srd focus customer loyalty

Customer loyalty

Retain customers and reward them for their loyalty. Using a customer’s loyalty system helps companies to:

  • Bind customers more closely to their offer
  • Generate more revenue
  • Acquire new customers

These are just a few reasons why customer loyalty programmes are in demand like never before, although thanks to new mobile technologies, they are no longer limited to the use of a simple customer card.

For all the benefits, the establishment of a customer loyalty programme nevertheless raises both technical and legal issues, the answer to which is essential to the success of the programme. This is the interface at which we start and transfer our extensive expertise on the legally compliant introduction of the loyalty system to the companies.

We advise:

  • E-commerce companies
  • Hotels and restaurants
  • The travel industry (e.g. airlines)

What legal problems do our clients face and how can we successfully solve them?

Here we give an insight into our practice.

We illustrate the steps our clients must take to build a successful customer loyalty system and how we overcome legal hurdles together.

The key question: what is to be achieved with the customer loyalty system?

Before a company is able to benefit from our expertise, we must establish which legal problem areas will arise in this specific case. That is why we first clarify what is to be achieved with the customer loyalty system.

Regularly, the aims are as follows:

  • To develop a comprehensive interest profile of the customer
  • Long-term loyalty of the customer to the company
  • Opportunity for personalised advertising based on the needs and interests of the customer
  • Location-based offers based on customer localisation

This “review” already gives us the opportunity to identify initial legal problem areas and to develop a legally acceptable solution.

Online or offline? The technical implementation

The successful establishment of a customer loyalty programme requires an efficient technical implementation.

Which channels should be used?

  • Offline solution (conventional customer card)
  • Online solution (e.g. app)
  • Cross-channel solution (combination of offline and online)

Why is that important to us?

The choice of technical implementation is crucial for the legally compliant implementation to be developed by us, as there are different legal requirements for offline and online solutions. For example, when using the app, it is possible to determine the customer’s location data and to use it for personalised advertising. As this involves the customer’s personal data, the determination of the data must be based on a legal basis (e.g. contract or consent).

Particularly problematic is the merging of data generated offline and online.

Stand-alone or multi-partner programme? 

Companies seeking advice from us usually already have an idea of whether they want to establish their own customer loyalty system (stand-alone) or join a multi-partner programme.

Thanks to our extensive project experience with well-known companies, we are familiar with the legal problem areas that may arise with the respective programmes.

With multi-partner systems in particular, there are many legal issues that differ from stand-alone programmes:

  • Which company law model is appropriate?

From a legal viewpoint, when choosing the company law model, the first question to be answered is how much independence the participating companies should have within the customer loyalty system. In practice, it has proven worthwhile to set up a strong umbrella company, which will impose strict, binding requirements on the participating companies. Unity not only increases interoperability, but also simplifies the handling of legal challenges.

In this case, the umbrella company is designed as its own profit centre, which independently administers the participant data and points. The participating companies become partners in the customer loyalty programme, with the specific design of this relationship achieved via a partner contract.

  • Who is responsible for the data?

The customer data is collected by a variety of companies as part of the multi-partner programme. In terms of data protection law, each data-processing company has certain obligations towards the affected customers. Since several companies use the customer data, so-called “joint responsibility” exists in the sense of Article 26 of the General Data Protection Regulation (GDPR). As per Article 26 of the GDPR, we conclude joint controllership agreements with the participating companies, within which the obligations relating to data processing are regulated.

  • Are there any antitrust issues?

In the case of multi-partner programmes, there is a risk that, in the context of the granting of discounts, some kind of illegal price agreement may arise between the participating companies, thus leading to antitrust violations. Here we carry out a detailed analysis of the risk potential and consider this in our legal advice.

Additional legal challenges

In addition, there are a number of legal challenges that affect both multi-partner and stand-alone programmes:

  • Data protection law

One of the core tasks of our legal advice is the implementation of data protection provisions while simultaneously maintaining conversion and usability:

  • Legal basis and concept of consent

The processing of personal data is only permitted if the customer has given their consent or if the processing has a legal basis regulated by statute. For the legally compliant implementation, we design a consent concept close to the requirements of the company’s specific marketing strategy, at the end of which there is a short, clearly comprehensible declaration of consent.

In order to make the declaration of consent as comprehensible as possible, clear and resistant to caution, we check in which cases data processing can also take place without consent. In particular, the permissible data processing on the basis of a contract within the meaning of Article (6)(1)(1)(b) of the GDPR is interesting here, as it is possible to conclude a contract aimed at offering discounts for the communication of personal data due to the freedom of contract guaranteed by statute.

The concept of consent may also stipulate the drafting of an initial minimal declaration of consent, which is subsequently supplemented by optional declarations by the customer.

Other data protection issues: 

  • Database conception
  • Cost of data protection training for employees
  • Response time in case of incidents
  • Server locations

Tax law

Companies wishing to establish a customer loyalty system must comply with requirements of tax law in addition to data protection, because the granting of discounts and bonus points is relevant under tax law and must be taken into account in the company balance sheets. We are familiar with the profits and income tax treatment of bonus programmes and verify whether provisions in the balance sheet are eligible, for example.

Our soft skills: contract negotiations with service providers

Companies wishing to set up a customer loyalty system for the first time are happy to use service providers who provide the necessary technologies. There is a risk here that the said companies will become highly dependent on the service providers and thereby suffer disadvantages in the future. We advise our clients on the selection of service providers and carry out the sometimes difficult but necessary contract negotiations.

Special problems: bonus and discount systems as e-money

A previously little-noticed legal challenge is the design of the customer loyalty system with respect to the German Payment Services Supervision Act (ZAG), which came into force in 2009. Although a company will scarcely intend to do so when setting up a customer loyalty programme, a discount or bonus scheme may be viewed as electronic money (e-money) depending on the design. If this is the case, companies must comply with strict regulatory requirements and additional obligations towards customers.

So far, much in the problem area “Paying with data” is still unclear and little has been decided. However, due to our extensive project experience, we do know the usual positions of the relevant supervisory authorities. As a result, heavy penalties can be avoided from, among others, the German Federal Financial Supervisory Authority (BaFin).


Subscribe to our monthly newsletter with information on judgments, professional articles and events (currently only in german).

By clicking on "Subscribe", you consent to receive our monthly newsletter (with information on judgments, professional articles and events) as well as to the aggregated usage analysis (measurement of the opening rate by means of pixels, measurement of clicks on links) in the e-mails. You will find an unsubscribe link in each newsletter and can use it to withdraw your consent. You can find more information in our privacy policy.