Loyalty Club PLC is a UK data controller and processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page summarises your rights and how we honour them.
Lawful basis
- Contract — to deliver the loyalty platform you signed up for.
- Legitimate interest — fraud prevention, security, product improvement.
- Consent — for marketing communications. Always opt-in. Always reversible.
- Legal obligation — financial reporting and tax compliance.
Your rights
- Access — request a copy of the data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — delete your account and associated personal data.
- Restriction — limit how we process your data while a query is resolved.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — for any processing where consent is the lawful basis.
Exercising your rights
Members can delete their account directly in the Loyalty Club app. For other rights, email hello@loyaltyclubplc.com. We respond within 30 days.
Data we share
We don’t sell personal data. We use a small number of vetted processors to operate the platform — payments (Square), transactional email (Resend), hosting (Vercel) and analytics. All are contracted under UK GDPR-compliant terms.
International transfers
Where data is transferred outside the UK or EEA, we use approved safeguards (adequacy decisions, standard contractual clauses, or equivalent).
Security
Personal data is encrypted at rest and in transit. We apply role-based access, audit logging, and least-privilege principles to all systems.
Complaints
You can complain to the UK Information Commissioner’s Office at ico.org.uk. We encourage you to contact us first so we can put things right.