Coupon Usage

  • Account creation date

Even though an order in a typical eCommerce platform saves the Address & Phone Number of their customers, Lootly does not pull this data from the cart.

In order for Lootly to work properly, we need the bare minimum of data. 

How do I remove customer data from Lootly?

Merchants can request customers' data to be removed at any time simply by contacting Lootly.

Since Lootly does not have separate accounts (we simply stream data from the ecommerce platform), we would recommend to remove the data from the ecommerce platform directly. 

Lootly, can then in turn make sure all data is removed from our end as well. 

Note:   If a user of a store (ie: customer who purchases from a store), contacts Lootly directly, we will refer them back to the merchant (ie: store), to perform this action first. 

Did this answer your question?