Privacy Notice
Last Updated: 18 February 2022
This Privacy Notice describes how More Dash Inc (“DressX”, “we”, “us” or “our”) collects, uses, discloses, and otherwise processes Personal Information (as defined below) in connection with our website https://dressx.com/ (the “Site”), and the related content, platform, services, and other functionality offered on or through our online services, NFT.DRESSX.COM (our non-fungible token (NFT) program), and mobile applications (which are referred to together with the Sites in this Privacy Notice as the “Services”).
GLOBAL APPLICABLITY AND REGION-SPECIFIC DISCLOSURES
This Privacy Notice is designed to apply to our Site visitors, users of our Services and other companies and users on a global basis. We may choose or be required by law to provide additional disclosures relating to the processing of Personal Information in certain countries, regions or states. Please refer below for disclosures that may be applicable to you:
California: If you are a resident of the State of California in the United States, please click here for additional California-specific privacy disclosures.
Nevada: Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Note we do not sell your Personal Information within the meaning of Chapter 603A. However, if you would still like to submit such a request, please contact us at hello@dressx.com.
European Economic Area, United Kingdom or Switzerland: If you are located in the European Economic Area (“EEA”), United Kingdom or Switzerland, or otherwise engage with DressX’ European operations, please see the Privacy Disclosures for the European Economic Area, United Kingdom and Switzerland for additional European-specific privacy disclosures, including what constitutes your Personal Information, the lawful bases we rely on to process your Personal Information, how we use cookies when you access our Sites from the EEA, UK or Switzerland and your rights in respect of your Personal Information.
Click on the links below to jump to each section:
What is personal information?
Collection and Use of Personal Information
How We Share Personal Information
Control Over Your Information
Children’s Personal Information
Third-Party Websites
Updates to this Privacy Notice
Contact Us
What is Personal Information?
When we use the term “Personal Information” in this Privacy Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.
Collection and Use of Personal Information
When you use our Services, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. See the list below for more information about what Personal Information we collect and why.
Information That You Provide
We collect Personal Information from you. The categories of information we collect can include:
Account Information
Examples of Personal Information collected: name, email, address, phone number.
Purpose of collection: to provide products or services to you to fulfill our contract, manage your account, to provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Order Information
Examples of Personal Information collected: name, billing address, shipping address, payment information, email address, and phone number. Note we use third-party payment processors to process your payments. Because we use third-party payment processors, we do not retain any personally identifiable financial information such as credit card numbers. Rather, all such information is provided directly to the third-party processor. The payment processor’s use of your Personal Information is governed by their privacy notice. Please review each processor’s privacy notice to understand how they will manage or otherwise process your Personal Information, including your financial data.
Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Communications and Customer Support Information
Examples of Personal Information collected: name, billing address, shipping address, email address, phone number, or any other Personal Information you choose to provide us.
Purpose of collection: to provide customer support, to investigate and respond to your inquiries, and to communicate with you, to enhance the services we offer to our users and to manage and grow our organization. If you register for our newsletters or updates, we may communicate with you by email.
AR Features (Photos and Images)
Examples of Personal Information collected: individual photos which may include backgrounds or other objects by which your general location could be derived.
Purpose of collection: to provide products or services to you to fulfill our contract.
Please note that if you choose to create an NFT out of the AR Features, and participate in our NFT.DRESSX.COM, we may also collect NFT and cryptocurrency information, as described below.
Marketing emails
Examples of Personal Information collected: email and applicable interests and communication preferences.
Purpose of collection: send you regular updates about our products or services, manage our communications with you, and send you information about products and services we think may be of interest to you.
NFT Information
Examples of Personal Information collected: NFT ownership information, including digital assets and tokens, and other NFT-related information (e.g., transfers of NFTs between accounts, the corresponding smart contracts, amounts paid, and metadata describing each NFT and its properties as a digital asset).
Purposes of collection: to provide you with the services and facilitate your participation in the NFT.DRESSX.COM, to fulfill our contract, and to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
Cryptocurrency Wallet Information
Examples of Personal Information collected: the username and address associated with your digital wallet, digital wallet types, amounts of digital assets and account balances.
Purposes of collection: to provide products or services to you to fulfill our contract, to facilitate your cryptocurrency transactions, and to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
Personal Information Collected from Other Sources and Third Parties
Although we often collect the Personal Information described above directly from you, we also collect this information through service providers and other third parties that collect it on our behalf, as noted below. Please note that our systems may record Personal Information that you type into our websites and other online Service even if you do not choose to submit it.
Account Creation / Single Sign-On. We may use single sign-on ("SSO") to allow a user to authenticate their account through their work email. We will have access to certain information from those third parties in accordance with the authorization procedures determined by those third parties.
Examples of Personal Information collected: username, password, name, email address, and profile picture.
Purpose of collection: We use this information to operate, maintain, and provide to you the features and functionality of the Service. We may also send you service-related emails or messages (e.g., account verification, purchase confirmation, customer support, changes, or updates to features of the Site, technical and security notices).
Social Media. When you interact with our Service through various social media, such as when you click on the social media icon on the Service, follow us on a social media site, or post a comment to one of our pages.
