In this article:

  • What is GDPR?

  • How does GDPR affect Abandoned Cart Recovery?

  • How does GDPR affect how you run your abandoned cart recovery program?

What is GDPR?

The General Data Protection Regulation, or GDPR, is an European Union regulation that comes into effect on May 25th, 2018. This regulation changes how companies collect, use, and process the personal data of European residents. 

Abandoned Cart Recovery is compliant with the GDPR regulations. Here’s some detailed information about how the GDPR affects Abandoned Cart Recovery.

How does GDPR affect Abandoned Cart Recovery?

The GDPR is a broad regulation that reshapes the landscape of data usage for companies that operate globally. We have extensively evaluated how GDPR affects us and our users. The good news is that the law does not require us to change the services we provide - it just changes how we provide those services:

  • It requires us to re-organize our privacy team, and to adequately document and keep records of certain privacy-related decisions made by us so that we are accountable for our privacy practices.

  • To make sure that we and our users are able to honor the rights of European customers over their personal data.

  • It requires us to make certain contractual commitments to our merchants, and requires us to get certain contractual commitments when we use a third-party subprocessor to provide our services.

What have we done to prepare for GDPR?

  • We appointed a Data Protection Officer to oversee our GDPR implementation plan.

  • We implemented a Data Protection Impact Assessment process, as required by the GDPR.

  • We started to deliver GDPR-focused training to key teams and personnel, so that we are all aware of the law’s requirements and can design our products and business plans with privacy in mind.

  • We implemented a detailed procedure to deal with data subject access requests, deletion requests, and government access requests.

How does GDPR affect you?

Ultimately, GDPR compliance is the responsibility of every business that sells in the EU, regardless of where it is based. We suggest that every Abandoned Cart Recovery user consult legal experts to ensure they have sufficient privacy controls in place in advance of the May 25, 2018 deadline.

What do you need to know when using Abandoned Cart Recovery?

Abandoned Cart Recovery is a Data Processor, meaning that we process the data that you collect on your store, including personal data and non-personal data. When creating or editing your privacy policy, you will need to disclose that your customers’ data is being shared with Abandoned Cart Recovery for the purpose of recovering abandoned carts, including what data is being collected.

The data we process for your customers includes:

Personal Data:

  • Name

  • Email

Non-Personal Data:

  • Transactional Data

  • Account Creation Date

How do I remove customer data from Abandoned Cart Recovery?

Under the GDPR, Data Subjects have the "right of erasure". This means they can request that their data be removed at any point.

If you require a customer or a list of customers to be deleted from your abandoned cart email list, you can contact our support team via email or in-app chat. We will delete this customer data for you. 


The GDPR requires marketing emails to only be sent to customers who have provided affirmative consent in the form of a positive opt in. Pre-checked boxes that use customer inaction to assume consent aren’t valid under GDPR.  

Note that transactional emails that relate to an order or transaction with your business are exempt from this requirement.

Abandoned cart emails are considered as transactional emails as they relate to an order or transaction with your business, so are exempt from this requirement.


The use of cookies is mentioned in the GDPR. They can be divided into essential and non-essential cookies. 

Essential cookies are those necessary for providing the information requested by the user. 

Non-essential cookies are considered to be identifiers and are used for analytics, advertising or third parties including affiliates and those that identify a user when they return to the website. This type of identifier is considered to be personal data. 

Abandoned Cart Recovery only retains essential cookies that are required for the proper functioning of the app and does not retain non-essential cookies. 

Disclaimer: The information provided here is intended to be educational and should not be construed as legal advice. Abandoned Cart Recovery encourages all of our users — and all ecommerce merchants – to seek legal advice for counsel on how they specifically should prepare for GDPR.

Did this answer your question?