What is GDPR?
The General Data Protection Regulation (GDPR), is a European Union regulation that was launched on May 25, 2018. The regulation is meant to provide better guidelines for how companies handle, collect, use and process customer's private data. You can review the entire GDPR legislation by clicking here.
Lootly, is fully GDPR compliant, including employing a dedicated data compliance officer to ensure all customer data is protected and handled appropriately.
GDPR & Lootly
It's important to understand that Lootly is a Data Processor, which means that we process customer data as it flows into our platform from any of our eCommerce integrations. This data includes both private information such as the customer's name, and transactional data such as the order amount or date.
Each eCommerce integration has different variances in the type of data that is sent to our system, but overall below are the types of private & non-personal data we collect & process today:
Private Customer Data
- Customer Name
- Email Address
- Date of Birth
- IP Address
- Order Amount
- Coupon Usage
- Account creation date
Even though an order in a typical eCommerce platform saves the Address & Phone Number of their customers, Lootly does not pull this data from the cart. In order for Lootly to work properly, we need the bare minimum of data.
How do I remove customer data from Lootly?
Customers can request their data to be removed at any time simply by contacting Lootly. Since Lootly does not have separate accounts (we simply stream data from the ecommerce platform), we would recommend to remove the data from the ecommerce platform directly.
Lootly, can then in turn make sure all data is removed from our end as well.
Note: If a user of a store (ie: customer who purchases from a store), contacts Lootly directly, we will refer them back to the merchant (ie: store), to perform this action first.