Your personal data and how we handle it
Your personal data is the data we collect and save about you and how you use our services that directly or indirectly identifies you. We use this information to provide a better user experience, improve our services, and provide offers that fit your needs.
The information below is a summary of how we collect and handle your data in accordance with the General Data Protection Regulation (GDPR).
- Type of personal data we collect
- How we collect personal data
- What we use personal data for
- For how long time we store personal data
- To whom do we share personal data
- How we protect your personal data
- You control your personal data
- Your and your users personal data when Loopia acts as a data processor
- How we process your personal data when you are no longer a customer
Type of personal data we collect
Contact information
When you become a Loopia customer, we collect your contact information:
Name, address, e-mail address, telephone number and social security number.
Information about your services
We also store data about which of our services you order and use, and how you use them.
Support tickets
When you contact our support, we collect the information you provide us in order to be able to help you with your case.
How we collect personal data
We collect and process data that...
- ...you enter yourself when you become a customer with us.
- ...you share with us when you contact us via chat conversations, emails and recorded phone calls.
- ...is created when you use our services – for example, when you visit our website or log in to the customer zone.
- ...we get from other sources – such as UC AB.
- ...is collected through cookies that stores information from your browser.
Exactly what information we collect about you depends on which of our services you use.
What we use personal data for
In order for us to process your data, one of the following legal bases must be met:
- Necessary to fulfill the contract with you.
- Necessary to fulfill a legal obligation for Loopia.
- The processing lies in both your and Loopia's interest.
- Consent from you for that particular processing.
In order for us to provide our services to you, we need to process your personal data. Below you will find information about what we use your data for, and the legal basis each processing is supported by.
Provision of services
We process personal data to identify you as a customer and to manage and deliver the services you ordered and subscribe to. As well as personal data required to handle billing and payments of the services you use.
Legal basis: Necessary to fulfill contract.
Communication and support
We may use personal information from previous communication between you and us in order to provide better assistance.
We use your contact information and information about which services you use as the basis for invoices, newsletters, important information about your services, offers and tips on how to use our services.
Legal basis: Legitimate interest, consent and necessary to fulfill contract.
Development of our services and products
We process personal data on how you use our services, and from your communication with us as a basis for improving your experience specifically and our services in general.
Legal basis: Legitimate interest and consent.
Marketing
We process personal data about what services you use and how you use them in order to market relevant products and services to you according to your needs.
Legal basis: Legitimate interest and consent.
Security and prevention of abuse
We process personal data in order to detect and prevent the following for our services and our network:
- abuse
- intrusion attempts
- attacks such as viruses and DDOS
- law violations
- terms violations
Legal basis: Necessary to fulfill contract and legal obligation.
Regulatory obligations
We process personal data in order to comply with the requirements of the law.
Legal basis: Legal obligation.
For how long time we store personal data
We store personal data as long as there is a documented purpose for the processing. Contact our data protection officer for details.
To whom do we share personal data
Partners and subcontractors
We have agreements with all partners and subcontractors in the EU, and EU standard contract clauses for all outside the EU. The agreements regulate what personal data is being processed, why the processing is done, how personal data are to be protected and for how long it is being processed. The agreements also contain instructions from the data controller to the data processor on how personal data can be processed.
Please note that point 4.1 of Appendix A in Loopia's General Terms and Conditions also applies to transfers to third countries.
We strive to never share more personal data than absolutely necessary with each partner.
We implement appropriate safeguards to ensure that your personal data is handled in accordance with applicable laws regarding security and privacy. We apply the same requirements to our subcontractors.
Loopia updates this list with changes in personal data access conditions when such changes are planned. Changes are included in this list at least one month before the change is implemented.
For the following purposes we may share certain data with the mentioned partners and subcontractors.
Marketing and analytical purposes
| Partner | Personal data that is shared and why |
|---|---|
| team.blue Group | The team.blue Group, consisting of several brands and subsidiaries, can improve coordination and resource allocation by sharing data internally. This allows for more efficient collaboration on product, campaign, and customer service improvements. Personal data may be shared among team.blue Group companies for marketing statistics, internal administration, and reporting purposes, but only in an amount necessary for the intended use and with proper protective measures in place to prevent unauthorized access or disclosure. |
| Exponea | Cookie data for tracking and analyzing visits and purchases on Loopia's websites as well as contact information for eg sending newsletters. |
| Analysis data via third-party cookies as well as pseudonymized email addresses and pseudonymized phone numbers for marketing and web analytics to improve our services. Analysis of customer contact information, account information in Google G Suite (Drive, Docs, Sheets) and Google BigQuery for eg product development purposes. Analyzes are also visualized via Google Data Studio. | |
| Hevo Data | Contact information, account information and billing information for data transfer to Google BigQuery for analytics purposes. |
| Third-party cookie analysis data and pseudonymized email addresses for marketing purposes. | |
| Hotjar | Analysis data through third party cookies for marketing and web analytics to improve our services. |
| Tradedoubler | Cookie data for tracking purchases made through affiliate advertising (ad network with commission). |
| Liidio Oy (Leadfeeder) | Analysis of data through third-party cookies for marketing purposes. |
| InstaWP | Data required to create a WordPress demo account for you, either via our WordPress page or through LoopAI. |
