Effective Date: June 23, 2023
I. Introduction
Stylitics Inc. (“Stylitics”, “we”, “our”, or “us”) is committed to maintaining the confidentiality and security of Personal Information (defined below). This privacy policy (“Privacy Policy”) describes how Stylitics processes Personal Information that we collect in the following contexts:
- In connection with the Stylitics website, www.stylitics.com (“Website”).
- In connection with the Stylitics outfit recommendation service owned and operated by Stylitics, which is a product integration with our retailer or merchant clients (“Clients”), via an API (application programming interface) or client specific data-transfer (“Service”, “Service(s)”). We operate the Service(s) for our clients as their service provider, and accordingly are the processor and not the controller of the Service Personal Information, in most instances; provided, however, outside of the United States we may act as a controller when we create, use, and disclose analytics based on Service Personal Information. Where we are merely a processor, and not a controller, you will need to refer to the Client’s privacy policy and make any inquiries or requests regarding your personal information to the client and not to us.
- From job applicants who are either California residents or residents of jurisdictions outside of the U.S. and who have applied for a position with Stylitics (“Applicants”).
- From California residents in the business-to-business context (“B2B Context”).
ATTENTION: PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING OUR WEBSITE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND ARE SUBJECT TO THIS PRIVACY POLICY.
In some instances, additional or different notices, posted on the Website or Service, apply to your use of certain parts of the Website or Service.
By using our Website, you agree to our Website’s Terms & Conditions of Use and are subject to our data collection, use, and disclosure practices, and other activities as described in this Privacy Policy.
Unless explicitly stated otherwise, any new features that augment or enhance the current Service or Website shall be subject to this Privacy Policy.
Stylitics may amend this Privacy Policy to reflect changes in our legal or regulatory obligations or in the way we deal with your Personal Information. We will post any revised version of this Privacy Policy on our Website.
If we make material changes to the Privacy Policy, we will continue to apply the Privacy Policy posted at the time the Personal Information was collected to that Personal Information, unless you otherwise consent. The updated Privacy Policy will apply to Personal Information collected after it is posted. We encourage you to refer to this Privacy Policy on a regular basis. Your continued use of the Services and Website after an update signifies that you understand how Stylitics collects, uses and discloses your Personal Information as described in the Privacy Policy posted at the time of collection.
II. What is Personal Information?
For the purposes of this Privacy Policy, “Personal Information” or “PI” is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person, or is otherwise “personal information” or “personal data” under applicable laws.
III. Personal Information We Collect
We may collect and maintain different types of PI about the individuals with whom we interact, as follows:
| PI Category | PI Examples | Context Collected |
| Identifiers | Name, unique personal identifiers/customer ID, online identifier, IP address (a unique Internet “addresses”, assigned to Internet users by their Internet Service Providers), e-mail address. | Website; Service; Applicants; B2B Context |
| Personal Records | Name, address, and telephone number. | Website; Applicant; B2B Context |
| Personal Characteristics or Traits | Information related to medical conditions if volunteered for accommodations purposes. | Applicant |
| Commercial Information | Outfit selected using Service. | Service |
| Internet Usage Information | Browsing history, search history, website traffic patterns, time and duration of visit, browser info, and other info about your interaction with our Website and/or Service(s). | Website; Service; B2B Context |
| Geolocation Data | Access to the approximate, add sometimes precise, location of the device you are using. | Service; B2B Context |
| Professional/Employment Information | Job title and the company for which you work. | Website; Applicant; B2B Context |
| Inferences from PI Collected | Drawing inferences from the PI we collect. | Website; Service; Applicant; B2B Context |
| Sensitive PI | Account Log-in, (e.g., username and password to your online account with Stylitics). | Service;
B2B Context |
| Precise Geolocation (any data derived from a device and used or intended to be used to locate an individual w/in a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet). | Website; Service; B2B Context | |
| Sensitive Personal Characteristics (e.g., immigration and citizenship status). | Applicant | |
| Health Information (PI collected and analyzed concerning an individual’s health for accommodations purposes). | Applicant |
Please note that not all categories of PI referred to in this table are collected in all contexts. For instance, not all identifiers are collected in the context of our Services.
There may be additional information we collect that meets the definition of PI under the CCPA (defined below) but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by PI category.
