Your personal data and how we handle it

Your personal data is the data we collect and save about you and how you use our services that directly or indirectly identifies you. We use this information to provide a better user experience, improve our services, and provide offers that fit your needs.

The information below is a summary of how we collect and handle your data in accordance with the General Data Protection Regulation (GDPR).

Type of personal data we collect

Contact information

When you become a Loopia customer, we collect your contact information:
Name, address, e-mail address, telephone number and social security number.

Information about your services

We also store data about which of our services you order and use, and how you use them.

Support tickets

When you contact our support, we collect the information you provide us in order to be able to help you with your case.


How we collect personal data

We collect and process data that...

  • ...you enter yourself when you become a customer with us.
  • ...you share with us when you contact us via chat conversations, emails and recorded phone calls.
  • ...is created when you use our services – for example, when you visit our website or log in to the customer zone.
  • ...we get from other sources – such as UC AB.
  • ...is collected through cookies that stores information from your browser.

Exactly what information we collect about you depends on which of our services you use.


What we use personal data for

In order for us to process your data, one of the following legal bases must be met:

  • Necessary to fulfill the contract with you.
  • Necessary to fulfill a legal obligation for Loopia.
  • The processing lies in both your and Loopia's interest.
  • Consent from you for that particular processing.

In order for us to provide our services to you, we need to process your personal data. Below you will find information about what we use your data for, and the legal basis each processing is supported by.

Provision of services

We process personal data to identify you as a customer and to manage and deliver the services you ordered and subscribe to. As well as personal data required to handle billing and payments of the services you use.

Legal basis: Necessary to fulfill contract.

Communication and support

We may use personal information from previous communication between you and us in order to provide better assistance.

We use your contact information and information about which services you use as the basis for invoices, newsletters, important information about your services, offers and tips on how to use our services.

Legal basis: Legitimate interest, consent and necessary to fulfill contract.

Development of our services and products

We process personal data on how you use our services, and from your communication with us as a basis for improving your experience specifically and our services in general.

Legal basis: Legitimate interest and consent.

Marketing

We process personal data about what services you use and how you use them in order to market relevant products and services to you according to your needs.

Legal basis: Legitimate interest and consent.

Security and prevention of abuse

We process personal data in order to detect and prevent the following for our services and our network:

  • abuse
  • intrusion attempts
  • attacks such as viruses and DDOS
  • law violations
  • terms violations

Legal basis: Necessary to fulfill contract and legal obligation.

Regulatory obligations

We process personal data in order to comply with the requirements of the law.

Legal basis: Legal obligation.


For how long time we store personal data

We store personal data as long as there is a documented purpose for the processing. Contact our data protection officer for details.


To whom do we share personal data

Partners, subcontractors and other companies within Visma

We have agreements with all partners and subcontractors in the EU, and EU standard contract clauses for all outside the EU. EU/US Privacy Shield certification is used if the processing takes place in the United States. The agreements regulates what personal data is being processed, why the processing is done, how personal data are to be protected and for how long it is being processed. The agreements also contain instructions from the data controller to the data processor on how personal data can be processed.

We strive to never share more personal data than absolutely necessary with each partner.

We implement appropriate safeguards to ensure that your personal data is handled in accordance with applicable laws regarding safety and privacy. We apply the same requirements to our subcontractors.

For the following purposes we may share certain data with the mentioned partners and subcontractors.


Marketing and analytical purposes

Partner Personal data that is shared and why
Google Analysis data through third party cookies for marketing and web analytics to improve our services.
Facebook Third-party cookie analysis data for marketing purposes.
Hotjar Analysis data through third party cookies for marketing and web analytics to improve our services.
Tradedoubler Cookie data for tracking purchases made through affiliate advertising (ad network with commission).
Double.net Cookie data for tracking purchases made through affiliate advertising (ad network with commission).

In order to deliver ordered services

Partner Personal data that is shared and why
Active24 S.R.O. Data required for our Czech sister company to deliver our VPS services, hosting websites built in Loopia Sitebuilder (Yola) as well as MS SQL and our shared hosting Windows platform.
Ascio Data required to register, manage and renew domain names (in addition to these domain names where Loopia itself is the registrar: .SE, .NU and .EU).
Basekit Data required to set up an account for you in Loopia Sitebuilder (Basekit).
EURid Data required to register, manage and renew domain names of the domain type .EU.
Internetstiftelsen i Sverige (IIS) Data required to register, manage and renew domain names of the domain types .SE and .NU.
Loopia D.o.o Our subsidiary in Serbia where a large part of our development team is located has access to certain customer data through our development environment for troubleshooting and product development.
Microsoft Data required to configure and manage Office 365 accounts for you at Microsoft.
OpenSRS Data required to register, manage and renew domain names (in addition to these domain names where Loopia itself is the registrar: .SE, .NU and .EU).

In order to charge for our services

Partner Personal data that is shared and why
Dibs Data required to complete a card payment.
DNB Data som krävs vid manuella återbetalningar via Bankgiro.
Strålfors Data required to send a paper invoice.
UC AB Data required to verify authenticity in the personal data specified upon ordering.

Other

Partner Personal data that is shared and why
Puzzel Data required to provide support services such as callback, chat and call recording.
Visma Personal identification numbers and contact details are shared for marketing purposes. Surveys are shared to improve our services. development goals.
Visma Consulting Personal identification numbers are shared to allow identification of the customer through BankID.

Authorities

We may be required to provide certain personal data by law and authority decisions upon request from for example the police.


How we protect your personal data

We use industry standards to store, process and communicate sensitive personal information such as personal data and passwords in a safe way. For example, SSL/TLS, PGP, and one-way hash algorithms.

The protection is implemented with systematic, organizational and technical measures to ensure integrity, confidentiality and accessibility.

We have policies and security practices implemented regarding:

  • information security
  • incident management
  • risk analysis
  • software updates
  • secure configuration and management of devices
  • office and data centers
  • software development
  • education and training

Loopia's staff are bound by confidentiality agreements and only process the data their specific tasks requires.


You control your personal data

You control your own personal information, meaning that you decide which data you want to give and what processing of your personal data you approve. You can revoke your consent at any time.

However, we need some personal data to provide our services to you. If you choose to revoke your consent, this may mean that we can not provide all our services to you.

Learn more about what rights you have regarding your personal data »


Your and your users personal data when Loopia acts as a data processor

In case you are data controller and Loopia acts as a data processor, our processing of your customers' personal data is regulated by our terms appendix Data processing agreement. For example, if you run a webshop at Loopia where your customers' orders are stored and processed on our servers, the email accounts you have with us or the data you store in our database services.


How we process your personal data when you are no longer a customer

When you terminate your account, we will remove all your personal data where there is no purpose for further processing. We also notify any potential partners and subcontractors who processed your data to also delete the data.

Among the things that are removed are your potential…

  • ...websites and databases.
  • ...eventuella domännamn och dns-inställningar.
  • ...email addresses with associated emails.
  • ...personal data in our CRM system.
  • ...backups of the above are removed in accordance with our backup schedule.


Among the things that are not removed are:

  • Data required by the Accounting Act.

Hey, do you need assistance?

Our popular SuperSupport is here to assist you.
Open weekdays 7-21, weekends 11-15

 
+46 (0)21-12 82 22 Closed