Privacy Policy (for Merchant’s Customers)

Last updated:
May 28, 2023

Introduction

Welcome to Loox, a web application that provides an online reviews and marketing solution owned and operated by Loox Online Ltd. (“we”, “us”, “our”).

This Privacy Policy (for Merchant’s Customers) (the “Policy”), which is incorporated into our Terms of Service (for Merchant’s Customers), describes what personal information we collect and the policies and procedures we use regarding your personal information (“You”, “Merchant’s Customer”) through our web application (the “Service”) on behalf of the merchant who uses our Service and with whom you interacted (the “Merchant”).

We are committed to complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), UK GDPR and the California Privacy Rights Act (CPRA).

The Service is not directed to Merchant’s Customers under the age of 18. We do not knowingly collect information or data from children under the age of 18 or knowingly allow children under the age of 18 to use the Service.

This Policy may be amended from time to time. We will post any change to this Policy on our Service at a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes if we have your email address.

Contact us

If you have any questions, comments or concerns regarding this Policy or our processing of your personal information, please contact us at support@loox.io or through our online contact form, at: https://loox.app/get-in-touch

<span id="what-we-collect-and-why-e">What we collect and why</span>

{{privacy-table1="/drafts/cms-tables"}}

Methods and sources for collecting your personal information

We collect the personal information from several sources:

  • Directly from Shopify once you have completed the purchase on the Merchant's website
  • Directly from you when you use the Service or leave a review or other content on the Merchant store, or when you provide your personal information to us through our Service contact forms and email communications. 
  • From the following sources ("Vendors") and from our service providers helping us to operate the Service.
  • Through the device you use to access our Service, including through analytics tools, and our own internal event tracking system. 
  • You are not legally obligated to provide us or the Merchant with your personal information, but if you do not, we will not be able to handle or respond to your inquiry, or fulfill your request to access or to use the Service functionalities.

<span id="sharing-your-personal-information-e">Sharing your personal information</span>

We will not share your information with third parties, except in the events listed below or when you provide us with your explicit and informed consent.

{{privacy-table2="/drafts/cms-tables"}}

Data retention and security

We retain your information for the duration we need it to operate the Service and our business, to interact with you, and thereafter as needed for record-keeping matters.

We retain your Transaction Information for one (1) year, unless you submitted a review through our Service. If you submitted a review, we will retain your information for the duration needed to support our ordinary business activities operating the Service and interacting with you. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements. The overall period of retention is approximately 7 years.

We implement measures to secure your information

We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.

Additional information for individuals in the EU or UK 

Processor, GDPR and UK representatives

Loox is a data Processor for the personal information described in this Policy and in our Data Processing Addendum. Loox process such personal information on the Merchant Behalf, which is the data Controller that determines the purposes and means of processing your data. You can review the Merchant's contact information in the Merchant’s own policy.

International data transfers

If we transfer your information from within the EU to the United States or other countries, which are not recognized by the European commission as having adequate protection for personal data, we will endeavor to do so under the terms of a data transfer agreement which contain standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.

<span id="legal-basis-for-processing-your-personal data-e">Legal basis for processing your personal data</span>

{{privacy-table3="/drafts/cms-tables"}}

Data subject rights

If you are in the EU or the UK, you have the specific rights under the GDPR, such as the right to access and receive a copy of your personal information, right to rectify inaccurate personal information, right to easily and at any time withdraw your consent, right to data portability, right to object, right to Restrict processing your personal information and the right to be forgotten. If you wish to exercise any of these rights, contact the Merchant directly.

Subject to applicable law, you also have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click <rte-link-break>http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061).<rte-link-break> If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.

<span id="additional-information-for-individuals-in-california-e">Additional information for individuals in California</span>

If you are an individual residing in California, we provide you with the following information pursuant to the California Privacy Rights Act (CPRA). We do not sell or share your personal information for cross-behavioral advertising and have not done so in the past 12 months. We are a “Service Provider” acting on behalf of the Merchant, who is a “Business” under the CPRA.

{{privacy-table4="/drafts/cms-tables"}}

<span id="disclosures-to-third-parties-e">Disclosures to third parties</span>

The chart below explains what is the personal information disclosed for a business purpose to third parties in the preceding 12 months.

{{privacy-table5="/drafts/cms-tables"}}

Your rights under the CPRA if you are a resident of California

If you are a resident of California, you have the specific rights under the CPRA, such as the right to know what personal information is collected about you, right to deletion, right to correct inaccurate personal information and the right for protection against discrimination.

If you would like to exercise any of your CPRA rights, please note that we are merely a service provider that follows the Merchant’s instructions. You should submit the request directly to the Merchant, not us.

Do Not Track

Our Do Not Track Notice. We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of Personal Data about online activities over time and across third-party web sites or online services.

This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Alleged infringement notice

If you believe that the Service was used to infringe your copyrights, you may send our designated copyright agent (the "Agent") a written notification that includes substantially the following: 

  1. A physical or electronic signature of the person authorized to act on behalf of the owner of the right that is allegedly infringed;
    1. Loox Privacy Policy for end users available here (the "Privacy Policy")
    2. Loox Terms of Service available here
  2. Identification of the copyrighted work claimed to be infringed, or if copyrighted works are covered by a single notification, a representative list of such elements; 
  3. Identification of the content that is claimed to infringe or to be the subject of infringing activity and the access to which is to be disabled, and information reasonably sufficient to permit us to locate the content, including the exact Service page in which you discovered the allegedly infringing content; 
  4. Information reasonably sufficient to permit us to contact you, such as an address, telephone number, and, if available, an electronic mail address at which you may be contacted; 
  5. A statement that you have a good faith belief that the use of the material, in the manner complained of, is not authorized by the owner of the copyrighted work, its agent, or the law; 
  6. A statement that the information in the notification is accurate, and under penalty of perjury, that you are authorized to act on behalf of the owner of the copyrighted work that is allegedly infringed.

Upon your notification, we may remove or disable access to the content that you claim to be infringing. We may ask you to provide further or supplemental information, prior to removing or disabling access to any content displayed on the Service, as we deem necessary to comply with the law. We may also provide the Service user who submitted the allegedly infringing content, with your contact details, in order for that person to be able to contact you and challenge your claim.

Counter notification

If we’ve removed or disabled access to content that you submitted, pursuant to a notification of claimed infringement that we received, then you have an opportunity to respond to the notice and takedown by submitting a counter-notification to our Agent. To be effective, your counter notification must be a written communication that includes substantially the following:

  1. Your physical or electronic signature;
  2. Identification of the removed content, or of the content to which access has been disabled and the location at which the content appeared before its removal or before access to it was disabled;
  3. A statement, under penalty of perjury, that you have a good faith belief that the content was removed or disabled as a result of mistake or misidentification of the content;
  4. Your name, address, and telephone number, and a statement that you consent to the jurisdiction of the competent courts in any judicial district in which your address is located or in which you may be found, and that you will accept service of process from the person who provided notification or an agent of such person.

After receipt of a counter notification, we will provide the person who submitted the claimed infringement notification, with a copy of the counter notification.

Subject to the applicable law, we may then replace the removed content and cease disabling access to it within 10 to 14 business days following receipt of the counter notice, unless our Agent first receives notice from the person who notified us of the claimed infringement that such person has filed an action seeking a court order to restrain the user from engaging in infringing activity relating to the content on the Service.

Heading

This is some text inside of a div block.