Skip to content
Loyalty Club PLC

Legal

GDPR

Last updated 29 June 2026.

Loyalty Club PLC is a UK data controller and processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page summarises your rights and how we honour them.

Lawful basis

  • Contract — to deliver the loyalty platform you signed up for.
  • Legitimate interest — fraud prevention, security, product improvement.
  • Consent — for marketing communications and for non-essential cookies (analytics and advertising). Always opt-in, always reversible via “Cookie settings”.
  • Legal obligation — financial reporting and tax compliance.

Your rights

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — delete your account and associated personal data.
  • Restriction — limit how we process your data while a query is resolved.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests, and to direct marketing or ad personalisation at any time.
  • Withdraw consent — for any processing where consent is the lawful basis.

Exercising your rights

Members can delete their account directly in the Loyalty Club app. For other rights, email hello@loyaltyclubplc.com. We respond within 30 days.

Data we share

We don’t sell personal data. We use vetted processors to operate the platform — payments (Square), transactional email (Resend), and hosting (Vercel) — under UK GDPR-compliant terms.

With your consent, we also share analytics and advertising data with Google (Analytics 4 and Ads), Microsoft (Clarity — heatmaps and session replays), and Meta (the Facebook/Instagram Pixel), which may act as independent or joint controllers for their own measurement and audience purposes. See our Cookie policy for the full list and to manage your choice.

Cookies & consent

We set non-essential analytics and advertising cookies only after you opt in via our cookie banner, and you can change or withdraw your choice at any time using “Cookie settings” in the footer. For the full list of cookies and partners, see our Cookie policy.

International transfers

Some partners (notably Google and Meta) process data in the United States. We rely on the UK Extension to the EU–US Data Privacy Framework where the recipient is certified, or otherwise the UK International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses with a transfer risk assessment.

Security

Personal data is encrypted at rest and in transit. We apply role-based access, audit logging, and least-privilege principles to all systems.

Complaints

You can complain to the UK Information Commissioner’s Office at ico.org.uk. We encourage you to contact us first so we can put things right.