Privacy policy

Privacy Policy

Effective date: 20 January 2026

This Privacy Policy explains how Loomy collects, uses, stores, and protects personal data when you visit or make purchases through our website.

By using the website, you agree to the collection and use of information in accordance with this Privacy Policy.

This Privacy Policy is governed by and interpreted in accordance with the Law of Georgia on Personal Data Protection.

  • Definitions

For the purposes of this Privacy Policy:

Personal Data means any information relating to an identified or identifiable natural person.

Data Subject means a natural person whose personal data is processed.

Processing means any operation performed on personal data, including collection, recording, storage, use, disclosure, deletion, or destruction. Data Controller means Kids Mamas and Papas LLC, which determines the purposes and means of processing personal data.

Data Processor means a third party that processes personal data on behalf of the Data Controller.

Consent means a freely given, specific, informed, and unambiguous indication of the data subject’s will.

Other terms shall be interpreted in accidence to the Law of Georgia on Personal Data Protection.


  • Data Controller

The Loomy brand is owned and operated by:

Legal Entity: Kids Mamas and Papas LLC

Brand Name: Loomy

Address: Tbilisi, Paliashvili Street 60, Georgia, 0179

Email: hello@loomy.ge

Kids Mamas and Papas LLC acts as the data controller for the purposes of applicable data protection laws.


  • Principles of Personal Data Processing

Loomy processes personal data in accordance with the following principles established by the Law of Georgia on Personal Data Protection:

  • lawfulness, fairness, and transparency;
  • processing for specific, explicit, and legitimate purposes; data minimization (processing only data that is necessary);
  • accuracy and timely updating of data;
  • storage limitation;
  • appropriate security including protection against unauthorized or unlawful processing, accidental loss, destruction and/or damage.


  • Information We Collect

We may collect the following categories of personal data:

a) Information you provide directly

  • Full name
  • Email address
  • Phone number
  • Shipping and billing address
  • Order details
  • Payment confirmation details (excluding full card numbers)

b) Automatically collected information

  • IP address
  • Device and browser information
  • Operating system
  • Pages visited and interaction data
  • Cookies and similar technologies

c) Information from third parties

  • Payment status from payment providers
  • Delivery status from courier services
  • Analytics and advertising data from third-party platforms


  • Sources of Personal Data

Loomy collects personal data:

  • directly from you when you place orders, create accounts, or communicate with us;
  • automatically through the use of the website and cookies;
  • from third-party service providers, including payment processors and courier services, solely for the purpose of fulfilling orders and providing services.


  • Purpose of Data Processing

We process personal data for one or more of the following purposes:

  • processing and fulfilling orders;
  • delivering products via third-party courier services;
  • handling returns, refunds, and customer support;
  • processing payments and preventing fraud;
  • complying with legal and tax obligations;
  • improving website functionality and user experience;
  • prevent unlawful actions;
  • marketing communications (where consent is provided);
  • analytics and performance measurement.


  • Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • the data subject has given consent to the processing of their personal data;
  • processing is necessary for the conclusion or performance of a contract with the data subject;
  • processing is required to comply with a legal obligation imposed on the us;
  • processing is necessary to protect our legitimate interests or  of a third party, provided such interests do not override the rights of the data subject;
  • according to law, the data are publicly available or the data subject has made them publicly available;


  • Cookies & Tracking Technologies

We use:

  • essential cookies, which are necessary for the operation of the website and do not require consent;
  • non-essential cookies (analytics and marketing), which are used only with the user’s explicit consent.

You can manage cookie preferences through your browser settings or cookie consent tools available on the website.


  • Sharing of Personal Data

We may share personal data only when necessary and only with:

  • Payment service providers (for payment processing);
  • Third-party delivery and logistics providers;
  • IT and hosting providers (including Shopify);
  • Analytics and marketing platforms (such as Google and Meta);
  • Legal or governmental authorities, where required by law.

We do not sell personal data to third parties.

Third parties process personal data either as independent data controllers or as data processors acting on behalf of Loomy, based on written agreements that ensure confidentiality and compliance with applicable data protection legislation.

  • International Data Transfers

Personal data may be transferred outside the territory of Georgia only where appropriate safeguards are in place and in compliance with the Law of Georgia on Personal Data Protection.

In such cases, Loomy ensures appropriate safeguards in accordance with applicable data protection laws (including GDPR standard contractual clauses where applicable).

Such safeguards may include contractual obligations, organizational measures, and other mechanisms ensuring an adequate level of protection of personal data.


  • Data Retention Period

We retain Personal data only for the period necessary to achieve the legitimate purposes for which it was collected/ processed, unless a longer retention period is required or permitted by applicable legislation.  Once the purpose for which the data was processed has been achieved, the data shall be erased, destroyed or stored in a depersonalised form, unless the processing of data is required by law and/or a subordinate normative legal act issued in accordance with law, and the storing of data is a necessary and proportionate measure in a democratic society to safeguard overriding interests.



  • Data Security

We implement appropriate technical and organizational measures to protect personal data against:

  • unauthorized access;
  • loss or misuse;
  • alteration or disclosure.

Loomy applies appropriate technical and organizational measures to ensure the security of personal data, including access control, staff authorization, confidentiality obligations, and contractual safeguards with service providers. However, no system can guarantee absolute security.

  • Your Rights

You have the right to request confirmation as to whether personal data relating to you is being processed, whether such processing is lawful, and, upon request, to receive the following information free of charge, no later than 10 working days from the date of the request (except in exceptional cases where, this period may be extended by no more than 10 additional working days, of which you shall be notified immediately):

• which personal data relating to you is being processed, as well as the legal basis and purpose of such processing;
• the source from which the data was collected or obtained;
• the period for which the data is stored, and if it is not possible to determine a specific period, the criteria used to determine the storage period;
• to whom the user’s personal data has been disclosed, the legal basis and purpose of such disclosure;
• the identity of the data recipient or the categories of data recipients, including information on the legal basis and purpose of data transfer, where personal data is disclosed to a third party.

You have right to:

  • access your personal data;
  • receive information about processing;
  • access and receive copies of data;
  • request correction, updating, or deletion or block of data;
  • request restriction or termination of processing;
  • withdraw consent at any time, where processing is based on consent;
  • request data portability;
  • appeal violations;

Requests can be sent to hello@loomy.ge.

Loomy will respond to requests within the time limits established by Georgian law. You have the right to lodge a complaint with the Personal Data Protection Service of Georgia or to the court.

11. Marketing Communications

You may receive marketing communications only if:

  • you have provided consent; or
  • applicable law allows it.

You can opt out at any time by using the unsubscribe link or contacting us directly.

12. Children’s Privacy

Our products are intended for children, but the website is operated for adults.

We do not knowingly collect personal data from children without the consent of a parent or other legal representative.

If personal data of a minor has been collected without appropriate consent, such data will be promptly deleted upon notification.

13. Third-Party Websites

The website may contain links to third-party websites.

Loomy is not responsible for the privacy practices or content of such websites. We recommend reviewing their privacy policies separately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Any changes become effective upon publication on the website with an updated effective date.

15. Contact Information

For privacy-related questions or requests, contact us:

Email: hello@loomy.ge

Address: Tbilisi, Paliashvili Street 60, Georgia, 0179