Merchants with customers in the EU will have heard of the EU General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018. The new GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens to control their data privacy. For more information, merchants can refer to the regulation link here: https://gdpr-info.eu/. This post is meant for merchants using S Loyalty with GDPR obligations.
As a merchant using S Loyalty, how should I think about S Loyalty with respect to GDPR?
The GDPR lists out the roles and obligations of a “Data Controller” and “Data Processor”. As the merchant, you are considered the Data Controller and S Loyalty is considered the Data Processor.
As the Data Controller, you will need to work with your customers to honor their requests for handling data that you have processed or stored about them (whether with your S Loyalty account or otherwise). When you install S Loyalty, you grant permission to Shopify or BigCommerce to share customer and order data to S Loyalty through APIs. When you use S Loyalty to run your loyalty program or other features, we will collect data about your customers such as their reward redemption activities.
As the Data Processor, we can help to provide, change, or delete a customer’s data in your S Loyalty account if your customer makes such a request. S Loyalty collects customer and order data in order to process and manage loyalty accounts for your customers.
How are we preparing for the GDPR?
Here’s what we are doing:
- Reviewing our internal processes in accordance to GDPR standards.
- Preparing communications to our merchants regarding GDPR and S Loyalty.
If your business needs to prepare for GDPR, we recommend you to also refer to the GDPR checklists from our partners.
This post was last updated on May 22, 2018.
Disclaimer: Please note that this post is for informational purposes only and is not meant to serve as legal advice. S Loyalty users should consult with their legal professionals to fully understand the scope of compliance obligations under the GDPR.