Loopit Privacy Notice

Introduction

Loopit Mobility (referred to as “Loopit”, “We”, “Our” or “Us”) is committed to protecting the privacy and security of your Personal Data. We have developed this Privacy Notice to inform you of the data we collect, what we do with your data, what we do to keep it secure as well as the Rights you have over your Personal Data.

Throughout this notice we refer to Data Protection Legislation which includes the UK GDPR and other laws mandating data protection including (but not limited to) the Privacy Electronic Communication Regulations (PECR) 2011. This also includes any replacement legislation which may come into effect from time to time.

When our customers use Loopit Mobility services and upload personal information to it, we will be acting as a data processor on behalf of our customers. This Privacy Notice does not cover that processing of personal information. This Privacy Notice covers the processing of personal information when Loopit is acting as a data controller, meaning circumstances when we determine the purpose for the use of the personal information and the way it is used. Examples of this are where we collect information on prospective customers, carry out client relationship management or conduct data analytics using our customers’ data.

This Privacy Notice also applies to members of our group organisation which includes:

• Loopit Holdings
• Blinker Subscription

Each member of our group organisation is considered a separate Data Controller and not Joint Controllers with each other. 

We are registered with the Information Commissioner's Office (the ICO) with registration number ZA577342.

We have appointed a data protection officer (“DPO”), who is responsible for responding to questions in relation to this privacy notice. If at any time you are concerned or have questions about how we handle your personal information, please contact us at dataprivacy@loopit.co.

Personal Data Collected

Due to the nature of our service, we collect and process various categories of personal data from you. The below gives examples of different categories of personal data collected and processed:

• Personal Information. We may collect personal details such as an individual’s name, location, date of birth, driver’s licence details, nationality, family details and other information defined as ‘Personal Data’ in the UK GDPR that allows us to identify who the individual is;
• Contact Information. We may collect information such as an individual’s email address, telephone & fax number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
• Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
• Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and
• Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities.

The above list is representative and non-exhaustive.

We collect personal data through several means. Examples can include:

• Registrations. When an individual registers with Loopit Subscription whereby they provide Personal Information details in order to subscribe to a motor vehicle with us;
• Supply. When an individual supplies us with goods or services;
• Contact. When an individual contacts us in any way;
• Access. When an individual accesses us physically we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services; and/or
• Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.

The above list is representative and non-exhaustive.

How We Use Personal Data

We may use personal data for various activities which can include the following activities:

• The provision of goods and services between an individual and us;
• Verifying an individual’s identity;
• Communicating with an individual about our product, platform or company;          
• Their relationship with us;          
• Our goods and services;          
• Our own marketing and promotions to customers and prospects;          
• Competitions, surveys and questionnaires;
• Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
• As required or permitted by any law

The above list is non-exhaustive and representative. For more information on how we use personal data for specific activities you can contact us as detailed above.

Recruitment

We currently use a third party to advertise our job vacancies. When we receive candidate information, we will receive personal data such as your name, CV information and other information which may be used to help your application to stand out (e.g. licence or certifications). 

We will be sure to only retain candidate data for as long as reasonably necessary which is typically 24 months if a candidate is unsuccessful. 

Recruitment is dealt with internally and by our head office staff in Australia where applicable. The information shared is only for the purpose of making a qualified hiring decision.

Lawful Basis for Data Processing

The UK GDPR requires us to identify appropriate lawful bases to process personal data. The lawful basis we rely on as a data controller are detailed below with brief examples for when they may apply:

‍There may be instances where we may need to process certain categories of data referred to as Special Category Personal Data. These may include personal data related to health, race, and ethnicity as examples, but were identified and needed, we will ensure we consult our DPO to ensure the relevant special conditions are applied and documented where needed.‍

Data Sharing

There may be times we are required to share personal data (including special category personal data) with third parties, these circumstances include but are not limited to: 

• Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
• As required by any law; and/or

• Our third-party IT support providers
• External lawyers (including third party lawyers), accountants, auditors, or insurers
• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as we currently do, which can also extend to consents for marketing communications

Where we may need to share data with any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.

International Data Transfers

There may be instances where we may need to transfer your data outside the UK. We may need to share your data with companies who are in the European Economic Area (The EU member states, Norway, Iceland, and Liechtenstein), in an adequate listed country, or in other third countries who may not have similar data protection laws to the UK. If we need to transfer your information outside the UK, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice, as well as implementing the appropriate safeguards such as Standard Contractual Clauses and International Data Transfer Agreements.

Cookies

We use cookies on our websites. More information on how we use cookies can be found in our cookie notice, where you can also change your consent.

Marketing Communications

We would like to send you marketing news and updates regarding our company, products and services should you like to receive them. In order to send you these communications we would require your consent, and you can always change your preferences (i.e. opt out) by clicking on the relevant unsubscribe link at the bottom of the email. You also have the ability to opt out by contacting at dataprivacy@loopit.co.

Automated Decision-Making and Profiling

We conduct automated decision making and profiling   for the purpose of assessing suitability for a subscription with any of our customers. This is to eliminate fraud, assess capacity to afford a subscription and ensure the safety of both our customers and their subscribers. We have technical and organisational measures  in place to ensure this type of processing is compliant.  

You have the right to query a decision that has been made via the use of automated decision-making and profiling, please see the ‘Contact Us’ section for further details. 

Data Retention

We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims. 

At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.

Data Security

We implement appropriate technical and organisational measures to protect the personal data that we process from unauthorised disclosure, use, alteration or destruction.  

In addition to the technical and organisational measures we have put in place, there are a number of simple things you can do in order to further protect your personal information.

1. Never enter your details after clicking on a link in an email or text message.
2. Always send confidential information by encrypted email where possible this reduces the risk of interception.
3. If you’re logged into any online service do not leave your computer unattended. 
4. Close your internet browser once you’ve logged off.
5. Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.

Data Protection Rights

You have the following rights in respect of your personal data:

• You have the right of access to your personal data and can request copies of it and information about our processing of it. 
• If the personal data we hold about you is incorrect or incomplete, you can ask us to rectify or add to it. 
• Where we are using your personal data with your consent, you can withdraw your consent at any time. 
• Where we are using your personal information because it is in our legitimate interests to do so, you can object to us using it this way. 
• Where we are using your personal data for direct marketing, including profiling for direct marketing purposes, you can object to us doing so.
• You can ask us to restrict the use of your personal data if:

• It is not accurate.
• It has been used unlawfully but you do not want us to delete it.
• We do not need it any-more, but you want us to keep it for use in legal claims; or 
• if you have already asked us to stop using your data but you are waiting to receive confirmation from us as to whether we can comply with your request.

• In some circumstances you can compel us to erase your personal data and request a machine-readable copy of your personal data to transfer to another service provider.
• You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, please contact us at dataprivacy@loopit.co. 

You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at: https://ico.org.uk/concerns/. 

Contact Us

We understand you may have concerns and complaints about this notice and any aspects to how we process personal data. If you would like to contact us directly to talk to us about a concern or to raise a complaint, you can do so by using our contact details below.

You contact our head office using the following details:

Post: 

Loopit Mobility

10 John Street, London, WC1N 2EB

dataprivacy@loopit.co

You can also submit a complaint directly to the Information Commissioner's Office (the ICO), the UK supervisory authority for data protection in the UK, via this link https://ico.org.uk/make-a-complaint/. 

Review and Updates

We will review this notice and make changes to it from time to time. We recommend that you check this notice to see where changes have been made and to ensure you are able to review updated information at all times.

‍