Privacy Policy
Posted: December 2, 2020
Effective: December 2, 2020
This Privacy Policy describes how Secret Sauce Partners, Inc. and our services, including Fit Predictor (collectively, “Secret Sauce Partners”, “we” or “us”) collect, use and share information about the Consumer. In this Privacy Policy, “Consumer” means an individual that uses our Services (defined below). We may also refer to Consumer as “you” in this Privacy Policy. This Privacy Policy applies to information we collect when you use our services, such as Fit Predictor that help in determining your size, Style Finder, Outfit Maker, and other functionalities that we may provide from time to time (the “Services”).
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. We encourage you to review the Privacy Policy whenever you interact with us to stay informed about our privacy practices and the ways you can help protect your privacy.
Secret Sauce Partners is the data processor or the service provider, as defined under the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) and California Consumer Privacy Act of 2018 (“CCPA”), processing personal data/person information on behalf of and in accordance with the instructions provide by our Customers who are the controller or the business of your personal data/personal information. In this Privacy Policy, “Customers” mean the retailers that have contracted with us for the use of our Services. In some instances, we are the controller or the business, as defined under GDPR or CCPA. Some provisions of this Privacy Policy may not apply to the data subjects whose personal data we process as a processor or service provider on behalf of our Customers.
YOUR CHOICES
Personal information is data that identifies an individual or relates to an identifiable individual. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties.
We have collected the following categories of data personal data from you within the last twelve (12) months:
Category |
Example |
Collected |
A. Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. |
YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. |
NO |
C. Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
NO |
D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
NO |
E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
NO |
F. Internet or other similar network activity. |
Browsing history, search history, information on a Consumer's interaction with a website, application, or advertisement. |
YES |
H. Sensory data. |
Audio, electronic, visual, thermal, olfactory, or similar information. |
NO |
I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
NO |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
NO |
K. Inferences drawn from other personal information. |
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
YES |
Specifically, we collect the following information from you:
Personal information that you provide to us
We collect personal information that you provide to us directly, such as:
-
We collect information that you provide about yourself in response to our questionnaire, such as your size in another brand, in order to create your profile.
-
If you do not want to create a profile using our Services, you should disable cookies on your browser and not fill in the questionnaire.
-
If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses, unless it is a request for deletion, in which case we will delete all your personal information in your request after completion of the same.
Personal information that we collect automatically when you use our Services
Similar to applications on other commercial website, our application utilizes a standard technology called "cookies" (see explanation below, "What Are Cookies?"), IP addresses and web server logs to collect information about how our Services are used. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website.
Personal information we collect from our partners and other sources
In providing our Services to our Customer, as a processor, we may be given personal information about Consumers who purchase products from our Customer’s website or mobile application. We may also obtain information about you from other sources, such as our business partners, and combine that with information we collect about you. Our Customers provide us with their consumer’s data in a de-identified form, which is mostly in the form of randomized alphanumeric characters (the “Consumer ID”). The information (including the Consumer ID) is de-identified to such a degree that we cannot properly identify those consumers without getting additional information from our Customer.
WHAT ARE COOKIES?
A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site's computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each website can send its own cookie to your browser if your browser's preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites.
How Do We Use Information We Collect From Cookies?
Our cookies are used to differentiate you from other users in order to ensure that you receive personalized recommendations. In some cases, we also use cookies to prevent you from having to enter the same information repeatedly. Cookies, in conjunction with our Web server's log files, allow us to calculate the aggregate number of people visiting our website and which parts of the site are most popular. This helps us gather feedback in order to constantly improve our Service. Cookies also allow us to anonymize and aggregate data for statistics and to measure key performance indicators. Cookies do not allow us to gather any personal information about you and we do not generally store any personal information that you provided to us in your cookies.
Can You Opt-Out Of Cookies?
You may only opt-out of the cookies if you disable cookies in your browser and clear your browser history each time you visit the website. Please follow your browser's documentation for instructions on how to disable cookies.
SHARING INFORMATION WITH THIRD PARTIES
We may share your personal information may be processed with or stored on the following third-party service providers.
-
Cloud storage
-
Consumer support
-
Customer support
-
Data analytics
-
Document repository services
-
Internet (e.g. ISPs)
-
Marketing
-
Network infrastructure
-
Security
We may also share your personal information in the following circumstances:
-
With companies or other entities that we plan to merge with or be acquired by. You will receive prior notice of any change in applicable policies.