As permitted by applicable law (i.e., in the U.S.), we do not treat deidentified data or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information, and may elect not to treat publicly available information as PI. We will not attempt to reidentify data that we maintain as deidentified.
IV. Sources From Which We Collect Information
To the extent permitted by applicable law (where consent is not necessary) or, otherwise, when you have provided your consent (such as for the installation of cookies in the EU/UK), we may collect information about you from you, your devices, our Vendors (defined below), and from third party sources including, but not limited to, Third-Party Services (defined below), advertising partners, measurement partners, third party websites, and Clients, as further described below:
a. Information You Provide
We and/or our Vendors, may collect information you provide directly such as when you use our Website, register for or benefit from our Service, subscribe to notifications, communicate with us, and/or when you apply for a position with us.
b. Information Collected Automatically
We may collect Personal Information automatically via cookies and tracking technologies, as set forth in the “Cookies and Other Tracking Technologies” section of this Privacy Policy.
c. Vendors
We may also obtain information about you from other sources, including service providers that perform services for us (“Vendors”).
d. Third-Party Services, Advertising and Marketing Services Partners
Our Website may include or link to third-party websites, such as social media platforms and features such as Meta Platforms (Facebook or Instagram), and Twitter, and LinkedIn (collectively, “Third-Party Services”). These Third-Party Services may independently solicit and collect information, including Personal Information, from you, such as your IP address and the webpage you are visiting. They may set a cookie to enable the features on their websites to function properly. Your interactions with these Third-Party Services are governed by the privacy policy of the company providing them. We are not responsible for, and make no representations regarding, the policies or business practices of any Third-Party Services associated with our Website and encourage you to familiarize yourself with and consult their privacy policies and terms of use.
We may receive information about you from digital advertising companies with which we work (“Advertising Partners”) to help us deliver ads to you. This may include pseudonymous advertiser identifiers that some companies or third party ad platforms choose to share with us, such as your “Customer ID” with a company.
We may also work with these Advertising Partners to synchronize their unique, anonymous identifiers to our own to enhance data points about a particular unique browser or device, and/or to associate their Tracking Technologies with your device while visiting our Website. For more information on your choices regarding Tracking Technologies generally, and Interest-based Advertising more specifically, see the Choices: Tracking and Communications section of this Privacy Policy.
Through our marketing automation service providers, Salesforce, Salesloft, HubSpot, LinkedIn Sales Navigator, Cognism and Etail Insights, we may collect information such as IP addresses, operating system, browser, pages visited when you indicate interest in our services through their service. Refer to the privacy policies for the following services, and the choices they may offer you, here:
- Salesforce Privacy Policy – https://www.salesforce.com/company/privacy/
- Salesloft Privacy Notice – https://salesloft.com/privacy-notice/
- Hubspot Privacy Policy – https://legal.hubspot.com/privacy-policy
- LinkedIn Privacy Policy – https://www.linkedin.com/legal/privacy-policy
- Cognism Privacy Policy – https://www.cognism.com/en/privacy-policy
- Etail Insight Privacy Policy – https://www.etailinsights.com/privacy
- Nextroll (Rollworks) Privacy Policy – https://www.nextroll.com/privacy
- Clearbit Privacy Policy – https://dashboard.clearbit.com/privacy
- Google Ads Privacy Policy – https://policies.google.com/privacy
When we receive data from third party Advertising Partners or marketing automation service providers, we are relying on them to have all necessary authority to provide such information to us. However, once we receive PI from such parties, this Privacy Policy applies to our processing of the data, including regarding your data subject access rights as explained in the Your Individual Rights section of this Privacy Policy. We are not responsible for the data practices of third-party Advertising Partners or marketing automation service providers.
e. Third Parties and Partners
When you access the Service through a third-party website, such as a retailer or media company, we may receive the same types of information about you as we receive when you use the Service or our Website. Please make sure that you review and understand the privacy information provided by these third parties.
V. Use of Your Personal Information
Where we act as a controller of your PI, we use it related to our operational purposes, including the following “business purposes,” as such term is defined under the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (together, the “CCPA”): performing services, managing interactions and transactions, security, debugging, quality assurance, processing interactions and transactions, and research and development, as more fully set forth below. For data subjects outside of the U.S., our legal bases for such activities is as set forth below.
| Purpose of the processing activity | Legal basis |
|---|---|
| Provide you with the Stylitics Website and Services. | Our contract with you. |
| Respond to your inquiries and fulfill your requests. | Our contract or pre-contractual relationship with you. |
| Maintain business records for reasonable periods and generally manage and administer our business. | Compliance with legal obligations.
Our legitimate interests (to organize our business in line with our commercial and economic interests). |
| Meet legal, regulatory, security, and processing requirements, or otherwise as permitted or required by law. | Compliance with legal obligations.
Our legitimate interests (to protect our company and shareholders against fraud and any other illicit activities). |
| Help us learn more about your interests and preferences. We may use this knowledge to send you periodic information about our products and services (if you have consented so). | Our legitimate interests (to design new products and services in line with customer preferences to increase our sales).
Consent. |
| Maintain contact with you as permitted by law. | Our contract with you, for transactional communications.
Our legitimate interests (to promote our brand and increase our sales, if we have a prior contractual relationship with you and you did not opt-out to this) or your consent (otherwise), for commercial communications. |
| Sales and marketing purposes, including combining Personal Information with other information collected online and offline, including information from third party sources. | Our legitimate interests (to design new products and services in line with customer preferences to increase our sales).
Consent. |
| Anonymization of Personal Information and use it for any purpose, including for research and product-development purposes. | Our legitimate interests (to design new products and services in line with the customer preferences to increase our sales). |
| Collection, use, transfer, and storage of anonymized (or pseudonymized) aggregated data collected through the Website or your use of the Stylitics Service for benchmarking, analytics, metrics, research, reporting, machine learning, and other business purposes. | Our legitimate interests (to design new products and services in line with the customer preferences to increase our sales). |
| Recruitment: management of job applicant applications | Application of pre-contractual measures |
| Fraud prevention | Our legitimate interests (to protect ours and our clients and users’ rights and interests). |
Please note that if we send marketing materials to you, you have the right to control your marketing preferences. For example, we will include a working unsubscribe link on marketing emails so you can unsubscribe. Please be aware that unsubscribing might not be automatic. If you unsubscribe via the link in our marketing emails, we will proceed to unsubscribe you without delay and always within the applicable legal term.
To the extent permitted by applicable law, we may use, process, transfer, and store any data about individuals and customers or partners in an anonymous (or pseudonymous) and aggregated manner. We may combine Personal Information with other information collected online and offline, including information from third party sources. We may share anonymized data with our Clients.
We may also use Personal Information for “Additional Business Purposes” in a context that is not a “sale” or “share” under the CCPA, such as:
- Disclosing it to our Vendors;
- Disclosing it to you or to other parties at your direction or through your actions (e.g., some software platform operators);
- For the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice);
- As required or permitted by applicable law;
- To the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm;
- Where we believe we need to in order to investigate, prevent or take action if we think someone might be using information for illegal activities, fraud, or in ways that may threaten someone’s safety or violate our policies or legal obligations; and
- To assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”).
When we create, use, and disclose analytics we maintain such information as aggregate or de-identified as such terms are defined under the CCPA.
VI. Disclosure of Your Personal Information
Where we act as a controller of your PI, we may disclose it as set forth below:
a. By Legal Basis
| Data transfer | Legal basis |
|---|---|
| Corporate Transaction. In the event that Stylitics or any of its assets are acquired or become the subject of a merger or acquisition, then your Personal Information may be transferred with the business or disclosed to potential acquirers or other authorized parties involved in such transaction but shall not otherwise be sold or rented to any third party. | Our legitimate interests (to organize our business in line with our commercial and economic interests). |
| Clients. We may disclose metrics and metadata (including anonymized data) about the shopper behavior with Clients. | Our legitimate interests (to assist our clients to improve their services and increase our sales).
Consent. |
| Service Providers. We may transfer Personal Information to outside agents or service providers to provide our services. | Our legitimate interests (to organize our business in line with our commercial and economic interests).
Consent. |
| Business Partners/Consultants. We may share your Personal Information with our business partners or consultants to perform services. | Our contract with you.
Our legitimate interests (learning on business optimization techniques to increase our sales). |
| Compliance. We may otherwise disclose Personal Information as necessary to meet legal, regulatory, insurance, audit, and security requirements, or as permitted or required by law. We may disclose Personal Information without your consent, for example, to comply with a court order, to comply with local, provincial, or federal regulations or a legally permitted inquiry by a government agency, or to collect a debt owed to us. | Our legitimate interests (to protect our company and shareholders’ legitimate commercial and economic interests to prevent fraud and any other illicit activities).
Compliance with legal obligations. |
b. Recipients by Category of Personal Information
| Category of Personal Information | Categories of Recipients |
|---|---|
| Identifiers | Disclosures for Business Purposes:
Sale/Share: Third-Party Digital Businesses |
| Personal Records | Disclosures for Business Purposes:
Sale/Share: None |
| Personal Characteristics or Traits | Disclosures for Business Purposes:
Other parties within the limits of Additional Business Purposes. Sale/Share: None |
| Commercial Information | Disclosures for Business Purposes:
Sale/Share: None |
| Internet Usage Information | Disclosures for Business Purposes:
Sale/Share: Third-Party Digital Businesses |
| Geolocation Data | Disclosures for Business Purposes:
Sale/Share: Third-Party Digital Businesses |
| Professional or Employment Information | Disclosures for Business Purposes:
Sale/Share: None |
| Inferences from Personal Information Collected | Disclosures for Business Purposes:
Sale/Share: None |
| Account Log-in | Disclosures for Business Purposes:
Sale/Share: None |
| Precise Geolocation | Disclosures for Business Purposes:
Sale/Share: None |
| Sensitive Personal Characteristics | Disclosures for Business Purposes:
Sale/Share: None |
| Health Information | Disclosures for Business Purposes:
Sale/Share: None |
VII. Security and Storage
Access to your information is provided to our employees and other parties only on a need-to-know basis. We have implemented security measures to help protect your Personal Information using physical, electronic, or procedural security measures appropriate to the sensitivity of the information in our custody or control, which may include safeguards to protect against the risk of loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Your information may be stored by us and other parties in electronic or physical files. Electronic files may be stored on servers located outside of the United States, include Brazil, Canada, EU and APAC regions. Please see below additional information on Cross-Border Transfers of Information. In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities. This may involve national security or law enforcement requirements, for example.
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Therefore, despite our efforts, we cannot guarantee its absolute security. We do not warrant or represent that your Personal Information will be protected against all loss, misuse, or alteration.
VIII. Data Retention Policy, Managing Your Information
When your Personal Information is no longer required for our purposes, we have procedures to destroy, delete, erase or convert it into an anonymous form.
IX. Cookies and Other Tracking Technologies
This section describes how the Stylitics Website makes use of cookies, web beacons (also known as “tracking pixels”), embedded scripts, location-identifying technologies, and/or similar tracking technologies (“Tracking Technologies”) that store and retrieve information when you browse our Website. In general, these Tracking Technologies may serve a variety of purposes, such as, recognizing you as a user, obtaining information about your browsing habits, or to personalize the way in which content is displayed. The specific uses we make of these Tracking Technologies are described below.
Cookies may be stored on your hard drive, or in temporary (cache) memory, in which case they are deleted when you shut down your browser or turn off your computer.
There are different types of cookies:
According to its purpose:
- Necessary cookies: help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
- Preference cookies: enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
- Marketing cookies: are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the user and thereby more valuable for publishers and third-party advertisers.
According to its ownership:
- First party cookies: are those that are sent to the user’s device from a computer or domain managed by the website editor itself and from which the service requested by the user is provided.
- Third-party cookies: are those that are sent to the user’s device from a computer or domain that is not managed by the website editor, but by another entity that processes the data obtained through the cookies.
According to the period they remain active:
- Session cookies: they remain active during access and navigation on the site and, they are deleted once the user leaves the website.
- Permanent cookies: they remain stored in the user’s device and can be accessed and processed to collect information for a period of time defined by the cookie owner.
We may use cookies to store preferences, record session information such as language preferences, develop aggregate information about Website visitors’ preferences and interests, record past activity at a site in order to provide better service when you return to our Website, track advertising conversions or customize webpage content based on your browser type or other information you provide. Information gathered from cookies is only used on an aggregate basis.
We may engage and work with service providers and other third parties to serve advertisements on the Website and/or on other online services. Some of these ads may be tailored to your interest based on your browsing of the Website and elsewhere on the Internet, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (“Interest–based Advertising”), which may include sending you an ad on another online service after you have left the Service (i.e., “retargeting”).
