Privacy Policy
FIGS Privacy Policy
Welcome to www.wearfigs.com (the “Site”), a website operated by FIGS, Inc. (“FIGS”, “we”, “us”, or “our”). If you’re reading this, you know that our Site provides users with an opportunity to learn more about and purchase high quality medical apparel (such apparel, our “Products”). We developed this privacy policy (“Privacy Policy”) to explain how we collect, use, and disclose information about you, whether you are simply visiting our Site, making a purchase, or otherwise interacting with us, as well as your rights and choices regarding such information.
So we are clear about the terminology we are using, when we use the phrase “Personal Information” in this Privacy Policy, we mean information, or an opinion, about an individual that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. Personal information may also include sensitive information such as racial or ethnic origin or health information.
By using the Site, you agree to our Terms of Use and consent to our collection, use and disclosure practices, and other activities as described in this Privacy Policy. If you do not agree and consent, discontinue use of the Site.
If you are a California or Nevada resident, please see “Additional Disclosures for California Residents” and “Additional Disclosures for Nevada Residents” below. If you are a European Union (“EU”) resident, please see “Additional Disclosures for EU Residents” below.
If you have any questions or wish to exercise your rights and choices, please contact us as set out in the “Contact Us” section.
How We Collect and Hold Information.
Information You Provide.
We collect Personal Information when you use the Site. The categories of information we collect and have collected about you in the last 12 months include the following:
- Contact Data, including but not limited to your name, email address, postal address, phone number, and similar information about your employer.
- Demographic Data, including but not limited to your birth date and month, gender, country, occupation, student or military status.
- Transaction Data, including but not limited to information about your purchases and the last four digits of your payment card.
- Profile Data, including but not limited to your interests, sizing, preferences, and favorites.
- Content, including but not limited to content within any messages you send to us (such as feedback and questions to customer support) or publicly post on the Site (such as in product reviews).
- Referral Data, including but not limited the name and email address of your friend when you use our “Refer a Friend” feature.
- Job Application Data, including but not limited to your employment and education history, transcript, writing samples, and references.
You may choose to voluntarily provide other information to us that we do not request.
If you do not provide us with the requested information, we may not be able to provide you with access to or full use of our websites and/or services.
We collect information in the following circumstances, and hold the information in the following ways:
- Create an Account. You do not have to create an account in order to browse our Site or place an order. If you choose to create an account, we will collect your Contact Data and Demographic Data. Your password is stored with our service providers and we do not have access to it. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password. We may allow you to store Profile Data and other information through your account.
- To place an order, we will require your Contact Data and Profile Data. We use service providers to process your payments.
- Marketing Communications. If you subscribe to our email mailing list, we collect your Contact Data as well as other information on an optional basis.
- Contests and Promotions. When you enter a contest or participate in a promotion, we collect your Contact Data and any additional information or content required for the contest or promotion. These contests and promotions are voluntary. We recommend that you read the rules for each contest and promotion that you enter.
- Contact Us. When you contact us with a comment, question or complaint through email, social media, or telephone, you may submit Contact Data along with other information or Content.
- Surveys and Customer Research. From time to time, we may offer you the opportunity to participate in one of our surveys or other customer research. We may collect your Contact Data and other information you submit.
- Ambassador Program. When you apply to or participate in our FIGS Ambassador Program, we may collect your Contact Data, Demographic Data, and any additional information or content required for application to or participation in the program. Applying to and participating in the Ambassador Program is voluntary.
- Refer a Friend. By using this feature, you acknowledge and agree that you have your friend’s consent for us to use their contact information to fulfill your request and send them an email about our service.
- Apply for a Job: When you apply for a job, we will collect your Job Application Data as necessary to consider you for job openings.
Information Collected Automatically.
In addition, we automatically collect and hold Personal Information when you use the Site. The categories of information we automatically collect and have automatically collected in the last 12 months include the following:
- Site Use Data, including data about the features you use, the pages you visit, the searches you make, the Products you view and purchase, the referring/exit pages, the domain name, clickstream data, and the date/time stamp for your visit.
