If you have a loyalty scheme for your customers with specific T&Cs, would you say that contractual necessity is the most relevant legal basis? Or consent?
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Think it is also worth keeping in mind what the end result of the loyalty scheme is. Some loyalty schemes offer discounts at point of purchase (i.e. 10th coffee free, 13 months for the price of 12 when renewed x years after) whereas other loyalty schemes are essentially direct targeted marketing with discounts in areas of interest either from the store/provider themselves or from 3rd parties.
Depending on the structure of the end loyalty benefit might change the lawfulness basis used.
If they are your customers then you already have a basis for processing and storing their information however that will not by default include other purposes such as loyalty schemes.
You are best advised to seek consent to further process their information for a loyalty scheme.
We don’t but we did explore it, and it may come up again. I think I’d suggest zooming out on the concept a little. The lawful bases other than consent state that “processing is necessary for…” — so it depends on whether processing of personal data in the context of the loyalty scheme is actually *necessary* for you to perform that contract (i.e. the scheme T&Cs). If not, then you may need consent, but if consent for processing becomes a requirement to enter into the contract then you need to consider Art. 7(4).
I would say that basic identifiers and contact details are necessary in order to conduct the scheme (performance of a contract), but you’ll need to assess what other personal data you’re processing and the purpose(s) for that processing so you can then revisit the necessity wrt to the Ts&Cs.