GDPR

This document is a placeholder and does not constitute legal advice. Please consult a qualified attorney before relying on this information for any legal purpose.

1. Introduction

Lootyo is committed to protecting the privacy and personal data of all our users, in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page explains how we process your personal data, the legal bases for processing, and the rights you have as a data subject under GDPR.

This page supplements our Privacy Policy and provides additional information specifically for users in the European Economic Area (EEA), the United Kingdom, and Switzerland.

2. Data Controller

Lootyo acts as the data controller for the personal data collected through the Platform. As the data controller, we determine the purposes and means of processing your personal data. We are responsible for ensuring that your data is processed in accordance with GDPR and applicable data protection laws.

For any data protection inquiries, you may reach us through our contact page or by contacting our Data Protection Officer (see section 7 below).

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

• Contractual Necessity (Art. 6(1)(b)): Processing necessary to perform our contract with you, including providing the Platform, managing your account, processing transactions (tips, subscriptions, and contributions to support projects), and delivering the services you request.
• Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, such as improving the Platform, preventing fraud, ensuring security, and conducting analytics. We balance these interests against your rights and freedoms.
• Consent (Art. 6(1)(a)): Where we rely on your consent for processing, such as for marketing communications, non-essential cookies, and optional data collection. You may withdraw your consent at any time.
• Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with legal obligations, such as tax reporting, financial regulations, and responding to lawful requests from authorities.

4. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Right of Access (Art. 15)

You have the right to obtain confirmation as to whether your personal data is being processed, and if so, to access that data along with information about how it is being used.

Right to Rectification (Art. 16)

You have the right to request the correction of inaccurate personal data and to have incomplete data completed.

Right to Erasure (Art. 17)

You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw your consent. This right is subject to certain exceptions, such as when we are required to retain data for legal compliance.

Right to Data Portability (Art. 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.

Right to Restriction of Processing (Art. 18)

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when the processing is unlawful but you oppose erasure.

Right to Object (Art. 21)

You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

5. Data Processing Activities

We process personal data for the following activities:

• Account Management: Registration, profile creation, authentication, and account settings.
• Transaction Processing: Processing tips, subscriptions, Mana purchases, and contributions to support projects. This includes payment verification, fraud detection, and payout management for creators.
• Platform Operations: Content delivery, real-time streaming features, notifications, messaging, and community moderation.
• Analytics and Improvement: Usage analytics, performance monitoring, and feature development. Data is aggregated and anonymized where possible.
• Communications: Account notifications, security alerts, platform updates, and optional marketing communications (with consent).
• Security and Compliance: Fraud prevention, abuse detection, rate limiting, and compliance with applicable laws.

6. International Transfers

Your personal data may be transferred to and processed in countries outside the EEA. When such transfers occur, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission for recipient countries
• Binding corporate rules or other approved transfer mechanisms

You may request a copy of the safeguards we use for international data transfers by contacting us.

7. Data Protection Officer

Lootyo has appointed a Data Protection Officer (DPO) to oversee our data protection practices and ensure compliance with GDPR. You may contact the DPO for any questions or concerns related to the processing of your personal data or to exercise your rights under GDPR.

To reach our Data Protection Officer, please use our contact page and indicate that your inquiry is directed to the DPO.

8. How to Exercise Your Rights

To exercise any of your rights under GDPR, you can:

• Contact us through our contact page
• Email our Data Protection Officer directly
• Use the account settings in the Platform to manage your data and preferences

We will respond to all legitimate requests within one month. In some cases, particularly for complex or multiple requests, we may need to extend this period by up to two additional months. We will inform you if such an extension is necessary.

We may need to verify your identity before processing your request to ensure the security of your personal data.

9. Complaints

If you believe that our processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority. You may file a complaint with the supervisory authority in your country of residence, your place of work, or the place of the alleged infringement.

We encourage you to contact us first so we can attempt to resolve your concern directly. We take all data protection complaints seriously and will work to address your issue promptly.

10. Contact Information

For any questions, concerns, or requests related to this GDPR page or our data protection practices, please contact us through our contact page.