We may use Google Analytics, Adobe Analytics or other service providers for analytics services. These analytics services may use cookies and other Tracking Technologies to help us analyze Website users and how they use the Website.
For more information about third party vendor cookies, including type, purpose, and retention period, see our consent management platform here ().
If you are located outside of the United States, please note that Stylitics conducts international data transfers to the United States with the information obtained from certain analytical cookies. Please note that the level of privacy protection offered in the United States is not equivalent to that which applies in other territories, such as Europe/UK/Switzerland and, when you accept the installation of such cookies, you explicitly agree that such transfers may occur. The information that is transferred to the United States is purely analytical and is fully dissociated (e.g., number of times a user, identified by a code, accesses a website or time spent on a website). You can find out about the transfers to third countries that, where appropriate, are made by the third parties identified in this cookie policy in their corresponding privacy and cookie policies.
X. CHOICES: TRACKING AND COMMUNICATIONS OPTIONS
a. Consent Management Platform
For residents of California, we offer a consent management platform here () which permits you to opt-out of cookies that do not qualify as service providers under the CCPA. For residents of jurisdictions outside of the U.S., all non-essential cookies will only be stored if you accept them using the settings on our consent management platform. In either case, you may change your choices at any time by revisiting the platform. You need to set your choices on each browser and device that you use to access our Website.
b. Tracking Technologies Generally
Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options, so you may need to set them separately. Please be aware that if you disable or remove these technologies, some parts of our Website may not work and that when you revisit the Website your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you can visit http://www.allaboutdnt.com, but we are not responsible for the completeness or accuracy of this third party information. However, for more information on global privacy controls for California residents, see Section XIV below.
Some third parties, however, may offer you choices regarding their Tracking Technologies.
c. Analytics and Advertising Tracking Technologies
You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on. You may exercise choices regarding the use of cookies from Adobe Analytics by going to http://www.adobe.com/privacy/opt-out.html under the section labeled “Tell our customers not to measure your use of their web sites or tailor their online ads for you.”
You may choose whether to receive some Interest-based Advertising by submitting opt-outs. Some of the advertisers and service providers that perform advertising-related services for us and third parties may participate in the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising:
- For residents of the U.S., visit http://www.aboutads.info/choices/.
- For residents of Canada, you can visit https://optout.aboutads.info/?c=3&lang=en, which is a site offered by the Digital Advertising Alliance of Canada (“DAAC”), that includes information on how consumers may opt-out of Interest-based Advertising for companies participating in the DAAC.
- For residents of the EU, you can visit https://edaa.eu/manage-online-ad-experience-mediasmart/ which is a site offered by the European Interactive Digital Advertising Alliance, that includes information on how consumers can manager their online ad experience.
Opting out of Interest-based Advertising does not mean that you will no longer see any advertisements; rather, you will still see advertisements that are general and not tailored to your specific interests and activities. Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain Interest-based Advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective. We support the ad industry’s Self-regulatory Principles for Online Behavioral Advertising and expect that ad networks we directly engage to serve you Interest-based Advertising will do so as well, though we cannot guarantee their compliance.
We are not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
d. Communications
You can opt out of receiving certain promotional communications (emails) from us at any time by (i) for promotional e-mails, following the instructions provided in emails to click on the unsubscribe link, or if available by changing your communication preferences by logging onto your account. Please note that your opt-out is limited to the e-mail address or phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscription communications may continue. Even if you opt out of receiving promotional communications, we may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or our ongoing business relations.
XI. CROSS-BORDER TRANSFER OF INFORMATION
If you are located outside of the United States, please note that the Website and Service is hosted in the United States and Stylitics is headquartered in the United States and additionally Stylitics may transfer Personal Information to employees and outside agents or service providers located in Brazil, Canada, EU regions and APAC regions. Therefore, your information, including any Personal Information provided pursuant to the Service, may be processed and stored in the United States, Brazil, Canada, EU and APAC regions, which do not provide a level of protection to privacy equivalent to that granted in your territory. As a result, the United States, Brazil, EU and APAC federal and state governments, and Canadian federal or provincial courts or law enforcement or regulatory agencies may be able to obtain disclosure of your information through laws applicable in the United States, Brazil, Canada, EU and APAC regions. We will adopt the necessary safeguards to ensure that such data transfers occur in accordance with the applicable regulations. For Europe/UK/Switzerland located users, we will ensure the adoption of the Standard Contractual Clauses adopted by the European Commission from time to time and the implementation of any additional safeguards as it may be required according to our transfer impact assessments to ensure that you have enforceable rights and effective legal remedies on privacy matters.