Examples of Personal Information collected: profile information, profile picture, gender, username, user ID associated with your social media account, age range, language, country, and any other information you permit the social network to share with third parties. The data we receive complies with your privacy settings with the social media network.
Purpose of collection: We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.
Information from Other Sources. We may obtain information from other sources, including through third-party information providers, customers, public sources, third-party digital wallet providers, or through transactions such as mergers and acquisitions. We may combine this information with other information we collect from or about you. In these cases, our Privacy Notice governs the handling of the combined Personal Information. We use this information to operate, maintain, and provide to you the features and functionality of the Service, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.
Personal Information Automatically Collected
As is true of most digital platforms, we and our third-party providers and partners collect certain Personal Information automatically when you visit or interact with our websites and:
Log Data: Including your internet protocol (IP) address, operating system, browser type, browser ID, the URL you entered and the referring page/campaign, date/time of your visit, the time you spent on our Service and any errors that may occur during your visit to our Service.
Analytics Data: Including the electronic path you take to our Service, through our Service and when exiting our Service, as well as your usage and activity on our Service, such as the links, objects, products and benefits you view, click or otherwise interact with (also known as “Clickstream Data”). This data will allow us to better understand how you are using our Service and help improve your user experience
Location Data: Including your general geographic location based on the Log Data we collect or more precise location when permitted by law.
Application Data: Some of our services offer mobile or browser applications to allow you to take advantage of our service offerings on the go and/or when visiting third-party websites and other online services. Certain of these applications also allow us to access more precise Location Data about you and collect information about your use and interactions with third-party websites and online services (including the products or services you are interested in or purchase) to better serve you.
We, and our third-party partners such as Snap (through the use of the SnapCamera Kit to power the features of the AR technology) and Apple (through the use of the TrueDepth camera to improve the quality of the lenses), may also collect metadata included in the photos and images that you upload, such as your device model, camera type, camera settings (e.g. ISO, shutter, focal length, lens, aperture), image information (e.g. format, file size, date and time, resolution) or location data (e.g. geotagging).
Our third-party partners such as Snap Inc. (we use CameraKit SDK from Snap Inc.) may also use information from Apple’s TrueDepth camera to improve the quality of Lenses. Information from the TrueDepth camera is used in real time — Snap Inc. doesn't store this information on their servers or share it with third parties. Link to the Snap Inc Privacy Policy
We don't collect and share any Face Data with our APP.
For information about our, and our third-party providers and partners’, use of cookies and related technologies to collect information automatically on our online Service, and the choices you may have in relation to those practices, please visit our Cookie Notice.
Other Uses of Personal Information
In addition to the uses described above, we may collect and use Personal Information for the following purposes:
For our business activities, including to operate the Service and to provide you with the features and functionality of the Service;
To communicate with you and respond to your requests, such as to respond to your questions, contact you about changes to the Service, and communicate about account related matters;
For marketing and advertising purposes, such as to market to you or offer you with information and updates on our products or services we think that you may be interested in. While we may use your Personal Information in this manner, please note that we do not use User Content to serve you ads, and we will never share User Content with any third parties for marketing or advertising purposes, unless you have explicitly submitted it to us for that purpose;
For analytics and research purposes;
To enforce our Terms and Conditions to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties;
To comply with contractual and legal obligations and requirements;
To fulfill any other purpose for which you provide Personal Information; and
For any other lawful purpose, or other purpose that you consent to.
How We Share Personal Information
We may also share, transmit, disclose, grant access to, make available, and provide your Personal Information with service providers and business partners to help us provide our services and fulfill our contracts with you, as described above. For example:
Shopify. We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
AR Providers. As part of the Service, we use augmented reality (AR) to enhance your photos and images and integrate the DressX products. As described in the Collection and Use of Personal Information section, we use business partners such as Snap and Apple. Any information shared with Snap, Apple, or any of our third party business partners is subject to their privacy policy.
Service Providers. We share Personal Information with third party contractors and service providers who perform services on our behalf, which are subject to reasonable confidentiality terms, and which may include processing payments, operating and hosting our NFT.DRESSX.COM and conducting cryptocurrency transactions, shipping partners, AR features and technology, providing web hosting services, technology support providers, email communications providers, analytics providers, data storage providers, and web and video hosting providers and developers.
Business Partners. We may disclose Personal Information to our business partners for transactional and marketing purposes, including to promote their products or services. We may also share your Personal Information with other third parties who may have products or services we think you may enjoy.
Within DressX: We may share with other companies and brands owned or controlled by Guidance, and other companies owned by or under common ownership as DressX. These companies will use your Personal Information in the same way as we can under this Privacy Notice.
Online Advertising Partners. We also share Personal Information with advertising networks or permit these partners to collect information from you directly on our websites to facilitate online advertising, such as search engines and social network advertising providers to serve targeted ads to you or to groups of other users who share similar traits, such as likely commercial interests and demographics, on third-party platforms. For more information, including how to opt out of interest-based advertising, please see our Cookie Notice.
NFT Platform and Blockchain Participants. Please note that if you participate in our NFT.DRESSX.COM, by virtue of the public nature of the blockchain, the holdings and transactions associated with your cryptocurrency wallet address will be publicly available and accessible to third parties.
