Privacy Policy

1. Introduction

Coop & Loop ("we," "our," or "us") is committed to protecting the privacy and confidentiality of all information entrusted to us. As stewards of corporate wardrobes and professional attire as value creating assets and providers of fiduciary-grade post-use stewardship systems, we understand the critical importance of data protection, privacy, and security in our operations across North America and Europe.

This Privacy Policy describes how we collect, use, protect, and share information in connection with our bespoke advisory, materials recovery, stewardship, and impact management services.

2. Scope and Applicability

This policy applies to:

• All client engagements and advisory services
• Materials recovery and asset stewardship operations
• Use of our proprietary technology infrastructure, including the Coop & Loop Client Card and Marvarzi™ platform
• All data processing activities conducted in North America and Europe
• Information collected through our website, communications, and service delivery

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Contractual Necessity: To perform our stewardship and advisory services
• Legitimate Interests: For business operations, risk management, and service improvement
• Legal Compliance: To meet regulatory, ESG reporting, and governance requirements
• Consent: Where explicitly provided for specific processing activities

4. Information We Collect

4.1 Client and Business Information

• Corporate and organizational details
• Contact information of authorized representatives
• Financial and asset information related to professional wardrobe stewardship
• ESG compliance and sustainability data
• Governance and risk management information

4.2 Asset and Materials Data

• Professional wardrobe asset inventories and specifications
• Materials composition and provenance information
• Asset lifecycle and stewardship tracking data
• Performance analytics and impact measurements

4.3 Technical and System Data

• Information collected through our proprietary technology infrastructure
• Traceability and accountability data from secure asset tracking systems
• Platform usage analytics and performance metrics
• System access logs and security monitoring data

4.4 Website and Communication Data

• Website visitor information and interaction data
• Email communications and inquiry submissions
• Marketing preferences and engagement metrics

5. How We Use Information

We use collected information to:

• Provide fiduciary-grade stewardship services and advisory consulting
• Operate materials recovery and asset stewardship programs
• Generate performance analytics, ROI quantification, and impact validation
• Ensure compliance with ESG regulations and sustainability standards
• Maintain enterprise-grade traceability and accountability systems
• Optimize processes and enhance service delivery
• Conduct due diligence and compliance reporting
• Communicate with clients and stakeholders
• Protect against fraud, security threats, and operational risks

6. Information Sharing and Disclosure

6.1 We may share information with:

• Service Providers: Third-party vendors supporting our operations under strict confidentiality agreements
• Professional Advisors: Legal counsel, auditors, and consultants bound by professional confidentiality
• Regulatory Authorities: As required by applicable laws and regulations
• Business Partners: Within our stewardship ecosystem, subject to appropriate safeguards

6.2 We do not:

• Sell personal or business information to third parties
• Share confidential client data without explicit authorization
• Disclose proprietary stewardship methodologies or competitive information

7. Data Security and Protection

We implement enterprise-grade security measures including:

• Advanced encryption for data in transit and at rest
• Multi-factor authentication and access controls
• Regular security assessments and vulnerability testing
• Secure data centers with physical and logical security controls
• Employee training on data protection and confidentiality
• Incident response and breach notification procedures

8. Cross-Border Data Transfers

For our North American and European operations:

• EU-US Transfers: We ensure adequate protection through appropriate safeguards including Standard Contractual Clauses and adequacy decisions
• Intra-Corporate Transfers: Internal data sharing follows binding corporate rules and data protection agreements
• Third-Party Transfers: All international data transfers include appropriate safeguards and legal protections

9. Data Retention

We retain information for:

• Client Data: Duration of engagement plus applicable legal retention periods
• Asset Stewardship Records: As required for traceability, accountability, and regulatory compliance
• Financial Records: In accordance with applicable accounting and tax regulations
• Communications: As needed for business continuity and legal compliance

10. Your Rights

Depending on applicable law, you may have rights including:

• Access: Request information about data processing activities
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of personal data in certain circumstances
• Portability: Receive data in a structured, machine-readable format
• Restriction: Limit processing in specific situations
• Objection: Object to processing based on legitimate interests
• Withdrawal of Consent: Where processing is based on consent

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Ensure proper website functionality
• Analyze website usage and performance
• Personalize user experience
• Support security measures

You can manage cookie preferences through your browser settings.

12. Third-Party Links and Services

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.

13. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices, services, or applicable laws. Material changes will be communicated through appropriate channels, and we will update the "Last Updated" date accordingly.

14. Compliance and Governance

This Privacy Policy is governed by applicable data protection laws including:

• European Union: General Data Protection Regulation (GDPR)
• United Kingdom: UK GDPR and Data Protection Act 2018
• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws
• United States: State privacy laws including CCPA, CPRA, and sector-specific regulations

15. Contact Information

For privacy-related inquiries, data subject requests, or concerns:

---

This Privacy Policy is designed to meet the requirements of applicable data protection laws in our service areas. Organizations should consult with legal counsel to ensure compliance with specific jurisdictional requirements and industry regulations.