1. Roles
The merchant is the controller of end-customer personal data processed via their LOAM store. LOAM (Fernway Group Ltd.) acts as processor for that data.
2. Subject matter and duration
LOAM processes personal data to provide commerce functionality (cart, checkout, fulfilment, customer accounts, customer agent) for the duration of the User Terms.
3. Instructions
LOAM processes personal data only on documented instructions from the merchant — including for transfers outside the EEA — unless required to do otherwise by applicable law.
4. Confidentiality
Personnel authorised to process personal data are subject to confidentiality obligations.
5. Security
Per-tenant database isolation, encryption in transit and at rest, role-based access control, audit logging, regular access reviews, and other measures appropriate to the risk.
6. Sub-processors
The merchant authorises LOAM to engage sub-processors. LOAM maintains a list of current sub-processors and will notify the merchant of intended changes with reasonable lead time, allowing objection.
7. Data subject rights & breach notification
LOAM will assist the merchant in responding to data subject requests and will notify the merchant without undue delay of any personal data breach affecting their data.
8. Deletion / return
On termination, LOAM will delete or return personal data at the merchant's choice, save where retention is required by law.
9. International transfers
Where personal data is transferred outside the UK / EEA, LOAM relies on the UK International Data Transfer Addendum or Standard Contractual Clauses with supplementary measures as appropriate.