Privacy Policy

LOOP PRIVACY POLICY

We are Loop Digital Wardrobe Ltd., a company registered in England under Company number 13472763, whose registered office is at Quadrant House, 4 Thomas More Square, London, England ,E1W 1YW (“LOOP”, “we”, “our”, or “us”).

We are an online marketplace and intermediary for sustainable fashion, allowing Users to join discount schemes or membership programs, manage their online wardrobe, list their Items and interact with other Users and Merchants by Swapping, Donating, Upcycling and Reselling their Items, by sharing their styling ideas, by creating their own wish list, by posting comments, by sending private messages or by using any other feature of the Services.

For the purpose of the GDPR, the UK GDPR and the Data Protection Act 2018, we are the data controller for our users’, partners’, website visitors and prospects data to the extent it pertains to natural persons. We may act as joint controllers with our partners for the users’ personal data that we share with them, please see section “Sharing your information” below. We have set out a joint controller arrangement which reflects our respective roles and responsibilities. You can ask for further information about this by contacting us at [email protected]

This policy (together with our Terms and Conditions and any other terms or documents referred to on them) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It applies to our users, our partners, our website visitors and to other individuals whose data we may process, except for our employees (“you”, “your”). This Privacy Policy (together with our Terms and Conditions) applies to your use of www.loopdigitalwardrobe.com (our “Site”); our application LOOP app for a mobile telephone or handheld device (our “App”); and any services accessible through our Site or App (“Services”). It also covers how we use your information, with whom we share or disclose it, where we might transfer it and how we protect that information

Please read the following information carefully. Our Privacy Policy may change from time to time so please, check the Site or the App occasionally for any updates. If we change this policy, we will post the revised policy on our website with the date from which it is effective. If we make significant changes to the policy, we may also notify you more explicitly by, for example, sending an email at the email address provided at the time of registration or displaying a notice on your device.

If you have any questions about our privacy practices, please contact us at

[email protected].

You can also contact our appointed DPO, Aphaia, using the following contact details:

Aphaia Ltd

Eagle House

163 City Road, London

EC1V 1NR

Telephone: +44 20 3917 4158

Email address: [email protected]

Information Collection

When you visit or use our Services via the Site or App, we may collect a variety of information from you, which may include:

Personal information you provide us

Personal information is information that can be used to identify a single person (“Personal Information”). You may provide Personal Information to us when you register to use the Site or App, when you create your customer profile on the Website; when filling in forms on our Site or App; using the service (such as registering your payment card or loyalty scheme card); when you purchase or sell a product on the Website; when you subscribe to our mailing list ("newsletter"); when you use the messaging tool made available to you to contact other users of the Website or mobile App (the "Chat");corresponding with us by phone, e-mail or otherwise; participating in discussion boards; sharing, linking or using any other social media functions on our Site or App; or if you enter a competition, lottery or contest, promotion or survey; when you browse the Website and look at the products; when you accept the installation of certain cookies.

Personal information you give us may include the following categories of personal data:

Users: First and last name, country, date of birth, title, gender, billing and delivery address, nationality, age, user profile photo/or image, email address, physical address, phone number, order details and history, clothes submitted, coupons, which service(s) and what different functions in these services you have used and how you have used them, your personal preferences, payment information including credit and debit card details (card number, expiry date and CVV code), bank account number, bank name and transactions history, including: 1. what you bought via different retailers; 2. what you bought from other LOOP users; 3. what you sold to other LOOP users; 4. what you donated to any charity; 5. what clothes you swapped with other LOOP users; 6. what you returned to the retailer and 7. what clothes you sent for Upcycling, 8. login details (name and password), social media login if used to login to LOOP, payment details, claims, incidents, information concerning deliveries, correspondence on LOOP website, and if applicable, the company’s name and the VAT number, all content shared on the Website (comments, messages etc., 9. Data Information about goods/services - Details concerning the goods/services you have bought or ordered, such as type of item or delivery tracking number. 10. audio recordings, photos and video recordings of you and your clothes, as well as styling ideas etc 11. Your comments, reviews, opinions 12. Your favourite items, your wishlist 1. Content you listed/shared/posted/exchange with your friends/people you observed/followed 14. Your keywords you use for searching items/services.

Partners (including retailers, charities, influencers, media/PR and other groups that might be interested in cooperation with LOOP): Name, company email address, job title, physical address, business phone number, company and position, website address of the company, contract, VAT ID.

Certain data is collected automatically through your actions on the site (see the section on cookies)

Information that we collect about you

Each time you visit our Site or use our App, we may automatically collect the following information:

Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, the type of mobile device you use, mobile network information; browser type and version, time zone settings, operating systems and platforms.

