UK Privacy Policy

Stitch Fix, Inc., with its subsidiary Stitch Fix UK Ltd., company number 11270211, (“Stitch Fix”, “we”, “us”, or “our”) is committed to protecting your privacy. Stitch Fix is a fashion retailer that blends expert styling, proprietary technology and unique products to deliver an easy, enjoyable, personalised shopping experience. We have prepared this Privacy Policy (“Privacy Policy”) to describe to you our practices regarding the personal data we collect from users located in the UK and EEA on our websites, located at www.stitchfix.com and stitchfix.co.uk, (the “Site”), our mobile application entitled “Stitch Fix” (the “App”) and the services offered through the Site and App, and any orders that you place (collectively, the “Services”).

QUESTIONS; CONTACTING STITCH FIX; REPORTING VIOLATIONS

If you have any questions, concerns or complaints about our Privacy Policy, our data collection or processing practices, or if you want to report any security violations to us, please contact us at hello@stitchfix.co.uk, or 1 Montgomery St., Ste 1500, San Francisco, CA 94104, United States.

INFORMATION COLLECTED

1. Information You Provide to Us.

  • When you sign up for an account with our Services (an “Account”), you provide us your name, email address, password, and postcode. In addition, we collect information when you fill out your Style Profile, such as your date of birth, as well as sizing, fit, style preference information and, optionally, when we offer maternity apparel, some health data (e.g., a current pregnancy). If you post a photo to your Account, we will collect that photo.

  • When you receive a delivery, we record what you keep and what you return. If you provide us with feedback or contact us via email or through the Services, we will collect your name and email address, as well as any other content included in the message.

  • When you place an order for the Services or when you order products through the Services, we or our third-party payment provider, Braintree (a PayPal company), will collect payment, delivery and billing information in order to process the transaction. When you post content (text, images, photographs, videos, messages, comments or any other kind of content) on our Services, we will store and may use that content and other users of the Services will be able to see it if you post it in an area made public, such as comments on our blogs.

  • When you send messages to our Stylists or client services team, or have phone calls with our client services team, we retain that information (including the content of those communications) on your behalf.

  • When you participate in one of our surveys, we will collect your survey responses and any other information of which we notify you in that survey.

  • If you participate in a sweepstakes, contest or giveaway on our Services, we will ask you for your email address and/or home phone number, to notify you if you win. We will also ask for your full name, and sometimes postal addresses to verify your identity. In some situations, we may need additional information as a part of the entry process, such as a prize selection choice. These sweepstakes and contests are voluntary.

  • We will also collect personal data at other points in our Services that state that personal data is being collected and where you enter it yourself.

  • For online payments, we use the payment services of Braintree (https://www.braintreepayments.com/gb). Other than the type of payment card and last four digits of the card number, we do not record or maintain your credit card or bank account information even after you input it into our Services - Braintree does. For more information on how payments are handled, or to understand the data security and privacy afforded such information, please refer to https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.

2. Information Collected from Social Networking Sites. The Services allow users to share information with us via social networking sites, such as Facebook, Facebook Messenger, Instagram, WhatsApp, Pinterest, LinkedIn, Google, or Twitter (each an “SNS”). In some cases (such as Facebook or Google), you can sign in to the Services using your SNS account information. By sharing your SNS profile, you are allowing us, including your Stylist, to access some of your SNS information as allowed by you (such as profile information and profile photo). We may receive that information from your SNS profile and that information may be imported to the Services. Our Services also allow you to share information via such SNS profiles, such as referral links. You acknowledge and agree that you are solely responsible for your use of SNSs and that it is your responsibility to review the terms of use and privacy policy of the third-party provider of such SNSs. We will not be responsible or liable for: (i) the availability or accuracy of such SNSs; (ii) the content, products or services on or availability of such SNSs; or (iii) your use of any such SNSs. You can remove your SNS profile information via your Account Settings or Style Profile, as applicable, at any time. If you disconnect an SNS account that you have previously connected, the SNS public profile data and SNS-provided-email will be deleted from our active databases.

3. Information Collected Automatically. When you use our Services, some information is automatically collected. For example, we collect your geographic location (derived from IP address when you access our Services on the web), how you use the Services, information about the type of device you use, your mobile network information, your Open Device Identification Number (“ODIN”), date/time stamps for your visit, your unique device identifier (“UDID”), and your browser type, operating system, IP address, and domain name are all collected. This information is generally used by us to help us deliver the most relevant information to you and administer and improve the Services. In addition, in the event our App crashes on your mobile device, we will receive information about your mobile device model software version, device carrier, and what action you were performing when the App crashed, which allows us to identify and fix bugs and otherwise improve the performance of our App.

4. Log Files. We gather certain information automatically and store it in log files that we use to maintain and improve the Services. This information includes IP addresses, device information, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data (i.e., what you clicked on).

5. Cookies. Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website, and they collect information about how you are using the site. We and some third parties will use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Services and to market the Services or other products. You can find more information about which cookies we use and how we use them here.

