1. Definitions / Legal Terms
Company is committed to protecting the privacy of our users.
“Services” refers to the services accessed via the Site, in which users can learn about us and our offerings. Users can also contact us, join our email mailing list, and explore the Services that we offer.
“You” or “Your” refers to you, as a user of the Site or the Services.
Any other terms that are capitalized will either be defined within this GPDR Notice or is the same as how it is defined under the applicable General Data Protection Regulation (“GDPR”).
2. Information About Us
Company is a U.S. based company that operates a marketplace for virtual style coaching, where users can book convenient and affordable styling sessions with expert stylists at www.stylespace.com (“Site”).
We may be contacted by sending an e-mail to: email@example.com
You may also contact us through correspondence at our physical address at:
Style Space Inc.
651 N Broad St, Suite 205 #2795
Middletown, Delaware 19709
3. Data Protection Officer (“DPO”)
Company does not engage in activities that require the designation of a DPO. However, if you have questions about our GDPR Notice, you may contact us at: firstname.lastname@example.org or through our postal address above.
4. Personal Data We Collect
This section tells you about what Personal Data we collect from you and use. You should read this section carefully as it contains important information. The two types of Personal Data we collect are Personal Data and Aggregated Personal Data (as defined below).
There may be Personal Data you knowingly provide to us on an individual basis. To browse the Site, you do not need to submit any Personal Data. There may be limited times where you knowingly and voluntarily provide us Personal Data. This can include:
- your name;
- birth date;
- city and state;
- time zone;
- any information needed to connect with us through our social media presence; and
- any other business information we need to provide Services.
There may be aggregated or pseudonymized Personal Data that we collect that cannot reasonably be used to directly identify you. It is collected on an aggregated basis when you browse and use the Services. Although the risk of re-identification is low, the GDPR still considers this type of information as Personal Data
To browse the Site, you do not need to submit Personal Data that can be used to identify you. We do, however, collect Personal Data that cannot be used to directly identify you during your use of the Site and the Services. This type of Personal Data can be called non-personal Personal Data (“Aggregated Personal Data”). Although Aggregated Personal Data cannot identify you, we still feel it is important to share our practices with you.
We track Aggregated Personal Data provided to us by your browser or by our marketplace when you view Site and/or use the Services.
Aggregated Personal Data is collected automatically by technology to improve the quality of the Site and Services. Examples include:
- type of browser you use;
- type of device from which you connected to the Site and/or Service;
- time and date of access; and
- other Aggregated Personal Data that does not personally identify you.
We may also receive non-personal information, such as aggregated or de-identified demographic/profile information, from third-party sources such as companies that specialize in providing enterprise information, analytics, and software as a service. We may also use clear gifs, pixel tags and web beacons, which are tiny graphic images placed on website pages and/or emails that allow us to determine whether you’ve performed specific actions and are further used to track online movements of our users.
We also track Aggregated Personal Data using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect general data about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis.
We may use both persistent and session cookies. Persistent cookies remain on your computer after you close your session and until you delete them. Session cookies expire when you close your browser.
5. Choices for Cookies
For information on cookies, please see our Cookie Notice located at the bottom of our landing page at www.stylespace.com.
6. Purposes for Which We Use Your Personal Data
We use Personal Data collected as described in this GDPR Notice to provide you with the Site, Services and/or information and/or content that you have requested, and, in some cases, to contact you about our classes, products and/or other services. We also use the information collected to take the following actions:
- operate, maintain, and improve the Site and/or Services;
- answer questions and respond to your requests;
- perform analytics and conduct research;
- send you reminders, support, and marketing messages;
- bill for the style coaching Services you sign up for;
- pay the style coach for booked sessions on the Services;
- manage our administration of the Site and/or Services;
- analyze programs, products, and services we offer;
- inform you about products, events and/or other promotional purposes; and
- other purposes about which we notify you.
In general, we use Aggregated Personal Data to help us improve the Site and Services and customize the user experience. We also pool and combine this Aggregated Personal Data to track trends and analyze use patterns on the Site and Services. Because Aggregated Personal Data cannot be used to directly identify you, this type of Personal Data is not covered by privacy laws. This means that this GDPR Notice does not limit in any way our use or disclosure of Aggregated Personal Data and we reserve the right to use and disclose such Aggregated Personal Data to our partners, advertisers and other third parties at our discretion.
7. Legal Basis for Processing
We primarily utilize your consent for lawfully using your Personal Data. We may also use your Personal Data lawfully and fairly based on any of the following situations:
- to fulfill a contract that you are a party to, and you requested to enter into;
- to fulfill a compliance obligation we are subject to; or
- our legitimate interests which do not override the rights and freedoms given to you under the GDPR.
8. Recipients of Your Personal Data
We will share information collected in accordance with this GDPR Notice as follows:
Service Providers: We use service providers that may include, without limitation, employees of the business, consultants, partners, and vendors we use to carry out our services (“Service Providers”). We may share some of your Personal Data, including but not limited to information to style coaches for sessions users book with style coaches and style coach information to users for style sessions that are booked with users. Our Service Providers will be given access to your Personal Data as is reasonably necessary to provide the Site and/or Services.
For Compliance and Legal Actions Involving our Company: We will not disclose your personal information to third parties except as set forth in this GDPR Notice and in the following circumstances:
- to investigate and defend our members against any third party claims and/or allegations and/or otherwise to protect us from liability;
- to investigate, prevent and/or take action regarding suspected and/or actual illegal activities;
- to assist government enforcement agencies;
- respond to a legal process and/or comply with the law;
- to exercise or protect the rights, property and/or personal safety of the users of the Site and/or Services; and/or
- to protect the security and/or integrity of the Site and/or Services.
Business Transfer: If we sell or otherwise transfer part or all of our business and/or assets to another organization (e.g., in the course of a transaction such as a merger, acquisition, bankruptcy, dissolution, liquidation, etc.), your Personal Data such as name and email address, user content and/or any other information collected through the Site and/or Services may be among the items sold and/or transferred.
9. Cross Border Transfers
Company does business globally and uses cloud technology to provide the Site and/or Services. This means that your information will be transferred to locations other than where it was collected. We will take steps to help ensure that your information is handled appropriately. If we use third parties to handle your information on our behalf, we may enter into a contract with those third parties that require them to take certain measures to protect your Personal Data (see ‘Security of Your Personal Information and Personal Data section in the Privacy Notice).
We may also transfer your Personal Data to a country that has the same level of data protections as where it was collected. Regardless of where we transfer your Personal Data, we will do so in way that follows this GDPR Notice.
If you have questions or would like to know more about how we protect your Personal Data with cross border transfers, please contact us at email@example.com.
10. Security of Your Information
We take steps to protect any Personal Data in our possession. Such steps include, but are not limited to:
- maintaining usernames and passwords for any applications or systems we access;
- fixing software with patches to address known vulnerabilities;
- maintaining firewalls to help keep unauthorized users out of our network;
- working to ensure that our staff are not sharing password information;
- maintaining physical security to keep non-authorized users out of our property;
- protecting the devices we have in our possession (mobile phones, laptops, etc.);
- working to ensure the availability of your Personal Data in the event of an unplanned interruption;
- using encryption where appropriate;
- conducting regular trainings regarding privacy and security with our staff; and
- holding our vendors and third parties to similar requirements.
11. Retention of Information
As we are committed to the privacy of your Personal Data, we only hold on to Personal Data for as long as we need it to provide Site and/or Services to you. We may retain limited Personal Data to meet legal or compliance obligations our company must meet. If applicable law allows, you may request that we delete your personal information.
12. Rights over Your Personal Data
EU and UK citizens have rights over their Personal Data. This includes, but is not limited to, rights to access, rights to rectify, rights to erase and rights to restrict how we use your Personal Data.
Some rights may not be available if exercising a right may infringe on the privacy of another person or if an exception under the GDPR applies.
Regardless, we will work with you to fulfill your rights in a timely manner. We may ask you for additional information to verify your identity. We will only ask for information we already have on you and not for new information.
13. Withdrawal of Your Consent
If we used consent to lawfully and fairly use your Personal Data, you may withdraw your consent at any time. Doing so may prevent you from accessing the Site and/or Services.
To withdraw your consent, contact us at: firstname.lastname@example.org.
14. Questions or Complains Regarding our Privacy Practices
We hope that you will contact us if you have any questions or complaints regarding how we handle or use your personal information. We will work to answer your question or address your complaint.
For a list of data protection authorities: http://ec.europa.eu/newsroom/article29/document.cfm?doc_id=50061