Details of your use of our Site or App including, but not limited to, traffic data, location data, weblogs and other communication data, connection and browsing data and the resources that you access. Technical information generated through your use of LOOP’s services such as response time for web pages, download errors and date and time when you used the service. Location information. We may also use GPS technology to determine your current location. Some of our location-enabled services require your personal information for the feature to work.

Information about your contacts with LOOP’s customer service - Recorded phone calls, chat conversations and email correspondence.

Your contacts with the stores you shop at or visit - Information about how you interact with stores, such as whether you have received goods and the type of store you shop at.

Device information - IP address, language settings, browser settings, time zone, operating system, platform, screen resolution and similar information about your device settings.

Service-specific personal data - Within the framework of our services through the LOOP mobile application, LOOP’s payment accounts, Email Connect, Personal Finance and event registrations, we use additional personal data that are not covered by the categories listed above. Information regarding each service is listed here:

LOOP desktop and mobile application: All contents you upload to the app (such as potos, styliing ideas and boards, or receipts), location information, information about how you use the browser, and the websites you visit;

LOOP’s payment accounts: Information about your transactions. LOOP will also process data about third parties (such as payees or payers) for LOOP’s services;

Email Connect: Information from the connected e-mail account about your completed purchases, product, price and quantity information, delivery tracking numbers and information about stores that we pass on to the LOOP mobile application;

Personal Finance: Information from your other bank accounts and other types of accounts (such as card accounts) that you choose to connect to the service, as well as information such as account number, bank, historical transactions

Event registration on social media: Information about your profile from your social media account

The banking information relating to your order is automatically processed by PayPal and Stripe. The purpose of this automated data processing is to enable the authentication of the persons paying an order and to prevent payment fraud. Non-payments due to fraudulent use of credit cards will result in the registering of contact information relating to your order, in connection with such non-payment, in an internal payment incident file as well as by the service providers listed above.

Information we receive about you from other sources

We may receive information, including Personal Information, about you from third parties we work closely with, including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies. These third parties normally act as our processors.

If you have registered for the Service on our Site or App via Facebook, or other third party social networking sites (“SNS”), we will obtain information you have provided to the SNS (such as your name, profile picture, email address and other information you make publicly available via the applicable SNS) from the account you have with such SNS and will use that information to create your LOOP account and each time you register for a LOOP scheme or membership program. The information we obtain may depend on the privacy settings you have with the SNS.

We may combine the information we receive about you with information you give to us and information we collect about you and use the combined information for the purposes set out below (depending on the types of information we receive).

Our Site and App uses cookies. A cookie is a small file of letters and numbers that we put on your computer or other device. These cookies allow us to distinguish you from other users of our Site or App, which helps us to provide you with a good experience when you use our Site or App and also allows us to improve our Service.

We use necessary cookies to make our Site and App work and we would also like to set optional cookies to help us improve it and give you the best experience possible.

The exact names of cookies we use on our Site and App may change over time, however, the descriptions below set out the types of cookies that operate on our Site and App. You can obtain an up to date list of the cookies we use by contacting us at [email protected] .

Strictly necessary cookies. These are cookies that are required for the operation of our website, to provide services explicitly requested by you or to comply with any other legislation that applies to us, such as the security requirements of the GDPR or the UK GDPR. They include, for example, cookies that help ensure that the content of a page loads quickly and effectively.

Analytical cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. We use them to collect information about how visitors access our services, such as the number of users on our website, how long they stay on the site for, and what parts of the site they visit. This helps us to improve the way our websites work, for example, by ensuring that users are finding what they are looking for easily.

Advertising cookies. These record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed to you more relevant to your interests and to understand that content’s effectiveness.

Functionality/personalisation cookies. These are used to recognise you when you return to our websites, which enables us to personalise our content for you and remember your preferences, for example, to load the chatbot.

When you use our Site or App for the first time, you are given the opportunity to accept or decline not strictly necessary cookies. By using the tick boxes or toggles on the cookie banner, you are consenting to or declining our use of cookies by category as set out in this policy. You can also change your cookie consents at any time by accessing the cookie banner or by emailing us at [email protected]

Our use of cookies is proportionate in relation to our intended outcome and limited to what is necessary to achieve our purpose.

Session cookies. These cookies allow us to recognise and link the actions of a user during a browsing session. They are temporary and expire at the end of a browser session, normally when you exit the browser.

Persistent cookies. This category encompasses all cookies that are stored on a user’s device in-between sessions. All persistent cookies have an expiration date written into their code, but their duration can vary for each category or specific cookie. The persistent cookies we use normally expire after six months. If you require more information regarding the duration of a particular cookie used by us please contact us at [email protected]

You can set up your preferences the first time you visit our Site or App and at any time through our cookie banner or by contacting us at [email protected]

You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited. Browsers also allow you to control access to cookies. You can find below the links providing information about how you can do this for the major browsers:

Microsoft Edge

Internet Explorer

Chrome

Firefox

Safari

To find information relating to other browsers, visit the browser developer's website.