Please contact us at privacy@stylitics.com if you have any questions about how your information may be processed or stored in the United States, Brazil, Canada, EU and APAC regions or about the safeguards adopted, where applicable.
XII. YOUR INDIVIDUAL RIGHTS
a. Outside of the United States
If you are located outside of the United States, in particular, in UK / Switzerland / EEA, you have the following rights with respect to your personal data, which apply differently in different circumstances: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, and right to object to processing. Most of these rights are not absolute. Below we describe these rights in more detail and provide information on how you can exercise them.
- Right of access:
You have the right to ask us to confirm whether we process your personal data. If we do, you have the right to request a copy of your personal data that we process, and the certain information related to the processing of your Personal Information.
- Right to rectification:
You have the right to correct your personal data if they are inaccurate. You may also have the right to have incomplete personal data about you completed, including by providing a supplementary statement to us.
- Right to object to processing:
You have the right to object the processing of your personal data. We will honor your objection and stop processing the relevant personal data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, and freedoms; or (ii) we need to continue processing your personal data to establish, exercise, or defend a legal claim.
- Right to object to processing for direct marketing or, where so has been provided, to revoke your consent:
If we process your personal data for direct marketing purposes, you have the right to object to this processing or where the legal basis for the processing is consent, to withdraw said consent. We will stop processing your personal data for direct marketing purposes.
- Right to restrict processing:
You have the right to request that we restrict the processing of your personal data in the following circumstances: (i) for the period of time that we need to verify the accuracy of your personal data when you contest its accuracy; (ii) when the processing of your personal data is unlawful and you oppose the erasure of the data, and instead request that we restrict the use of the data; (iii) when we no longer need your personal data for the purposes of processing, but you need the data to establish, exercise, or defend a legal claim; or (iv) for the period of time that we need to verify if we have compelling legitimate grounds for processing that override your interests, rights, and freedoms when you object to the processing of your personal data for our legitimate interests.
- Right to erasure:
You may ask us to delete your personal data. This right is not absolute. We are required to delete your personal data upon your request only in the following circumstances: (i) your personal data is no longer necessary for the purposes for which we collected or processed them; (ii) if we process your personal data on the basis of your consent, you withdraw your consent, and no other legal ground exists for us to continue processing your personal data; (iii) if we processes your personal data for our legitimate interests, you object to the processing, and there are no overriding legitimate grounds for us to continue processing your personal data; (iv) if we have processed your personal data unlawfully; or (v) the personal data must be erased to comply with a legal obligation under to which we are subject.
- Right to data portability:
You have the right to receive personal data you provided to us when: (i) the processing of the data is based on your consent or is necessary for the performance of a contract between you and us; (ii) the processing of your personal data is carried out by automated means; (iii) complying with your request will not adversely affect the rights and freedoms of others; and (iv) it does not involve a disproportionate effort from us.
If you have the right to receive such personal data and request that we provide it, we will provide it to you in a structured, commonly used, and machine-readable format.
- Right to lodge a complaint with a Supervisory Authority:
We will use our best efforts to address and settle any requests or complaints brought to our attention. In addition, you have the right to approach the competent data protection authority with requests or complaints. This can be the supervisory authority in the country or federal state where you live.
b. CCPA Rights in the California Applicant and B2B Context
- Your CCPA Rights and How to Exercise Them
Effective January 1, 2024, we provide California residents from whom we maintain PI in the Applicant and/or in the B2B Context the CCPA privacy rights described in this section, subject to meeting the requirements for a verifiable consumer request (explained below) and limitations permitted by applicable laws; however, our cookie management tool is available to California residents as of the Effective Date of this Privacy Policy.
To submit a request to exercise your privacy rights, or to submit a request as an authorized agent, on or after January 1, 2024, check this section on or after such date for instructions on how to do so. Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.).
- Right to Limit Sensitive PI Processing
With regard to PI that qualifies as “sensitive PI” under the CCPA, if you elect to provide us with that sensitive PI you will have consented to such processing. However, you can limit certain sensitive PI processing and if you do so we will explain in a response what processing purposes the CCPA does not allow you to limit.
