QUESTIONS; CONTACTING STITCH FIX; REPORTING VIOLATIONS
1. Information You Provide to Us.
When you sign up for an account with our Services (an “Account”), you provide us your name, email address, password, and postcode. In addition, we collect information when you fill out your Style Profile, such as your date of birth, as well as sizing, fit, style preference information and, optionally, when we offer maternity apparel, some health data (e.g., a current pregnancy). If you post a photo to your Account, we will collect that photo.
When you receive a delivery, we record what you keep and what you return. If you provide us with feedback or contact us via email or through the Services, we will collect your name and email address, as well as any other content included in the message.
When you place an order for the Services or when you order products through the Services, we or our third-party payment provider, Braintree (a PayPal company), will collect payment, delivery and billing information in order to process the transaction. When you post content (text, images, photographs, videos, messages, comments or any other kind of content) on our Services, we will store and may use that content and other users of the Services will be able to see it if you post it in an area made public, such as comments on our blogs.
When you send messages to our Stylists or client services team, or have phone calls with our client services team, we retain that information (including the content of those communications) on your behalf.
When you participate in one of our surveys, we will collect your survey responses and any other information of which we notify you in that survey.
If you participate in a sweepstakes, contest or giveaway on our Services, we will ask you for your email address and/or home phone number, to notify you if you win. We will also ask for your full name, and sometimes postal addresses to verify your identity. In some situations, we may need additional information as a part of the entry process, such as a prize selection choice. These sweepstakes and contests are voluntary.
We will also collect personal data at other points in our Services that state that personal data is being collected and where you enter it yourself.
For online payments, we use the payment services of Braintree (https://www.braintreepayments.com/gb). Other than the type of payment card and last four digits of the card number, we do not record or maintain your credit card or bank account information even after you input it into our Services - Braintree does. For more information on how payments are handled, or to understand the data security and privacy afforded such information, please refer to https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.
3. Information Collected Automatically. When you use our Services, some information is automatically collected. For example, we collect your geographic location (derived from IP address when you access our Services on the web), how you use the Services, information about the type of device you use, your mobile network information, your Open Device Identification Number (“ODIN”), date/time stamps for your visit, your unique device identifier (“UDID”), and your browser type, operating system, IP address, and domain name are all collected. This information is generally used by us to help us deliver the most relevant information to you and administer and improve the Services. In addition, in the event our App crashes on your mobile device, we will receive information about your mobile device model software version, device carrier, and what action you were performing when the App crashed, which allows us to identify and fix bugs and otherwise improve the performance of our App.
4. Log Files. We gather certain information automatically and store it in log files that we use to maintain and improve the Services. This information includes IP addresses, device information, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data (i.e., what you clicked on).
6. Marketing Companies. We work with a number of companies that assist in marketing our services to you on third-party websites. These companies may collect information about online activities conducted on a particular computer, browser or device over time and across third-party websites or online services for the purpose of delivering advertising that is likely to be of greater interest to you, on our sites and apps and those of third parties. While not a comprehensive list, some of these companies we work with are Facebook, Twitter, Pinterest, Google, Microsoft, Yahoo, LiveIntent, Quantcast, Optimove, and Kenshoo. If you would like more information about this practice, including the Self-Regulatory Principles for Online Behavioural Advertising, to which we adhere, and to exercise your choices about not having this information used for behavioural advertising, visit youronlinechoices.eu. We also work with affiliate marketing companies, including a company called Impact (https://impact.com/affiliate-marketers). To better understand how these companies use your information, please see the privacy policies available on their respective websites.
7. Analytics Companies. We work with a number of third-party analytics companies that report website trends. These services allow us to view a variety of reports about how visitors interact with the Services so we can improve our website and understand how people find and navigate it. Currently, we work with the following analytics companies: Dynamic Yield, Hot Jar, and Google Analytics. This is not intended to be a comprehensive list and we may stop working with these companies and work with others without notice. You can learn more about how these companies collect, use and share information about you by visiting their respective websites.
USE OF YOUR PERSONAL DATA
General Use. In general, personal data you submit to us is used either to respond to requests that you make, aid us in serving you better, or to market our Services. We use your personal data:
To fulfil a contract, or take steps linked to a contract:
providing, processing, delivering/shipping and improving the requested Services; and
sending you administrative emails or other electronic notifications, such as security or support and maintenance advisories.