Legal Requirements. We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights, including enforcing our Terms of Service or other agreements, or protect the security or integrity of the services.
Corporate Transaction. We may transfer any information we collect in the event we sell or transfer all or a portion of our business or assets (including any shares in the company) or any portion or combination of our products, services, businesses and/or assets. Should such a transaction occur (whether a divestiture, merger, acquisition, bankruptcy, dissolution, reorganization, liquidation, or similar transaction or proceeding), we will use reasonable efforts to ensure that any transferred information is treated in a manner consistent with this Privacy Notice.
Consent: We may disclose Personal Information about you to certain other third parties with your consent.
Aggregated and Anonymized Information: We may share your Personal Information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.
Control Over Your Information
Email Communications. From time to time, we may send you emails regarding updates to our Site, products or services, notices about our organization, or information about products/services we offer (or promotional offers from third parties) that we think may be of interest to you. If you wish to unsubscribe from such emails, simply click the “unsubscribe link” provided at the bottom of the email communication. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).
Modifying Account Information. If you have an online account with us, you have the ability to modify certain information in your account (e.g., your contact information) through the [“profile,” “account,” “settings,” or “preferences”] options provided on the Site. If you would like to request access to, or correction or deletion of Personal Information, you may send your request to us at the email provided below. We will review your request and may require you to provide additional information to identify yourself, but we do not promise that we will be able to satisfy your request.
SMS Text Communications. You may opt-out of receiving promotional SMS text messages at any time. Please note that unsubscribing from promotional SMS text messages will not prevent you from receiving SMS texts from DressX directly relating to purchase or service communications such as account verification information. To unsubscribe from promotional SMS texts, email hello@dressx.com and provide your phone number and opt-out preference or reply STOP to one of our commercial text messages. For more information, see our Terms and Conditions.
Children’s Personal Information
Our Service is not directed to, and we do not intend to, or knowingly, collect or solicit Personal Information from children under the age of 13. If you are under the age of 13, please do not use our Site or otherwise provide us with any Personal Information either directly or by other means. If a child under the age of 13 has provided Personal Information to us, we encourage the child’s parent or guardian to contact us to request that we remove the Personal Information from our systems. If we learn that any Personal Information we collect has been provided by a child under the age of 13, we will promptly delete that Personal Information.
Third-Party Websites
Our Site may include links to or redirect you to third-party websites, plug-ins and applications, including social media services where you may connect with us. Third-party websites may also reference or link to our websites and online service. Except where we post, link to or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, and we are not responsible for, any Personal Information practices of third-party websites and online service or the practices of other third parties. To learn about the Personal Information practices of third parties, please visit their respective privacy notices or policies
Updates to this Privacy Notice
We will update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on our Service, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.
Contact Us
If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please send an email to info@dressx.com
Alternatively, inquiries may be addressed to:
1925 Century Park E, #1700, Los Angeles CA 90067, United States
++++++++++++
ADDITIONAL CALIFORNIA PRIVACY DISCLOSURES
These Additional California Privacy Disclosures (the “CA Disclosures”) supplement the information contained in our Privacy Notice and apply solely to individual residents of the State of California (“consumers” or “you”).
These CA Disclosures provide additional information about how we collect, use, disclose and otherwise process Personal Information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018 (“CCPA”). Unless otherwise expressly stated, all terms in these CA Disclosures have the same meaning as defined in our Privacy Notice or as otherwise defined in the CCPA.
For purposes of these CA Disclosures, “personal information” has the meaning provided by the CCPA and does not include information that is publicly available, that is deidentified or aggregated such that it is not capable of being associated with us, or that is excluded from the CCPA’s scope. This section does not apply to information relating to our employees, contractors, and other personnel.
Collection and Use of Personal Information
We collect Personal Information from and about you for a variety of purposes, as described in the Collection and Use of Personal Information section of the Privacy Notice. In the last 12 months, we have collected the following categories of Personal Information:
Identifiers, such as your name, address, phone number, email address, or other similar identifiers, as well as (if you participate in our NFT.DRESSX.COM), the username associated with your digital wallet;
Commercial information, such as records of services purchased, obtained or considered, as well as (if you participate in our NFT.DRESSX.COM) transfers of NFTs between accounts, the corresponding smart contracts, amounts paid, and metadata describing each NFT and its properties as a digital asset, cryptocurrency wallet address and related information, amounts of digital assets, and amount balances;
Internet/Network information, such as device information, logs and analytics data;
Geolocation data, such as approximate location data generated based on your IP address or other information;
Visual information, such as a photo or image to facilitate the purchase of one of our products, as well as (if you participate in NFT.DRESSX.COM) metadata describing each NFT and its properties as a digital asset; and
Inferences about your interests and preferences, generated from your use of our sites.
We collect this information directly from you, from our business partners and affiliates, from your browser or device when you visit our websites, or from third parties that you permit to share information with us.
Disclosure of Personal Information
We share Personal Information with third parties for business purposes. The categories of third parties to whom we disclose your Personal Information for a business purpose include: (i) other brands and affiliates in our family of companies; (ii) our service providers and advisors; (iii) analytics providers; (vii) social networks. To learn more about how we disclose data to third parties, please refer to the How We Share Personal Information section of the Privacy Notice.
Sale of Personal Information
As is common practice among companies that operate online, we allow certain third party advertising networks, social media companies and other third party businesses collect and disclose your Personal Information (including Internet / Network Information, Commercial Information, and Inferences) directly from your browser or device through cookies or tracking technologies when you visit or interact with our websites, use our apps or otherwise engage with us. These third parties use your Personal Information for purposes of analyzing and optimizing our Services and ads on our Site, on other websites or mobile apps, or on other devices you may use, or to personalize content and perform other advertising-related services such as reporting, attribution, analytics and market research. These third-party businesses may use such information for their own purposes in accordance with their own privacy statements, and may sell the information to third parties, including other advertising networks, for advertising and other purposes.
To opt out from sales of this type of Personal Information, you may do so by using the Digital Advertising Alliance ("DAA") CCPA Tool. The DAA offers the CCPA opt out tool as a centralized place to opt out of the sale of Personal Information by all DAA participating businesses that are collecting your Personal Information across multiple websites and apps. To exercise your right to opt out from sales of this type of Personal Information, please visit https://optout.privacyrights.info. To make opt-out requests related to mobile apps on your device, you can download the appropriate app at https://www.privacyrights.info/appchoices. To learn more about how third parties collect information automatically on our Website and the choices you may have in relation to those activities, please see our Cookie Notice.
Your California Privacy Rights
As a California resident, you may be able to exercise the following rights (subject to certain limitations at law):
The Right to Know any or all of the following information relating to your Personal Information we have collected and disclosed in the last 12 months, upon verification of your identity:
The specific pieces of Personal Information we have collected about you;
The categories of Personal Information we have collected about you;
The categories of sources of the Personal Information;
The categories of Personal Information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
The categories of Personal Information we have sold and the categories of third parties to whom the information was sold; and
The business or commercial purposes for collecting or selling the Personal Information.
The Right to Request Deletion of Personal Information we have collected from you, subject to certain exceptions.
The Right to Opt Out of Personal Information Sales to third parties now or in the future.
You also have the right to be free of discrimination for exercising these rights. However, please note that if the exercise of these rights limits our ability to process Personal Information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.
Note that if you participate in NFT.DRESSX.COM, our NFT program, smart contracts are employed that collect certain information that is then stored on a blockchain that we do not control. If you participate in our NFT Program, your information will be cryptographically transmitted and stored on that blockchain, and any deletion or modification of that information (to the extent possible on a blockchain) is governed by the terms of the relevant smart contract associated with the NFT and may not be able to be modified or deleted due to the immutable nature of the blockchain.
How to Exercise Your California Privacy Rights
To exercise your Right to Access, Right to Know or your Right to Deletion, please submit a request by:
Emailing us at hello@dressx.com with the subject line, “California Rights Request”;
Filling out our California Consumer Rights Request Form; or
Calling us at [insert toll-free phone number].
Before processing your request, we will need to verify your identity and confirm you are a resident of the State of California. In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us to the information we maintain about you in our systems. This process may require us to request additional Personal Information from you, including, but not limited to, your email address, phone number, and/or date of last transaction on our Services.
In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.
Authorized Agents
In certain circumstances, California residents are permitted to use an authorized agent to submit requests to know or delete Personal Information on their behalf through the designated methods set forth in this Notice, where we can verify the authorized agent’s authority to act on their behalf by:
receiving a power of attorney valid under the laws of California from the consumer or their authorized agent; or
receiving sufficient evidence to show that the consumer has:
provided the authorized agent signed permission to act on their behalf;
verified the consumer’s own identity directly with us pursuant to the procedures set forth in this Notice; or directly confirmed with us that the consumer provided the authorized agent permission to submit the request on their behalf.
For requests to opt-out of Personal Information “sales”, we require a signed permission demonstrating your authorized agent has been authorized by you to act on your behalf.
California’s Shine the Light
California's “Shine the Light” law (Civil Code Section §1798.83) provides certain rights to California residents that have an established business relationship with us with regard to the disclosure of certain types of Personal Information to third parties for their direct marketing purposes. To opt-out of having your Personal Information disclosed to third parties for their direct marketing purposes, please contact us at hello@dressx.com and provide your contact information to be added to our suppression list.
++++++++++++++++
PRIVACY DISCLOSURES FOR THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM AND SWITZERLAND
While we are primarily based in the United States, DressX maintains operations in Europe and may direct our services to individuals located in the European Economic Area (“EEA”), United Kingdom and Switzerland, including through our Site https://dressx.com/ (collectively, our “European Services”). The following disclosures (“Privacy Disclosures”) apply to our processing of personal data in connection with our European Services.
More Dash Inc., a company duly incorporated and organised under the laws of United States of America, having its registered address at 1925 Century Park E, #1700, Los Angeles CA 90067, is the data “controller” responsible for the processing of personal data in connection with our European Services. This means that we determine and are responsible for how your Personal Information is used. DressX’s Data Protection Office (“DPO”) may be contacted at dpo@dressx.com.
