Privacy Policy
Effective Date: 01.01.2025
1. Definitions and Scope of Application
This Privacy Policy ("Policy") constitutes a legally binding agreement between Looked LLC ("Company," "we," "us," or "our") and all users ("User," "you," or "your") accessing or utilizing our digital properties, including but not limited to websites, mobile applications, APIs, business tools, advertising networks, and payment systems (collectively, the "Services"). This Policy operates in conjunction with and is incorporated by reference into our Terms of Service and Acceptable Use Policy, collectively forming the complete contractual framework governing User engagement with our platform.
2. Categories of Personal Data Collected
The Company collects and processes the following classifications of personal data in accordance with global data protection standards: Registration and Account Data encompassing legal name, contact information, government-issued identification where required for Know Your Customer (KYC) compliance, and multi-factor authentication credentials. Professional Profile Data including complete employment history, educational qualifications, professional certifications, skills endorsements, and organizational affiliations. Commercial Transaction Data comprising payment card information processed through PCI-DSS compliant systems, billing records, subscription details, and tax identification numbers where applicable. Technical and Behavioral Data consisting of IP addresses, device fingerprints, geolocation data, clickstream data, and interaction logs. Derived and Inferred Data generated through algorithmic processing of the aforementioned data categories to create User profiles and predictive models.
3. Lawful Bases and Purposes of Processing
The Company processes personal data pursuant to the following lawful bases under the General Data Protection Regulation (GDPR) and other applicable frameworks: Contractual Necessity for the performance of our agreement with Users, including account provisioning, service delivery, and transaction processing. Legitimate Business Interests including network security, fraud prevention, service improvement, and direct marketing, balanced against Users' fundamental rights and freedoms. Legal Obligations requiring processing for tax compliance, anti-money laundering (AML) regulations, and responses to lawful government requests. Explicit Consent obtained through opt-in mechanisms for specific processing activities such as certain data sharing arrangements or marketing communications.
4. Data Disclosure and Third-Party Transfers
The Company discloses personal data to the following categories of recipients under strict contractual safeguards: Service Providers bound by Data Processing Agreements (DPAs) that mandate equivalent protection standards for infrastructure hosting, payment processing, analytics, and customer support functions. Legal and Regulatory Authorities when required by valid subpoenas, court orders, discovery requests in civil litigation, or other compulsory legal process, in which case we will notify users unless legally prohibited. The Company complies with all lawful discovery demands in lawsuits where properly served, while reserving the right to challenge overbroad or improper requests through appropriate legal channels. Corporate Successors in the event of merger, acquisition, or bankruptcy proceedings, with notice provided as legally required. Professional Advisors including auditors, legal counsel, and consultants operating under confidentiality obligations during actual or threatened litigation. The Company does not engage in the sale of personal data as defined under the California Consumer Privacy Act (CCPA), though acknowledges that certain targeted advertising practices may constitute "sharing" under regulatory definitions.
5. Cross-Border Data Transfer Mechanisms
For international data transfers originating from the European Economic Area, the Company implements Standard Contractual Clauses (SCCs) as adopted by the European Commission. Transfers involving United Kingdom personal data utilize the UK International Data Transfer Addendum to the EU SCCs. Where applicable, the Company relies on adequacy decisions for transfers to jurisdictions recognized by the European Commission as providing adequate protection. All international transfers undergo comprehensive risk assessments evaluating recipient country surveillance laws and practical recourse mechanisms.
6. Data Subject Rights and Request Procedures
Users may exercise the following rights subject to verification and applicable legal limitations: Right of Access to obtain confirmation of processing and a copy of personal data in a portable format. Right to Rectification to correct inaccurate or incomplete personal data. Right to Erasure ("Right to be Forgotten") under certain legal conditions. Right to Restriction of Processing during dispute resolution periods. Right to Data Portability for data provided with consent or under contract. Right to Object to processing based on legitimate interests or direct marketing. Right to Withdraw Consent where processing relies on consent as the legal basis. California residents may additionally exercise rights under CCPA/CPRA including opt-out rights for data "sharing" and limitation of sensitive personal information use.
