Introduction
As Usual Loyalty System is committed to protecting and respecting your privacy. This GDPR Compliance page outlines how we collect, use, and protect your personal data in line with the General Data Protection Regulation (GDPR).
1. Data Collection
We collect personal data such as your name, email address, phone number, and transaction history when you interact with our loyalty system. This data is necessary for providing services and managing customer relationships.
2. Lawful Basis for Processing
In compliance with the GDPR, we process your data based on the following lawful grounds:
- Consent: You provide us with explicit consent when you sign up for our loyalty system or services.
- Contractual Necessity: We process your data to fulfill our contractual obligations with you.
- Legitimate Interests: We process data for purposes related to our business interests, such as improving services and customer support.
3. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right to Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can request corrections to any inaccurate or incomplete data.
- Right to Erasure: You can request that we delete your personal data under certain conditions.
- Right to Restrict Processing: You can request that we limit how we process your personal data.
- Right to Data Portability: You can request that we transfer your data to another service provider in a machine-readable format.
- Right to Object: You can object to the processing of your personal data for direct marketing purposes or based on legitimate interests.
4. Data Security
We take appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and secure data storage.
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal or accounting requirements. Once data is no longer needed, we securely delete or anonymize it.
6. Sharing Your Data
We do not share your personal data with third parties except for the following purposes:
- To service providers who assist in running our platform (e.g., hosting, payment processing).
- When required by law or to protect our rights or the rights of others.
7. International Data Transfers
If we transfer your data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your privacy in compliance with GDPR.
8. Updates to This Policy
We may update this GDPR Compliance policy from time to time. Any changes will be posted on this page, and we encourage you to review this policy periodically.