Privacy Policy
Version 1.0 - Last updated on 22.03.2024
This Privacy Policy outlines how Loopa Services, Lda. handles personal data related to the use of the platform.
The entity responsible for processing the data is Loopa Services, Lda. and its affiliates, also known as “Loopa,” a limited liability company based at Rua Dr. Gomes Leal, No. 3-A, 2560-331 Torres Vedras, Portugal, with the unique registration number and corporate tax number 517593360, with a share capital of two hundred thousand euros. Interested parties can contact it through the following email address: info@loopa.co.
This policy applies to all personal data collected by Loopa or on its behalf, in the context of various interactions with data subjects, in person or through digital means, including the Loopa platform.
1. COLLECTION, RECORDING, AND USE OF PERSONAL DATA
1.1. The Loopa online platform, as well as the services available on it, was designed for use by property owners or managers, regardless of the number of properties involved.
1.2. The data collected and processed by the platform are mostly non-personal data, such as the names of legal entities, tax numbers, and contact details or the characteristics and addresses of properties. However, Loopa may also collect and process personal data, such as the name and contact details of individuals, phone number, email address, some of which will depend on the features associated with each profile.
1.3. Data that could be considered personal, collected through the PMS (Property Management Software) that the User connects to the Loopa platform, will be processed with the same care as all other data, and unnecessary data will be removed when it is no longer needed for providing Loopa services.
1.4. The personal data collected will only be the minimum necessary for providing the services intended by Loopa. Data will be collected and recorded in compliance with the law and for the purposes described below:
1.4.1. Data for service provision: The personal data collected by Loopa are processed automatically and are intended for managing the User’s service orders, executing services, and support requests. Data collection and processing also aim at contacting the User for purposes of:
1.4.1.1. Ensuring the normal operation of the contracted service, including providing data for its management, payment, and billing.
1.4.1.2. Communicating scheduled interventions, reporting problems, and/or other situations of relevance or impact on services or support processes.
1.4.1.3. Sending quality surveys, which the User can freely refuse to complete.
1.4.2. User support: Any personal data sent voluntarily by email, phone, or chat will be handled with appropriate security based on the medium through which they are transmitted. However, to ensure privacy, we ask that personal data not be sent through these channels unless absolutely necessary. In such cases, the User should be aware that these methods are more exposed to risk. For the purposes described here, data are processed based on the legitimate interests pursued by the data controller.
1.4.3. Response to commercial contacts: Upon the data subject’s request, a commercial proposal may be prepared using the data provided and collected for this purpose through the platform. These proposals will be stored in a secure location protected by firewall, antivirus, and anti-malware, allowing secure access via SSL certificate, VPN authentication, and other suitable technical measures, as well as restricted access privileges. For this purpose, data are processed to perform a contract or take steps at the request of the individual before entering into a contract.
1.4.4. Verification of legitimacy and fraud: To verify ownership legitimacy, authorized email changes, confirmation of tax data, or fraud investigation, Loopa may request additional elements about the User's identity, such as proof of address, identification number, or others. In such cases, Loopa commits to collecting the minimum necessary to:
1.4.4.1. Ensure that the individual is the legitimate owner of the services.
1.4.4.2. Ensure tax accuracy as required by fiscal law.
1.4.4.3. Prevent fraudulent subscriptions or subscriptions aimed at illegal activities to safeguard the rights of Loopa and third parties.
1.4.4.4. Ensure the necessary powers to represent the legitimate owner of the services if the owner is a legal entity.
1.4.4.5. This data will be collected through normal support channels. For the purposes listed in this section, data processing is based on the need to comply with a legal obligation and/or the legitimate interests of the data controller.
1.4.5. Recruitment: If you submit an unsolicited application to the email address info@loopa.co or respond to a job offer, know that all resumes and personal data collected this way will be integrated and stored on our email server with secure access via SSL certificate and other technical measures. For unsolicited applications, personal data processing is based on the consent of the data subject. Applications that are not of interest will be deleted within a maximum of 12 months after evaluation.