6. Marketing Companies. We work with a number of companies that assist in marketing our services to you on third-party websites. These companies may collect information about online activities conducted on a particular computer, browser or device over time and across third-party websites or online services for the purpose of delivering advertising that is likely to be of greater interest to you, on our sites and apps and those of third parties. While not a comprehensive list, some of these companies we work with are Facebook, Twitter, Pinterest, Google, Microsoft, Yahoo, LiveIntent, Quantcast, Optimove, and Kenshoo. If you would like more information about this practice, including the Self-Regulatory Principles for Online Behavioural Advertising, to which we adhere, and to exercise your choices about not having this information used for behavioural advertising, visit youronlinechoices.eu. We also work with affiliate marketing companies, including a company called Impact (https://impact.com/affiliate-marketers). To better understand how these companies use your information, please see the privacy policies available on their respective websites.

7. Analytics Companies. We work with a number of third-party analytics companies that report website trends. These services allow us to view a variety of reports about how visitors interact with the Services so we can improve our website and understand how people find and navigate it. Currently, we work with the following analytics companies: Dynamic Yield, Hot Jar, and Google Analytics. This is not intended to be a comprehensive list and we may stop working with these companies and work with others without notice. You can learn more about how these companies collect, use and share information about you by visiting their respective websites.

USE OF YOUR PERSONAL DATA

General Use. In general, personal data you submit to us is used either to respond to requests that you make, aid us in serving you better, or to market our Services. We use your personal data:

  1. To fulfil a contract, or take steps linked to a contract:

    1. providing, processing, delivering/shipping and improving the requested Services; and

    2. sending you administrative emails or other electronic notifications, such as security or support and maintenance advisories.

  2. Where this is necessary for purposes which are in our, or third parties’, legitimate interests. These interests are:

    1. facilitating the creation of, and securing, your Account on our network; communicating with you;

    2. responding to your enquiries related to employment opportunities or other requests;

    3. improving the quality of experience when you interact with our Services, including the testing of different page and product designs to see which performs better;

    4. enabling your participation in surveys, sweepstakes, contests and giveaways;

    5. resolving disputes and/or troubleshooting problems;

    6. performing sales and marketing analyses;

    7. preventing and investigating fraud; and

    8. conducting internal management reporting and facilitating strategic decisions.

  3. Where you give us consent:

    1. sending you newsletters, surveys, offers and other promotional materials related to our Services and for other marketing purposes; and

    2. developing, improving and delivering marketing and advertising for the Services.

  4. For purposes which are required by law:

    1. Responding to requests by government or law enforcement authorities conducting an investigation.

We only process your sensitive personal data (e.g., health data such as your response to the “Are you pregnant?” question in our Style Profile) when you provide it directly to us and you have consented to us collecting such information.

User Feedback. We will post user feedback on the Services from time to time. If you make any comments on a blog, SNS wall or forum associated with the Service, you should be aware that any information you submit there can be read, collected or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the information you choose to submit in these blogs and forums.

Creation of Anonymous Data. We will create anonymous data records from personal data by excluding information that makes the data personally identifiable to you. We use this anonymous data to analyse request and usage patterns so that we can enhance the content of our Services and improve Site and App navigation. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties at our sole discretion.

DISCLOSURE OF YOUR PERSONAL DATA

We disclose your personal data as described below and as described elsewhere in this Privacy Policy.

  1. Third Parties Designated by You. When you use the Services, the personal data you provide will be shared with the third parties that you authorise to receive such data.

  2. Third Party Service Providers. We will share your personal data with third-party service providers which assist us in achieving the purposes stated above, in particular, which: conduct quality assurance testing (and are located in the United States), facilitate the creation of accounts (and are located in the United States); store data (specifically, Amazon Web Services, located in the United States and Europe), provide technical support (and are located in the United States and Europe); and/or market the Services (specifically, companies such as Facebook and Google, and are located in the United States and Europe).

  3. Marketing and Analytics Companies. As outlined above, we will share your personal data with marketing companies (which are located in the United States and Europe), and analytics companies (which are located in the United States).

  4. Corporate Restructuring. We may share some or all of your personal data in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture or disclosure of all or a portion of our business or assets. In the event of insolvency, bankruptcy, or receivership, personal data may also be transferred as a business asset. If another company acquires our company, business or assets, that company will possess the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this Privacy Policy.

  5. Other Disclosures. Stitch Fix will disclose personal data if it believes in good faith that such disclosure is necessary: (i) in connection with any legal investigation; (ii) to comply with relevant laws or to respond to summons or warrants served on Stitch Fix (in relation to national security or law enforcement); (iii) to protect or defend the rights or property of Stitch Fix or users of the Services; and/or (iv) to investigate or assist in preventing any violation or potential violation of the law, or our Terms of Use.

TRANSFER OF YOUR PERSONAL DATA

We will store and process your personal data in a country outside the European Economic Area (the “EEA”), specifically, the United States, which does not offer the same privacy protection as that provided within the EEA. We transfer your personal data to the United States on the basis of EU Commission-approved standard contractual clauses (“SCCs”) (if you would like to obtain a copy of the SCCs, please contact us using the details provided below); and, as regards certain of our US-based vendors, their certification under the Privacy Shield Framework and commitment to adhering to the principles contained therein as regards the processing of EU personal data (you can access the Privacy Shield List by clicking here).

INVITING YOUR FRIENDS TO USE STITCH FIX

The Services allow you to invite your friends to sign up for the Services by sharing an invitation link via an SNS, email or other means. When you share your invitation link, the link and the landing page to which your invitation link will point will include your name.

YOUR CHOICES

You have several choices regarding the processing of your personal data in connection with our Services: Marketing Choices. With your consent, we will periodically send you emails and mobile notifications that directly promote the use of our Services. When you receive promotional communications from us, you can indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by, for example, following the unsubscribe instructions provided in the email you receive, by contacting us directly (please see contact information below), or, in the case of mobile notifications, adjusting your settings in your mobile operating systems. Notwithstanding this, we will send you routine service communications. Cookies. If you decide at any time that you no longer wish to accept cookies from our Services for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser“s technical information. If you have any questions about how to disable or modify cookies, please let us know using the contact information provided below. You are entitled to ask us for a copy of your personal data, to correct it, erase or restrict its processing, or to ask us to transfer some of this data to other organisations (aka to “port” it). You also have rights to object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent as more fully described above. These rights are limited in some situations - for example, where we can demonstrate that we have a legal requirement to process your personal data. In some instances, this may mean that we are able to retain data even if you withdraw your consent. Where we require your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional. If you have any concerns about how we process your personal data, you can get in touch by using the contact details provided below. You also have the right to complain to data protection authorities. The relevant data protection authority will be the supervisory authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred. Information Disclosed to Third Parties. This Privacy Policy addresses only our use and disclosure of personal data we collect from and/or about you on the Services. If you disclose personal data to others, or authorise us to do the same under this Privacy Policy, the use and disclosure restrictions contained in this Privacy Policy will not apply to any third party. We do not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable.

HOW WE RESPOND TO “DO NOT TRACK” SIGNALS

We do not currently respond to “do not track” signals or other mechanisms that might enable consumers to opt out of tracking on our Services.

A NOTE ABOUT CHILDREN

Our Services in Europe are not directed to children under the age of 16 and children under the age of 16 are not eligible to use our Services. We do not collect or maintain personal data from persons we actually know are under the age of 16. If a person under 16 submits personal data to us and we learn that the personal data is the personal data of a person under 16, we will take steps to remove the personal data from our databases. If you believe that we might have any personal data from a person under 16, please contact us at hello@stitchfix.co.uk or Stitch Fix, Inc. - Privacy Team, 1 Montgomery St., Ste 1500, San Francisco, CA 94104, United States.

HOW LONG WE KEEP YOUR PERSONAL DATA

We’ll keep your personal data for as long as you are a client. If it’s been 3 years since you last logged into your account or you last checked out or returned items from a Fix (whichever is later), we will delete or anonymise your data. This is with the exception of your payment details and your transaction history which we need to keep for 7 years from that date. These periods will be extended if there is a likely or ongoing legal claim from you or if we are required to keep it in connection with legal proceedings, or by law or industry guidelines.

CONTACT US AND MORE INFORMATION

We welcome your comments or questions about this Privacy Policy. You can contact us at hello@stitchfix.co.uk or Stitch Fix - Legal, 1 Montgomery St, Ste 1500, San Francisco, CA 94104, United States.

Stitch Fix, Inc. and Stitch Fix UK Ltd are jointly responsible for personal data used in connection with the App and the Services. Stitch Fix UK Ltd is responsible for use of personal data in orders, payment and shipping in the United Kingdom, and also uses personal data for styling and to help with client queries in the United Kingdom. Stitch Fix, Inc. is responsible for use of personal data for everything other than orders, payment and shipping - such as sending news and offers, making sure the App and Services are secure and providing the technology on which they run. Stitch Fix, Inc. also helps with responses to client queries and styling from time to time. Stitch Fix, Inc., in cooperation with Stitch Fix UK Ltd, keeps this Privacy Policy up to date will respond to any queries or concerns you have, or if you want to exercise any of the choices or rights set out above. We suggest you use the addresses listed in the above paragraph to contact Stitch Fix, Inc. If you want to contact Stitch Fix UK Ltd specifically, you can reach us at 125 Wood Street, London, EC2V 7AW.

CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is subject to occasional revision, and if we make any material changes in the way we use your personal data, we will notify you by sending you an email to the last email address you provided to us. These changes will be effective immediately for new users of our Service. Please note that at all times you are responsible for updating your personal data to provide us with your most current email address by editing your profile in your Account or emailing us at hello@stitchfix.co.uk.

If you do not wish to permit changes in our use of your personal data, you must promptly notify us.

Last Updated: 1 April 2019