7. Data Security and Retention Protocols
The Company implements organizational and technical measures meeting ISO 27001 standards including: Encryption of data in transit and at rest using industry-standard cryptographic protocols, with specific litigation hold procedures to preserve relevant information when reasonably anticipated legal proceedings or subpoenas are received. Multi-factor authentication requirements for all privileged system access. Regular penetration testing and vulnerability assessments conducted by independent auditors. Comprehensive incident response plans with mandatory breach notification procedures that include protocols for coordinating with legal counsel regarding potential litigation exposure. Data retention schedules aligned with operational needs and legal requirements, typically ranging from immediate deletion for transient data to 7-year retention for financial records, except where extended preservation is required by pending or threatened litigation, government investigation, or subpoena. Secure destruction methods employing cryptographic erasure or physical destruction for decommissioned storage media, suspended when legal holds are in effect.
8. Minors' Data Protection
The Services are expressly designed for business professionals and are not directed to individuals under 18 years of age. The Company does not knowingly collect personal data from minors and will immediately delete such information upon identification. Parents or guardians may contact our Data Protection Officer to request verification of data deletion for potentially underage users.
9. Copyright Complaints and Dispute Resolution
The Company maintains a comprehensive copyright protection program in compliance with the Digital Millennium Copyright Act (DMCA) and equivalent international frameworks. Rights holders may submit takedown notices containing the following elements: Identification of the copyrighted work claimed to be infringed including sufficient detail to locate the material on our platform. Description of the allegedly infringing material with specific URL(s) or other identifying information. Contact details including name, address, telephone number, and email address for correspondence. Statement of good faith belief that the use of the material is not authorized by the copyright owner, its agent, or the law. Verification that the information in the notice is accurate, made under penalty of perjury, and that the complaining party is authorized to act on behalf of the copyright owner. The Company provides counter-notification procedures for users who believe their content was removed in error, requiring similar verification standards. The Company maintains a repeat infringer policy that may result in termination of user accounts for multiple valid violations of intellectual property rights.
10. Intellectual Property Rights Management
The Company complies with the Digital Millennium Copyright Act (DMCA) and analogous international frameworks. Rights holders may submit takedown notices containing: Identification of the copyrighted work claimed to be infringed. Description of the infringing material's location on our platform. Sufficient contact information for correspondence. Statement of good faith belief that use is unauthorized. Verification of notice accuracy under penalty of perjury. Counter-notice procedures are available for Users believing their content was wrongly removed. Repeat infringer policy results in account termination after multiple valid violations.
11. Policy Modifications and User Notification
Privacy-related complaints should be directed to our Data Protection Officer. Unresolved complaints may be escalated to relevant data protection authorities, including for EU Users, their national supervisory authority. This Policy shall be governed by and construed in accordance with the laws of the State of [Jurisdiction], without regard to its conflict of law provisions. Any legal action or proceeding arising under this Policy shall be brought exclusively in the courts located in [Jurisdiction], and the parties hereby consent to personal jurisdiction and venue in such courts. The Company reserves all rights to seek injunctive relief and damages in any court of competent jurisdiction for violations of this Policy or unauthorized data access. Users agree to accept service of process related to legal proceedings via electronic mail to their registered account address.
12. Dispute Resolution and Governing Law
Privacy-related complaints should be directed to our Data Protection Officer. Unresolved complaints may be escalated to relevant data protection authorities, including for EU Users, their national supervisory authority. This Policy shall be governed by and construed in accordance with the laws of the State of New Jersey, without regard to its conflict of law provisions. Any legal action or proceeding arising under this Policy shall be brought exclusively in the courts located in New Jersey, and the parties hereby consent to personal jurisdiction and venue in such courts.
13. Contact Information
For questions, requests, or complaints regarding this policy:
- Platform: Looked
- Email: info@looked.com
Copyright © 2025 Looked LLC. All Rights Reserved