QUESTIONS; CONTACTING STITCH FIX; REPORTING VIOLATIONS
- Information You Provide to Us.
- When you sign up for an account with our Services (an “Account”), you provide us your name, email address, password, and zip code. In addition, we collect information when you fill out your Style Profile, such as your date of birth, as well as sizing, fit, style preference information and, optionally, some health data (e.g., Are you pregnant?). If you post a photo to your Account, we will collect that photo.
- When you receive a shipment, we record what you keep and what you return. If you provide us feedback or contact us via e-mail or through the Services, we will collect your name and e-mail address, as well as any other content included in the message.
- When you place an order for the Services or when you order products through the Services, we or our third-party payment provider, Braintree (a PayPal company), will collect payment, shipping and billing information in order to process the transaction.
- When you post content (text, images, photographs, videos, messages, comments or any other kind of content) on our Services, we will store and may use that content and other users of the Services will be able to see it if you post it in an area made public, such as comments on our blogs.
- We retain information on your behalf, such as messages you send (including the content of the message and the recipient data) to our stylists or to your contacts when sending referral information using your Account, or messages or phone calls you make to our customer service team.
- When you participate in one of our surveys, we will collect additional profile information.
- We will collect the unique device id number of the mobile device on which you use the App.
- If you participate in a sweepstakes, contest or giveaway on our Services, we will ask you for your e-mail address and/or home phone number, to notify you if you win. We will also ask for first and last names, and sometimes postal addresses to verify your identity. In some situations, we may need additional information as a part of the entry process, such as a prize selection choice. These sweepstakes and contests are voluntary.
- We will also collect personal data at other points in our Services that state that personal data is being collected and where you enter it yourself.
- For online payments, we use the payment services of Braintree (https://www.braintreepayments.com/). We do not record or maintain your credit card or bank account information--Braintree does. For more information on how payments are handled, or to understand the data security and privacy afforded such information, please refer to https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
- Information Collected Automatically. When you use our Services, some information is automatically collected. For example, when you use our Services, your geographic location (derived from IP address when you access our Services on the web), how you use the Services, information about the type of device you use, your mobile network information, your Open Device Identification Number (“ODIN”), date/time stamps for your visit, your unique device identifier (“ UDID”), and your browser type, operating system, Internet Protocol (IP) address, and domain name are all collected. This information is generally used to help us deliver the most relevant information to you and administer and improve the Services. In addition, in the event our App crashes on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our App.
- Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to maintain and improve the performance of the Services.
- Marketing Companies. We work with a number of companies that assist in marketing our services to you on third party websites. These companies may collect information about online activities conducted on a particular computer, browser or device over time and across third-party websites or online services for the purpose of delivering advertising that is likely to be of greater interest to you, on our sites and apps and those of third parties. While not a comprehensive list, some of these companies we work with are Facebook, Twitter, Pinterest, Google Ads, Google DoubleClick, Microsoft, Yahoo, LiveIntent, Quantcast, Optimove, and Kenshoo. If you would like more information about this practice, including the Self-Regulatory Principles for Online Behavioural Advertising, to which we adhere, and to exercise your choices about not having this information used for behavioural advertising, visit youronlinechoices.eu. We also work with affiliate marketing companies, including a company called Impact (https://impact.com/affiliate-marketers). To better understand how these companies use your information, please see the privacy policies available on their respective websites.
- Analytics Companies. We work with a number of third-party analytics companies that report website trends. These services allow us to view a variety of reports about how visitors interact with the Services so we can improve our website and understand how people find and navigate it. Currently, we work with the following analytics companies: Dynamic Yield, Hot Jar, and Google Analytics. This is not intended to be a comprehensive list and we may stop working with these companies and work with others without notice. You can learn more about how these companies collect, use and share information about you by visiting their respective websites.
USE OF YOUR PERSONAL DATA
General Use.In general, personal data you submit to us is used either to respond to requests that you make, aid us in serving you better, or market our Services. We use your personal data:
- To fulfil a contract, or take steps linked to a contract:
- providing, processing, delivering/shipping and improving the requested Services; and
- sending you administrative e-mail or other electronic notifications, such as security or support and maintenance advisories.
- Where this is necessary for purposes which are in our, or third parties', legitimate interests. These interests are:
- facilitating the creation of, and securing, your Account on our network;
- communicating with you;
- responding to your inquiries related to employment opportunities or other requests;
- improving the quality of experience when you interact with our Services, including the testing of different page designs to see which performs better;
- enabling your participation in surveys, sweepstakes, contests and giveaways;
- resolving disputes and/or troubleshoot problems;
- performing sales/marketing analysis;
- preventing and investigating fraud; and
- Conducting internal management reporting/ facilitate strategic decisions.