| Trustpilot | Product order information required to enable validated reviews of Loopia products. |
| Fullstory | Analysis data through third party cookies for marketing and web analytics to improve our services. |
| HubSpot Ireland Ltd | Cookie data used to analyze visits and interactions on our website, as well as contact details for customer communication and newsletters. |
| leadstreet BV | Data required to implement and optimize HubSpot with Leadstreet as a consulting partner. |
In order to deliver ordered services
| Partner | Personal data that is shared and why |
|---|---|
| Active24 S.R.O. | Data required for our Czech sister company to be able to store websites built in Loopia Sitebuilder (Yola) as well as MS SQL and our shared hosting Windows platform. |
| Ascio | Data required to register, manage, renew and monitor domain names (in addition to these domain names where Loopia itself is the registrar: .SE, .NU and .EU). |
| Basekit | Data required to set up an account for you in Loopia Sitebuilder (Basekit). |
| EURid | Data required to register, manage and renew domain names of the domain type .EU. |
| Internetstiftelsen i Sverige (IIS) | Data required to register, manage and renew domain names of the domain types .SE and .NU. |
| Customer contact information, account information and billing is handled through Google G Suite (Drive, Docs, Sheets) as a basis for troubleshooting, managing services and coordinating security work. | |
| Loopia D.o.o | Our subsidiary in Serbia where a large part of our development team is located has access to certain customer data through our development environment for troubleshooting and product development. |
| Microsoft | Customer contact information, account information and billing is handled through Microsoft 365 as a basis for troubleshooting, managing services and coordinating security work. |
| Microsoft | Data required to configure and manage Microsoft 365 accounts for you at Microsoft. |
| OpenSRS | Data required to register, manage, renew and monitor domain names (in addition to these domain names where Loopia itself is the registrar: .SE, .NU and .EU). |
| rankingCoach GmbH | Data required to configure and administer the LoopiaSEO and LoopiaListings services for you at rankingCoach. |
| Websupport S.R.O | Our Slovak sister company. Processes personal data to identify you as a customer and handle invoicing and payment of the services you use, as well as to manage and deliver our VPS services. Part of our development team is also here and has access to certain customer data via our development environment for troubleshooting and product development. |
In order to charge for our services
| Partner | Personal data that is shared and why |
|---|---|
| Nets | Data required to complete a card payment. |
| DNB | Data required for manual repayments via Bankgiro. |
| Strålfors | Data required to send a paper invoice. |
| UC AB | Data required to verify authenticity in the personal data specified upon ordering. |
| Truid AB | Data required to verify authenticity in the personal data specified upon ordering. |
Other
| Partner | Personal data that is shared and why |
|---|---|
| Atlassian | The Jira and Confluence products are used for product development and internal knowledge sharing. |
| LiveAgent | Data required to provide support services such as callback, chat and call recording. |
| Puzzel | Data required to provide support services such as callback, chat and call recording. |
| Visma Consulting | Personal identification numbers are shared to allow identification of the customer through BankID. |
| Slack | Loopia Group intercompany and intracompany communication for providing customer service and troubleshooting. This includes customer contact person contact information, technical customer metadata, customer invoice information, customer support case information and events in technical logs. |
| Websupport S.R.O | Data required for our Slovak sister company to provide and manage our use of Slack, a communications platform. This includes all Slack conversations for data retention and portability purposes. |
| PerformIQ | Data required to deliver support services as we hire consultants for our support team through PerformIQ. |
| Freelance consultants | Data required to deliver support services as we sometimes hire consultants for our team. |
| Pipedrive | CRM tool where customer information and customers' purchase history are processed in order to deliver support services and feedback. |
| Monarx Inc | Files uploaded by the customers are continuously scanned in order to find security vulnerabilities or malicious software. |
Authorities
We may be required to provide certain personal data by law and authority decisions upon request from for example the police.
How we protect your personal data
We use industry standards to store, process and communicate sensitive personal information such as personal data and passwords in a safe way. For example, SSL/TLS, PGP, and one-way hash algorithms.
The protection is implemented with systematic, organizational and technical measures to ensure integrity, confidentiality and accessibility.
We have policies and security practices implemented regarding:
- information security
- incident management
- risk analysis
- software updates
- secure configuration and management of devices
- office and data centers
- software development
- education and training
Loopia's staff are bound by confidentiality agreements and only process the data their specific tasks requires.
You control your personal data
You control your own personal information, meaning that you decide which data you want to give and what processing of your personal data you approve. You can revoke your consent at any time.
However, we need some personal data to provide our services to you. If you choose to revoke your consent, this may mean that we can not provide all our services to you.
Learn more about what rights you have regarding your personal data »
Your and your users personal data when Loopia acts as a data processor
In case you are data controller and Loopia acts as a data processor, our processing of your customers' personal data is regulated by our terms appendix Data processing agreement. For example, if you run a webshop at Loopia where your customers' orders are stored and processed on our servers, the email accounts you have with us or the data you store in our database services.
How we process your personal data when you are no longer a customer
When you terminate your account, we will remove all your personal data where there is no purpose for further processing. We also notify any potential partners and subcontractors who processed your data to also delete the data.
Among the things that are removed are your potential…
- ...websites and databases.
- ...possible domain names and dns settings.
- ...email addresses with associated emails.
- ...personal data in our CRM system.
- ...backups of the above are removed in accordance with our backup schedule.
Among the things that are not removed are:
- Data required by the Accounting Act.
