Privacy Policy

Last updated on October 10, 2022

Looti operates the Services and, as applicable, handles Personal Data, pursuant to this privacy policy. The customer must expressly accept these terms by checking a box in the registration form.

1. Use of Data 🤖

1.1. Customer Data Safeguards

Looti will not sell, rent, or lease Customer Data to any third party. Looti will not share Customer Data with third parties, except when needed to provide, secure, and support the Services as mentioned in this privacy agreement.

1.2. Data Processing Agreement

The Data Processing Agreement constitutes the instructions given by the Customer to Looti regarding the processing of Personal Data, in accordance with GDPR, Article 28. Acceptance of the Data Processing Agreement is a condition precedent to the conclusion of the Terms of Service between the Parties and its entry into force. The Customer, as controller, and Looti, as processor, undertake to respect the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) or other data privacy or data protection law or regulation that applies to the Processing of Personal Data under this DPA (such laws collectively with GDPR, “Applicable Data Protection Law”). To deliver the Services, Looti collects, processes and produces Customer Data which may include, without limitation, any information relating to an identified or identifiable natural person (‘data subject') where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity of that natural person (such information, “Personal Data”)

1.3. Hosting and Processing.

Unless otherwise specifically agreed to by the Customer. Customer Data may be hosted by Looti, or its respective authorized third-party service providers, in the European Union or other locations around the world. In providing the Services, Looti will engage entities to process Customer Data, including and without limitation, any Personal Data within Customer Data pursuant to this privacy agreement, within the EU and in other countries and territories. The Services offered by Looti are hosted on Amazon Web Services servers (via Vercel) located in the European Union.

1.4. Marketing references

The Customer expressly authorizes Looti to quote him and to use, if necessary, the reproduction of his brand or logo as a commercial reference, in particular during events, in its commercial documents, and on its website, in any form whatsoever.

2. Obligations ✅

2.1. Customer's obligations

The Customer is responsible for complying with its obligations as a controller under this DPA and Applicable Data Protection Law, including the lawfulness of disclosing personal information to Looti. The Customer, who collects the Personal Data, remains responsible for informing the persons concerned of the transfer and processing of said data by Looti, whose responsibility, as a subcontractor of the processing, can only be engaged within this limit.

3. Looti's obligations

Looti will do its best efforts to:

  • ● process the personal data only on documented instructions from the Customer;
  • ● ensure that employees and contractors authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • ● considering the nature of the processing, assist the controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer's obligation to respond to requests for exercising the data subject's rights. Looti acknowledges that it is solely the responsibility of the Customer to respond to the requests of the data subjects;
  • ● assist reasonably the Customer in ensuring compliance with the obligations pursuant to security, personal data breach, data protection impact assessment and prior consultation, considering the nature of processing and the information available to Looti
  • ● at the choice of the Customer, communicated to Looti in writing, delete or return all the personal data to the Customer after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the personal data;
  • ● notify the Customer without undue delay after becoming aware of a personal data breach. Looti acknowledges that it is solely the responsibility of the Customer to notify the personal data breach to the supervisory authority competent and communicate the personal data breach to the data subject.

4. Subprocessing

Looti is authorized by the Customer to use sub processors for the performance of his contractual obligations, including the processing of personal data, provided that Looti has concluded a written or electronic agreement with the subcontractor guaranteeing a level of protection equivalent to the level provided for in the DPA and, at the Customer's request that main dispositions of this agreement be communicated to him. Looti must inform the Customer of any intended changes concerning the addition or replacement of a sub-processor, it is understood that the Customer may object to such changes if this subcontractor does not comply with GDPR mandatory dispositions, within eight days of being informed.

5. Ownership

The Customer will continue to retain its ownership rights to all Customer Data processed under the Terms of Service and Looti will own all Usage Data.

6. Looti's Use of Data

Looti may receive, collect, store and process Customer Data based on the contract concluded by the Parties and on Looti's legitimate interest in operating the Services. For example, Looti may collect Personal Data (such as name, phone number, or credit card information) through the account activation process. Looti may also use Customer Data in an anonymized manner, such as conversion to a numerical value, to train the machine learning models to support certain features and functionality within the Services.