Personal Data: When we use the term “personal data” in this section, we mean information relating to an identified or identifiable natural person.
PERSONAL DATA WE COLLECT FROM YOU WHEN YOU USE THE DRESSX EUROPEAN SERVICES, AND HOW WE USE IT
We collect the categories of personal data that you voluntarily submit directly to us when you use the European Services, as set forth in our Privacy Notice under the section entitled Collection and Use of Personal Information. The table at Annex 1 sets out in detail the categories of personal data we collect about you and how we use that information when you use the European Services, as well as the legal basis which we rely on to process the Personal Information and recipients of that Personal Information.
INFORMATION WE COLLECT ABOUT YOU AUTOMATICALLY
We also automatically collect Personal Information indirectly about how you access and use the European Services, and information about the device you use to access the European Services. For example, we may collect:
information about the features you use and the pages you view on the European Services;
information about your device (such as your IP address, device identifier, device type, model and manufacturer); and
information about your usage patterns (such as how often you use the DressX European Services and your language settings).
We use this information to provide you the features and functionality of the European Services, to monitor and improve the European Services and to develop new services.
The table at Annex 2 sets out further information about the categories of Personal Information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the Personal Information and recipients of that Personal Information.
We may link or combine the Personal Information we collect about you and the information we collect automatically.
We may anonymise and aggregate any of the Personal Information we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the DressX European Services. We may also share such anonymised and aggregated information with others.
HOW LONG WILL WE STORE YOUR PERSONAL INFORMATION
We will usually store the Personal Information we collect about you for no longer than necessary for the purposes set out in Annex 1 and Annex 2, in accordance with our legal obligations and legitimate business interests.
The criteria used to determine the period for which Personal Information about you will be retained varies depending on the legal basis under which we process the Personal Information:
Legitimate Interests. Where we are processing Personal Information based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
Consent. Where we are processing Personal Information based on your consent, we generally will retain the information until you withdraw your consent, or otherwise for the period of time necessary to fulfil the underlying agreement with you or provide you with the applicable service for which we process that Personal Information.
Contract. Where we are processing Personal Information based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
Legal Obligation. Where we are processing Personal Information based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation.
Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the Personal Information, as well as the potential risk of harm from unauthorised use or disclosure of your Personal Information.
RECIPIENTS OF PERSONAL INFORMATION
In addition to the recipients listed in Annexes 1 and 2, we may also share your Personal Information with the following (as required in accordance with the uses set out in Annexes 1 and 2):
Service providers and advisors: we may share your Personal Information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing professional services, such as legal and accounting services, mailing, email or chat services, fraud prevention, web hosting, or providing analytic services.
Affiliates. Other companies owned by or under common ownership as DressX, including our subsidiaries (i.e., any organisation we own or control) and our ultimate holding company (i.e., any organisation that owns or controls us) and any subsidiaries it owns. These companies will use your Personal Information in the same way as we can under these Privacy Disclosures.
Purchasers and third parties in connection with a business transaction: your Personal Information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
Law enforcement, regulators and other parties for legal reasons: we may share your Personal Information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements, including our Terms; and/or (iii) exercise or protect the rights, property, or personal safety of DressX, its users or others.
MARKETING AND ADVERTISING
From time to time we may contact you with information about our services, including sending you marketing messages and asking for your feedback on our services. Most marketing messages we send will be by email. For some marketing messages, we may use Personal Information we collect about you to help us determine the most relevant marketing information to share with you.
Where we rely on consent to send you marketing communications, we will only send you such messages if you have given us your consent to do so. You can withdraw your consent at a later date by clicking on the unsubscribe link at the bottom of our marketing emails or by updating your preferences via your account on the Site.
STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
Security. We implement appropriate technical and organisational measures to protect your Personal Information against accidental or unlawful destruction, loss, change or damage. All Personal Information we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information or national identification numbers.
International Transfers of your Personal Information. The Personal Information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the EEA, United Kingdom or Switzerland, your Personal Information may be processed outside of those regions, including in the United States.
In the event of such a transfer, we ensure that: (i) the Personal Information is transferred to countries recognised as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission.
If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of these Privacy Disclosures.
PROFILING
We may analyze personal data we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively send product updates. We may also use personal data about you to detect and reduce fraud. and credit risk.
YOUR RIGHTS IN RESPECT OF YOUR PERSONAL INFORMATION
In accordance with applicable privacy law, you have the following rights in respect of your Personal Information that we hold:
Right of access. You have the right to obtain:
confirmation of whether, and where, we are processing your Personal Information;
information about the categories of Personal Information we are processing, the purposes for which we process your Personal Information and information as to how we determine applicable retention periods;
information about the categories of recipients with whom we may share your Personal Information; and
a copy of the Personal Information we hold about you.
Right of portability. You have the right, in certain circumstances, to receive a copy of the Personal Information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete Personal Information we hold about you without undue delay.
Right to erasure. You have the right, in some circumstances, to require us to erase your Personal Information without undue delay if the continued processing of that Personal Information is not justified.
Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your Personal Information if the continued processing of the Personal Information in this way is not justified, such as where the accuracy of the Personal Information is contested by you.
Right to withdraw consent. There are certain circumstances where we require your consent to process your Personal Information. In these instances, and if you have provided consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your Personal Information before your withdrawal.
You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your Personal Information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html).
If you wish to exercise one of these rights, please contact us using the contact details at the end of these Privacy Disclosures, or you can email us at hello@dressx.com.
Due to the confidential nature of data processing we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.
Note that if you participate in NFT.DRESSX.COM, our NFT program, smart contracts are employed that collect certain information that is then stored on a blockchain that we do not control. If you participate in our NFT Program, your information will be cryptographically transmitted and stored on that blockchain, and any deletion or modification of that information (to the extent possible on a blockchain) is governed by the terms of the relevant smart contract associated with the NFT and may not be able to be modified or deleted due to the immutable nature of the blockchain.
COOKIES AND SIMILAR TECHNOLOGIES USED ON OUR EUROPEAN SERVICES
Our European Services uses cookies and similar technologies such as pixels and Local Storage Objects (LSOs) like HTML5 (together "cookies") to distinguish you from other users of our European Services. This helps us to provide you with a good experience when you browse our European Services and also allows us to monitor and analyse how you use and interact with our European Services so that we can continue to improve our European Services. It also helps us and our advertising partners to determine products and services that may be of interest to you, in order to serve you targeted advertisements.
Cookies are pieces of code that allow for personalisation of our European Services experience by saving your information such as user ID and other preferences. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.
We use the following types of cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our European Services. They include, for example, cookies that enable you to log into secure areas of our European Services.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our European Services when they are using it. This helps us to improve the way our European Services works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our European Services. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our European Services, the pages you have visited and the links you have followed. We will use this information to make our European Services and the advertising displayed on it, and the marketing messages we send to you more relevant to your interests. We may also share this information with third parties who provide services to us for this purpose.
Third party cookies. Please be aware that advertisers and other third parties may use their own cookies tags when you click on an advertisement or link on our European Services. These third parties are responsible for setting out their own cookie and privacy policies.
Other than strictly necessary cookies, which are required for the operation of our European Services, we will only place cookies on your device if you give us your consent to do so. We will ask you to tell us which cookies you agree to receive when you first access our European Services.
Please see Annex 3, Cookie Notice, for more information about the cookies we use on the European Services.
TRACKING TECHNOLOGIES USED IN OUR EMAILS
Our emails may contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. This helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and to understand if you have opened and read any important administrative emails we might send you.
Most popular email clients will allow you to block these pixels by disabling certain external images in emails. You can do this through the settings on your email client – these generally give you the option of choosing whether emails will display "remote images", "remote content" or "images" by default.
Some browsers also give you the option of downloading and installing extensions that block pixels and other tracking technologies.
+++++++++++++
ANNEX 1 – PERSONAL INFORMATION YOU PROVIDE TO US
Category of Personal Information |
How we may use the Personal Information |
Legal Bases for Processing |
Recipients of Personal Information |
Contact information, such as first name, last name and email address. |
We may use this information to set up and authenticate your account on the European Services. |
The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you, namely our Terms of Service. |
We may also share your Personal Information with: Analytics management (Amplitude, Mixpanel, Google Analytics, Facebook, Firebase, branch.io). Snap, Google Storage. |
We may use this information to communicate with you, including sending service-related communications. |
The processing is necessary for the performance of a contract with you, namely our Terms of Service. |
||
We may use this information to deal with enquiries and complaints made by or about you relating to the European Services. |
The processing is necessary for our legitimate interests, namely administering the European Services, and for communicating with you effectively to respond to your queries or complaints. |
||
We may use this information in connection with providing you with marketing communications in accordance with your preferences. |
We will only use your Personal Information in this way to the extent you have given us consent to do so. |
||
Your registration / account information such as your full name, email, and password. |
We may use this information to create your account on the European Services. |
The processing is necessary for the performance of a contract with you. |
|
We use this information to deal with enquiries and complaints made by or about you relating to the European Services. |
The processing is necessary for our legitimate interests, namely for communicating with our members effectively to respond to any queries or complaints. |
||
If you participate in NFT.DRESSX.COM, we may also collect contact information such as the username associated with your digital wallet |
We may use this information to set up and authenticate your account on the European Services. We use this information to deal with enquiries and complaints made by or about you relating to the European Services. |
The processing is necessary for the performance of a contract with you. The processing is necessary for our legitimate interests, namely for communicating with our members effectively to respond to any queries or complaints. |
[insert digital wallet providers] |
Payment transaction information. When you may a purchase, we may collect information such as your billing address and other information such as date and time of your transaction. If you participate in our NFT.DRESSX.COM we may also collect transfers of NFTs between accounts, the corresponding smart contracts, amounts paid, digital wallet types, amounts of digital assets and account balances. |
We may use this information to process your orders through the European Services. |
The processing is necessary for the performance of a contract. |
We share this information with: Apple, Google, Stripe, Braintree and PayPal. [insert digital wallet providers] |
We may use this information to verify your identity in connection with the detection and prevention of fraud or financial crime. |
