True, but this is true regardless of loyalty cards. I'm not sure what info they can get from a credit card alone, but I'm hoping it doesn't include email address, phone number, or physical address.
Not allowed by whom? The New York Times documented, in its famous "Target knew someone was pregnant before the rest of the family did" article, that the non-numeric information is used:
"Whenever possible, Target assigns each shopper a unique code--known internally as the Guest ID number--that keeps tabs on everything they buy. 'If you use a credit card or a coupon, or fill out a survey, or mail in a refund, or call the customer help line, or open an e-mail we've sent you or visit our Web site, we'll record it and link it to your Guest ID,' [Target Stores statistician Andrew] Pole said. 'We want to know everything we can.'"
This isn't isolated to Target. Long time data aggregators like Acxiom collect electronic payment records on everyone. Incidentally, they perform contract work for the NSA which undoubtedly has unlimited access to Acxiom's entire dataset.
Square remembers your email address by credit card number.
This was really surprising to me. I used Square once at a shop in Seattle, and had an email receipt sent to me.
Almost a year later, I used Square back home in Toronto and asked for a receipt. To my surprise I didn't have to give any information: just using the same the credit card I swiped months earlier was enough.
I thought it was a part of the contracts but apperently it is a swedish law that disalowes gathering of personaly identifiable data without explicit consent.
If you pay with a credit or debit card in your own name when using that card, the store very much does know who you are.
Target dispenses with the entire loyalty-card-and-discount idea to just match by payment data.