Social Sell New
Get customers to sell products to followers
Get more customers & sales
Infrastructure for digital monetary wallets
Points & status tools to increase loyalty
Issue & manage digital coupons and vouchers
Personalised discounting engine
Incentive Marketing Platform
Customer insights & incentive campaigning technology
iOS & Android apps
Loyalty app solution with notifications & CMS
Create a world-class customer program
Spaaza is a software company that builds tools to incentivise modern commerce. This includes providing solutions such as loyalty programs. Spaaza helps businesses create incentives that add value to their business, customers, employees and their communities.
To create more relevant and personal incentives we provide businesses with a solution that collects and stores personal data that is shared through the various places that a customer interacts with that business - for example in physical stores, on webshops and through mobile applications.
Spaaza takes data protection and privacy very seriously. We consider it not just a legal and moral responsibility but also key competitive advantage of our solution.
Spaaza provides the tools necessary to run a modern incentive program but the program itself is run and managed by the business.
Spaaza therefore has the role of a “data processor” and the business has the role of the “data controller”. As a data processor, and under the European General Data Protection Regulation (GDPR), Spaaza has certain responsibilities towards protecting personal data that we store and process. This document covers what data we store, what this data is used for, how customers can update or access their data and measures we take to ensure the security of this data.
Businesses use Spaaza to store personal data that customers have agreed to share in order to: participate in a businesses loyalty or incentive program; receive email communication from a business; receive physical mail from a business; participate in competitions or events managed by a business; or to maintain an account on a businesses webshop.
Spaaza advocates and supports privacy-by-design and “data minimisation” which means that we encourage and support businesses to collect only the data that they require.
Spaaza may store the following personal data that customers have shared with a business:
When a customer profile exists in Spaaza, and when permission has been given by the customer, Spaaza may also collect and store data that is derived from the interactions the customer has with the business. This includes:
The IP address used by a customer may also be stored temporarily if a businesses is using Spaaza’s mobile application solutions. This data is only stored in our logs and is not accessible to a business. Logs are used internally to maintain our service and identify and solve problems in our software. Logs are automatically deleted after 30 days.
Spaaza provides tools to businesses which uses the data stored in Spaaza to create better incentives and experiences for the customer. Spaaza also provides tools that use the data stored in Spaaza to help a business make better, data-driven, decisions.
Below are some common examples of how data collected by Spaaza is used by businesses:
Spaaza adds additional data or "insights" to a customer’s profile which are derived from the data that we store. This data is typically statistical in nature and helps businesses to identify how they could improve their business - for example “who are my biggest spending customers this month”. Spaaza does not take any actions based on this profiling data but a business may choose to use this data in their own activities, for example in marketing campaigns.
Spaaza will not share any personal customer data with a third party, unless that party has been authorised to access the data by the business, who controls the data.
Businesses often work with other data processors who they have authorised and who will connect with Spaaza through our secure API (Application Programming Interface) to access customer data. Examples of this include:
It is the businesses responsibility as a data controller to communicate to customers how their personal data is being used and Spaaza is only responsible for the data stored in its own systems.
Spaaza aims to make it as easily as possible for customers to update any incorrect or out-of-date data that is stored in Spaaza. We also aim to make it easy for a customer to access all their data.
Data in Spaaza can typically be accessed and updated through the following methods:
Should a customer wish to remove their data stored in Spaaza they need to submit a request to the business which then needs to pass this request on to Spaaza. Spaaza will then remove all personally identifiable data about the customer from it’s systems in a timely manner.
Spaaza is not responsible for removing customer data that is stored in other systems that the business may use.
Spaaza adheres to best practise and works hard to prevent unauthorised access to personal data stored in our systems. In particular: