Privacy Policy

Posted: December 2019

Effective: January 1, 2020

This Privacy Policy describes how Secret Sauce Partners, Inc. and our services, including Fit Predictor (collectively, “Secret Sauce Partners”, “we” or “us”) collect, use and share information about the Consumer. In this Privacy Policy, “Consumer” means an individual that uses our Services (defined below). We may also refer to Consumer as “you” in this Privacy Policy. This Privacy Policy applies to information we collect when you use our services, such as Fit Predictor that help in determining your size, Style Finder, Outfit Maker, and other functionalities that we may provide from time to time (the “Services”).

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. We encourage you to review the Privacy Policy whenever you interact with us to stay informed about our privacy practices and the ways you can help protect your privacy.

Secret Sauce Partners is the data processor or the service provider, as defined under the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and California Consumer Privacy Act of 2018 (“CCPA”), processing personal data/person information on behalf of and in accordance with the instructions provide by our Customers who are the controller or the business of your personal data/personal information. In this Privacy Policy, “Customers” mean the retailers that have contracted with us for the use of our Services. In some instances, we are the controller or the business, as defined under GDPR or CCPA. This Privacy Policy does not apply to the extent we process personal data in the role of a processor or service provider on behalf of our Customers.

YOUR CHOICES

Personal information is data that identifies an individual or relates to an identifiable individual. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties.

We have collected the following categories of data personal data from you within the last twelve (12) months:

Category

Example

Collected

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

NO

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

NO

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

NO

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network activity.

Browsing history, search history, information on a Consumer's interaction with a website, application, or advertisement.

YES

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

NO

I. Professional or employment-related information.

Current or past job history or performance evaluations.

NO

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES

Specifically, we collect the following information from you:

Personal information that you provide to us

We collect personal information that you provide to us directly, such as:

Personal information that we collect automatically when you use our Services

Similar to applications on other commercial website, our application utilizes a standard technology called "cookies" (see explanation below, "What Are Cookies?"), IP addresses and web server logs to collect information about how our Services are used. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website.

Personal information we collect from our partners and other sources

In providing our Services to our Customer, as a processor, we may be given personal information about Consumers who purchase products from our Customer’s website or mobile application. We may also obtain information about you from other sources, such as our business partners, and combine that with information we collect about you. Our Customers provide us with their consumer’s data in a de-identified form, which is mostly in the form of randomized alphanumeric characters (the “Consumer ID”). The information (including the Consumer ID) is de-identified to such a degree that we cannot properly identify those consumers without getting additional information from our Customer.

WHAT ARE COOKIES?

A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site's computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each website can send its own cookie to your browser if your browser's preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites.

How Do We Use Information We Collect From Cookies?

Our cookies are used to differentiate you from other users in order to ensure that you receive personalized recommendations. In some cases, we also use cookies to prevent you from having to enter the same information repeatedly. Cookies, in conjunction with our Web server's log files, allow us to calculate the aggregate number of people visiting our website and which parts of the site are most popular. This helps us gather feedback in order to constantly improve our Service. Cookies also allow us to anonymize and aggregate data for statistics and to measure key performance indicators. Cookies do not allow us to gather any personal information about you and we do not generally store any personal information that you provided to us in your cookies.

Can You Opt-Out Of Cookies?

You may only opt of the cookies if you disable cookies in your browser and clear your browser history each time you visit the website. Please follow your browser's documentation for instructions on how to disable cookies.

SHARING INFORMATION WITH THIRD PARTIES

We may share your personal information may be processed with or stored on the following third-party service providers.

We may also share your personal information in the following circumstances:

ANONYMIZED AND AGGREGATED DATA

Anonymization is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Policy applies to anonymized or aggregated Consumer data (i.e. information about our Consumers) and Customer data that we combine together so that it no longer identifies or references an individual Consumer).

We may use anonymized or aggregate Consumer data and Customer data for any business purpose, such as to better understand needs and behaviors of our Customers and Consumers, improve our Services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third-parties.

The types of data that we may anonymize and/or aggregate include the information that you may provide to us when you use our service, the information that we may collect from you automatically, or the information that our Customers and partners may provide to us about their consumers.

USE OF INFORMATION

We may use, or disclose the personal information we collect for one or more of the following purposes:

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Legal Basis For Processing Information

We rely on your consent to for providing with our Services. You may withdraw your consent at any time by emailing us at [email protected].

We are based in the United States and the information we collect is governed by U.S. law. If you are a European resident, please see the Sections on GDPR and Privacy Shield below. By accessing or using our websites or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries.

PROTECTING YOUR INFORMATION

Security

We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.

Certain Disclosures

We may disclose your personal information if required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to the law or comply with legal process served on us or Affiliated Parties; (b) protect and defend our rights and property, the Site, the users of the Site, and/or our Affiliated Parties; (c) act under circumstances to protect the safety of users of the Site, us, or third parties.

What About Other Website Through Which Our Services Are Available?

We are not responsible for the practices employed by any other website that may/may not link or provide access to our Services.

Please remember that this Privacy Policy is applicable only with respect to our Services. Your browsing and interaction on any other feature on a website that also offers our Services, including websites which have a link to our Services, is subject to that website's own rules and policies. Please read over those rules and policies before proceeding.

CHILDREN

We do not knowingly collect any personal information from children under the age of 13. We do not sell products for purchase by children and all children's products we sell are for purchase by adults only.

EUROPEAN ECONOMIC AREA (“EEA”) RESIDENTS’ DATA SUBJECT RIGHTS

If you are an EEA Resident, you have certain rights with respect to your personal data, as defined under GDPR. Please note that in some circumstances, we may not be able to fully comply with your requests, or we may ask you to provide us with additional information in connection with your request, which may be personal data, for example, if we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know of our decision.

If we are the processor, under GDPR, you will have to contact the Customer who provided us with your information, to exercise your data subject rights under GDPR.

To make any of the following requests, contact us using the contact details referred to in the “Contacting Us” section of this policy.

Pursuant to GDPR you have the right to file a complaint with your EU Data Privacy Authority (DPA), or if you are in the UK, with the Information Commissioner’s Office.

EU individuals wishing to find out more about the EU Data Protection Officer’s and locate the appropriate office, please go to https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules/eu-data-protection-rules_en.

UK individuals wishing to find out more about the Information Commissioner’s Office may go to https://ico.org.uk/.

INFORMATION FOR EU, UK, AND SWISS INDIVIDUALS – EU-U.S. PRIVACY SHIELD AND SWISS-U.S. PRIVACY SHIELD

Secret Sauce Partners, Inc. complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield. Secret Sauce Partners, Inc. has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this Privacy Policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

We are subject to the regulatory and enforcement authority of the US Federal Trade Commission. We acknowledge the right of EU, UK, and Swiss individuals to access their data pursuant to the Privacy Shield Frameworks. Individuals wishing to exercise this right may do so by contacting us at [email protected].

We do not share any information with third parties therefore the Privacy Shield provision regarding liability for the actions of agent processors does not apply. If this practice should change in the future, we will update this policy to identify any third parties and provide individuals with opt-out or opt-in choice where applicable.

Note that we may be required to share EU, UK, and Swiss personal data in response to lawful requests from public authorities including to meet national security and law enforcement requirements.

In compliance with the Privacy Shield Principles, Secret Sauce Partners, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints should first contact us at [email protected], or at our mailing address:

Secret Sauce Partners, Inc.

20C Trolley Sq

Wilmington, DE 19806

United States of America

Secret Sauce Partners, Inc. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Secret Sauce Partners, Inc. remains liable (and will also accept responsibility) for the onward transfer of personal data to agent third parties unless we can prove we were not a party giving rise to the damages.

CALIFORNIA RESIDENTS’ RIGHTS AND CHOICES

The CCPA provides California residents with specific rights regarding their personal information. This section describes the rights of the California residents and explains how to exercise those rights. In this section “you” refers only to those Consumers who reside in California. Please note that WE DO NOT SELL YOUR DATA TO ANY THIRD-PARTY. If this ever changes, we will properly inform you in accordance with this Privacy Policy and the CCPA.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm that you are verifiable Consumer, we will disclose to you the following:

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (“VCR”), we will delete your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.

  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

  3. Debug products to identify and repair errors that impair existing intended functionality.

  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.

  7. Enable solely internal uses that are reasonably aligned with Consumer expectations based on your relationship with us.

  8. Comply with a legal obligation.

  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We do not provide these deletion rights for B2B personal information.

To exercise the access, data portability, and deletion rights described above, please submit a VCR to us by either:

Emailing us at [email protected]

Visiting http://www.secretsaucepartners.com/privacy-form

Only you, or someone legally authorized to act on your behalf, may make a VCR related to your personal information. You may also make a VCR on behalf of your minor child.

You may designate an authorized agent to make a request to access or a request to delete on your behalf. A response will be furnished to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4000 to 4465. Authorized agents may not be provided with the response pertaining to the request if the authorized agents fail to submit a proof of authorization or are unable to verify their identity.

You may only make a VCR for access or data portability twice within a 12-month period.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a VCR does not require you to create an account with us.

We will only use personal information provided in a VCR to verify the requestor's identity or authority to make the request.

We endeavor to respond to a VCR within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the VCR's request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your VCR.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

OTHER CALIFORNIA RESIDENTS RIGHTS

Under California's "Shine the Light" law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of such data, the names and addresses of those businesses with which we shared for the immediately prior calendar year. To request a notice, please email your request to [email protected]. Please be aware that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response. Please also note that we do not share your personal information with any other business of that business’s marketing use.

CONTACTING US

If you have any questions, comments, or concerns about this Privacy Policy, please contact us at [email protected] or at our mailing address:

Secret Sauce Partners, Inc.

20C Trolley Sq

Wilmington, DE 19806

United States of America

Pursuant to GDPR you have the right to file a complaint with your EU Data Privacy Authority (DPA), or if you are in the UK, with the Information Commissioner’s Office.

EU individuals wishing to find out more about the EU Data Protection Officer’s and locate the appropriate office, please go to https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules/eu-data-protection-rules_en

UK individuals wishing to find out more about the Information Commissioner’s Office may go to https://ico.org.uk/