Privacy & Security

Optora B.V. ("Loopsy," "we," "us," "our") is committed to protecting the privacy and security of your personal data. This Privacy & Security Policy explains how we collect, use, store, and protect your personal information when you visit loopsy.co or place an order with us.

This policy is drafted in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Dutch data protection legislation.

The data controller responsible for your personal data is:

Information you provide directly:

• Name, company name, and job title
• Email address and phone number
• Billing and shipping addresses
• Order details and purchase history
• Communications with our support team
• Account registration details

Information collected automatically:

• IP address and browser type
• Device information and operating system
• Pages visited, time spent, and navigation patterns
• Referral source and search terms
• Cookies and similar tracking technologies

We process your personal data under the following lawful bases:

We do not sell your personal data. We may share your data with the following categories of recipients:

• Shipping and logistics providers (FedEx, DHL, UPS via Eurosender) for order fulfillment
• Payment processors for secure payment handling
• Shopify Inc. as our e-commerce platform provider
• Email service providers for transactional and marketing communications
• Professional advisors such as accountants and legal counsel, where necessary
• Public authorities when required by law or regulation

All third-party processors are contractually bound to process your data only on our instructions and in accordance with GDPR requirements.

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including Turkey (for order fulfillment via our production partner) and the United States (for certain service providers).

Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions.

We retain your personal data only for as long as necessary:

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — Request a copy of the personal data we hold about you.
• Right to rectification — Request correction of inaccurate or incomplete data.
• Right to erasure — Request deletion of your data, subject to legal retention obligations.
• Right to restriction — Request restriction of processing in certain circumstances.
• Right to data portability — Receive your data in a structured, machine-readable format.
• Right to object — Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at info@loopsy.com. We will respond within 30 days. You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl.

Our Website uses cookies and similar technologies. We use the following types:

• Strictly necessary cookies — Required for the Website to function (e.g., shopping cart, session management). These do not require consent.
• Analytics cookies — Help us understand how visitors interact with the Website. Placed only with your consent.
• Marketing cookies — Used to deliver relevant advertisements. Placed only with your consent.

You can manage your cookie preferences at any time through the cookie banner on our Website or through your browser settings.

All payment transactions are processed through secure, PCI-DSS compliant payment providers. Loopsy does not store, process, or have access to your full credit card details. All payment data is transmitted over encrypted (SSL/TLS) connections.

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for all data transmitted through our Website
• Secure hosting infrastructure via Shopify
• Access controls and authentication for internal systems
• Regular review of security practices

While we take all reasonable precautions, no method of transmission over the Internet is completely secure. We cannot guarantee absolute security of your data.

We may update this Privacy & Security Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on this page with a revised date. We encourage you to review this policy periodically.