- Device Connectivity and Configuration Data including data about your browser or device type, your device’s operating system, your Internet service provider (“ISP”), your device’s regional and language settings, your device’s Internet Protocol (“IP”) address (a number that is automatically assigned to your device when you use the Internet, which may vary from session to session), and other device identifiers.
We use various current – and later – developed tracking technologies to automatically collect information when you use the Site, including the following:
- Log Files, which are files that record information automatically in connection with your use of the Site.
- Cookies, which are small pieces of information stored on your device’s browser that act as a unique tag to identify your browser. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device for extended periods of time) to provide you with a more personal and interactive experience on our Site. Cookies allow us to make the Site more useful to you, remember your preferences, support security features, tailor your experience, better understand how you use the Site, and bring you advertising both on and off the Site.
- Pixels (also known as web beacons), which are pieces of code embedded in a website, video, email, or advertisement that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, video, email, or advertisement that contains a pixel, the pixel may permit us or a third party to drop or read cookies on your browser. Pixels are often used in combination with cookies to track activity by a particular browser on a particular device. We use information collected from pixels to analyze trends, administer the Site, track users’ movements around the Site, gather demographic information about our user base as a whole, better tailor our Site to our users’ needs, and bring you advertising both on and off the Site. For example, some of the information may be collected so that when you visit the Site or again, it will recognize you and the information could then be used to serve advertisements and other information appropriate to your interests.
- Device Fingerprinting, which is the process of analyzing and combining sets of information elements from your device’s browser, such as JavaScript objects and installed fonts, in order to create a “fingerprint” of your device and uniquely identify your browser and device.
For further information on how we use tracking technologies for analytics and advertising, and your rights and choices regarding them, see the “Analytics and Advertising” and “Your Rights and Choices” sections below.
Information from Other Sources.
We also collect and hold Personal Information from other sources. The categories of other sources from which we collect and have collected information in the last 12 months include the following:
- Data brokers or resellers from which we purchase data to supplement the data we collect.
- Social networks when you engage with our content, reference our Site, or grant us permission to access information from the social networks.
- Partners that offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
- Customers in connection with us processing their transactions and purchases.
- Publicly-available sources, including data in the public domain.
How We Use Information.
We collect, hold, use and disclose the Personal Information we collect for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our business purposes for collecting, holding, using and disclosing information, including in the last 12 months, include the following:
- Operating and managing our Site.
- Processing and fulfilling transactions and purchases.
- Performing services requested by you, such as responding to your comments, questions, and requests, and providing customer service.
- Sending you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
- Preventing and addressing fraud, breach of policies or terms, and threats or harm.
- Monitoring and analysing trends, usage, and activities.
- Conducting research, including focus groups and surveys.
- Improving and customizing the Site and our other websites, apps, marketing efforts, products and services.
- Evaluating whether you are a good match for our Ambassador Program and to administer the benefits of the program.
- Developing and sending you direct marketing, including advertisements and communications about our and other party products, offers, promotions, rewards, events, and services.
- Administering your participation in the contest or promotion, including to deliver a prize to you if you are the winner.
- Providing you advertising.
- Fulfilling any other business or commercial purposes at your direction or with your consent.
- Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the “Your Rights and Choices” section below.
How We Share Information.
We share the Personal Information we collect in accordance with the practices described in this Privacy Policy. The categories of entities to whom we disclose and have disclosed information in the last 12 months include the following:
- Service Providers. Your information may be transferred to service providers who process the information on our behalf, including service providers that process purchases for us, host the Site, help with fraud prevention and technical support, verify your eligibility for certain discounts, and provide analytics, advertising, and marketing services. Our service providers are only provided with the information they need to perform their designated functions and are not authorized to use or disclose the information for their own marketing or other purposes, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. Our service providers may be located in the U.S., Canada or other foreign jurisdictions.
- Vendors and Other Parties. We share information with vendors and other parties, including analytics and advertising technology companies. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information. For more information on advertising and analytics, see the “Advertising and Analytics” section below.