- Where you give us consent:
- sending you newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes; and
- developing, improving, and delivering marketing and advertising for the Services.
- For purposes which are required by law:
- Responding to requests by government or law enforcement authorities conducting an investigation.
We only process your sensitive personal data (e.g., health data such as your response to the “Are you pregnant?” question in our Style Profile) when you provide it directly to us and you have consented to us collecting such information.
User Feedback.We will post user feedback on the Services from time to time. If you make any comments on a blog, SNS wall or forum associated with the Service, you should be aware that any information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the information you choose to submit in these blogs and forums.
Creation of Anonymous Data.We will create anonymous data records from personal data by excluding information that makes the data personally identifiable to you. We use this anonymous data to analyse request and usage patterns so that we can enhance the content of our Services and improve Site and App navigation. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties in our sole discretion.
DISCLOSURE OF YOUR PERSONAL DATA
- Third Parties Designated by You. When you use the Services, the personal data you provide will be shared with the third parties that you authorize to receive such data.
- Third Party Service Providers. We will share your personal data with third party service providers which assist us in achieving the purposes stated above, in particular, which: conduct quality assurance testing (and are located in the United States, facilitate the creation of accounts (and are located in the United States); store data (specifically, Amazon Web Services, located in the United States and Europe) provide technical support (and are located in the United States and Europe); and/ or market the Services (specifically, companies such as Facebook and Google, and are located in the United States and Europe).
- Marketing and Analytics Companies. As outlined above, we will share your personal data with marketing companies (which are located in the United States and Europe), and analytics companies (which are located in the United States).
TRANSFER OF YOUR PERSONAL DATA
We will store and process your personal data in a country outside the European Economic Area (the “EEA”), specifically, the United States, which does not offer the same privacy protection as that provided within the EEA.
We transfer your personal data to the United States on the basis of EU Commission-approved standard contractual clauses (“SCCs”) (if you would like to obtain a copy of the SCCs, please contact us using the details provided below); and, as regards certain of our US-based vendors, their certification under the Privacy Shield Framework and commitment to adhering to the principles contained therein as regards the processing of EU personal data (you can access the Privacy Shield List by clicking here).
The Services allow you to invite your friends to sign up for the Services by sharing a referral link via an SNS, email or other means, or by sending invitations through Stitch Fix’s referral page on the App or websites. If you choose to upload your contacts to the Service, we will receive and store those contacts’ information and use it to send invitations on your behalf when you choose to do so. When you refer someone via our App or Site, your referral will include your name and, if shared with us, your photo.
You have several choices regarding the processing of your personal data in connection with our Services:
Marketing Choices. With your consent, we will periodically send you e-mails that directly promote the use of our Services. When you receive promotional communications from us, you can indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly (please see contact information below). Notwithstanding this, we will send you routine service communications.
Cookies. If you decide at any time that you no longer wish to accept cookies from our Services for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser’s technical information. If you have any questions about how to disable or modify cookies, please let us know at the contact information provided below.
You are entitled to ask us for a copy of your personal data, to correct it, to port it, erase or restrict its processing, or to ask us to transfer some of this data to other organisations. You also have rights to object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent as more fully described above. These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your personal data. In some instances, this may mean that we are able to retain data even if you withdraw your consent.
Where we require your personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional.
We hope that they can satisfy any queries you have about the way we process your personal data. If you have any concerns about how we process your personal data, you can get in touch by using the contact details provided below.
If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the supervisory authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.
HOW WE RESPOND TO DO NOT TRACK SIGNALS
We do not currently respond to “do not track” signals or other mechanisms that might enable consumers to opt out of tracking on our Services.
A NOTE ABOUT CHILDREN
Our Services are not directed to children under the age of 16 and children under the age of 16 are not eligible to use our Services. We do not collect or maintain personal data from persons we actually know are under the age of 16. If a person under 16 submits personal data to us and we learn that the personal data is the personal data of a person under 16, we will take steps to remove the personal data from our databases. If you believe that we might have any personal data from a person under 16, please contact us at firstname.lastname@example.org or Stitch Fix, Inc. - Privacy, 1 Montgomery St., Ste 1500, San Francisco, CA 94104.
HOW LONG WE KEEP YOUR PERSONAL DATA
We'll keep your personal data for as long as you are a client. If it's been 3 years since you last logged into your account or you last checked out or returned items from a Fix (whichever is later), we will delete or anonymise your data. This is with the exception of your payment details and your transaction history which we need to keep for 7 years from that date. These periods will be extended if there is a likely or ongoing legal claim from you or if we are required to keep it in connection with legal proceedings, or by law or industry guidelines.
If you do not wish to permit changes in our use of your personal data, you must promptly notify us.
Last Updated: October 1, 2018