Website

Privacy Policy

 

 

Welcome to Size Me Up Ltd.’s Privacy Policy. While you’re having a blast reading this legal documentation, we wanted to say something very important.

Size Me Up respects your privacy.

We are committed to protecting the personal data of all individuals whom we engage with.

We believe privacy is a human right, and incorporate these ethics into all aspects of our business.

 

Table of contents

Overview

Purpose of this policy

Data controller

Get in touch with our Data Protection Officer (DPO)

Changes

  • Changes to the privacy policy
  • Your duty to inform us of changes

When you use our website

  • Third-party links on our website
  • The data we collect about our customers via our website

When you use our widget

  • Third-party links on our website
  • The data we collect about our customers via our widget
  • Third-party links and access to data on our widget

B2B (for our business customers)

  • Third-party links on our website
  • The data we collect about our B2B customers

Aggregated and Anonymised Data

Special Categories of Personal Data

General Information about your personal data

  • How is your data collected?
  • How do we use (or process) your personal data?

Glossary of terms (table)

  • Purposes for which we process your personal data
  • Change of purpose

Purpose of processing (table)

  • Marketing
  • Third-party marketing
  • Promotional offers from Size Me Up
  • Cookies

Disclosures of personal data

  • International transfers of data

Data Security

Data Retention

  • How long will you hold my personal data for?

Your Legal Rights

  • No fee required (usually)
  • What we may need from you
  • Response time limit

Overview

This policy applies to all individuals that Size Me Up Ltd. engages with.

Whether you are a site-user (by visiting our main website, https://sizemeup.xyz), a customer (a user of our Size Me Up Widget (referred to also as “widget” within this document), embedded on the site of a partner or retailer), or a vendor we work with (such as a third-party retailer that we engage with in a business capacity), this policy applies to you.

This privacy policy will inform you about how we look after your personal data. It will also tell you about your privacy rights, and how the law protects you.

We are proud to take a global approach to privacy, and offer the same high-standard of protection toward your data, regardless of where you are located in the world.

Purpose of this policy

This privacy policy aims to give you information about how Size Me Up Ltd. collects and processes your personal data.

 

 

This website and our services are not intended for children, and we do not knowingly collect data related to children. 

The age at which an individual is considered a child will vary from country to country. Please refer to your local laws to understand whether or not you are of age and therefore able to consent to a contract for receipt of digital services (also known as the “Digital Age of Consent”) from us.

If you are considered a child within your jurisdiction you must not consent to these terms. You must not use our site, nor any of our services. 

If you believe Size Me Up Ltd. is processing data belonging to a child and whose parent or guardian has not consented to this processing, please contact (in writing) the DPO at DPO@sizemeup.xyz or using the details found in this document in the section titled Get in touch with our DPO.

We may process data related to children with the consent of a parent or guardian. If you are a parent or guardian and would like to grant consent on behalf of a child, please contact us at DPO@sizemeup.xyz. We will then do our best to assist you with your request.

 

We provide many products and services to the individuals whom we engage with.

It is important that you read this privacy policy together with any other policies we may provide (such as our Cookies Policy if you use our site or widget, or Data Privacy and Security Policy (if you are a third-party vendor such as a retailer), so that you are fully aware of how and why we are using your data.

This privacy policy supplements other notices and privacy policies and is not intended to override them.

Data controller

Size Me Up Ltd. is the data controller and is responsible for your personal data. Collectively, Size me Up Ltd. Will be referred to as “Size Me Up,” “us,” “we,” or “our” within this policy.

We have appointed a Data Protection Officer (DPO), who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, our privacy practices, or wish to make a request to exercise your legal rights, please contact our DPO in writing using the details set out below. Sending the request directly to us will allow us to address your request as soon as possible.

 

Please note that you have a right to make a complaint at any time to the Information       Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

We would, however, appreciate the chance to deal with your concerns before you reach out to the ICO. Please don’t hesitate to contact us.

Get in touch with our Data protection officer (DPO)

 

 

 

Entity Name                    Size Me Up Ltd.

Entity Registration #        SC567441 

Email Address               

Postal Address               Size Me Up Limited, PO BOX at

                                        101 Rose Street South Lane, Edinburgh, Scotland, 

                                        United Kingdom, EH2 3JG

 

Changes

Changes to the privacy policy

We keep our privacy policy under regular review. This version was last updated in July 10 2020.  Historic versions are archived, and can be obtained by contacting us. 