The processing is necessary for our and third partiers' legitimate interests, namely the detection and prevention of fraud and financial crime. |
||
Photos and Images. When you upload a photo or image to facilitate the purchase of one of our products, we may collect information such as the photos and image, and will use tools such as augmented reality to facilitate the editing process. If you participate in NFT.DRESSX.COM we may also collect metadata describing each NFT and its properties as a digital asset. |
We use this information to provide the European Services. |
The processing is necessary for performance of a contract with you. |
We share this information with: |
Approximate Location information. When you visit our European Services, we may collect information about your location. This information may be derived from WiFi positioning or your IP address. |
We may use information to present the European Services to you on your device. |
The processing is necessary for performance of a contract with you. |
|
We may use this information to localise features of the European Services. |
The processing is necessary for our legitimate interest, namely localising features of the European Services and tailoring the European Services so that it is more relevant to our users. |
||
We may use this information to determine content that may be of interest to you. |
The processing is necessary for our legitimate interests, namely tailoring the European Services so that it is more relevant to you. |
||
Communications and feedback. When you contact us directly, e.g. by email or phone we will record your comments and opinions. |
We may use this information to address your questions, issues and concerns. |
The processing is necessary for our legitimate interests, namely communicating with you and responding to queries, complaints and concerns. |
We may share any information you provide to us when you contact us with: Amazon Web Services (AWS) |
We may use this information to improve the European Services. |
The processing is necessary for our legitimate interests (to develop and improve our service). |
||
Information received from third parties, such as social networks. If you interact with us through a social network, we may receive information from the social network such as your name, profile information, and any other information you permit the social network to share with third parties. We also use single sign-on ("SSO") to allow users to authenticate their account using one set of login information. The data we receive is dependent on your privacy settings with the social network. |
We may use this information to reshare content created through the use of the European Services |
The processing is necessary for our legitimate interests (to develop our service and inform our marketing strategy) |
We may also share your Personal Information with: |
We may use this information to authenticate you and allow you to access the European Services. |
The processing is necessary for the performance of a contract with you. |
||
Your preferences, such as preferences set for notifications, marketing communications, how the European Services is displayed and the active functionalities on the European Services. |
We use this information to provide notifications, send news, alerts and marketing communications and provide the European Services in accordance with your choices. |
The processing is necessary for our legitimate interest, namely ensuring the user receives the correct marketing and other communications, and that this is displayed in accordance with the user's preferences. |
We may also share your Personal Information with: Analytics managment (Amplitude, Mixpanel, Google Analytics, Facebook, Firebase, branch.io). Snap, Shopify. |
We use this information to ensure that we comply with our legal obligation to send only those marketing communications to which you have consented. |
The processing is necessary for compliance with a legal obligation to which we are subject. |
ANNEX 2 – PERSONAL INFORMATION COLLECTED AUTOMATICALLY
Category of Personal Information |
How we may use it |
Legal basis for the processing |
Recipients of Personal Data |
Approximate location information. Other than information you choose to provide to us, we do not collect information about your precise location. Your device’s IP address may however help us determine an approximate location. |
We may use information you provide to us about your location to monitor and detect fraud or suspicious activity in relation to your DressX account. |
The processing is necessary for our legitimate interests, namely to protect our business and your account from fraud and other illegal activities. |
We may share this information with the following: We use Google Analytics to help us understand how our website and services are used. We use Facebook for remarketing. Please see our Cookie Notice for more information about our use of cookies and similar technologies. |
We may use this information to tailor how the European Services is displayed to you (such as the language in which it is provided to you). |
The processing is necessary for our legitimate interest, namely tailoring our service so that it is more relevant to our users. |
||
Information about how you access and use the European Services. For example, how frequently you access the European Services, the time you access the European Services and how long you use it for, the approximate location that you access the European Services from, the site from which you came and the site to which you are going when you leave our website, the website pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the European Services from multiple devices, and other actions you take on the European Services. |
We may use information about how you use and connect to the European Services to present the European Services to you on your device. |
The processing is necessary for our legitimate interests, namely to tailor the European Services to the user. |
|
We may use this information to determine products and services that may be of interest to you for marketing purposes. |
The processing is necessary for our legitimate interests, namely to inform our direct marketing. |
||
We may use this information to monitor and improve the European Services and business, resolve issues and to inform the development of new products and services. |
The processing is necessary for our legitimate interests, namely to monitor and resolve issues with the European Services and to improve the European Services generally. |
||
Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the European Services. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the European Services through the device, your mobile network, your IP address and your device’s telephone number (if it has one). |
We may use information about how you use and connect to the European Services to present the European Services to you on your device. |
The processing is necessary for our legitimate interests, namely to tailor the European Services to the user. |
|
We may use this information to monitor and improve the European Services and business, resolve issues and to inform the development of new products and services. |
The processing is necessary for our legitimate interests, namely to monitor and resolve issues with the European Services and to improve the European Services generally. |
ANNEX 3 – COOKIE POLICY
Scope of Notice
This Cookie Notice supplements the information contained in the Privacy Notice by explaining how we and our business partners and services providers use cookies and related technologies in the course of managing and providing our online services and our communications to you. It explains what these technologies are and why we use them, as well as your rights to control our use of them.