1.4.5.1. For ongoing recruitment processes, personal data are processed to take steps at the request of the individual before entering into a contract or based on the legitimate interests pursued by the data controller (e.g., accessing personal data submitted on LinkedIn) and stored only during the recruitment process. All applications not of interest will be deleted after evaluation.
1.4.6. Social Media: All interactions on Loopa’s social media, as well as sharing Loopa’s content via social media, are governed by the privacy policy of the platform used for sharing or interacting.
1.4.7. Commercial communication: Marketing emails may be sent to data subjects based on the legitimate interests pursued by the data controller (when the data subjects are registered Users of the Loopa platform) or with the consent of the data subject (including contact data exchanged at fairs and events). The data subject has the right to opt out of direct marketing by simply clicking the “unsubscribe” button at the bottom of the email.
1.4.8. IP Addresses: The IP address, when its use or identification does not allow the identification of its owner or the location of a particular action, cannot be considered private data.
1.4.9. The data may also be used by Loopa to provide, improve, and develop the platform.
1.5. Information about usage may also be collected, such as additional services added, dates and times of access, pages viewed, and interactions with the platform. This information will only be used as described above.
2. DATABASE COMPLIANCE
2.1. The data provided may be integrated into a database, and its processing is automated, organized, and maintained directly by Loopa in compliance with data protection laws.
3. RECTIFICATION, PORTABILITY, AND DELETION OF DATA PROVIDED
3.1. Access and rectification of data:
3.1.1. Under applicable legislation, the User has the right to access and rectify their data. Loopa provides the User with permanent access to their data, allowing them to rectify it. Access to the User’s data is guaranteed through a reserved area, protected by mandatory authentication, as well as other suitable technical measures to ensure that the User's personal data are safe from unauthorized third-party access. In this reserved area, the User can update their personal data, except for the general email and tax number, which serve as the sole authenticators verifying the User as the service holder and ensuring tax accuracy. To update this information, the User should contact Loopa directly via the email address info@loopa.co.
3.2. Data retention and deletion:
3.2.1. Loopa commits to keeping the User’s data adequately protected with firewall, antivirus, and anti-malware, ensuring secure access. For active services, data will only be deleted once Loopa’s contractual obligations with the User are fulfilled, continuing the service until its conclusion.
3.3. Forgetfulness and Backups:
3.3.1. After completing the service, the User's request for deletion will be honored, but backup contents will persist for the time defined in the backup policy. These data will be stored for security and privacy reasons, not processed, and with restricted access, only used if an unavoidable need arises to restore a backup that includes the User’s data.
3.4. Forgetfulness and deletion:
3.4.1. In the interest of reasonableness, considering the limited data collected for contractual obligations and the defense of legitimate interests, Loopa avoids deleting or altering data. Instead, it restricts access and/or processing to preserve data as evidence of legitimate interest.
3.4.2. These data are stored, not processed, and only accessible with justified and restricted access. Whenever there is a legitimate interest in safeguarding the rights of the User or third parties, Loopa will perform the action of forgetfulness before deletion. Forgetting means transferring data to a reserved archive, which is not accessible except for justified reasons.
3.4.3. To comply with the law, including fiscal law, the forgetting process can last up to a maximum of 10 years, after which the data will be deleted. Data will remain outside of forgetfulness for a maximum of 8 years after total inactivity, but can be moved at any time if the right to be forgotten is exercised.
3.4.4. For all personal data from communications, the data subject must exercise their right to be forgotten by emailing rgpd@loopa.co with identification details to facilitate the forgetting process.
3.5. Loopa allows the User to export all their personal data, which can be requested by email at rgpd@loopa.co.
4. USER INFORMATION SECURITY AND USE
4.1. Security in storage and access: The personal data collected by Loopa is properly protected with firewalls, antivirus & anti-malware software, ensuring secure access through SSL certificates, and, in some cases, VPN authentication and other appropriate technical measures, along with restricted and escalated access privileges, among other suitable technical measures.