Where this is necessary for purposes which are in our, or third parties’, legitimate interests. These interests are:
facilitating the creation of, and securing, your Account on our network; communicating with you;
responding to your enquiries related to employment opportunities or other requests;
improving the quality of experience when you interact with our Services, including the testing of different page and product designs to see which performs better;
enabling your participation in surveys, sweepstakes, contests and giveaways;
resolving disputes and/or troubleshooting problems;
performing sales and marketing analyses;
preventing and investigating fraud; and
conducting internal management reporting and facilitating strategic decisions.
Where you give us consent:
sending you newsletters, surveys, offers and other promotional materials related to our Services and for other marketing purposes; and
developing, improving and delivering marketing and advertising for the Services.
For purposes which are required by law:
Responding to requests by government or law enforcement authorities conducting an investigation.
We only process your sensitive personal data (e.g., health data such as your response to the “Are you pregnant?” question in our Style Profile) when you provide it directly to us and you have consented to us collecting such information.
User Feedback. We will post user feedback on the Services from time to time. If you make any comments on a blog, SNS wall or forum associated with the Service, you should be aware that any information you submit there can be read, collected or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the information you choose to submit in these blogs and forums.
Creation of Anonymous Data. We will create anonymous data records from personal data by excluding information that makes the data personally identifiable to you. We use this anonymous data to analyse request and usage patterns so that we can enhance the content of our Services and improve Site and App navigation. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties at our sole discretion.
DISCLOSURE OF YOUR PERSONAL DATA
Third Parties Designated by You. When you use the Services, the personal data you provide will be shared with the third parties that you authorise to receive such data.
Third Party Service Providers. We will share your personal data with third-party service providers which assist us in achieving the purposes stated above, in particular, which: conduct quality assurance testing (and are located in the United States), facilitate the creation of accounts (and are located in the United States); store data (specifically, Amazon Web Services, located in the United States and Europe), provide technical support (and are located in the United States and Europe); and/or market the Services (specifically, companies such as Facebook and Google, and are located in the United States and Europe).
Marketing and Analytics Companies. As outlined above, we will share your personal data with marketing companies (which are located in the United States and Europe), and analytics companies (which are located in the United States).
TRANSFER OF YOUR PERSONAL DATA
We will store and process your personal data in a country outside the European Economic Area (the “EEA”), specifically, the United States, which does not offer the same privacy protection as that provided within the EEA. We transfer your personal data to the United States on the basis of EU Commission-approved standard contractual clauses (“SCCs”) (if you would like to obtain a copy of the SCCs, please contact us using the details provided below); and, as regards certain of our US-based vendors, their certification under the Privacy Shield Framework and commitment to adhering to the principles contained therein as regards the processing of EU personal data (you can access the Privacy Shield List by clicking here).
INVITING YOUR FRIENDS TO USE STITCH FIX
The Services allow you to invite your friends to sign up for the Services by sharing an invitation link via an SNS, email or other means. When you share your invitation link, the link and the landing page to which your invitation link will point will include your name.
HOW WE RESPOND TO “DO NOT TRACK” SIGNALS
We do not currently respond to “do not track” signals or other mechanisms that might enable consumers to opt out of tracking on our Services.
A NOTE ABOUT CHILDREN
Our Services in Europe are not directed to children under the age of 16 and children under the age of 16 are not eligible to use our Services. We do not collect or maintain personal data from persons we actually know are under the age of 16. If a person under 16 submits personal data to us and we learn that the personal data is the personal data of a person under 16, we will take steps to remove the personal data from our databases. If you believe that we might have any personal data from a person under 16, please contact us at firstname.lastname@example.org or Stitch Fix, Inc. - Privacy Team, 1 Montgomery St., Ste 1500, San Francisco, CA 94104, United States.
HOW LONG WE KEEP YOUR PERSONAL DATA
We’ll keep your personal data for as long as you are a client. If it’s been 3 years since you last logged into your account or you last checked out or returned items from a Fix (whichever is later), we will delete or anonymise your data. This is with the exception of your payment details and your transaction history which we need to keep for 7 years from that date. These periods will be extended if there is a likely or ongoing legal claim from you or if we are required to keep it in connection with legal proceedings, or by law or industry guidelines.
CONTACT US AND MORE INFORMATION
If you do not wish to permit changes in our use of your personal data, you must promptly notify us.
Last Updated: 1 April 2019