- Affiliates. To a parent company, any subsidiaries, joint ventures, or other companies under a common control (collectively, “Affiliates”), in the event we have such Affiliates in the future.
- Partners. We share information with our partners in connection with offering co-branded services, selling or distributing our products, providing promotions, or engaging in joint marketing activities.
- Customers. We share information with our customers in connection with us processing their transactions and purchases.
- Legal and Compliance. We and our Canadian, U.S. and other foreign service providers may disclose your information if we believe that such disclosure is necessary to (i) resolve disputes, investigate problems, or enforce our Terms of Use; (ii) comply with relevant laws or to respond to requests from law enforcement, regulatory bodies or other government officials relating to investigations or alleged illegal activity, or in response to a subpoena, a search warrant or other legally valid inquiry or order; (iii) another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud; or (iv) protect and defend our rights or property or the rights and property of you or third parties.
- Sale of Business. We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of FIGS or as part of a corporate reorganization or other change in corporate control.
- We share information you make public through the Site, such as information when you post a review. Please think carefully before making information public as you are solely responsible for any information you make public. Once you have posted information, you may not be able to edit or delete such information, subject to additional rights set out in the “Your Rights and Choices” section below.
- Facilitating Requests. We share information at your request or direction, such as when you use our “Refer a Friend” feature.
- Consent. We share information with notice to you and your consent.
Notwithstanding the above, we may disclose information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see the “Your Rights and Choices” section below.
Social Media and Technology Integrations.
We offer parts of our Site through websites, platforms, and services operated or controlled by separate entities. In addition, we integrate technologies operated or controlled by separate entities into parts of our Site. Some examples include:
- Links. The Site contains links to other websites that are not owned or controlled by us, including our partner sites and social media websites. These links are not intended as an endorsement of or referral to the linked websites. When you click on such a link, you will leave our Site and go to another site. The linked websites have separate and independent privacy policies, notices and terms of use.
- Brand Pages and Chatbots. We may offer our content through social media. Any information you provide to us when you engage with our content (such as through our brand page on Facebook or Instagram or via our chatbot on Facebook Messenger) is treated in accordance with this Privacy Policy. Also, if you publicly reference our Site on social media (e.g., by using a hashtag associated with us in a tweet or post), we may use your reference on or in connection with our Site.
Please note that when you interact with other entities, including when you leave our Site, those entities may independently collect information about you and solicit information from you. We have no control over, do not review and are not responsible for the privacy policies of or content displayed on such other websites, and therefore to the full extent permitted by law, we have no responsibility or liability in any manner for the manner in which the organizations that operate such websites may collect, use or disclose, secure or otherwise treat information. We recommend that you review the privacy policy of any other website you visit.
Analytics and Advertising.
We use tracking and analytics services such as Google Analytics to track and analyze how visitors use our Site. Google’s right to use and share information collected by Google Analytics about your visits to the Site is governed by the Google Analytics Terms of Service and the Google Privacy Policy. In addition, we work with agencies, ad networks, and other advertising companies to place ads for our products on other websites and services. For example, we place ads through Google and Facebook that you may view on their platforms as well as on other websites and services.
As part of this process, we may incorporate tracking technologies (including cookies and pixel tags) on our Site in order to provide you with tailored advertisements across the Internet. These tracking technologies may collect information about your activity across time and services (including on our Site and other websites such as web pages you visit and your interaction with our advertising and other communications) and use this information to make predictions about your preferences, develop personalized content, compile reports and deliver ads that are more relevant to you on other websites (“Interest-based Advertising”). This information may also be used to evaluate the effectiveness of our online advertising campaigns.
We also use audience matching services to reach people (or people similar to people) who have visited our Site or are identified in one or more of our databases (“Matched Ads”). This is done by us uploading a customer list to a technology service or incorporating a pixel from a technology service into our own Site, and the technology service matching common factors between our data and their data. For instance, we incorporate the Facebook pixel on our Site and may share your email address with Facebook as part of our use of Facebook Custom Audiences.
As indicated above, vendors and other parties may act as our service providers, or in certain contexts, independently decide how to process your information. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.
