Effective Date: 19.03.2025

This Privacy Policy (hereinafter referred to as the “Policy”) outlines the ways in which INDICORE RESOURCES LTD (the “Company”) collects, processes, and safeguards the personal data of individuals (“Users” or “You”) who visit, register, purchase products, or otherwise engage with the website https://loomtix.com (the “Site”).
The Company operates in compliance with Regulation (EU) 2016/679 (GDPR), the UK GDPR, and other relevant data protection laws, including the Data Protection Act 2018 applicable in the United Kingdom.

1. Definitions and Scope

1.1. Personal Data
“Personal data” encompasses any information that identifies or can be used to identify an individual. This may include, but is not limited to, name, contact details, IP address, and payment transaction information.

1.2. Scope of Application
• This Policy applies to all personal data collected through the Site, as well as through related services and communication channels such as email, support chat, and other interactions.
• It is applicable to Users located in the EU and the UK and may also extend to Users in other jurisdictions where local laws impose similar data protection requirements (such as the extraterritorial provisions of GDPR/UK GDPR).

1.3. Role of the Company
• The Company acts as a “data controller” under GDPR/UK GDPR when collecting and utilizing personal data from Users.
• In specific cases, such as when sharing data with partners for service delivery, the Company may function as a joint controller or data processor, ensuring that all data protection regulations are strictly adhered to.

2. Types of Data Processed

2.1. Data Directly Provided by Users
• Registration Information: Name, surname, email address, and phone number (if required for account creation).
• Payment Information: Payment card details or alternative payment methods. These are typically encrypted and processed by certified payment providers. The Company does not retain full card details unless legally mandated or contractually required.
• Additional User-Provided Data: Any voluntarily shared information, including feedback, support requests, uploaded documents, or screenshots related to technical issues.

2.2. Data Collected Automatically
• Technical and Log Data: IP address, browser type, system language, operating system, timestamps of visits, and referring pages.
• Cookies and Tracking Technologies: Used for user experience optimization, analytics, content personalization, and targeted advertising. For more details, refer to the Cookie Policy.

2.3. Data from Third-Party Sources
• Partner Services: If Users opt for OAuth-based login or social media sign-ins, relevant account details (e.g., email, profile name) may be transferred to the Company.
• Financial and Payment Providers: When making transactions, the Company may receive confirmation or status updates from payment systems.
• KYC/AML Compliance Providers: To comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, the Company may obtain identity verification data and risk assessments from external compliance partners.
This Policy ensures that the Company remains committed to protecting your data in accordance with global privacy standards.

3. Purposes and Legal Bases of Processing

Note: References to Art. 6(1) GDPR also apply to UK GDPR, unless stated otherwise.

3.1. Contract Performance and Service Provision (Art. 6(1)(b) GDPR/UK GDPR)
• Facilitating account registration and login, providing access to a personal account, processing orders, and delivering digital codes or granting access to purchased content.
• Communicating with Users regarding transactions, service updates, and order status notifications.

3.2. Legitimate Interests (Art. 6(1)(f) GDPR/UK GDPR)
• Enhancing website functionality, collecting analytics and statistical data, preventing fraud, and ensuring overall system security (including detection and investigation of security incidents).
• Conducting marketing activities within reasonable limits, including personalized content recommendations based on prior interactions.
• Carrying out AML (Anti-Money Laundering) and CTF (Counter-Terrorism Financing) procedures, if required to assess profile risks or transaction integrity.

3.3. Consent (Art. 6(1)(a) GDPR/UK GDPR)
• Sending marketing and promotional emails, where separate opt-in consent is legally required.
• Using non-essential cookies and tracking technologies, subject to User consent as required by local regulations (e.g., PECR in the UK, ePrivacy Directive in the EU).

3.4. Compliance with Legal Obligations (Art. 6(1)(c) GDPR/UK GDPR)
• Retaining transaction records for taxation, accounting, and financial reporting in accordance with legal requirements.
• Fulfilling AML/CTF compliance obligations, such as monitoring transactions, conducting PEP (Politically Exposed Persons) and sanctions list screenings, and cooperating with regulatory authorities.

4. Data Retention Periods

4.1. General Principles
• Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law.
• Retention periods vary based on data category (e.g., tax-related documentation must be kept for a minimum of five years, or longer as required under UK law).

4.2. Criteria for Determining Retention Periods
• Account activity status (data is retained while the account remains active).
• Legal obligations concerning taxation, accounting, and financial reporting.
• Marketing consent duration (personal data is retained for marketing purposes until consent is withdrawn by the User).

4.3. Data Deletion or Anonymization
• Once retention periods expire, the Company ensures secure deletion or anonymization of personal data.
• If a User requests account deletion, and no legal basis exists for continued data retention, the data will be erased within a reasonable timeframe (see “User Rights” section for more details).

5. Data Sharing and Disclosure

5.1. Internal Data Access
• Personal data is accessible only to Company employees whose roles require it, following the “need-to-know” principle to maintain data confidentiality.

5.2. Sharing with Third Parties
The Company may share personal data with:
• Payment Service Providers – to facilitate and process transactions securely.
• Analytics Services (e.g., Google Analytics) – to gather statistical insights (see Cookie Policy for more details).
• IT Contractors and Hosting Providers – for server hosting, database management, and overall IT infrastructure support.
• KYC/AML Compliance Services – to conduct identity verification, anti-money laundering (AML), and counter-terrorism financing (CTF) screenings.
• Regulatory and Government Authorities – when legally required, such as responding to law enforcement requests under EU or UK laws.

