Skip to content

Privacy Policy

Last updated: 03/12/2025

1. Introduction

PLM Technologies Ltd trading as Loom ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you participate in our skill-based prize competitions, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: PLM Technologies Ltd
Contact: privacy@loom.win
Data Protection Officer: dpo@loom.win
Address: [Your registered business address]
ICO Registration: [Your ICO registration number]

Your Rights: Under UK GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. You also have the right to withdraw consent at any time and lodge a complaint with the Information Commissioner's Office (ICO).

2. Information We Collect

2.1 Information You Provide

  • Account Registration: Name, email address, phone number, city, date of birth
  • Referral Information: Referrer name and phone number (if applicable)
  • Payment Information: Payment method preferences, transaction details
  • Identity Verification: Government-issued ID for winners (passport, driving licence)
  • Communication: Messages, support requests, feedback

2.2 Information We Collect Automatically

  • Usage Data: Pages visited, competitions viewed, numbers selected
  • Device Information: IP address, browser type, device type, operating system
  • Cookies: See our Cookie Policy for details
  • Authentication Data: Login times, session data

2.3 Payment Information

Payment card details are processed securely by Stripe (our payment processor) and are not stored on our servers. We retain transaction records including amounts, dates, and payment methods.

3. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: To provide competition services and process your entries
  • Legal Obligation: To verify age, identity, and comply with gambling regulations
  • Legitimate Interests: To prevent fraud, improve our services, and ensure security
  • Consent: For marketing communications (you can opt out at any time)

4. How We Use Your Information

We use your personal data to:

  • Create and manage your account
  • Process competition entries and payments
  • Verify your age and identity (18+ requirement)
  • Conduct draws and notify winners
  • Process prize payments to winners
  • Communicate about your account and transactions
  • Comply with legal and regulatory requirements
  • Prevent fraud and ensure platform security
  • Improve our services and user experience
  • Send marketing communications (with your consent)

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share your data with trusted service providers who assist us:

  • Supabase: Database and authentication services (data stored in EU/UK)
  • Stripe: Payment processing (PCI DSS compliant)
  • Vercel: Website hosting and infrastructure
  • Email Service Providers: For transactional and marketing emails

5.2 Legal Requirements

We may disclose your information:

  • To comply with legal obligations or court orders
  • To UK Gambling Commission or other regulatory authorities
  • To law enforcement agencies investigating fraud or criminal activity
  • To protect our rights, property, or safety

5.3 Winner Announcements

We may publish winners' first names and cities for transparency. You can request anonymity by contacting us within 24 hours of winning.

6. International Data Transfers

Your data is primarily stored within the UK/EU. If we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK ICO
  • Adequacy decisions by the UK government
  • Binding Corporate Rules

7. Data Retention

We retain your personal data for as long as necessary:

  • Active Accounts: While your account is active and for 7 years after closure (tax and legal requirements)
  • Transaction Records: 7 years (financial regulations)
  • Marketing Data: Until you unsubscribe or request deletion
  • CCTV/Security Logs: 30 days (if applicable)

After retention periods expire, we securely delete or anonymize your data.

8. Your Rights Under UK GDPR

You have the following rights:

8.1 Right to Access

Request a copy of your personal data we hold (Subject Access Request)

8.2 Right to Rectification

Correct inaccurate or incomplete personal data

8.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal retention requirements)

8.4 Right to Restrict Processing

Limit how we use your data in certain circumstances

8.5 Right to Data Portability

Receive your data in a structured, machine-readable format

8.6 Right to Object

Object to processing based on legitimate interests or for direct marketing

8.7 Right to Withdraw Consent

Withdraw consent at any time (where processing is based on consent)

8.8 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects.

To exercise any of these rights, contact us at: privacy@loom.win

9. Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication with multi-factor options
  • Regular security audits and penetration testing
  • Access controls and staff training
  • Secure backup and disaster recovery procedures
  • Regular software updates and patches

However, no system is 100% secure. Please keep your account credentials confidential.

10. Cookies and Tracking

We use cookies and similar technologies to provide and improve our services. For detailed information, please read our Cookie Policy.

You can manage your cookie preferences through our cookie consent banner or in your browser settings.

11. Children's Privacy

Our services are strictly for individuals aged 18 and over. We do not knowingly collect data from anyone under 18. If we discover we have collected data from a minor, we will delete it immediately.

12. Marketing Communications

With your consent, we may send you:

  • New competition announcements
  • Special offers and promotions
  • Updates about winners
  • Platform news and features

You can unsubscribe at any time by:

  • Clicking "unsubscribe" in any email
  • Updating your preferences in your account settings
  • Contacting us at privacy@loom.win

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours
  • Inform affected individuals without undue delay
  • Take immediate steps to contain and remedy the breach

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Sending you an email notification
  • Displaying a prominent notice on our platform

The "Last Updated" date at the top of this policy indicates when it was last revised.

15. Complaints and Supervisory Authority

If you have concerns about how we handle your data, please contact us first at privacy@loom.win

You also have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

16. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

  • Email: privacy@loom.win
  • Support: support@loom.win
  • Address: [Your registered business address]

We will respond to your request within 30 days as required by UK GDPR.