For further information on the types of tracking technologies we use on the Site and your rights and choices regarding analytics, Interest-based Advertising, and Matched Ads, please see the “Information Collected Automatically” and “Your Rights and Choices” sections.
Your Rights and Choices.
Account Information and Ambassador Program.
If you have an account with us or are a member of our Ambassador Program, you may request access to, updating of, or corrections of inaccuracies to any information you have submitted to us through your account or to our Ambassador Program by emailing us at privacy@wearfigs.com. We may request certain information for the purpose of verifying the identity of the individual seeking access to his or her records.
You may also request deletion of information you have submitted to us through your account or to our Ambassador Program, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete information, it will be deleted from the active database, but may remain in our archives and we may also retain information that does not identify you (including information that has been aggregated or de-identified) about use of our Site and purchase of Products as permitted by applicable law.
Communications.
With your consent, we may send marketing communication to you through various channels, including by email and physical mail.
You can opt out of receiving marketing emails from us at any time by clicking the “Unsubscribe” link at the bottom of each email or emailing us at privacy@wearfigs.com with the word UNSUBSCRIBE in the subject field of the email. Please note that even if you unsubscribe or opt-out, we may still send you transactional, order, Site and Product related communications (e.g., emails related to your orders or comments).
You can also opt out of receiving physical mail marketing communications by emailing us at privacy@wearfigs.com.
After you opt-out or update your marketing preferences, please allow us sufficient time to process your marketing preferences. Unless otherwise required to process your requests earlier by law, it may take up to 5 business days to process your opt out requests in relation to receipt of electronic marketing materials such as emails, and up to 30 days for all other marketing-related requests.
Tracking Technology Choices.
Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. We do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com. Please be aware that if you disable or remove tracking technologies some parts of the Site may not function correctly.
Analytics and Interest-Based Advertising.
You can opt out of the processing of certain data collected by Google Analytics, by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout. The companies we work with to provide you with targeted ads are required by us to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance (“DAA”) and/or the Network Advertising Initiative (“NAI”). For more information about Interest-based Advertising and to understand your options, including how you can opt-out of receiving behavioural ads from participating companies, please visit the DAA website opt-out at http://www.aboutads.info/choices, the DAA of Canada website opt-out at http://youradchoices.ca/choices, or the NAI opt-out at https://www.networkadvertising.org/choices/. Even if you opt-out of interest-based advertising by a participant, tracking technologies used on the Site may still collect data for other purposes including analytics. You may still see ads from us, but the ads from the participants with whom you opted out will not be targeted based on behavioural information about you and may therefore be less relevant to you and your interests.
Please note that your opt out only applies to the specific web browser you use so you must opt out of each web browser on each device you use. To successfully opt out, you must have cookies enabled in your web browser (see your browser’s instructions for information on cookies and how to enable them). Once you opt out, if you delete your browser’s saved cookies, you will need to opt out again.
To opt out of us using your data for Matched Ads, please contact us as set forth in the “Contact Us” section below and specify that you wish to opt out of Matched ads. We will request that the applicable technology service not serve you Matched ads based on information we provide to it. Alternatively, you may directly contact the applicable technology service to opt out.
We are not responsible for the effectiveness of, or compliance with, any opt out options or programs, or the accuracy of any company statements regarding their opt out options or programs.
Safeguards.
We implement reasonable administrative, technical and physical measures in an effort to safeguard the information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information.
International Transfer.
We are based in the U.S. and the information we collect is governed by U.S. law as well as the law of the jurisdiction in which you reside. If you are accessing the site from outside the U.S., please be aware that your information will be processed in the U.S. as well as potentially being disclosed to recipients in other countries. We may disclose personal information outside of the jurisdiction from which it was collected. We may transfer to, hold or access personal information from various countries including but not limited to the U.S., Australia, Canada, United Kingdom, Germany, Poland, France, Netherlands, Spain, and Italy. Some of the countries to which data may be disclosed may be countries where data protection laws may be less stringent than the laws in your country. By using this Site and providing any information, you are consenting to the transfer and processing of your information in conformance with this Privacy Policy.