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.  

When you use Our website

Third-party links on our website

 

Generally, Third-Parties refer to any companies that are not owned by Size Me Up Ltd. or its subsidiaries, such as retailers that have embedded our widget into their website.

 

Our website (https://sizemeup.xyz) may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third-parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you strongly to read the privacy policy of every website you visit.

The data we collect about our customers via our website  

 

What is personal data?

Broadly, personal data, or personal information, means any information about an individual from which that person can be identified directly or indirectly. It does not include data where the identity has been removed (such as anonymous data).

 

We may collect, use, transfer, or store different kinds of personal data about you when you use our website. We explain these “categories” of data in the Categories of Personal Data table below.

If you have any questions about the specific data points we process about you, please contact us in writing to DPO@sizemeup.xyz

Category of Data

Examples

Identity Data

Broadly, this is information about you as the account holder (if you choose to create a profile on our site). If you create a profile, this will include your first and last name.

Contact Data

If you choose to create a profile on our site, this includes your email address (which is also your username).

Profile Data

This includes your username (which is also your email address) and your password (that you create and we do not have access to). 

  Please note that your password is hashed and encrypted. If you lose your password you must create a new one. We do not have access to your password and cannot change it for you. You can create a new password through the sign-in section of our website or Widget and by clicking on the “forgotten password” link. You will be sent a re-registration link to the email account that you used to create your account (which is also your username). 

Financial Data

If you order a product or service using our site, we may collect financial data including bank account details that you provide (such as the brand of payment card, the last four digits of your payment card, and the country of your payment card, and billing address).

Transaction Data

This includes details about payments to and from you, and purchase information.

Digital Location Data

This includes device location data and IP address.

Device Data

This includes the type of device you use when you engage with our website, network information, OS (Operating System) information, date and timestamp information on engagement with our site, and the duration of the interaction you have with the site.

Usage Data

Broadly, this includes data related to your visits of our website, traffic data, data collected as you use of our widget, and other communication data collected as you engage with our widget.

Technical data

Data about your equipment, browsing actions and patterns, such as network information and OS (Operating System) information.

 

Where we need to collect personal data by law (or under the terms of a contract we have with you) and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.

For example, you may not be able to access our website or you will receive limited functionality on our site if you do not consent to the necessary Cookies. In this case, you will either experience limited functionality or be prohibited from accessing our website entirely.

When you use Our Widget

The data we collect about our customers via our widget

 

 

What is personal data?

Broadly, personal data, or personal information, means any information about an individual from which that person can be identified directly or indirectly. It does not include data where the identity has been removed (such as anonymous data).

 

We may collect, use, transfer, or store different kinds of personal data about you when you use our Size Me Up Widget, which will be embedded into a retailers site. We have varying agreements with the retailers we work with, and you may find there are changes to our widget across retailers as a result of the contract we have with them. This policy applies to your data regardless of which retailer you access our widget from. We explain these “categories” of data in the Categories of Personal Data section below.

If you have any questions about the specific data points we process about you, please contact us in writing to DPO@sizemeup.xyz

 

Category of Data

Examples

Identity Data

Broadly, this is information about you as the account holder. This includes your first and last name, photos of you that you choose to share with us, your height, your body measurements, your gender, and your age.

Contact Data

This includes your email address (which is also your widget account username).

Profile Data

This includes your username (which is also your email address) and your password (that you create and we do not have access to). 

  Please note that your password is hashed and encrypted. If you lose your password you must create a new one. We do not have access to your password and cannot change it for you. You can create a new password through the sign-in section of our website or Widget and by clicking on the “forgotten password” link. You will be sent a re-registration link to the email account that you used to create your account (which is also your username). 

Transaction Data

This includes order information (information about the products that you’ve purchased from a retailer through the use of our widget), and returns information (information about the products that you’ve returned to the retailer, that you initially purchased through the use of our widget).

Digital Location Data

This includes device location and IP address. 

Content Data

This includes certain information stored on your device that you allow us to access with your explicit consent, such as if you allow us access to your digital photo library when you use our widget.

Device Data

This includes the type of device you use when you engage with our widget, network information, OS (Operating System) information, date and timestamp information about your engagement with our widget, and the duration of the interaction you have with our widget.

Usage Data

Broadly, this includes data about how you are using our widget such as traffic data and other communication data collected as you engage with our widget.

Technical data

Data about your equipment, browsing actions and patterns, such as network information and OS (Operating System) information.

 

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.

For example, we may not provide you with our sizing service if we are not given consent to process your identity data. This is because if you refuse to provide a photo of yourself the widget cannot predict your measurements and provide you with appropriate sizing. In this case, we may have to cancel a product or service you have with us. We will notify you if this is the case at the time.

Third-party links and access to data on our widget

As part of the service we provide, we make certain data we collect or process about you available to third-party retailers and partners. Our widget allows retailers and third parties to utilise measurement information in order to recommend a size of clothing for you. In addition, sharing measurement information enables us improve our service to you, resulting in a more accurate size recommendation across different product types.

We may collect, use, transfer, or store different kinds of personal data about you when you use our Size Me Up Widget, which will be embedded into a retailers site. We have varying agreements with the retailers we work with, and you may find there are changes to our widget across retailers as a result of the contract we have with them. This policy applies to your data regardless of which retailer you access our widget from. We explain these “categories” of data that the third-parties we partner with have access to, in the Categories of Personal Data: Processed by Third-party Retailers and Partners in the section below.

If you have any questions about the specific data points we make available to third-parties, please contact us in writing to DPO@sizemeup.xyz

Category of Data

Examples

Identity Data

This includes photos of you that you choose to share with us, your height, your body measurements, your gender, and your age. 

Contact Data

This includes your email address (which is also your widget account username).

Profile Data

This includes your username (which is also your email address).

Transaction Data

This includes order information (ie. Information about the products that you’ve purchased from a retailer through the use of our widget), and returns information (information about the products that you’ve returned to the retailer, that you initially purchased through the use of our widget).

Digital Location Data

This includes device location and IP address. 

Content Data

This includes certain information stored on your device that you allow us to access with your explicit consent, such as if you allow us access to your digital photo library when you use our widget.

Device Data

This includes the type of device you use when you engage with our widget, network information, OS (Operating System) information, date and timestamp information about your engagement with our widget, and the duration of the interaction you have with our widget.

Usage Data

Broadly, this includes data about how you are using our widget such as traffic data and other communication data collected as you engage with our widget.

Technical data

Data about your equipment, browsing actions and patterns, such as network information and OS (Operating System) information.

Links to third-party sites Pug-inis and applications

At this time, our widget does not include any links to third-party websites, plug-ins and applications. We are not responsible for the privacy statements of the retailers whose sites you visit when you use our widget.  We encourage you to read the privacy policy of every website you visit.

B2B (for our business customers)

Third-party links on our website

If you use our website (such as to create a business profile account in order to purchase a service from us), please note that our site may include links to third-party websites, plug-ins and applications.

Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

The data we collect about our B2B customers

 

What is personal data?

Broadly, personal data, or personal information, means any information about an individual from which that person can be identified directly or indirectly. It does not include data where the identity has been removed (such as anonymous data).

Although B2B transactions do not always involve personal data, there are many instances in which your data would be considered personal, such as if the contact email address you disclose to us for contact purposes includes your name (such as Johnny.Appleseed@vendor.com).

The following “Categories of Data” are only deemed to apply to our processing of your business data where that data is also personal data.

 

We may collect, use, transfer, or store different kinds of personal data about you which we have grouped together in the table below. We explain these “categories” of data in the Categories of Personal Data section below. If you have any questions about how your data is being processed, please contact us in writing at DPO@sizemeup.xyz

Please read this section of our privacy policy in conjunction with our Data Privacy and Security Policy for third-party vendors.

 

Category of Data

Examples

Identity Data

First name and last name, if you share this data with us.

Contact Data

This includes your email address.

Your business email address may contain personal data if you are (for example) a sole trader (such as Johnny.Appleseed@vendor.com).

Profile Data

This includes our username (which is also your email address), your password (that you create and we do not have access to).

  Please note that your password is hashed and encrypted. If you lose your password you must create a new one. We do not have access to your password and cannot change it for you. You can create a new password through the sign-in section of our website or Widget and by clicking on the “forgotten password” link. You will be sent a re-registration link to the email account that you used to create your account (which is also your username). 

Financial Data

This may include bank account details (such as the brand of payment card, the last four digits of your payment card, and the country of your payment card, and billing address), and your VAT ID.

Transaction Data

This includes details about payments to and from you, and purchase information.

Digital Location Data

This includes device location data and IP address.

Device Data

This includes the type of mobile device you use, unique device identifiers, mobile network information, mobile OS (operating system) information, the type of mobile browser you use, time zone setting, full IP address, and browser type.

Usage Data

This includes data related to your visits of our website, traffic data, other communication data (whether this is required for our own billing purposes or otherwise), and the resources that you access.

Technical data

This includes data about your equipment, browsing actions and patterns, such as network information and OS (Operating System) information.

 

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.

For example, we may not be able to provide you with goods or services you’ve purchased if we are not given consent to process a form of payment, such as your credit card details. In this case, we may have to cancel a product or service you have with us. We will notify you if this is the case at the time.

Aggregated and anonymised data

We also collect, use and share aggregated data such as statistical or demographic data for any purpose.

Aggregated data may be derived from your personal data, but it is not considered personal data in law as this data will not directly nor indirectly reveal your identity. For example, we may aggregate your anonymized measurements, allowing us to produce statistical data for the purpose of improving the accuracy of our measurement technology.

 

 

Please note that if we combine or connect aggregated data with personal data so that it can either directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this and any other policy documents we have (such as our Cookie Policy).

 

 

Special Categories of Personal Data

 

We do not collect any Special Categories of personal data about you.

 

There are certain categories of personal data that are considered special and whose processing is further restricted. Special categories of personal data are afforded additional protections in the law.

Special categories of personal data include: 

  • Data about your race or ethnicity
  • Data about your religious or philosophical beliefs
  • Data about your sex life
  • Data about your sexual orientation
  • Data about your political opinions
  • Data about trade union membership
  • Information about your health, genetic, and biometric data.
  • Data about criminal convictions and offences.

General information about your personal data

How is your data collected? 

We use different methods to collect data from and about you, including through:

Direct Interactions You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • Purchase our products or services
  • Create an account with us on our website or using our Size Me Up Widget
  • Subscribe to our service, or any publications (such as a newsletter)
  • Request that marketing be sent to you
  • Give us feedback, or contact us using the form on our website
  • Enter a competition, promotion, or answer a survey

Automated technologies or interactions As you interact with our website or use our Size Me Up Widget, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using Cookies, server logs, and other such similar technologies. We may also receive Technical Data about you if you visit other websites that employ our Cookies. Please refer to this policy for more information about the Technical Data we connect about you as well as our Cookie policy for further details.

Third-parties or publicly available sources We may receive personal data about you from various third-parties, and public sources, as set out below:

 

Processing Data Belonging to

Data Shared with us from third-parties

Details

Users of our website

Technical Data

Analytics Providers – We use Google Analytics, which is based outside the EU and has servers outside the EU to which your data may be transferred when you engage with our website.

Cloud Storage Providers – We use Digital Ocean as our cloud storage provider. They are located in New York, and the data centre we use is in London. Your data will not be transferred outside of the EU for storage.

Search Information Providers (via Google analytics).

Advertising Networks (inside or outside the EU). We currently do not work with any advertising networks.

Users of our Size Me Up Widget

Financial Data

Analytics Providers – We use Google Analytics, which is based outside the EU and has servers outside the EU to which your data may be transferred.

Cloud Storage Providers – We use Digital Ocean as our cloud storage provider. They are located in New York. The data centre we use is in London and your data will not be transferred outside of the EU.

Social Media networks, such as Facebook, Instagram and other social media platforms we have integrated with for users of our widget. If you click on third-party links via or widget (such as providing us with a photo via your Facebook account in order to use our sizing widget), we will need to link your account with us to your social media account. These third-party social media platforms are based outside the EU and have servers outside the EU to which your data may be transferred.

Search Information Providers (via Google analytics).

Retailers – If you engage with our widget via a retailer, some of your personal data will be transferred to us from the retailer. For example, if you use our widget while purchasing from a retailer’s site, the retailer will share some information with us about your purchase.

 

B2B (Business Customers)

Financial Data

Transaction Data

Analytics Providers – We use Google Analytics, which is based outside the EU and has servers outside the EU to which your data may be transferred.

Cloud Storage Providers – We use Digital Ocean as our cloud storage provider. They are located in New York. The data centre we use is in London and your data will not be transferred outside of the EU.

Search Information Providers (via Google analytics).