In some cases, we may use cookies and related technologies described in this Cookie Notice to collect Personal Information, or to collect information that becomes Personal Information if we combine it with other information. For more details about how we process your Personal Information, please review the Privacy Notice.
What Are Cookies and Related Technologies
Cookies are small data files that are stored on your computer that allow us and our third-party partners and providers to collect certain information about your interactions with our email communications, websites and other online services. We and our third-party partners and providers may also use other, related technologies to collect this information, such as web beacons, pixels, embedded scripts, location-identifying technologies and logging technologies (collectively, “cookies”).
What We Collect When Using Cookies
We and our third-party partners and providers may use cookies to automatically collect certain types of usage information when you visit or interact with our email communications, websites and other online services, or otherwise engage with us. For example, we may collect log data about your device and its software, such as your IP address, operating system, browser type, date/time of your visit, and other similar information. We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure usage and activity trends for our online services and better understand our customer base. When you access our Sites from a mobile device, we may collect unique identification numbers associated with your device or our mobile application (including, for example, a UDID, Unique ID for Advertisers (“IDFA”), Google AdID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate a device’s location by analyzing other information, like an IP address.
Third-party partners and providers may also collect Personal Information about your online activities over time and across different websites when you use our websites and online services.
How We Use That Information
We use or may use the data collected through cookies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit our websites and online services; (b) provide and monitor the effectiveness of our websites and online services; (c) monitor online usage and activities of our websites and online services; (d) diagnose errors and problems with our websites and online services; (e) otherwise plan for and enhance our online services; and (f) facilitate the purposes identified in the Collection and Use of Personal Information section of our Privacy Notice. We and our advertising partners also use the information we collect through cookies to understand your browsing activities, including across unaffiliated third-party sites, so that we can deliver ads and information about products and services that may be of interest to you.
Please note that we link some of the Personal Information we collect through cookies with the other Personal Information that we collect about you and for the purposes described in our Privacy Notice.
Your Choices About Cookies
Most browsers also allow you to change your cookie settings to block certain cookies. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. Please note that if you choose to refuse all cookies you may not be able to use the full functionality of our European Services. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.
Cookie settings in Internet Explorer
Cookies settings in Safari web and iOS.
If you would like to find out more about cookies and other similar technologies, please visit www.allaboutcookies.org. or the Network Advertising Initiative's online sources at www.networkadvertising.org. We and our third-party partners may also use cookies and tracking technologies for advertising purposes.
Please note that deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like HTML5.
You can also learn more about Google’s practices with Google Analytics by visiting Google’s privacy policy here. You can also view Google’s currently available opt-out options here.
Your Choices About Online Ads
We support the self-regulatory principles for online behavioral advertising (Principles) published by the Digital Advertising Alliance (DAA). This means that we allow you to exercise choice regarding the collection of information about your online activities over time and across third-party websites for online interest-based advertising purposes. More information about these Principles can be found at www.aboutads.info. If you want to opt out of receiving online interest-based advertisements on your internet browser from advertisers and third parties that participate in the DAA program and perform advertising-related services for us and our partners, please follow the instructions at www.aboutads.info/choices, or http://www.networkadvertising.org/choices/ to place an opt-out cookie on your device indicating that you do not want to receive interest-based advertisements. Opt-out cookies only work on the internet browser and device they are downloaded onto. If you want to opt out of interest-based advertisements across all your browsers and devices, you will need to opt out on each browser on each device you actively use. If you delete cookies on your device generally, you will need to opt out again.
If you want to opt out of receiving online interest-based advertisements on mobile apps, please follow the instructions at http://www.aboutads.info/appchoices.
Please note that when you opt out of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on our online services. It means that the online ads that you do see from DAA program participants should not be based on your interests. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, third parties may still use cookies to collect information about your use of our online services, including for analytics and fraud prevention as well as any other purpose permitted under the DAA’s Principles.
Our Use of Cookies on the Site
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
Name |
Function |
---|---|
_ab |
Used in connection with access to admin. |
_secure_session_id |
Used in connection with navigation through a storefront. |
cart |
Used in connection with shopping cart. |
cart_sig |
Used in connection with checkout. |
cart_ts |
Used in connection with checkout. |
checkout_token |
Used in connection with checkout. |
secret |
Used in connection with checkout. |
secure_customer_sig |
Used in connection with customer login. |
storefront_digest |
Used in connection with customer login. |
_shopify_u |
Used to facilitate updating customer account information. |
Reporting and Analytics
Name |
Function |
_tracking_consent |
Tracking preferences. |
_landing_page |
Track landing pages |
_orig_referrer |
Track landing pages |
_s |
Shopify analytics. |
_shopify_fs |
Shopify analytics. |
_shopify_s |
Shopify analytics. |
_shopify_sa_p |
Shopify analytics relating to marketing & referrals. |
_shopify_sa_t |
Shopify analytics relating to marketing & referrals. |
_shopify_y |
Shopify analytics. |
_y |
Shopify analytics. |
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.