As a European and independant company, Lengow welcomes the GDPR as an important step forward to protect data across the EU, as it harmonizes data privacy laws and regulates how companies collect, modify and delete data of EU citizens.

GDPR sets companies in two categories : controllers and processors, according to where they sit in the data collection chain.

Based on its business activity, Lengow is mainly considered as a processor which can process personal data from your prospects and clients. According to the way you use the Lengow platform (basic tracking or marketplace selling), data collected may vary (from IP addresses, to personal data needed to process and ship orders to your clients, such as their first/last name, postal address …) – no sensitive data is collected anyway.

Our various departments have therefore actively worked to guarantee a full GDPR compliance.

High level of security guarantee

Lengow already employs strict policies and strict procedures around the security of data. As mentioned in our infrastructure and support page, our data are stored exclusively in Europe by ISO27000 certified providers guaranteeing a high level of security.

Register of processing operations

We’re documenting the various processes for collecting and processing personal data across our various departments, clients, partners and providers. In addition, our Terms of services have been updated with a data-specific addendum, which is now mandatory for our clients and guarantee the fulfillment of our obligations. Besides, we are making sure we are part of a compliant ecosystem by checking that any providers we use as sub-processors are also GDPR compliant.

Internal process

An internal committee with Technical, Product, Finance and Marketing team members was set to centralize privacy topics and processes, identify data types and get the importance of privacy and data protection across to the company.
Besides, team members have been trained by legal and privacy experts.
The access to sensitive data collected is limited to a small number of people among Lengow according to a strict policy.

Data Protection Officer

Our DPO ( Data Protection Officer) is available for any questions regarding actions taken et Lengow’s policy towards personal data. Should you have any questions regarding GDPR / Privacy issues, please send an email to

What Lengow is doing

We are fully committed to complying with GDPR and our legal experts have closely analysed requirements. As one of your technology provider, Lengow is fully GDPR compliant.


  • Who does the GDPR affect?
    The GDPR affects organizations based in EU but also apply to organisations outside EU if they offer good or services to EU citizens.
  • What does the GDPR regulate?
    The GDPR regulates the processing of data such as : collection, storage, transfer, use or deletion of personal data about EU citizens.
  • Is Lengow compliant?
    Yes, Lengow is fully GDPR compliant.
  • What do Lengow use personal data for?
    We only use personal data according to the contract signed with our clients and their instructions. We value privacy and do everything to protect it.
  • What is the difference between a data processor and a data controller?
    A controller determines the purposes, conditions and means of the processing of the personal data, whereas the processor processes data on behalf of the controller.
  • Where can I find additional information about GDPR?
    You can find additionnal information about GDPR on the European Commission website

Contact us

Should you have any questions about GDPR and how it impacts you, as a Lengow client, do not hesitate to contact us: