Effective Date: 2024-10-24
1. Introduction
Welcome to loot.cafe (the “Website”), operated by Lootcore OÜ (“we,” “us,” or “our”), a company incorporated in Estonia under company number 17098523 with its registered address at Harju maakond, Tallinn, Kesklinna linnaosa, Endla tn 4, 10142.
Protecting your personal data and respecting your privacy is of utmost importance to us. This Privacy Policy outlines how we collect, use, and safeguard your information in compliance with the European Union General Data Protection Regulation (GDPR).
2. Data Controller
The data controller responsible for your personal data is:
Lootcore OÜ
3. Information We Collect
We collect only the personal data necessary to provide and enhance our services:
• Account Information: Your email address and username.
• Transaction Records: Details of skins you have acquired.
• Usage Data: Information about your interactions with our Website.
4. Purposes and Legal Basis for Processing
We process your personal data for the following purposes:
• Service Provision: To facilitate the acquisition of skins. (Legal Basis: Article 6(1)(b) GDPR – Performance of a contract)
• Communications: To send updates or information related to your account. (Legal Basis: Article 6(1)(b) GDPR)
• Legal Compliance: To comply with legal obligations. (Legal Basis: Article 6(1)(c) GDPR)
5. Use of Steam
Please note that our services require the use of Steam, a platform operated by Valve Corporation. Your interactions with Steam are governed by Valve’s own privacy policy and terms of service. We do not share your personal data with Steam; however, you may need to provide personal information to Valve Corporation to use their services.
6. Data Sharing
We do not share your personal data with third parties unless it is required by law or necessary to fulfill our contractual obligations to you.
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:
• Account Information: Retained until you delete your account or withdraw consent.
• Transaction Records: Retained for 10 years in accordance with financial regulations.
• Usage Data: Stored for 12 months for analytics and service improvement.
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
• Access: Request access to the data we hold about you.
• Rectification: Correct any inaccurate or incomplete data.
• Erasure: Request the deletion of your personal data under certain conditions.
• Restriction: Request that we limit the processing of your data under specific circumstances.
• Objection: Object to the processing of your data for certain purposes.
• Data Portability: Receive your personal data in a structured, commonly used format.
To exercise these rights, please contact us using the details provided in Clause 2.
9. Security Measures
We employ appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
10. International Data Transfers
Your personal data is processed within the European Economic Area (EEA) and is not transferred outside the EEA.
11. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects concerning you.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated effective date.
13. Contact Information
If you have any questions or concerns about this Privacy Policy or how we handle your data, please refer to the contact details provided in Clause 2.
14. Right to Lodge a Complaint
If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority in the European Union.
By using our Website, you confirm that you have read and understood this Privacy Policy.