5. SENDING OR TRANSFERRING INFORMATION
5.1. Commitment: Loopa is committed to not selling or renting personal data submitted by users of our website to third parties, unless done with the user's consent or when legally required.
5.2. Legal obligations: Loopa may access, preserve, and share user information with companies, organizations, government entities, or external individuals if it is done in good faith to comply with legal requirements.
5.3. Third-party service provision: Loopa may need to confidentially send the personal data it collects to external service providers, including for specific services. As these partners are based in the EU, they comply with applicable privacy protection legislation.
5.4. Business management, taxation, and statistics: In addition to sharing information with service providers as described above, Loopa may share aggregated identification information with third parties under contract as confidential, including non-segmentable personal data obtained through customer surveys, for statistical purposes, marketing campaign analysis, subcontracted service requirements, financial and fiscal audits, quality assurance, security, etc.
6. PRIVACY BY DESIGN AND BY DEFAULT
6.1. Loopa guarantees that, to the extent necessary and feasible, technical measures have been adopted and organized to protect personal data against accidental or unlawful destruction, alteration, or dissemination.
6.2. Any personal data privacy breach will be evaluated and communicated within 72 hours via email at info@loopa.co to the competent authority, the CNPD (National Data Protection Commission) in Portugal, as well as to the data subject(s), following the established security and privacy incident management process.
6.3. If you detect any risk or inconsistency in the management of personal data by Loopa, you should notify us at rgpd@loopa.co, and you may also file a complaint with the CNPD.
7. PAYMENTS
7.1. Loopa takes all necessary precautions to ensure the protection of information collected from the user and guarantees that all payment data entered is automatically encrypted and subsequently deleted to ensure total security for the payments made.
7.2. Loopa does not store payment data. Data provided by the user to make payments, such as credit card information, is never stored by Loopa and is only used during the transaction processing, which is carried out through a secure banking page with appropriate technologies to ensure no risks. Thus, we ensure that the user’s data is not exposed to intrusion attempts by not storing payment data and that, in extreme cases, if there were unauthorized access, it would never compromise the access to payment data.
7.3. Under contractual conditions, for direct debit subscription, information related to the user’s bank account identification (IBAN) is collected.
8. APPLICABILITY LIMITATIONS
8.1. This Data and Privacy Policy does not apply to personal data or information that may be submitted or collected by third-party websites hosted on Loopa’s infrastructure.
8.2. Regarding such data, Loopa will only act as a processor and will respond only in that capacity. Therefore, the user is reminded that the privacy policies of those third-party sites should be reviewed before submitting personal data.
8.3. It is also noted that our responsibility, as processors, ends with the security of the infrastructure, so any security and privacy incident originating from user code vulnerabilities, plugins, compromised email accounts, infected emails or files, or any user content, will be the responsibility of the content manager, who must monitor them to take preventive actions against potential vulnerabilities or react to the incident as prescribed by the applicable privacy and data protection legislation.
9. APPLICABLE LEGISLATION
9.1. This privacy policy complies with the applicable laws regarding privacy and personal data processing. It may be revised at any time due to changes in the supporting legal regulations and recommendations from national and international authorities on the matter.
9.2. As an EU resident, you may also exercise any of the rights described under the General Data Protection Regulation (“GDPR”), including managing and accessing your data for updates and requesting the deletion of personal data by emailing rgpd@loopa.co, among others.
10. CHANGES TO THIS DATA AND PRIVACY POLICY
10.1. Loopa reserves the right to modify this Data and Privacy Policy at any time, in accordance with the applicable legislation.
10.2. When changes are made, the revised version will be published with the date of the last update.
10.3. In case of substantial material changes, they will be communicated via email to users at least fifteen days before the effective date.
11. DEFINITIONS
11.1. Terms not defined in this Data and Privacy Policy have the same definition as in our Terms & Conditions (https://www.loopa.pt/en/terms-conditions).