Financial and Transaction Data – We receive this data from providers of technical, payment and delivery services through Stripe, which processes your purchases. Stripe is based outside the EU and has servers outside the EU to which your data may be transferred.

 

 

How do we use (or process) your personal data?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:            

Where we need to perform a contract we are about to enter into or have entered into with you.

Where it is necessary to use your personal data for our legitimate interests (or sometimes, those of a third-party) and your interests and fundamental rights do NOT override those interests.

Where we need to comply with an existing legal obligation.

 

 

Within this document there is a “Glossary of terms” table, which consists of a table that explains more about the types of lawful bases that we rely on to process your personal data.

 

Generally, we do not rely on consent as a legal basis for processing your personal data, although we will always get your explicit consent before sending any third-party direct marketing communications to you via email, text message, or post.

 

You have a right to withdraw this consent to marketing at any time. The method of unsubscribing varies dependent on the good or service you are interacting with.

For example, you can unsubscribe from marketing emails at the bottom of any marketing email sent to you. This will not unsubscribe you from emails sent to you for other purposes, such as communications we send to you for the purpose of maintaining your service agreement with us.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product or service purchase you created, a warranty registration, a product or service experience, or other transactions.

Please send your request in writing, to or using the contact details in the Get in touch with our DPO section above.

 

Glossary of Terms

Purposes for which we process your personal data

We have set out below, in a table format, a description of all the ways we plan on using your personal data, and which of the legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data.

Please contact us if you need details about the specific legal ground we are relying on to process your personal data (where more than one ground has been set out in the table below).

Please contact us in writing at or using the contact details under the Get in touch with our DPO section of this document.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us in writing at or using the contact details under the Get in touch with our DPO section of this document.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

Lawful Basis of Processing your personal data

Meaning

Legitimate Interest

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience.

We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us in writing at or using the contact details under the Get in touch with our DPO section of this document.

Performance of a Contract

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

 

Comply with a legal obligation 

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

 

Third-Parties

Generally, Third-Parties refer to any companies that are not owned by Size Me Up Ltd. or its subsidiaries, such as retailers that have embedded our Widget into their website.

For the purpose of the data that we process about you, we may share your personal data with:

1.     Cloud Service Providers who are acting as processors. We currently use Digital Ocean as our storage provider. Digital Ocean is based in New York. However, the data centre we use is located in London.

1.     We may, from time to time, share data with professional advisers who act as processors on our behalf, including lawyers, bankers, auditors and insurers. For example, we may hire an auditor to ensure our information security practices are operational to a high standard.

1.     HM Revenue & Customs, regulators and other authorities, who act as processors or joint controllers based in the United Kingdom and who require reporting of processing activities in certain circumstances.

 

Purpose of Processing

Purpose or Activity

Type of data

Lawful basis for processing, including basis of legitimate interest

To register you as a customer on our website, or via our widget

Identity data

Contact data

Usage data

Performance of a contract with you.

 

To process or deliver goods and services

Identity data

Contact data

Financial data

Transaction data

Marketing and communications data

Usage data

 

Performance of a contract with you

Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you, which will include:

Notifying you about changes to our terms or privacy policy

 

Asking you to leave a review or take a survey

 

Contacting our business customers

 

Identity data

Contact data

Profile data

Marketing and communications data

Usage data

Performance of a contract with you

Necessary to comply with a legal obligation

Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services)

To enable you to partake in a survey, prize draw, or competition.

Identity data

Contact data

Device data

Profile data

Usage data

Marketing and communications data

Performance of a contract with you

Necessary for our legitimate interests (to study how customers use our products and services, and to develop them and grow our business)

To administer and protect our business and this website (including via troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).

Identity data

Contact data

Profile data

Financial data

Technical data

Transaction data

Digital location data

Content data

Device data

Usage data

 

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business re-organisation or group restructuring exercise)

Necessary to comply with a legal obligation

 

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

Identity data

Contact data

Profile data

Usage data

Marketing and communications data

Technical data

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products and services, marketing, customer relationships, and experiences.

Technical data

Usage data

Device data

Digital location data

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To make suggestions and recommendations to you about the goods or services that may be of interest to you.

Identity data

Contact data

Technical data

Usage data

Profile data

Marketing and communications data

Device data

Digital location data

 

Necessary for our legitimate interests (to develop our products/services and grow our business)

 

Marketing

We strive to provide you with choices regarding certain personal data uses, especially around marketing and advertising. We currently do not share your personal data with any third-parties for marketing purposes.

