GDPR and LimeSpot

Updated: June 2021

Welcome to LimeSpot!


What is GDPR?

The General Data Protection Regulation (GDPR) is a data privacy law passed by the European Union to strengthen and unify personal data for all the European Union’s citizens. GDPR requires companies to secure and protect the personal data of individuals with respect to their personal data rights. Individuals also have rights over their personal data such as a right to access, correct, delete and restrict processing of their data. As a LimeSpot Client you have already agreed to our Customer Terms of Service and Privacy Policy, both of which are in full compliance with the GDPR to help empower and keep you in compliance with the regulations in regards to your use of LimeSpot services.


How GPRP Affects You

(What is Required of You as a LimeSpot Client)

As a Data Processor under the GDPR definitions, we may be collecting data on your site to provide our services to you at your direction. We have no visibility to, and therefore no way of managing, certain aspects of the interaction with your Shoppers. These aspects include, notably, obtaining consent and the means of collection (e.g. the interaction with your site).

Solely to the extent that the GDPR is applicable to you, we now require that you:

Obtain informed consent associated with your use of LimeSpot products with your e-Commerce platform;

Incorporate our Privacy Policy directly into your own privacy policy and make sure your Shoppers are aware of the existence of such policy;

Provide your Shoppers with our email, should they wish to have their personal information removed from our service.


Data Protection Officer and Representative

LimeSpot has a Data Protection Officer (“DPO”) to respond to certain requests. On matters of data protection our policy is to practise extreme caution for the benefit of both of us, as well as for the benefit of your Shoppers. While we believe that the Privacy Tool will pre-empt most communications to the DPO, our DPO will nevertheless be made available for LimeSpot-related inquiries that you may not otherwise be in a position to handle. That said, please remember that most Shoppers will be unaware of LimeSpot’s involvement. You will therefore be, by default and necessity, a Shopper’s first point of contact regarding data protection and so will be considered the representative responsible with respect to the requirements of the GDPR. The LimeSpot DPO can be reached at ​ ​


Does LimeSpot transfer European personal data outside Europe?

LimeSpot’s technical infrastructure relies on data centers and cloud service providers that are located outside Europe on Microsoft’s Azure platform. Microsoft was proud to become the first global cloud service provider to appear on the US Department of Commerce’s list of Privacy Shield certified entities as of August 12th 2016. The European Commission adopted the EU-US Privacy Shield Framework on July 12th 2016, replacing the International Safe Harbor Privacy Principles as the mechanism for allowing companies in the EU and the US to transfer personal data across the Atlantic in a manner compliant with the EU data protection requirements as stated on

Where would I find your Data Processing Agreement (DPA)?

You can find our Data Processing Agreement at any time at

This document has been created to help you comply with the GDPR in regards to your use of the LimeSpot services. We have created a Requirements Overview document about the GDPR that might help you have a better understanding about your responsibilities in general.