Deleting a customer’s personal data: Torgsoft capabilities and the store’s area of responsibility
In retail, maintaining a customer database is the basis for loyalty programs, marketing mailings, and sales analysis. Customers fill out forms and leave their phone numbers, full names, and dates of birth to receive bonuses or discounts. However, situations may arise when a customer asks to delete their personal data from the store database, or when an entrepreneur decides to clear the system of inactive customers to bring order to accounting. In this regard, entrepreneurs most often ask Torgsoft technical support specialists the following questions: "Why does the program not allow a customer card to be completely deleted?", "Where can I check the debt that blocks deletion?", "How can old customers be removed from the database in bulk?" and "Who bears legal responsibility for storing or deleting personal data — the program developer or the store owner?".
Below are comprehensive answers to these questions, explaining the logic of the program and the legal aspects of data processing.
Legal responsibility: who is responsible for the customer database?
One of the key questions concerns who is responsible for compliance with personal data protection legislation.
By law, full name, phone number, date of birth, email, address, and purchase history by which a specific person can be identified are personal data. The owner of such a database is not the program or the CRM developer, but the store or Sole Proprietorship itself, which decides why it collects this data: for discounts, bonuses, service, warranty, or mailings. The Law of Ukraine «On Personal Data Protection» No. 2297-VI requires data to be processed openly, for a specific lawful purpose, without collecting excessive information, informing the customer about the purpose of collection, and having a legal basis: the customer’s consent, performance of a contract, a legal requirement, or the legitimate interest of the business. The customer has the right to withdraw consent, ask what data is stored, and also demand that the data be changed or destroyed if it is inaccurate or processed unlawfully. If the legal relationship with the customer has ended or the storage period has expired, personal data must be deleted or destroyed unless otherwise required by law. In simple terms: the store should not keep a phone number “just in case” without a clear purpose, but may keep accounting documents for as long as required by tax or accounting legislation. Law No. 2297-VI, Articles 2, 6, 8, 11, 12, 15, 24.
Therefore, the correct action for an entrepreneur is as follows: if a customer asks to delete personal data, the store owner must remove or anonymize the identifying information — full name, phone number, email, address, date of birth, notes, mailing data — but not break the financial history, receipts, returns, or settlements if they are needed for accounting. In Torgsoft, this is logically done through Marketing → Customers: if the customer has no debts, they can be deactivated; if complete deletion is impossible because of documents, the card should be anonymized, for example by leaving “Anonymous customer” without a phone number or other contact details.
Accordingly, Torgsoft acts exclusively as a technical provider that supplies a tool for keeping records and does not store the entrepreneur’s customers’ personal data in the normal operation of the program: the Torgsoft database is installed and physically stored on the customer’s own computer or server. Torgsoft is not responsible for the legal grounds on which the store collects data or for possible violations by the store of the Law of Ukraine «On Personal Data Protection». Therefore, if a customer demands that their data be deleted, it is the store owner who is obliged to ensure that this requirement is fulfilled in their database.
Why is the customer card not deleted?
When an entrepreneur tries to delete a customer card from the program, they may encounter a technical restriction. Most often, entrepreneurs ask the following question: "There is a customer who has not made purchases since 2021, but when trying to delete their card, a debt message appears. How can it be written off and the customer deleted?".
The Torgsoft program is designed to ensure strict financial and warehouse accounting. The inability to delete a card occurs when the customer already has a history of interaction with the store. If unpaid goods are assigned to the customer, there is a debt, or the customer’s card appears in posted financial or warehouse documents (for example, returns or sales), the system blocks deletion. This is done to avoid compromising the integrity of the database and causing discrepancies in the store’s financial reports.
If the customer’s history is completely empty (for example, the card was created by mistake), the program will allow it to be deleted.
However, it is important to remember one rule: information about a completely deleted customer cannot be restored.
Where can you check the customer’s debt and history?
If the program reports a debt that prevents deletion or adjustment, it must be checked. You can find the cause of discrepancies and view the settlement history in several sections:
-
Balance with partners. In the main menu item «Payment» — «Balance with partners», you can see the total amount of debt for a specific customer.
-
Settlement card. From the balance form, you can open the «Settlement card» with the selected customer. It displays a detailed list of all operations: date, document type, amount of debt increase or decrease, as well as the current state of the bonus account.
-
Purchase history. Detailed information about all goods purchased by the customer can be viewed directly in their «Customer card» on the «Purchases» tab. Data on purchase amounts, discounts, bonus accruals, and bonus deductions is also recorded there.
If the debt arose due to an error (for example, an incorrectly posted payment or return), it must be offset with the appropriate financial document or payment so that the customer’s balance becomes zero.
How to correctly remove a customer from the database (deactivation)
What should be done when you need to clean the database of inactive customers in bulk or fulfill a customer’s request to delete their data, but the system does not allow the card to be physically deleted because of purchase history?
During consultations on bulk card deletion, technical support specialists recommend using the method of deactivating customers. This means that you do not destroy the database structure and preserve the financial history of previous years, while the customer card becomes inactive. To do this, you can select the required customers in the list and apply the corresponding action to hide them.
If the customer demands the complete destruction of personal data specifically (full name, phone number, address) in accordance with the law, the store owner can open the «Customer card» (through the Marketing — Customers menu) and simply clear or anonymize the fields containing personal information (delete the phone number, email, replace the full name with "Anonymous"). In this way, the receipt history for accounting will be preserved, but it will be impossible to identify a specific person from it, which fully satisfies privacy requirements without harming accounting.
Go back to the previous step