GDPR, or General Data Protection Regulation, is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
This regulation has an important impact on websites and stores handling personal data.
WooRewards and GDPR
WooRewards basically handles the same personal data than WooCommerce. It means that if your WooCommerce store is compliant with the GDPR, so is WooRewards. There is only one exception to that, and it will be explained in the Birthday section down below.
WooRewards emails don’t have an unsubscribe button. So do the WooCommerce emails. Unsubscribe buttons are mandatory for advertising emails, such as newsletters. WooRewards and WooCommerce emails are informative emails. They don’t advertise on anything, they inform customers on the results of their actions on the website.
That’s also why WooRewards doesn’t propose emails to advertise customers about your loyalty program. Because it would fall under the GDPR regulation.
The Birthday earning method
One of the ways to earn points in WooRewards is the customer’s birthday. WooCommerce doesn’t collect that personal data on account creation. WooRewards proposes to add a Birthday field on registration. This is personal data and falls under the GDPR regulation.
If you use the Birthday method to earn points, you need to inform your customers about it. In your privacy rules, you have to indicate that you collect this data for a specific use and describe that use. You also have to ensure the good use of that data and the possibility for the customer to get access and ask it to be deleted. WooRewards offers the possibility for customers to delete that data in the “My Account” page.