Skip to main content

    GDPR Requirements for LimeSpot Users

    Last Updated: May 10, 2024

    If you have shoppers from the European Union, you need to comply with the General Data Protection Regulation (GDPR). This page outlines the specific requirements for using LimeSpot while maintaining GDPR compliance.

    Requirement 1: Update Your Privacy Policy

    Your store's privacy policy must disclose that you use LimeSpot for personalization. Include the following information:

    • LimeSpot processes shopper data to provide personalized product recommendations
    • Data collected includes browsing behavior, purchase history, and device information
    • Data may be transferred to Canada, the United States, or Europe for processing
    • Shoppers can request access to or deletion of their data by contacting [email protected]

    Sample privacy policy language:

    "We use LimeSpot, a personalization service, to provide you with tailored product recommendations. LimeSpot collects information about your browsing behavior, purchase history, and device to deliver relevant suggestions. Your data may be processed in Canada, the United States, or Europe. For more information, see LimeSpot's Privacy Policy. To request access to or deletion of your data, contact [email protected]."

    Requirement 2: Implement Cookie Consent

    LimeSpot uses cookies to track shopper behavior and provide personalized experiences. Under GDPR, you must obtain consent before setting non-essential cookies. Implement a cookie consent banner that:

    • Appears before LimeSpot cookies are set
    • Explains that cookies are used for personalization
    • Provides options to accept or decline cookies
    • Allows users to change their preferences later

    Cookie categories to disclose:

    • Personalization cookies: Used by LimeSpot to remember your preferences and provide tailored product recommendations
    • Analytics cookies: Used to understand how visitors interact with the store and improve the shopping experience

    Many cookie consent solutions (like OneTrust, Cookiebot, or Shopify's native consent banner) can be configured to work with LimeSpot. Contact our support team if you need assistance integrating your consent solution.

    Requirement 3: Display LimeSpot Disclosure

    In addition to your privacy policy, we recommend adding a brief disclosure near areas where personalized recommendations appear. This can be a simple statement like:

    "Recommendations powered by LimeSpot"

    This provides transparency to shoppers about how recommendations are generated and helps build trust.

    Handling Data Subject Requests

    Under GDPR, shoppers have the right to access, correct, or delete their personal data. When you receive such a request:

    1. Verify the identity of the requester
    2. Contact LimeSpot at [email protected] with the request details
    3. We will process the request and confirm completion
    4. Respond to the shopper within 30 days as required by GDPR

    Shoppers can also contact our Data Protection Officer directly to exercise their rights.

    Data Processing Agreement

    GDPR requires a Data Processing Agreement (DPA) between data controllers (you) and data processors (LimeSpot). Our DPA is available at limespot.com/legal/dpa and is automatically incorporated into our Terms of Service.

    Compliance Checklist

    • Update your privacy policy to mention LimeSpot
    • Implement a cookie consent banner
    • Configure cookies to require consent before loading
    • Add LimeSpot disclosure near recommendations (optional but recommended)
    • Establish a process for handling data subject requests
    • Review and accept the Data Processing Agreement

    Need Help?

    If you have questions about GDPR compliance or need assistance implementing these requirements, please contact:

    Related Documents: Privacy Policy | Data Processing Agreement | GDPR and LimeSpot