January 1, 2023
Last Updated Date:
January 11, 2023
Loopit Mobility (referred to as “Loopit”, “We”, “Our” or “Us”) is committed to protecting the privacy and security of your Personal Data. We have developed this Privacy Notice to inform you of the data we collect, what we do with your data, what we do to keep it secure as well as the Rights you have over your Personal Data.
Throughout this notice we refer to Data Protection Legislation which includes the UK GDPR and other laws mandating data protection including (but not limited to) the Privacy Electronic Communication Regulations (PECR) 2011. This also includes any replacement legislation which may come into effect from time to time.
When our customers use Loopit Mobility services and upload personal information to it, we will be acting as a data processor on behalf of our customers. This Privacy Notice does not cover that processing of personal information. This Privacy Notice covers the processing of personal information when Loopit is acting as a data controller, meaning circumstances when we determine the purpose for the use of the personal information and the way it is used. Examples of this are where we collect information on prospective customers, carry out client relationship management or conduct data analytics using our customers’ data.
This Privacy Notice also applies to members of our group organisation which includes:
Each member of our group organisation is considered a separate Data Controller and not Joint Controllers with each other.
We are registered with the Information Commissioner's Office (the ICO) with registration number ZA577342.
We have appointed a data protection officer (“DPO”), who is responsible for responding to questions in relation to this privacy notice. If at any time you are concerned or have questions about how we handle your personal information, please contact us at firstname.lastname@example.org.
Due to the nature of our service, we collect and process various categories of personal data from you. The below gives examples of different categories of personal data collected and processed:
The above list is representative and non-exhaustive.
We collect personal data through several means. Examples can include:
The above list is representative and non-exhaustive.
We may use personal data for various activities which can include the following activities:
The above list is non-exhaustive and representative. For more information on how we use personal data for specific activities you can contact us as detailed above.
We currently use a third party to advertise our job vacancies. When we receive candidate information, we will receive personal data such as your name, CV information and other information which may be used to help your application to stand out (e.g. licence or certifications).
We will be sure to only retain candidate data for as long as reasonably necessary which is typically 24 months if a candidate is unsuccessful.
Recruitment is dealt with internally and by our head office staff in Australia where applicable. The information shared is only for the purpose of making a qualified hiring decision.
The UK GDPR requires us to identify appropriate lawful bases to process personal data. The lawful basis we rely on as a data controller are detailed below with brief examples for when they may apply:
There may be instances where we may need to process certain categories of data referred to as Special Category Personal Data. These may include personal data related to health, race, and ethnicity as examples, but were identified and needed, we will ensure we consult our DPO to ensure the relevant special conditions are applied and documented where needed.
There may be times we are required to share personal data (including special category personal data) with third parties, these circumstances include but are not limited to:
Where we may need to share data with any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation or (ii) to exercise, establish or defend our legal rights.
There may be instances where we may need to transfer your data outside the UK. We may need to share your data with companies who are in the European Economic Area (The EU member states, Norway, Iceland, and Liechtenstein), in an adequate listed country, or in other third countries who may not have similar data protection laws to the UK. If we need to transfer your information outside the UK, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice, as well as implementing the appropriate safeguards such as Standard Contractual Clauses and International Data Transfer Agreements.
We would like to send you marketing news and updates regarding our company, products and services should you like to receive them. In order to send you these communications we would require your consent, and you can always change your preferences (i.e. opt out) by clicking on the relevant unsubscribe link at the bottom of the email. You also have the ability to opt out by contacting at email@example.com.
We conduct automated decision making and profiling for the purpose of assessing suitability for a subscription with any of our customers. This is to eliminate fraud, assess capacity to afford a subscription and ensure the safety of both our customers and their subscribers. We have technical and organisational measures in place to ensure this type of processing is compliant.
You have the right to query a decision that has been made via the use of automated decision-making and profiling, please see the ‘Contact Us’ section for further details.
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.
At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.
We implement appropriate technical and organisational measures to protect the personal data that we process from unauthorised disclosure, use, alteration or destruction.
In addition to the technical and organisational measures we have put in place, there are a number of simple things you can do in order to further protect your personal information.
You have the following rights in respect of your personal data:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you wish to exercise your rights, please contact us at firstname.lastname@example.org.
You can also lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at: https://ico.org.uk/concerns/.
We understand you may have concerns and complaints about this notice and any aspects to how we process personal data. If you would like to contact us directly to talk to us about a concern or to raise a complaint, you can do so by using our contact details below.
You contact our head office using the following details:
10 John Street, London, WC1N 2EB
You can also submit a complaint directly to the Information Commissioner's Office (the ICO), the UK supervisory authority for data protection in the UK, via this link https://ico.org.uk/make-a-complaint/.
We will review this notice and make changes to it from time to time. We recommend that you check this notice to see where changes have been made and to ensure you are able to review updated information at all times.