We're hiring! See our open roles.

Spaaza’s Privacy Policy

Spaaza’s goal is to re-invent the loyalty program: by using data that customers have agreed to share with the retailer we help the retailer create better experiences for these customers.

To do this we provide retailers with a solution that collects and stores customer data that is shared through the various places that a customer interacts with a retailer - in physical stores, on webshops and through mobile applications.

Spaaza takes data protection very seriously. We consider it not just a legal and moral responsibility but a key competitive advantage of our solution.

Spaaza’s role as a data processor

Spaaza provides the tools necessary to run a modern retail loyalty program but the program itself is run and managed by the retailer. Any customer data that is stored in Spaaza is owned by the retailer.

Spaaza therefore has the role of a “data processor” and the retailer has the role of the “data controller”. As a data processor Spaaza has certain responsibilities towards protecting personal data stored in our solution. This document covers what data we store, what this data is used for, how customers can update or access their data and measures we take to ensure the security of this data.

As a data controller the retailer can choose what data they want to store in Spaaza and how they want this to be used. The retailer, as a data controller, is also responsible for communicating to customers how their data will be used and what personal data is currently stored. In many cases retailers will use Spaaza’s solution in conjunction with other data processing solutions. This document thus serves a general overview of data privacy at Spaaza rather than a specific overview of the privacy policy of one or more of our retailer clients.

Data that Spaaza collects

Retailers use Spaaza to store customers data that customers have agreed to share in order to: participate in a retailers loyalty program; receive email communication from a retailer; receive physical mail from a retailer; participate in competitions or events managed by a retailer; or to maintain an account on a retailers webshop.

Spaaza advocates and supports privacy-by-design and “data minimisation” which means that we encourage and support retailers to collect only the data that they require.

We collect and store data that customers give to retailers and also store data as a result of interactions with the retailer.

Data that customers give to retailers

Spaaza stores the following personal data that customers may provide to a retailer:

Data that we collect through interactions with the retailer

When a customer profile exists in Spaaza and when permission is given by the customer Spaaza will collect and store data that is derived from the interactions the customer has with the retailer online and offline. This includes:

How data collected in Spaaza is used

Spaaza provides tools to retailers which uses the data stored in Spaaza to create better experiences for the customer. Spaaza also provides tools that use the data stored in Spaaza to help make better, data-driven, business decisions.

The retailer chooses which of Spaaza’s tools they wish to use and how they wish to use them. Below are some common examples of how data collected by Spaaza is used by retailers:

Spaaza adds additional data to a customer’s profile which is derived from data that we collect. This data is typically statistical in nature and helps retailers to identify certain customer groups - for example “who are my biggest spending customers this month”. Spaaza does not take any actions based on this profiling data but a retailer may choose to use this data in their own activities, for example in marketing campaigns.

Data we share with third parties

Spaaza will not share any personal customer data with a third party, unless that party has been authorised to access the data by the retailer, who owns the data.

Retailers often work with other data processors who they have authorised and who will connect with Spaaza through our secure API (Application Programming Interface) to access customer data. Examples of this include:

It is the retailers responsibility as a data controller to communicate to customers how their personal data is being used and Spaaza is only responsible for the data stored in its own systems.

Accessing and updating personal data

Spaaza aims to make it as easily as possible for customers to update any incorrect or out-of-date data that is stored in Spaaza. We also aim to make it easy for a customer to access all their data.

Data in Spaaza can typically be accessed and updated through the following methods:

Should a customer wish to remove their data stored in Spaaza they need to submit a request to the retailer which then needs to pass this request on to Spaaza. Spaaza will then remove all personally identifiable data about the customer from it’s systems in a timely manner.

Spaaza is not responsible for removing customer data that is stored in other systems that they retailer may use.

Data security

Spaaza adheres to best practise and works hard to prevent unauthorised access to personal data stored in our systems. In particular:

Back to top