Privacy Policy
Last updated: July 7, 2026
The protection of your personal data is a central concern for Loyalem. With this privacy policy, we inform you about how Loyalem processes personal data when using our website, our web app/platform and, where applicable, mobile features – in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller
Loyalem
2. What Data We Process
2.1 Automatically Collected Data
When visiting our website or using our services, we automatically process:
- IP address
- Browser type and version
- Operating system/device information
- Date and time of server request
- Referrer URL
- Device settings/language and country settings
- Usage statistics (e.g. page views, click behavior, feature usage)
- Log data for IT security and error diagnosis
2.2 Loyalty Program & Wallet Data
When using digital stamp cards/loyalty programs, we process (depending on partner configuration):
- Customer ID (pseudonymous), stamp/points balance, reward status, transaction events (stamps issued, rewards redeemed)
- Wallet information: e.g. wallet type (Apple Wallet/Google Wallet), pass/card identifier, push tokens for card updates
- Technical metadata (e.g. timestamps, branch/terminal identifier used, device or session IDs)
- Communication preferences (e.g. notifications enabled/disabled)
Note: Content, conditions and redemption processes of rewards are determined by the respective partner company.
2.3 Voluntarily Submitted Data
When you contact us, register, or create a merchant account, we may process:
- Name
- Email address
- Phone number
- Shop/company information (name, address, industry, branches)
- Support content (messages, attachments, tickets)
3. Purposes of Data Processing
- Provision and operation of our services (website, platform, digital cards)
- Operation of loyalty programs (stamp issuance, status updates, redemption)
- Communication with you (support, contract-related notices)
- Improvement of user experience and service quality (error analysis, performance)
- Analysis of usage behavior
- Fulfillment of legal obligations
- Fraud prevention and IT security
4. Legal Basis
Where the GDPR is applicable, we base processing in particular on:
- Art. 6(1)(a) GDPR – Consent (e.g. optional cookies, marketing)
- Art. 6(1)(b) GDPR – Contract performance or pre-contractual measures (e.g. registration, platform use)
- Art. 6(1)(c) GDPR – Legal obligation
- Art. 6(1)(f) GDPR – Legitimate interest (e.g. security, technical optimization)
When Loyalem processes loyalty program data as a data processor, the legal basis for the partner company is typically Art. 6(1)(b) GDPR (customer retention/program participation) or Art. 6(1)(a) GDPR (consent), depending on program design.
5. Data Sharing
Data is shared exclusively, to the extent necessary, with:
- Hosting and cloud providers
- Service providers for email/push/SMS delivery
- E-commerce platforms
- Analytics and tracking service providers (only if used)
- Payment service providers (for paid merchant plans)
- Authorities, where legally required
- Processing service providers within the scope of data processing
Service providers are bound by data processing agreements pursuant to Art. 28 GDPR.
6. Cookies and Tracking
Our website currently does not use any cookies requiring consent and no tracking cookies. We use a single, strictly functional local-storage entry (loyalem-lang) that stores your language choice; it stays on your device and is not transmitted to us. Should consent-requiring cookies or tracking services be used in the future, we will inform you in advance and obtain your consent via a consent tool. More information: Cookie Policy
7. Your Rights
You have the right at any time to:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Objection (Art. 21 GDPR)
- Data portability (Art. 20 GDPR)
- Complaint to a supervisory authority
If your request relates to loyalty program data of a partner company (e.g. stamp balance/redemption), the partner company is generally the data controller. We support the partner company within the scope of the DPA.
8. Data Security
We implement appropriate technical and organizational measures, including:
- SSL/TLS encryption
- Access restrictions
- Monitoring and regular security audits
- Backup and recovery processes
- Training of our employees
9. Data Retention
We store personal data only as long as necessary for the purpose or as required by statutory retention periods. Loyalty program data is processed and deleted as instructed by the partner company, or returned/deleted at the end of the program; backups are overwritten within normal cycles.
10. Contact for Data Protection
For questions or concerns about data protection: