TABLE OF CONTENTS
1. ABOUT US
We are Fabletics Ltd, a company registered in England and Wales with company number: 08097376 and registered office at 25 Wilton Road, London SW1V 1LW (“we” or “us”). We operate the Services and are the data controller responsible for your personal information. You may contact us as detailed in section 11.
2. CATEGORIES OF PERSONAL DATA
When you use the Services, we process the following personal data of you:
Protecting the privacy of children is especially important to us. The Services are not directed towards children and we do not knowingly collect personal data from children. If you are under 18 years of age, please do not use the Services. If we learn that we have collected or received personal data from anyone under 18 years of age, we will delete this information. If you are a parent or guardian and discover that your child has provided us with personal data, please contact us as detailed in section 11.
4. PROCESSING PURPOSES, LEGAL BASIS
Processing purposeDetails regarding each processing purpose.
Legal basisCorresponding legal basis.
|Providing and improving the Services: We use your information to provide and improve the Services and our products, for billing and payments, for identification and authentication, registration, account setup, Service usage, for targeted marketing, for general research and aggregate reporting. We may learn about the products and services that you’re interested in from your browsing and purchasing behaviour both through and outside the Services and may suggest potential purchases as a result. We may also contact you by telephone or other electronic channel to provide support.||Processing is necessary to perform our contract governing our provision of the Services to you or we process your personal data based on our legitimate interest in personalising the Services to help you discover products and services of interest to you. We use and share your information to enable us to pursue our legitimate interests in understanding how the Services are being used, and to explore ways to improve the Services. We will ask for your consent where we need to.|
|Sending you transactional messages: We will process your data information to send you service-related emails or messages. Examples of service-related messages include an email address confirmation or welcome email when you register an account, a confirmation when you place order, information concerning service availability, information about changes to key Service features or functions, and correspondence with our support team. We may also contact you by telephone for transaction-related purposes or to provide support.||Processing is necessary to perform our contract with you.|
|Sending you marketing messages: We also process your personal data to send you marketing emails or other marketing messages. You may unsubscribe at any time from marketing messages through the opt-out link included in the messages or through your account settings. If you opt out, we may still send you non-promotional emails, such as emails about our ongoing business relations.||Your consent, unless we are legally entitled to send you marketing messages without your consent.|
Complying with law, for compliance, fraud prevention and
We process and retain your personal data or share it with a third party
in the following limited circumstances:
||Processing is necessary to comply with our legal obligations or where we have a legitimate interest. In rare cases it may also be necessary in the public interest or to prevent loss of life or personal injury.|
|Defending our legal rights: We process your personal data to protect, establish, or exercise our legal rights or to defend against legal claims, including to collect a debt.||Processing is based on our legitimate interest.|
|Future corporate activity: We may need to transfer your personal data to a third party In the context of future corporate activities, such as a sale, merger, liquidation, receivership or transfer of all or a significant portion of our business or assets.||Processing is based on our legitimate interests, particularly our interest in making decisions that enable our business to develop over the long term.|
|To create anonymous data for research and development: We aggregate and de-personalise demographic information, so that your personal data is not revealed, in order to share aggregated demographic information with third parties, including to comply with our reporting obligations, for business or marketing reasons, or to assist third parties in understanding the Services and our business.||Processing is based on our legitimate interest to analyse the reach and efficiency of our business.|
|Analytics performance information: We use data analytics to ensure the functionality of, and to improve, the Services. We use mobile analytics software to allow us to understand the functionality of the App on your mobile device. Processing is based on our legitimate interests, that is also beneficial for you as we use this data to improve the user experience and provide a higher quality servicer.||Processing is based on our legitimate interests, that is also beneficial for you as we use this data to improve the user experience and provide a higher quality servicer.|
|Location information: We process your location information you provide in your profile or from your IP address or more precise information as set out in Section 2. In order to provide features and to improve and personalise the Services. For example, for internal analytics and performance monitoring, to localise content and (using non-precise location information) for marketing purposes. Certain non-precise location services, such as for security and localization of policies based on your IP or profile address, are critical for the Services to function.||Processing of non-precise location information is based on our legitimate interest|
5. HOW WE SHARE INFORMATION WITH THIRD PARTIES
We share your personal data with the following third parties in the following context, provided that we have a legal basis to do so or where you have expressly made such personal data public.
6. INTERNATIONAL DATA TRANSFERS
We are part of a global group of companies. When providing our Services we process your personal data in the UK, the European Economic Area (“EEA”), US and other countries in which we and our partners operate for purposes described in this notice. This includes sharing your information with Fabletics Inc., our US parent company, and other group companies in our global group, as well as third-party service providers.
When your personal data is transferred from your home country to another country, the laws and rules protecting that information in the country to which it is transferred may be different from those in the country in which you live. We will transfer your information only to those countries to which we are permitted by law to do so, and we will take steps to ensure that your information continues to enjoy appropriate protections.
6.1 Transfer Mechanisms
Whenever we transfer personal data to a third country outside of the UK, we do so on one or more of the following legal bases and transfer mechanisms:
Where applicable, we rely on:
In the absence of an adequacy decision, we have implemented appropriate transfer mechanisms to safeguard your personal data when we transfer it outside of the UK:
If you would like a copy of the Standard Contractual Clauses, please submit a written request to the following address: Fabletics Ltd, Attn: General Counsel, 25 Wilton Rd, London, SW1V 1LW, United Kingdom.
EU-US Data Privacy Framework. Fabletics Inc. and certain other companies in our global group participate in the EU-US Data Privacy Framework ( “EU-US DPF”) and the UK Extension to the EU-US Data Privacy Framework (“UK Extension to the EU-US DPF”) as part of our commitment to maintain high data protection standards when transferring Personal Information between European Union, United Kingdom and the United States. We are committed to comply with the obligations under the EU-US Data Privacy Framework Principles (“EU-US DPF Principles”) and the UK Extension to the EU-US DPF, as set forth by the US Department of Commerce.
In compliance with the EU-US DPF Principles, we are committed to resolve complaints about your privacy rights and the collection or use of your Personal Information transferred to the United States pursuant to the EU-US DPF and the UK Extension to the EU-US DPF as detailed in section 11.
7. YOUR RIGHTS AND CHOICES
Where you have provided your consent to processing of your data, you have the right to withdraw your consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of our processing based on consent before your withdrawal.
8. RETAINING YOUR INFORMATION
We will retain your personal data only for as long as your account is active, as needed to provide the Services to you, or otherwise as necessary for the purposes described in this policy.
However, we may be obliged to retain your personal data due to certain legal requirements, such as for legal and/or administrative proceedings. Once the retention period resulting from these proceedings has ended, we will proceed to delete the personal data.
9. INFORMATION SECURITY
The security of your personal data is very important to us. We follow generally accepted standards to protect the information we collect and receive, both during transmission and after it is received. We maintain appropriate administrative, technical and physical safeguards to protect your information against accidental or unlawful destruction, accidental loss, unauthorised alteration, unauthorised disclosure or access, misuse, and any other unlawful form of processing. This includes, for example, firewalls, encryption, password protection and other access and authentication controls. However, no method of transmission or storage is completely secure. While we strive to protect your personal data, we can't guarantee its absolute security. Your account information is protected by a password. It is important that you protect against unauthorised access to your account and information by choosing your password carefully and by keeping your password and computer secure, such as by signing out after using the Services. If you believe the security of your personal data has been compromised, please contact us as detailed in section 11. If we become aware that your information has been compromised, we will inform you in accordance with applicable law.
10. CHANGES TO THIS NOTICE
This notice is subject to occasional revision. We will notify you of the changes by posting the changes on or through the Services, or by sending you an email about the changes, and/or by posting an update in the version notes on the App’s platform . Any changes will be effective upon the earlier of fourteen (14) calendar days following our dispatch of an email notice or fourteen (14) days following our posting of the changes on or through the Services. We encourage you to check back regularly and review any updates. If we make any material changes in the way we use your personal data, we will notify you by sending you an email to the last email address you provided to us and by posting notice of the changes on our Site.
11. HOW TO CONTACT US, DATA PROTECTION AUTHORITY, COMPLAINTS
You also have the right to file a complaint against us with the Information Commissioner’s Office (“ICO”). The ICO is our lead supervisory authority for data protection matters. The ICO contact details are:
Address: Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF United Kingdom
Email: [email protected]
Telephone: 0303 123 1113
If you live in the EEA, you are entitled to also file a complaint with your local data protection authority. You may find details of your local authority here.
Attn: Privacy Department
25 Wilton Road
London, SW1V 1LW
Fabletics has further committed to refer unresolved EU-U.S. DPF Principles-related complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit here for more information or to file a complaint. There is no charge to consumers for calling or using this independent dispute resolution mechanism.
Under certain limited conditions, European Union and UK individuals may be able to invoke binding arbitration before a panel to be established by the U.S. Department of Commerce, the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA).