|
|
|
|
|
|
by hkh28
1903 days ago
|
|
|
> You might need to retain some data for potential future refunds, for example. Then that would be a legitimate interest, and you could store that information for a period of time that is reasonable for processing refund requests. But you would be barred from using that same information for a different purpose, e.g. the loyalty program. GDPR article 25 requires systems to be have privacy built in, so a system such as the one you describe where a separation of these concerns is impossible, would probably itself be in violation of the regulation. |
|
|