Privacy Policy

The entity responsible for processing your personal data is Looply. Our registered address is Carrer de Jordi Girona, 31, Edifici C3, Campus Nord UPC, 08034 Barcelona, Spain. You can reach us at dpo@looply.eco for any data protection question.

This Privacy Policy explains how we collect, use, store and protect your personal data when you visit looply.eco, use our platform or interact with our services. We comply with the GDPR (EU) 2016/679, Spain's LOPDGDD 3/2018, and all other applicable data protection law.

We may collect the following types of personal data:

• Identification data; name, email address, phone number, postal address, company name and job title.
• Technical data; IP address, browser type and version, operating system, device identifiers and access timestamps.
• Communication data; messages you send us through contact forms, email or other channels.
• Commercial data; information related to quotes, contracts, invoices and payments.
• Navigation data; cookies and similar technologies, as described in our Cookie Policy.

We process your data for the following purposes:

• Responding to your enquiries and managing communications, with the following legal basis: your consent and/or pre-contractual measures (Art. 6.1.a and 6.1.b GDPR).
• Providing, maintaining and improving our services, with the following legal basis: performance of a contract (Art. 6.1.b GDPR).
• Sending you commercial communications about our products, with the following legal basis: legitimate interest or your explicit consent (Art. 6.1.a and 6.1.f GDPR).
• Complying with legal and regulatory obligations, with the following legal basis: legal obligation (Art. 6.1.c GDPR).
• Running analytics and improving our website, with the following legal basis: legitimate interest (Art. 6.1.f GDPR).
• Keeping our systems secure and reliable, with the following legal basis: legitimate interest (Art. 6.1.f GDPR).

We only share your data when necessary. The parties we may share it with are:

We never sell, rent or trade your personal data to third parties for their own marketing purposes.

• Service providers who process data on our behalf such as hosting, analytics, email and CRM providers. All are bound by data processing agreements under Art. 28 GDPR.
• Public authorities when required by law or by a legitimate judicial or administrative process.
• Professional advisors such as lawyers, accountants and auditors, subject to professional secrecy obligations.

Some of our service providers may be based outside the European Economic Area. When this happens, we make sure appropriate safeguards are in place:

• Adequacy decisions issued by the European Commission.
• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Binding Corporate Rules, where applicable.

We keep your data only for as long as needed for the purpose it was collected, or as required by law:

When the retention period ends, your data is securely deleted or anonymised.

• Contact form data, kept for the duration of the commercial relationship plus 3 years.
• Contractual data, kept for the life of the contract plus the legally required period (typically 5–10 years for tax and commercial obligations).
• Analytics data, kept in anonymised or pseudonymised form for up to 26 months.
• Marketing consent records, kept while consent is valid plus 3 years.

We may update this Privacy Policy from time to time. When we do, we will publish the new version on our website with an updated date. We encourage you to check back periodically. Continuing to use our services after any update means you accept the revised Policy.