OR
We only process sensitive PI for purposes that are exempt from choice under the CCPA.
- Right to Know/Access
You are entitled to access PI up to twice in a 12-month period.
- Categories
You have a right to submit a request for any of the following for the period that is 12-months prior to the request date:
- The categories of PI we have collected about you.
- The categories of sources from which we collected your PI.
- The business purposes or commercial purposes for our collecting, selling, or sharing your PI.
- The categories of third parties to whom we have disclosed your PI.
- A list of the categories of PI disclosed for a business purpose and, for each, the categories of recipients, or that no disclosure occurred.
- A list of the categories of PI sold or shared about you and, for each, the categories of recipients, or that no sale or share occurred.
- Specific Pieces
You may request to confirm if we are processing your PI and, if we are, to obtain a transportable copy, subject to applicable request limits, of your PI that we have collected and are maintaining. For your specific pieces of PI, as required by the CCPA, we will apply the heightened verification standards as described below. We have no obligation to re-identify information or to keep PI longer than we need it or are required to by applicable law to comply with access requests.
- Do Not Sell/Share
California has an opt-out from selling and from sharing for cross-context behavioral advertising (use of PI from different businesses or services to target advertisements). We may sell or share your PI, as these terms apply under the CCPA. However, we provide you an opt out of sale/sharing.
Third-party digital businesses (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that collect PI about you on our services, or otherwise collect and process PI that we make available about you, including digital activity information. We understand that giving access to PI on our services, or otherwise, to Third-Party Digital Businesses could be deemed a sale and/or share and thus we will treat such PI (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) collected by Third-Party Digital Businesses, where not limited to acting as our service provider (or contractor), as a sale and/or share and subject to a Do Not Sell/Share opt-out request. We will not sell or share your PI if you make a Do Not Sell/Share opt-out request.
Opt-out for non-cookie PI: If you want to opt-out of the sale/sharing of your non-cookie PI (e.g., your email address), on or after January 1, 2024, check this section on or after such date for instructions on how to do so.
Opt-out for cookie PI: If you want to opt-out of the sale/sharing of cookie PI, you need to exercise a separate opt-out request on our cookie management tool here (). This is because we have to use different technologies to apply your opt-out of cookie PI and to non-cookie PI. Our cookie management tool, which is available as of the Effective Date of this Privacy Policy, enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our websites you visit, from each browser you use, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective and you will need to enable them again via our cookie management tool. Beware that if you use ad blocking software, our cookie banner may not appear when you visit our services and you may have to use the link above to access the tool.
Opt-out preference signals (also known as global privacy control or “”GPC”): The CCPA requires businesses to process GPC signals, which is referred to in California as opt-out preference signals (“OOPS”), which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the sale and sharing of PI. To use an OOPS/GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC. We have configured the settings of our consent management platform to receive and process GPC signals on our website[, which is explained by our consent management platform here. We process OOPS/GPC with respect to sales and sharing that may occur in the context of collection of cookie PI by tracking technologies online by Third-Party Digital Businesses, discussed above, and apply it to the specific browser on which you enable OOPS/GPC. We [currently do not, due to technical limitations,] process OOPS/GPC for opt-outs of sales and sharing in other contexts (e.g., non-cookie PI). We receive and process OOPS/GPC in a “frictionless manner,” which means we do not: (1) charge a fee for use of our service if you have enabled OOPS/GPC; (2) change your experience with any product or service if you use OOPS/GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the OOPS/GPC. If you set preferences to accept optional cookies and later set a GPC signal on your browser, the GPC signal will control and your preference will be changed to opt-out of optional cookies. However, if you opt-in to optional cookies by moving the toggle on our consent management platform to the right while using a browser that is displaying a GPC signal, you are acting to intentionally override the GPC signal as to our website. However, you can always opt back out of optional cookies by returning to our consent management platform and rejecting optional cookies as to that browser. To do so, move the optional cookies toggle to the left.
We do not knowingly sell or share the PI of consumers under 16, unless we receive affirmative authorization (“opt-in”) from either the consumer who is between 13 and 16 years old, or the parent or guardian of a consumer who is less than 13 years old. If you think we may have unknowingly collected PI of a consumer under 16 years old, please Contact Us.
