Building a great Loyalty system requires data. The history of activities (bits) for a member is important to measure and roll out targeted offers. As a brand owner, you may need to see part of or all past activities and target specific member that fulfill the offer criteria. As an LJI customer, you are always the data owner and controller for the information you store or push to GRAVTY. Data is retained as long as we have an ongoing legitimate business need to process your personal information and in accordance with applicable laws.
Processing of Service Data is performed as necessary to provide the applicable Service and all employees of LJI are subject to strict technical and organizational measures to protect the Service Data that is Hosted or Processed by them. Service Data may also be transferred, Processed or disclosed as required by law or in response to subpoena or other legal process.
Service Data may include Personal Data (“Personal Data”). Applicable Data Protection Laws (as the term is defined herein) sets out a number of data protection requirements which apply when Personal Data is being Processed. Applicable Data Protection Law means the following data protection law(s)): (i) where Data Controller is established in an EEA member state or where Data Controller’s Agents or End-Users access the Services from an EEA member state: the EU Regulation 2016/679 (“GDPR”) (and any applicable national laws made under it).
Service Data is Processed by the LJI in compliance with GDPR. This includes compliance with requirements that Personal Data transferred from the EEA to other countries where the LJI operate is adequately protected. LJI regularly enters into Data Processing Agreements with its Subscribers which incorporate the EU Standard Contractual Clauses ("Model Clauses") and detail our obligations with respect to the Processing of Personal Data.
LJI maintains an up-to-date list of the names and locations of all sub processors used for Hosting or other Processing of Service Data, including Personal Data, which can be found here
All Data in databases is retained forever and in accordance with applicable laws. Data can be deleted when requested by Customer and when user requests as per GDPR. All data is transmitted using https. Data at rest in databases is encrypted. Data backups are encrypted. File Storage systems have encryption enabled.
Audit Logs are retained for 6 months. Data Backups are retained for 1 month.
As a customer, you have full control over the data that is in GRAVTY. If you decide to terminate the service with LJI and/or move to another Loyalty Management System, you have multiple ways to take the data out of GRAVTY.
Once the service is terminated and Customer has taken out all of the data, LJI will permanently delete out all data associated with account. After this point, LJI will not be able to provide any service or data.