You can find specific information about the cookies that we use in the links below:

AppsFlyer

Google Analytics

TikTok pixel

Meta for business

Facebook pixel

The cookies that we use may change from time to time.

To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Use of Your Information

We use your information for the following purposes:

to provide you with our Services, including carrying out our obligations arising from any contracts entered into between you and us;

to manage user accounts (subscribe, unsubscribe, exclude, etc.)

to provide you with Services related information and information on and/or about retailers and/or service providers who run loyalty schemes or membership programs (“Merchants”);

to provide you with information about products or services that you request from us or which we feel may interest you where you have provided us with your consent except where you have requested not be contacted for such purposes;

to provide you, or permit selected third parties to provide you, with information about products or services we feel may interest you, where you have provided your express consent;

to notify you about changes to our Site, App or Service;

to resolve any problems or claims;

to prevent and prosecuting fraud;

to meet legal, regulatory, insurance and security requirements an obligations;

to manage applications for jobs with LOOP;

to customise, assess and improve our services and content;

to prevent, detect and investigate any activities that are potentially prohibited and illegal;

to improve the quality of the services that LOOP offers to its users: moderate messages by/to users send through the private chat and in their comments;

to ensure that our terms and conditions of use are complied with;

to detect unsolicited content, malicious computer programs;

to identify potential misbehaviour reported by a user;

to obtain information on claims or disputes between.

We may further use your information to improve our Service and to offer you tailored content so that you have a more relevant and beneficial experience and to analyse and understand how our Site, App and Service are used, which includes:

offering you improved customer service and support;

personalising your visits to the Site or App to improve our Service;

conducting market research;

anonymizing Personal Information and preparing aggregated data reports showing anonymized information for the purpose of advising ourselves, Merchants and our business partners regarding past and potential future patterns of spending, fraud, and other insights that may be extracted from this data; and

carrying out technical and statistical analysis to monitor our Service, the Site and App.

ensuring that content on our Site and App is presented in the most effective manner for you.

Marketing

You may receive marketing communications from us if you have opted-in for receiving that marketing.

Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes.

We do not sell, rent or lease or provide in any other way our customer lists to third parties.

If you decide at any time that you no longer wish to receive marketing communications from us by email, please follow the unsubscribe instructions provided in any of the communications you receive from us or contact us at [email protected] If you no longer want to receive push notifications, you can update your preferences in the App via Settings.

The basis for processing your data

We process your data for the performance of the contract that you have entered into for the provision of our services, and/or in order to take steps at your request to enter into the contract.

Some data is processed based on our legitimate interest, notably our partners’ and prospects’ employees’ and contractors’ data in order to communicate with the partners and prospects. Whenever we process any personal data based on legitimate interest we will conduct a Legitimate Interest Assessment to ensure that the individual’s interests do not override those legitimate interests.

We will ask you for your consent in the following cases:

When we need access to contacts in the address book, pictures, videos and any other personal documents stored in your device.

When we need to access your location information in order to be able to provide you with a particular feature in the Site or App that you wished to use.

When we want to place information in your device (not strictly necessary cookies). Please see the section “Cookies” in this Privacy Policy.

In order to carry out profiling based on the user’s activities in the Site or App, in particular in relation to reselling, donating, upcycling and swapping.

In order to send you marketing communications. See the section “Marketing” in this Privacy Policy.

Your consent will also be required in case we share some of your data with third parties for a purpose different from those comprised in this Privacy Policy and that is not indispensable for the provision of our services. We may ask for your consent in other cases where we process your data.

You can withdraw your consent at any time by contacting us at [email protected] . When it comes to location information, you can also withdraw your consent at any time by updating your location services preferences in the handset via Settings. Please note that the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Sharing Your Information

We do not rent or sell your personal information to anyone without your explicit consent, but, subject to the need to perform the contract with you based on the contract you enter with us and our legitimate interests, we may share your personal information as set out below:

Merchants and our business partners. We may share the following information:

purchase history;

in App user activities: data related to SWAP/ Resell/ donate/upcycle/return;

in App user activities related to what you post, like, etc;

information about key trends based on data collected by LOOP (purchase /resell/returns/swapping), in an anonymised form.

Some personal data may be visible to other LOOP users, in particular if you make your profile public.