 

 

OPTING OUT OF MARKETING

You have a right to withdraw this consent to marketing at any time. The method of unsubscribing varies dependent on the good or service you are interacting with.

For example, you can unsubscribe from marketing emails at the bottom of any marketing email sent to you. This will not unsubscribe you from emails sent to you for other purposes, such as communications we send to you for the purpose of maintaining your service agreement with us.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product or service purchase you created, a warranty registration, a product or service experience, or other transactions.

 

Third-party marketing

We currently do not share your data with any third-parties for marketing purposes.

Your privacy is extremely important to us. We will always get your express opt-in consent before we share any of your personal data with any third-party for marketing purposes.

Promotional offers from Size Me Up

We may us your Identity, Contact, Technical, Usage and Profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we make decisions about which products, services, and offers will be relevant for you. We call this marketing.

You will receive marketing communications from us if you have requested information from us, purchased goods or services from us and you have not opted out of receiving marketing.

Cookies

Remember that you can set your browser to refuse all or some browser Cookies, or to alert you when websites set or access Cookies.

If you disable or refuse Cookies, please note that some parts of our website may become inaccessible, or will not function properly. For example, the site may not remember you as a user, or you may be unable to complete a purchase. You can refer to our Cookies Policy for more information.

Disclosures of personal data

We may share your personal data with the parties set out below for the purposes set out in the “Purpose of Processing Table” in combination with the “Glossary of terms” table, which you may use as a reference guide.

Below is an exhaustive list of third parties with whom we share personal data:

External third-parties – Stripe, Google, Digital Ocean, Retailers and partners (such as tailors) who use our widget

Third-parties to whom we may choose to sell, transfer or merge parts of our business or our assets

We do not sell your personal data. We may sell aggregated and anonymized data. This is data which is not considered personal and cannot be used to identify you either directly or indirectly. 

Mergers and Acquisitions Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

 

 

We require all third-parties to respect the security of personal data, and treat it in accordance with the law.

We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our explicit instructions.

 

International transfers of data

External third parties who process data on our behalf may be based outside the UK and EEA. Their processing of your personal data may involve a transfer of data outside the EEA. These third parties may, for example, have cloud servers located outside the UK or EEA. More specific information about this can be found in the General Information about your Personal Data section together with the Glossary of Terms table, Data Security section, and our Cookies Policy.

Please note that whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection to the data by ensuring at least one of the following safeguards of implemented.

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.

Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us in writing at or using the contact details at in the Get in touch with our DPO section if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data security

We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or otherwise disclosed.

In addition, we limit the access to your personal data to only those employees, agents, contractors and other third-parties who have a business “need to know.”

We will only process your personal data on our instructions and all of your personal data is subject to a strict duty of confidentiality. To that end, we have put in place procedures to deal with any suspected personal data breach.

 

 

If we suspect a personal data breach, we will notify you and any applicable regulator of a breach where legally required to do so.

 

Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. Additionally, there is some data that we are required to keep for longer periods of time to comply with other legal obligations, such as keeping transaction data for tax purposes. 

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

 

 

In some circumstances you can ask us to delete your data: see the Your legal rights section below for further information.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. If you wish to exercise any of your rights, please contact us in writing at or using the contact details in the Get in touch with our DPO section above.

You have a right to:

Request access This is what we call a “data subject access request” or DSAR. This request means that you receive a copy of the personal data we hold about you and allows you to check that we are processing it lawfully.

Request correction You can request correction of the data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, such as if you change your name or gender. Please note that we may need to verify the accuracy of the data you provide to us.

Request erasure This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing it, where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing This requests is relevant where we are relying on a legitimate interest (or those of a third-party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing This request enables you to ask us to suspect the processing of your personal data in the following scenarios:

  • If you want us to establish the data’s accuracy.
  • Where our use of the data is unlawful but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request transfer of your personal data to you or to a third-party We will provide to you, or a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. This type of request may also be referred to as a “portability” request.

Withdraw your consent anytime Where we are relying on consent to process your personal data, you can withdraw your consent at anytime. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

No fee required (usually)

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

In order to fulfil your request, we may need to obtain certain information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We may also contact you to ask you for further information in relation to your request to speed up our response.

Response time limit

We try to respond to all legitimate requests within one month (no longer than 30 days from the time which you send your request to us).

Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Thank you