5.3. International Data Transfers
• If personal data is transferred outside the EU/EEA or the UK, the Company ensures compliance with GDPR/UK GDPR standards, implementing safeguards such as:
• Standard Contractual Clauses (SCCs) for international data transfers.
• Assessments of the recipient country’s data protection levels to determine adequacy.

6. Data Protection and Security Measures

6.1. Technical and Organizational Safeguards
To protect personal data from unauthorized access, loss, or misuse, the Company employs:
• Encrypted communication protocols (HTTPS/TLS) to secure data in transit.
• Strict access control mechanisms, ensuring role-based permissions for databases.
• Continuous security monitoring to identify vulnerabilities and regular system backups.
• Internal policies and staff training, including Non-Disclosure Agreements (NDAs) and access limitations.

6.2. Data Breach Notification
• In the event of a personal data breach, the Company will promptly notify the appropriate supervisory authorities (e.g., ICO in the UK, local Data Protection Authorities in the EU) in compliance with Articles 33 and 34 of GDPR/UK GDPR.
• If required, affected Users will also be informed about the breach and any recommended protective actions.

7. User Rights

Under GDPR and UK GDPR, Users have the following data protection rights:
1. Right of Access (Art. 15) – Request a copy of your personal data and details about its processing.
2. Right to Rectification (Art. 16) – Correct any inaccurate or incomplete personal data.
3. Right to Erasure (“Right to be Forgotten”) (Art. 17) – Request deletion of your data if:
• It is no longer necessary for its original purpose.
• You withdraw consent (if consent was the legal basis).
• There are no other overriding legal grounds for retention.
4. Right to Restrict Processing (Art. 18) – Limit the processing of your data in specific circumstances, such as contesting data accuracy or unlawful processing.
5. Right to Data Portability (Art. 20) – Obtain a structured, machine-readable copy of your data and/or request direct transfer to another data controller (if processing is based on consent or contract).
6. Right to Object (Art. 21) – Object to data processing, including processing for direct marketing purposes.
7. Right to Withdraw Consent (Art. 7(3)) – If processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, please contact us using the details provided below. For security purposes, we may require proof of identity to verify the request before processing it.

8. Cookies and Similar Technologies

• The Company employs cookies and similar tracking technologies to enhance user experience, facilitate personalization, and conduct analytics. Detailed information on how we use and manage cookies is available in our Cookie Policy, which forms an integral part of this Privacy Policy.
• If certain categories of cookies require user consent, a cookie banner or pop-up (opt-in mechanism) may appear upon your first visit to the Site or periodically thereafter.
• In the UK, the use of non-essential cookies is regulated under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), whereas in the EU, it falls under the ePrivacy Directive or its local legislative implementations.

9. Marketing and Communications

9.1. Email and Push Notifications
• If you have provided explicit consent, we may send you informational and promotional messages. Every such communication includes an unsubscribe option that allows you to withdraw from further marketing messages at any time.
• Opting out of marketing emails does not affect the ability to receive important service-related communications, such as order confirmations, updates on purchases, or notifications about critical changes to the Site.

9.2. Third-Party Advertising
• The Site may display personalized advertisements tailored to User interests and past interactions. These may involve third-party cookies or similar tracking technologies.
• Users can manage or disable such targeted advertising by adjusting their browser settings or utilizing available opt-out mechanisms.

10. Children and Minimum Age

• The Company does not knowingly collect, process, or store personal data from individuals under the age of 16 (or any higher minimum age defined by applicable local laws).
• If we become aware that a child’s data has been collected without verifiable parental or legal guardian consent, we will take immediate steps to remove such data from our systems.
• If you are a parent or guardian and believe that your child has submitted personal data to us, please contact us immediately using the details provided below.

11. Compliance with AML/CTF Regulations

• In cases where applicable law requires Know Your Customer (KYC) and Anti-Money Laundering (AML) checks, the Company may request Users to submit additional verification documents, including but not limited to:
• Passport or national ID
• Proof of address (e.g., utility bill, bank statement)
• Other documents relevant for compliance purposes
• All such personal data is processed in strict accordance with this Privacy Policy and the AML/CTF Policy. The collection and storage of identity documents occur only when legally mandated and based on a valid legal ground (e.g., necessity for compliance with regulatory obligations).

12. Changes to This Privacy Policy

12.1. Policy Updates
• The Company reserves the right to modify or update this Privacy Policy periodically, particularly when:
• Implementing new technologies or security measures
• Complying with changes in data protection laws
• Expanding the Site’s features and services
• The most recent version of the Privacy Policy will always be accessible via a dedicated link on the Site.

12.2. User Notifications
• In case of substantial updates to the Privacy Policy, we may notify Users via:
• A visible notice on the Site
• Direct communication (e.g., email), where legally required and if we hold your contact details

13. Contact Information

For any inquiries related to this Privacy Policy, your personal data, or your privacy rights, please reach out to us using the contact details below:
INDICORE RESOURCES LTD
275 New North Road, PMB 3051,
London, N1 7AA, England, United Kingdom
• Website: https://loomtix.com
• Privacy-related inquiries: [email protected]
• Compliance matters: [email protected]

14. Final Provisions

• This Privacy Policy is an integral part of the broader legal framework governing the use of the Site, including but not limited to:
• Terms & Conditions
• Cookie Policy
• Refund Policy
• AML/CTF Policy
• By using the Site and/or submitting personal data to the Company, you confirm that you have read, understood, and accepted the terms of this Policy.
• If any provision of this Privacy Policy is deemed invalid or unenforceable, it shall not affect the validity of the remaining provisions, which shall remain in full force and effect.

Last Updated: 19.03.2025