Sellers, if the items you purchase are sent to you directly by them;

Purchasers, to enable them, where appropriate, to return to sellers the items they purchases directly from them;

Our third-party service providers who perform functions on our behalf in connection with the operation of our business such as IT service providers, including cloud storage, analytics, image recognition and communications providers, and system administrators or third parties who host and manage data;

Delivery and services payment providers;

Product verification service providers;

Analytics, CRM and other software that assist us in the communication with you and the improvement and optimisation of our Site or App;

Any other third parties for the purpose of enabling the services you book to be carried out;

Other companies in the group for administrative and organisational purposes;

Third parties if we are required to do so by law, or if we believe that such action is necessary to: (a) fulfil a government, or regulatory authority request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our websites or customers;

Other reasons. We may also share your personal information with a purchaser or potential purchaser of our business.

We may also need to disclose your information to comply with applicable laws and enforceable requests for information from government or regulatory bodies, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of LOOP, our customers, or others.

Any other third parties with your express consent. For example, where you have given us your express consent, we will supply your information to our partners and selected third parties, including Merchants, so that they may contact you with information and offers which may be of interest to you.

International data transfers

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), where the laws on processing personal data may be less stringent than in your country. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, by ensuring at least one of the following safeguards is implemented:

-transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;

-entering into specific contractual terms which have been approved by ICO or/and by the European Commission, as applicable, and which give personal data the same protection as within the EEA;

For further information on the safeguards used, please contact us at [email protected]

Data retention

We retain personal information for as long as we require for the purposes for which it is processed or as is otherwise required by applicable law, based on our data retention schedule. Our retention periods will vary depending on the type of data involved, but, generally, we will refer to these criteria in order to determine retention period:

-Whether we have a legal or contractual need to retain the data.

-Whether the data is necessary to provide our Services.

When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods.

We may retain aggregate historical transactions data.

If you require further information about our data retention schedule, please contact us at [email protected]

Your rights

Under the GDPR and the UK GDPR, you are entitled to certain rights in relation to our handling of your personal data, as described below.

–Request access to your personal data that we hold about you (commonly known as a “data subject access request” or DSAR). This enables you to receive a copy of the personal data we hold about you or are otherwise processing;

-The right to obtain without undue delay the rectification of inaccurate personal data concerning you, including the right to have incomplete personal data completed e.g. by means of providing a supplementary statement. This enables you to have any incomplete or inaccurate data we hold about you corrected. We will need to verify the accuracy of the new data you provide to us;

–Restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data under some circumstances.

–Right to erasure (‘right to be forgotten’). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it, except for information where a contract or legitimate interest continues to exist (e.g. to pursue claims), among other exceptions. Please note that deleting your account does not mean that your data will also be automatically deleted. After you have deleted your account, you will have 30 days to restore it before all information is permanently deleted. If you delete any or all personal information while your account is active, then your account may become deactivated if such information is necessary in order to provide the services or certain functionality may be reduced.

–Object to processing of your personal data where we are relying on a legitimate interest (or those of a third-party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;

-You may exercise your right of data portability in a common, machine readable form by obtaining your data by sending us an email request.

Where another mechanism is not provided, you can exercise the rights at any time by contacting us at [email protected]

Where your request is manifestly unfounded or excessive, in particular because of its repetitive character, we may either: charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request. In any case we will inform you accordingly..

Children

Information Security

We take the security of your Personal Information very seriously and use strict procedures and security features to try to prevent unauthorised access of your Personal Information.

We have put into place the following procedures to protect the Personal Information we hold about you from misuse and loss, and from unauthorised access, modification or disclosure:

All access between public untrusted networks, internal network, semi-trusted zone and trusted zone is controlled and monitored using state of the art firewalls capable of deep packet inspection. Services and protocols enabled are for valid business requirements only. All network zones are isolated from one another and all connections between zones are explicitly enabled and all other access denied by default.

There is no direct connection between the untrusted (public) and trusted (private) zones. Our network and perimeter are monitored and protected by state of the art firewalls, anti-virus and integrity management software and we undertake annual internal and external vulnerability testing by qualified security assessors. Our team maintain our systems with regular OS updates and distributed system logging to ensure we are up-to-date and aware of anomalies in the shortest time possible.

All of our platform hardware is housed in a secure data centre with network and power supply redundancy and physical security measures to prevent unauthorized access.

We work hard to maintain these procedures and keep them current and up to date.

Links to Other Sites

Our Site or App may contain links to and from other websites (“Third Party Sites”). If you choose to follow a link to a Third Party Site, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before submitting any information to a Third Party Website.

The fact that we link to a Third Party Site should not be taken as an endorsement, authorisation or representation of our affiliation with that third party or of the information, products, goods or services that third party may offer.

Changes to this Policy

Contacting Us

If you have any questions about this Privacy Policy, please contact us at [email protected]