Access to and Correction of Information.
We will correct, update and/or make our file of your information available to you within a reasonable time from receipt of your request to the contact details as set out in the “Contact Us” section. We will only withhold access where permitted by law.
Retention and Deletion of Information.
We will retain and process your personal data only for as long as is necessary for the purposes for which the information is collected, and to the extent necessary to comply with our legal obligations under applicable law.
When we no longer need to use your personal information or retain it pursuant to legal obligations in order to exercise our legal rights, we will remove it from our systems and records or take steps to anonymise it so that you can no longer be identified from it in accordance with applicable law. When we delete information, it will be deleted from the active database, but may remain in our archives and we may also retain information that does not identify you (including information that has been aggregated or de-identified) about use of our Site and purchase of Products as permitted by applicable law.
Children.
The Site is not directed to children under 13 and we do not knowingly collect personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children under 13. If you are a parent or guardian and you believe we have collected personal information from your child, contact us at privacy@wearfigs.com. If we learn that we have collected personal information from a child under 13, we will delete the information. Additionally, if you are under the age of majority (typically 18 or 19 years, depending on your jurisdiction), you may not purchase any Products. We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.
Changes to this Privacy Policy.
This Privacy Policy is subject to revision from time to time on a going-forward basis. We will post any revised version of the Privacy Policy on this page. If we make any material changes to it, we will also provide you with additional notice such as sending you notice to the last email address you have provided to us. Continued use of our Site or ordering Products following notice of such changes will indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
Contact Us.
If you have any questions, comments or complaints about this Privacy Policy or the manner in which we handle your personal information, or if you have a disability and would like to access this Privacy Policy in an alternative format, please contact us at privacy@wearfigs.com or by telephone at 424-500-8209.
In most cases we will ask that you put your request in writing to us. We will investigate your complaint and will respond to you in writing as soon as reasonably possible. If we fail to respond to your complaint or if you are dissatisfied with the response that you receive from us, you might also have the right to make a complaint to the applicable privacy authorities. In Australia, this is the Office of the Australian Information Commissioner (www.oaic.gov.au).
Additional Disclosures for California Residents.
These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.
California Notice of Collection.
In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:
- Identifiers, including name, address, email address, account name, IP address.
- Customer records, phone number, billing address, employment or education information.
- Demographic information, such as your gender. This category includes pieces of personal information that also qualify as a protected classification characteristics under other pre-existing California or federal laws.
- Commercial information, including purchases and engagement with the Services.
- Internet activity, including history of visiting and interacting with our Service, browser type, browser language and other information collected automatically.
- Employment and education data, including information you provide when you apply for a job with us.
- Inferences, including information about your interests, preferences and favorites.
- For more information on information we collect, including the sources we receive information from, review the “How We Collect Information” section above. We collect and use these categories of personal information for the business purposes described in the “How We Use Information” section above, including to provide and manage our Site.
- We do not sell any of your personal information to third parties for profit. Like most online businesses, we do share some information with contracted third parties in order to provide better services and advertising to you, as disclosed in the “Analytics and Advertising” section above. The CCPA may classify our limited sharing with these contracted third parties as a “sale” of personal information. To the extent “sale” under the CCPA is interpreted to include advertising technology activities, we will comply with applicable law as to such activity. We disclose the following categories of personal information for commercial purposes: identifiers, demographic information, commercial information, internet activity, and inferences. We use and partner with different types of entities to assist with our daily operations and to manage our Site. Please review the “How We Share Information” section for more detail about the parties we have shared information with.
Right to Know and Delete.
If you are a California resident, you have the rights to delete the personal information we have collected from you and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the personal information; and
- The specific pieces of personal information we have collected about you.
To exercise any of these rights, please submit a request through our online form available through our online request portal, call our toll free number at 1-888-688-0059, or email us at californiaprivacy@wearfigs.com. In the request, please specify which right you are seeking to exercise and the scope of the request. We will request the following information: (i) your full name (ii) the region in which you are located at the time you are making your request, (iii) the data subject rights you wish to exercise. We may also require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
Right to Opt-Out of Sale.
We do not sell any of your personal information to third parties for profit. Like most online businesses, we do share some information with contracted third parties in order to provide better services and advertising to you. California law may classify our limited sharing with these contracted third parties as a “sale” of personal information, and we do afford you the option to opt-out of sharing this information. You may submit a request to opt-out through our online request portal. You may also submit a request to opt-out by emailing us at donotsell@wearfigs.com.
Authorized Agent.
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
Right to Non-Discrimination.
You have the right not to receive discriminatory treatment by us for the exercise of any your rights.
Shine the Light.
Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in “Contact Us” above and specify that you are making a “California Shine the Light” request. We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
Additional Disclosures for Nevada Residents.
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at nevadaprivacy@wearfigs.com.
Additional Disclosures for EU Residents.
These additional disclosures apply only to EU residents. FIGS, Inc., 2834 Colorado Ave, Suite 100
Santa Monica, CA 90404 United States, collects and processes EU residents’ Personal Information in compliance with applicable data protection laws, in particular the General Data Protection Regulation, European Regulation 2016/679 (“GDPR”).
The types of Personal Information we collect are detailed in the “How We Collect Information” section above. The “How We Use Information” section above describes the purposes for which we use and otherwise process Personal Information, and the “How We Share Information” section above describes the entities to whom we disclose Personal Information. We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
We rely on several different legal bases for collecting and processing your Personal Information, including: (i) as necessary to perform a transaction (e.g., processing and fulfilling transactions and purchases); (ii) as necessary to comply with a legal obligation (e.g., sending you information regarding changes to our policies and preventing and addressing fraud, breach of policies or terms, and threats or harm); (iii) consent (where you have provided consent as appropriate under applicable law, such as fulfilling any other business or commercial purposes at your direction, performing services requested by you, administering your participation in a contest or promotion, including to deliver a prize to you if you are the winner, evaluating whether you are a good match for our Ambassador Program and to administer the benefits of the program); and (iv) as necessary for our legitimate interests. With respect to our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of you that require protection of Personal Information, such legitimate interests include operating and managing our Site, sending you technical notices, updates, security alerts, and support and administrative messages, monitoring and analysing trends, usage, and activities, conducting research, improving and customizing the Site and our other websites, apps, marketing efforts, products and services, providing you advertising, and developing and sending you direct marketing, including advertisements and communications about our and other party products, offers, promotions, rewards, events, and services.
We retain your Personal Information only for as long as is necessary for the purposes for which the information is collected, and as otherwise described in the “Retention and Deletion of Information” section above.
For the purposes listed in this Privacy Policy or where required by law, we may share your Personal Information with certain entities as described the “How We Share Your Information” section above, and those entities may be located inside or outside the European Economic Area (“EEA”), including in countries which do not adduce the same level of protection of Personal Information as in the EEA, such as the United States, again for the purposes listed above. In any case, we will implement appropriate technical and organizational safeguards in line with the applicable data protection laws to provide adequate protection to Personal Information transferred outside the EEA.
As an EU resident, you are entitled to the following:
- The right to access. You have the right to request copies of your Personal Information.
- The right to rectification. You have the right to request that we correct any information you believe is inaccurate or incomplete.
- The right to erasure. You have the right to request that we erase your Personal Information, under certain conditions.
- The right to restrict processing. You have the right to request that we restrict the processing of your Personal Information, under certain conditions.
- The right to object to processing. You have the right to object to our processing of your Personal Information, under certain conditions.
- The right to data portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The right to withdraw consent. You have the right to withdraw your consent to our processing of your Personal Information at any time where we relied on your consent to process your Personal Information. Please note that withdrawal of your consent does not affect our use or processing of your Personal Information prior to your consent being withdrawn.
You may contact us as described in the “Contact Us” section described above to exercise your rights. Finally, you can always lodge a complaint with your data protection authority, if you would feel that we have not acted in accordance with applicable data privacy legislation.
Last updated: May 4, 2020