Super Loot takes its responsibilities under data protection legislation very seriously and respects the privacy of our customers. This Policy aims to clearly tell you how we use your personal data, how we ensure it is kept secure and your choices.
Ropadda Ltd (‘Super Loot’ or ‘we’, ‘our’ or ‘us’) has registered offices at 31 London Road, Reigate, Surrey, RH2 9SS, UK and the company number 6889858.
Ropadda Ltd consists of the following products and complimentary services (‘Services’):
- superloot.co.uk website and its associated subscription box services.
Ropadda Ltd abides by the requirements of the Data Protection Act 1998, the Privacy and Electronic Communications Regulations 2003, and following May 25th 2018, that of the General Data Protection Regulation (EU) 2016/ 679 (GDPR).
Please note that our Services may contain links to products and websites that are owned and operated by third parties. These products will have their own privacy policies which you should review if you choose to visit these products or websites. We are not responsible for the privacy practices of third parties.
Types of information we may collect about you
We collect both personal and anonymous data when you send us information or use one of our Services. Personal data is that which can personally identify you, such as name and email address. Anonymous data is that which cannot identify you and which is typically used in aggregate to better understand our customers.
How we collect your personal data
We collect data when you interact with one of our Services, for example when you browse our websites or applications, when you register with us, when you purchase a product or subscription and when you engage with us and our email correspondence.
Specific details of the information we may collect:
Information you provide – in completing forms on our websites and applications, such as registering for an account, or carrying out a transaction, we will receive various pieces of personal data such as your name and other information such as your postal address, e-mail address, telephone number, your debit/credit card number and expiry date or bank account details etc to process your request. Only relevant information will be used by us, or those data processors (such as our payment processors) and Product Owners necessary to fulfil the service requested and potentially communicate with you on any concerns arising to the provision of the service in general.
Information about transactions – if you make any purchase from us, such as a subscription box, we will record details of that transaction for book-keeping and performance analysis.
How we use your personal data and lawful bases for processing
We use your personal data for the following purposes:
To provide a service to you, for example to:
- To respond to your queries about our products and services.
- To fulfil your requests for our products and services.
- To send you service communications (for example, a welcome/registration email, forgotten password email, a receipt or availability notification related to your purchase(s), support correspondence or a notification regarding changes to your service).
- To keep records up to date and to ensure the provision of purchases you have made.
We rely on the lawful basis of performance of a contract for the above purposes.
We rely on our legitimate business interests for the following purposes:
- To send you email marketing communications. We will always inform, when you provide your details to us, of our intention to send you such messages. You will have a clear opportunity to opt-out at this point and in every subsequent communication.
- To determine the effectiveness of promotional campaigns and advertising.
- To keep records up to date and to ensure the provision of purchases you have made.
- To learn from and improve how customers interact with our Services to improve their experience over time.
- We may use your IP address to identify your location, for example to display prices in your local currency, to understand the number of visits from certain countries, and to block disruptive or abusive use of our Services.
- To enhance the security of our network and information systems.
- For reporting and audit purposes.
We have balanced our legitimate interests with those of our customers. If you would like further information or to object to us using your data for such purposes, please contact firstname.lastname@example.org.
In specific circumstances we rely on the lawful basis of consent (i.e. where you actively agree to a specific use of your personal data) and legal obligation (i.e. where we are legally obliged to hold your personal data or disclose it by law).
How do we keep your data safe and secure?
The security of your personal data is important to us. When you enter sensitive information such as a debit/credit card number on our registration or order forms, we encrypt that information. We follow generally accepted industry standards to protect the personal data submitted to us, both during transmission and once we receive it. When you give your personal data to Super Loot we will process that data in accordance with our responsibilities.
We will keep your data safe and secure. To prevent unauthorised access, to maintain data accuracy and to ensure the correct usage of information, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure your personal data while in our care, or in the care of any outside suppliers with whom we may contract to process your data on our behalf. Any outside suppliers are under strict contractual terms to mirror the security policies that we currently have in place.
All credit and debit card information you provide is encrypted using the latest Secure Socket Layer (SSL) technology, ensuring your credit or debit card details are safe and secure. The Services also meet the requirements of the Payment Card Industry Data Security Standard (PCI) which was created to ensure organisations that process card payments prevent fraud. All personal data processed by Super Loot is processed within the European Economic Area (“EEA”).
We will keep personal data only for as long as we need it to maintain our relationship with our contacts, provide them with the products, services or information they have requested, to inform our research into the preferences of our customers /clients, to comply with the law, and to ensure we do not communicate with individuals that have asked us not to. When we no longer need the information, we will dispose of it securely, using specialist companies to do this work for us if necessary. Further details can be found in our Retention Policy which is available on request.
Sharing information with others
Primarily we use your information within Super Loot in order to provide you with the service or product you have selected.
We will only disclose your information to specific third parties in the following circumstances:
- To facilitate the service of a physical product, for example providing appropriate details to fulfillment services for delivery of a subscription box.
- Where we need to do so in order to provide a service you have requested. For example online transactions with us are secured using the SSL encryption method and hosted with our third party payment providers including MPP Global Solutions Ltd, SagePay Europe Ltd and PayPal. This is to provide immense security and protection to our customers. All our payments processed via Paypal are processed via PayPal References Transactions.
- We may use certain third party services to verify your identity in certain circumstances, such as that your postcode is valid for delivery, age for age restricted products and company checks.
- If disclosure is required or permitted by law. We will always ensure that those requesting the information have the legal right to do so.
If another company should purchase any of our companies or assets, including our database, that company will have the right of possession of the personal data collected by us and will assume the rights and obligations formerly attributable to us.
Your rights and further information
Under data protection law you have a number of rights. To request any of these rights outlined below please contact email@example.com or write to us at Data Protection Officer, Ropadda Ltd, 31 London Road, Reigate, Surrey, RH2 9SS UK.
Direct Marketing: You have the right to object to receiving direct marketing from us. There will always be an easy way of unsubscribing on any marketing email you receive from us.
Access: You have the right to be provided with the information information we hold for you. This is known as a ‘Subject Access Request’.
Rectification: If the information we hold for you is incorrect or needs amending, please let us know and we will update our records. Where available, you may view and amend these yourself in the My Account area of the relevant Service’s website.
Delete Data/Right to erasure and Account Closure – you can ask us to erase or delete all of your personal data and record with us. If at any time you would like to close and delete an account please contact firstname.lastname@example.org. Your personal data will be removed from our active user database and will be deleted assuming that you are current with all payment obligations, that Super Loot does not believe it reasonably necessary to keep such information for any pending legal action, and that we are under no other legal obligation to retain such information. Please be aware that any unfulfilled subscriptions may be cancelled without refund, you will have to re-register in order to use the respective Service again, and any existing purchases will be forfeited. It is your responsibility to request a refund from Super Loot or the appropriate merchant or Product Owner.
If contacting us does not resolve your complaint, we are registered with the Information Commissioner’s Office who can be contacted if you have concerns about our practices and do not feel we are able to satisfactorily answer your concerns.
Last updated: 1st May 2018