We may disclose your PI for the following purposes, which are not a sale or share: (i) if you direct us to disclose PI; (ii) to comply with a rights request you submit to us; (iii) disclosures amongst the entities that constitute Stylitics, or as part of a corporate transaction; and (iv) as otherwise required or permitted by applicable law.
- Right to Delete
Except to the extent we have a basis for retention under applicable law, you may request that we delete your PI. Note also that, we may not be required to delete your PI that we did not collect directly from you.
- Correct Your PI
You may bring inaccuracies they find in their PI that we maintain to our attention and we will act upon such a complaint as required by applicable law.
- Automated Decision Making/Profiling
We do not engage in automated decision making or profiling.
- Your Request Must be a Verifiable Request
As permitted or required by the CCPA, any request you submit to us must be a verifiable request, meaning when you make a request, we may ask you to provide verifying information, such as your name, e-mail, and/or phone number. We will review the information provided and may request additional information via e-mail or other means to ensure we are interacting with the correct individual. We will not fulfill your right to know (categories), right to know (specific pieces), right to delete, or right to correction request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected PI. We do not verify opt-outs of sell/share or limitation of sensitive PI requests unless we suspect fraud.
We verify each request as follows:
- Right to Know (Categories): We verify your request to know categories of PI to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. If we cannot do so, we will refer you to this Privacy Policy for a general description of our data practices.
- Right to Know (Specific Pieces): We verify your request to know specific pieces of PI to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you [together with a signed declaration under penalty of perjury that you are the individual whose PI is the subject of the request]4. If you fail to provide requested information, we will be unable to verify you sufficiently to honor your request, but we will then treat it as a right to know categories request if you are a California resident.
- Do Not Sell/Share & Limit SPI: No specific verification required unless we suspect fraud.
- Right to Delete: We verify your request to delete to a reasonable degree of certainty, which may include matching at least two reliable data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three reliable data points provided by you with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the individual posed by unauthorized deletion. If we cannot verify you sufficiently to honor a deletion request, you can still make a do not sell/share/target and/or limit SPI request.
- Correction: We verify your request to correct PI to a reasonable degree of certainty, which may include matching at least two reliable data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three reliable data points provided by you with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the individual posed by unauthorized correction.
If we are unable to verify you sufficiently we will be unable to honor your request. We will use PI provided in a verifiable request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.
- Agent Requests
You may use an authorized agent to make a request for you, subject to our verification of the agent, the agent’s authority to submit requests on your behalf, and of you to privacy@stylitics.com. Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of the CCPA.
- Our Responses
Some PI that we maintain is insufficiently specific for us to be able to associate it with a verified individual (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that PI in response to those requests. If we deny a request, in whole or in part, we will explain the reasons in our response.
We will make commercially reasonable efforts to identify PI that we process to respond to your request(s). In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
Consistent with the CCPA and our interest in the security of your PI, we will not deliver to you your any an account password or security questions or answers in response to a privacy rights request; however, you may be able to access some of this information yourself through your account if you have an active account with us.
- Non-Discrimination/non-retaliation
We will not discriminate or retaliate against you in a manner prohibited by the CCPA for your exercise of your privacy rights. We may charge a different price or rate, or offer a different level or quality of goods or service, to the extent that doing so is reasonably related to the value of the applicable PI.
- Notice of Financial Incentive Programs
We do not currently offer discounts or rewards to consumers for providing us PI, or set price or service differences related to the collection, retention, sale, or sharing of PI. If we offer such programs in the future, we will update this Privacy Policy to describe such program(s), including how you may opt-in and how we value the PI required.
XIII. Contacting Us
We may maintain your Personal Information for the purposes described above. You may withdraw your consent to our collection, use, and disclosure of Personal Information at any time by contacting us. If you wish to request access or correction of your Personal Information in our custody or control, or if you wish to make inquiries or complaints or have other concerns about our Personal Information practices, you may contact us via email at privacy@stylitics.com, or at the contract details included below.
236 5TH Avenue, Suite 6
New York, New York
10001
You can contact our Privacy Lead at privacy@stylitics.com.
We will respond to such a request within 30 days.
© Stylitics Inc. 2023
4 Requiring a signed declaration under the penalty of perjury is optional. If a business uses this method for verification, the business shall maintain all signed declarations as part of its record-keeping obligations.