To our valued partners:
After careful review, Loblaw has made the decision to wind down operations for our third-party, online Marketplace platform. We appreciate your understanding and will work with you to support our mutual customers as we transition over the next few weeks. Please note the following key dates:
Wednesday, June 14: the Marketplace website will be decommissioned, and we will stop accepting orders
Monday, July 31: the last day for any Marketplace RETURNS by customers (you will continue to have access to process refunds until August 31st)
A representative from the Marketplace team will be available to support this transition over the coming weeks.
After careful review, Loblaw has made the decision to wind down operations for our third-party, online Marketplace platform. We appreciate your understanding and will work with you to support our mutual customers as we transition over the next few weeks. Please note the following key dates:
Wednesday, June 14: the Marketplace website will be decommissioned, and we will stop accepting orders
Monday, July 31: the last day for any Marketplace RETURNS by customers (you will continue to have access to process refunds until August 31st)
A representative from the Marketplace team will be available to support this transition over the coming weeks.
I have the authority to sign on behalf of, and bind the seller of record for the products to be governed by this Agreement. I certify the following:
- My organization has a formal Risk Management program that is documented
- My company’s employees have basic information security training/knowledge, including how to handle sensitive data, dealing with phishing and malicious links, not posting to third parties, etc
- My company has a procedure for the return of assets by employees, contractors and third parties that terminate their employment or change their responsibilities such that they no longer require the equipment
- My company maintains a list of all your hardware and software assets that would be handling Loblaw data
- My company has a system or procedures established to monitor or be notified of data loss outwards from your organization including how to handle any such incident
- My company hardens its servers, desktops and other devices.
- My company has an Incident Management program and policy that includes a security response team with defined roles and responsibilities
- My company has an Antivirus/Antimalware software implemented on all servers, desktops and laptops
- My company has security patches regularly reviewed and applied to network devices
- My company has a formal access request process in place for all systems that handle client data that includes processes for access provisioning and removal (e.g. when employees change roles or leave the firm)
- My company has unique user IDs and passwords used to access information systems, devices or applications
- My company manages privileged access (e.g. Administrator accounts), also known as PAM - Privileged Access Management
- My company encrypts client data while at rest or while transmitting it through internal or external networks
- My company has appropriate security controls implemented to ensure the protection of client data handled on a mobile computing device (e.g. encryption of endpoints - laptop, smartphone, PDA, etc.)
- My company has systems and applications log user activity which could be available later for investigations
- My company has not had a security breach in the past
If you are unable to certify the information above, please contact a Loblaw Marketplace representative or Loblaw Seller Success at