-
With companies or other entities that purchase Secret Sauce Partners’ assets pursuant to a court-approved sale or where we are required to share your information pursuant to insolvency law in any applicable jurisdiction.
-
With our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.
-
With law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of any other applicable policies.
ANONYMIZED AND AGGREGATED DATA
Anonymization is a data processing technique that removes or modifies personal information so that it cannot be associated with a specific individual. Except for this section, none of the other provisions of this Privacy Policy applies to anonymized or aggregated Consumer data (i.e. information about our Consumers) and Customer data that we combine together so that it no longer identifies or references an individual Consumer).
We may use anonymized or aggregate Consumer data and Customer data for any business purpose, such as to better understand needs and behaviors of our Customers and Consumers, improve our Services, conduct business intelligence and marketing, and detect security threats. We may perform our own analytics on anonymized data or enable analytics provided by third-parties.
The types of data that we may anonymize and/or aggregate include the information that you may provide to us when you use our service, the information that we may collect from you automatically, or the information that our Customers and partners may provide to us about their consumers.
USE OF INFORMATION
We may use, or disclose the personal information we collect for one or more of the following purposes:
-
To fulfill or meet the reason you provided the information. For example, if you provide your personal information to use our Services, we will use that information to provide you with the Services.
-
To provide, support, personalize, and develop our website, and Services.
-
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
-
For testing, research, analysis, and product development, including to develop and improve our website, and Services.
-
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
-
As described to you when collecting your personal information or as otherwise set forth in the CCPA and GDPR
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Users. In this Privacy Policy “Users” mean Customers and Consumers of our Services.
We will not collect additional categories of personal information or use the personal information we have collected for materially different, unrelated, or incompatible purposes without providing you notice.
Legal Basis For Processing Information
We rely on your consent to provide our Services. You may withdraw your consent at any time by emailing us at privacy@secretsaucepartners.com.
We are based in the United States (“U.S.”) and the information we collect is governed by U.S. law. If you are a European resident, please see the Section on GDPR below. By accessing or using our websites or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries.
PROTECTING YOUR INFORMATION
Security
We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
Certain Disclosures
We may disclose your personal information if required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to the law or comply with legal process served on us or Affiliated Parties; (b) protect and defend our rights and property, the Site, the users of the Site, and/or our Affiliated Parties; (c) act under circumstances to protect the safety of users of the Site, us, or third parties.
What About Other Website Through Which Our Services Are Available?
We are not responsible for the practices employed by any other website that may/may not link or provide access to our Services.
Please remember that this Privacy Policy is applicable only with respect to our Services. Your browsing and interaction on any other feature on a website that also offers our Services, including websites which have a link to our Services, is subject to that website's own rules and policies. Please read over those rules and policies before proceeding.
CHILDREN
We do not knowingly collect any personal information from children under the age of 13. We do not sell products for purchase by children and all children's products we sell are for purchase by adults only.
EUROPEAN ECONOMIC AREA (“EEA”) RESIDENTS’ DATA SUBJECT RIGHTS
If you are an EEA Resident, you have certain rights with respect to your personal data, as defined under GDPR. Please note that in some circumstances, we may not be able to fully comply with your requests, or we may ask you to provide us with additional information in connection with your request, which may be personal data, for example, if we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know of our decision.
If we are the processor, under GDPR, you will have to contact the Customer who provided us with your information, to exercise your data subject rights under GDPR.
To make any of the following requests, contact us using the contact details referred to in the “Contacting Us” section of this policy.
-
Access: You can request more information about the personal data we hold about you. You can also request a copy of the personal data.
-
Rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
-
Objection: You can contact us to let us know that you object to the collection or use of your personal data for certain purposes.
-
Erasure: You can request that we erase some or all of your personal data from our systems.
-
Restriction of Processing: You can ask us to restrict further processing of your personal data.
-
Portability: You have the right to ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
-
Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, it may limit your ability to use some/ all of our Services and you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
-
Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your personal data with the supervisory authority of your country or EU Member State.
Pursuant to GDPR you have the right to file a complaint with your EU Data Privacy Authority (DPA), or if you are in the UK, with the Information Commissioner’s Office.
EU individuals wishing to find out more about the EU Data Protection Officer’s and locate the appropriate office, please go to https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules/eu-data-protection-rules_en.
UK individuals wishing to find out more about the Information Commissioner’s Office may go to https://ico.org.uk/.
TRANSFER OF PERSONAL INFORMATION TO THE U.S.
If you are interacting with our Services from outside the United States and provide us with any personal information, please note, for us to provide the Services or otherwise communicate with you as outlined in this Privacy Policy, it will be necessary for your personal information to be transferred, stored, and processed within the U.S. The data protection laws in the United States may not be as comprehensive as those in your country. By doing business or interacting with Services, you are consenting to the transfer of your personal information to facilities located in the United States and other facility locations selected by us. If you wish to withdraw your consent, please write to us at privacy@secretsaucepartners.com.
If you are our Customer, we may have entered into Standard Contractual Clauses with you. In which case, that is how your personal information is transferred to the U.S. for processing.
CALIFORNIA RESIDENTS’ RIGHTS AND CHOICES
The CCPA provides California residents with specific rights regarding their personal information. This section describes the rights of the California residents and explains how to exercise those rights. In this section “you” refers only to those Consumers who reside in California. Please note that WE DO NOT SELL YOUR DATA TO ANY THIRD-PARTY. If this ever changes, we will properly inform you in accordance with this Privacy Policy and the CCPA.
-
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm that you are verifiable Consumer, we will disclose to you the following:
-
The categories of personal information we collected about you.
-
The categories of sources for the personal information we collected about you.
-
Our business or commercial purpose for collecting or selling that personal information.
-
The categories of third parties with whom we share that personal information.
-
The specific pieces of personal information we collected about you (also called a data portability request).
-
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
-
sales, identifying the personal information categories that each category of recipient purchased; and
-
disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained. We do not provide these access and data portability rights for business-to-business (“B2B”) personal information.
-
Deletion request
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (“VCR”), we will delete your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
-
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
-
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
-
Debug products to identify and repair errors that impair existing intended functionality.
-
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
-
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
-
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
-
Enable solely internal uses that are reasonably aligned with Consumer expectations based on your relationship with us.
-
Comply with a legal obligation.
-
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We do not provide these deletion rights for B2B personal information.
-
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a VCR to us by either:
Emailing us at privacy@secretsaucepartners.com
Visiting http://www.secretsaucepartners.com/privacy-form
Only you, or someone legally authorized to act on your behalf, may make a VCR related to your personal information. You may also make a VCR on behalf of your minor child.
You may designate an authorized agent to make a request to access or a request to delete on your behalf. A response will be furnished to your authorized agent's request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4000 to 4465. Authorized agents may not be provided with the response pertaining to the request if the authorized agents fail to submit a proof of authorization or are unable to verify their identity.
You may only make a VCR for access or data portability twice within a 12-month period.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a VCR does not require you to create an account with us.
We will only use personal information provided in a VCR to verify the requestor's identity or authority to make the request.
-
Response Timing and Format
We endeavor to respond to a VCR within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the VCR's request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your VCR.
-
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
-
Deny you goods or services.
-
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. Our services are free of cost to you. Many of our Customers are e-commerce retailers. If you believe that the e-commerce retailers (i.e. our Customer) who use our Services are charging you different prices when you exercise your rights under the CCPA, please contact the relevant e-commerce retailer.
-
Provide you a different level or quality of goods or services.
-
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
-
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
OTHER CALIFORNIA RESIDENTS RIGHTS
Under California's "Shine the Light" law, California residents who provide personal information in obtaining products or services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of such data, the names and addresses of those businesses with which we shared for the immediately prior calendar year. To request a notice, please email your request to privacy@secretsaucepartners.com. Please be aware that not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response. Please also note that we do not share your personal information with any other business for that business’s marketing use.
CONTACTING US
If you have any questions, comments, or concerns about this Privacy Policy, please contact us at privacy@secretsaucepartners.com or at our mailing address:
Secret Sauce Partners, Inc.
20C Trolley Sq
Wilmington, DE 19806
United States of America
Pursuant to GDPR you have the right to file a complaint with your EU Data Privacy Authority (DPA), or if you are in the UK, with the Information Commissioner’s Office.
EU individuals wishing to find out more about the EU Data Protection Officer’s and locate the appropriate office, please go to https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules/eu-data-protection-rules_en
UK individuals wishing to find out more about the Information Commissioner’s Office may go to https://ico.org.uk/