Privacy policy
Decent Apparel Privacy Policy
Introduction
We respect the importance of your Personal Data. This Privacy Policy (Privacy Policy) applies to your personal information or personal data (as such terms or similar term are defined by applicable law, Personal Data) that we collect through or in connection with the operation of the Website and the Service, which includes the App (defined terms used in this Privacy Policy but not defined in the policy have the meaning provided in the Terms of Service located at www.decentapparel.com/policies/terms-of-service.
We want you to understand our Privacy Policy and, specifically, what Personal Data we collect in connection with the use of the Website and Service, how Personal Data is used, with whom Personal Data is shared, and how it is protected. We’re accountable for the protection of your Personal Data under our control and are committed to following this Privacy Policy and complying with applicable law. This Privacy Policy is not a contract between us and you.
In this Privacy Policy, Decent Apparel, we, us, or our means Decent Startup LLC, based in New York USA, and you or your means a person who accesses or uses the Website or the Service.
General
Our approach to the protection of Personal Data we collect is based on the following guiding principles:
• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability
Let’s address this point upfront: We do not sell your Personal Data to third parties.
Informed Consent (applicable to the Service)
When you create an Account, or when you install the App, or order any goods and service from us, you will be asked for your consent for us to collect, use, and share your Personal Data in accordance with this Privacy Policy.
You have the right to “opt-out” of our collection and use of Personal Data in connection with the Service. In that case, you can still access the Website, but you will not be able to access or use the Service.
Except where we are not required to do so under applicable law, we will notify you and obtain your consent before we collect, use, or share your Personal Data in other ways.
Controller
Decent Apparel is the controller. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us at hello@decentapparel.com.
Categories of Personal Data
Personal Data includes the following, not all of which we collect. Some Personal Data included in one category may overlap with other categories.
Identifiers
Such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, MAC address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
We collect some of this type of data on the Website and in the Service.
Personal information categories listed in the California Client Records statute (Cal. Civ. Code § 1798.80(e))
Such as a name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
We collect some of this type of data on the Website and in the Service.
“Sensitive Personal Information” under the California Privacy Rights Act
Personal information that reveals a consumer’s social security, driver’s license, state identification card, or passport number; a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; a consumer’s precise geolocation; a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; a consumer’s genetic data; and the processing of biometric information for the purpose of uniquely identifying a consumer; personal information collected and analyzed concerning a consumer’s health; and personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
We collect some of this type of data in the Service.
“Sensitive Personal Data” under the UK Data Protection Act 2018
Personal Data consisting of information as to: (a) the racial or ethnic origin of the data subject; (b) their political opinions; (c) their religious beliefs or other beliefs of a similar nature; (d) whether they are a member of a trade union; (e) their physical or mental health or condition; (f) their sexual life; (g) the commission or alleged commission by them of any offence; or (h) any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.
We collect some of this type of data in the Service.
“Sensitive Personal Data” under the GDPR
Data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We collect some of this type of data in the Service.
Protected classification characteristics under California or US federal law
Such as age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
We collect some of this type of data in the Service.
Commercial information
Such as records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
We collect some of this type of data in the Service.
Biometric information
Such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
We collect some of this type of data in the Service.
Network and Device Information
Such as session ID token, source and destination addressing information, IP address, MAC address, the software you are using, and related device and network information.
We collect some of this type of data on the Website and in the Service.
Location data
Information about your location (more specifically, the location of the device that is accessing the Service).
We collect some of this type of data on the Website and in the Service.
Sensory data
Audio, visual, thermal, olfactory, or similar information.
We do not knowingly collect this type of data.
Inferences drawn from other Personal Data
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We may collect some of this type of data in the Service.
User Data is all information and data that is not Personal Data that you access, send, receive, input, or generate when using the Website and the Service.
How do we collect Personal Data?
We may collect your Personal Data in different ways, including:
• when you access and use the Website or Service
• when you download and install the App
• when you use the App, including when you perform a Body Scan using the App
• what you provide to us in connection with setting up an Account
• from communications between you and us
• from public sources
• from our affiliates, resellers, and channel partners
• automatically in connection with your use of your devices and the Website and Service, including through cookies (for more about cookies, see below)
• from our service providers/data processors
Collection of certain information is essential to the operation of the Service and to respond to you, provide support, and troubleshoot issues.
How do we use Personal Data?
• Your Personal Data. We do not sell your Personal Data to third parties. Your Personal Data is only used in connection with the operation of the Website and the Service, including to provide access to the Service, verify, process, and fulfill orders and process returns, process payment, respond to your requests for information, answer your questions about the Service, orders, or your Account, troubleshoot problems, provide support, customize, measure, and improve the Service, inform you about updates and changes to the Service, seek your feedback, compare information for accuracy, and enforce the Terms.
• Your Body Scan data. We use your Body Scan data for the purpose of “inferring characteristics” about you to provide the goods or services you request. We do not use your Body Scan data to identify you. To use the Service, you need to use the App to create a Body Scan. The App may also collect Personal Data about you in the form of photographs taken by the App and process those photographs to create the Body Scan. Your Body Scan data is Personal Data, and in some jurisdictions it could potentially constitute “sensitive personal data” (as such term or similar term is defined by applicable law) to the extent that a Body Scan is biometric data that could be used to identify you. We only use your Body Scan data to make the apparel that you order and for no other purpose. The face on a Body Scan is replaced with a synthetic human face that cannot be used as biometric data. We do not believe a Body Scan can be used to identify a person. Body Scan data will shared with our affiliates, service providers/data processors, and agents only as necessary to accomplish this use. Our philosophy is that you, the consumer, own your personal data. You can delete your Body Scan or entire account at any time.
• Gender. Gender data is used in connection with the ordering, processing, and fulfillment of orders. Gender data will shared with our affiliates, service providers/data processors, and agents only as necessary to accomplish these uses.
• Contact Information. Contact Information is used to verify, process, and fulfill orders and process returns, charge for orders, contact you regarding the Service and orders, to response to support requests, to provide you with information you request, and to provide you with marketing or other communications (unless you have opted out, see Marketing below). Contact Information will shared with our affiliates, resellers, channel partners, service providers/data processors, and agents only as necessary to accomplish these uses.
• Payment Information. Payment Information is used to verify, process, and charge for orders. Payment Information will be shared with our affiliates, resellers, channel partners, service providers/data processors, and agents only as necessary to to accomplish these uses.
• Network and Device Information. Network and Device Information is used and disclosed in connection with the operation of the Website and the Service, including to troubleshoot problems, customize, and data analysis, and research to measure and improve the Website and Service and to enforce the Terms.
• Feedback Information. We can use Feedback Information in any manner and for any purpose without any obligation to account for such use or to compensate you for it. We reserve the right to utilize Feedback Information, on an anonymous basis, for marketing purposes, for instance by displaying selected comments on our Website, in marketing materials, or in other communications. We will not disclose any personally identifiable feedback information to any third parties, other than to service providers/data processors where such feedback relates to such service providers/data processors, without your consent.
• Passive Information. Passive Information is information that is automatically generated in connection with your use of the Website and Service. We use Passive Information, on an aggregated basis, to provide you with better service, for product improvement, and for statistical purposes.
• Location Data. We use location data to to troubleshoot problems, customize, seek feedback, data analysis, and research to measure and improve the Website and the Service, for communications, and to enforce the Terms.
• De-Personalized Information. We may collect information of any type, anonymize that information, and use alone or with similar anonymized information obtained from other persons (De-Personalized Information). No Personal Data will be included in any De-Personalized Information. We can disclose De-Personalized Information to any third party and use it for any purpose we deem appropriate in our sole discretion.
You agree that we can, subject to applicable law, use your Personal Data to operate the Service (including sharing your Personal Data with our affiliates, resellers, channel partners, service providers/data processors, and agents); conduct analysis and research; prevent fraud or misuse; protect our rights or property or the safety of you or others; and send you communications regarding goods you have ordered, events you have signed up for, information you have requested, or other requests you have made, or for reasonably relevant things we believe you might find to be of interest (see Marketing below). We may also disclose Personal Data if we believe in good faith that we are required to do so by law, or that doing so is necessary to comply with legal process, respond to requests from law enforcement or governmental agencies, to respond to claims, or to protect our rights.
Your Personal Data is stored and processed in the countries in which we or our affiliates, resellers, channel partners, service providers/data processors, and agents maintain facilities. We reserve the right to transfer and store your Personal Data outside the country in which you reside.
As we continue to develop our business, we might sell or buy subsidiaries or business units. In such transactions, as well as in the event we or part of our business or assets are transferred to or acquired by a third party, whether by corporate re-organization, merger, acquisition, or other change of control, your Personal Data and all User Data will generally be one of the transferred business assets. We reserve the right to include your Personal Data, User Data, and other information, collected as assets, in any such transfer to a third party. Additionally, your Personal Data, User Data, and other information could be disclosed as part of a bankruptcy involving us.
Persons under 13 years of age
The Service is not directed towards persons under 13 years of age and we do not intentionally or knowingly collect Personal Data from persons under 13 years of age. In the event a person under 13 years of age accesses the Website or the Service their Personal Data could be collected. We will delete such Personal Data upon being notified.
Links to third party websites
To the extent the Website or the Service contains links to third party websites, this Privacy Policy does not cover how those websites collect and process Personal Data. We encourage you to read the applicable privacy policy for any third party website you visit.
Analytics
When you access or use the Website or the Service, we may use one or more third-party services to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the Website and the Service. We do not make, and do not allow the operators of these services, in their capacity as our service provider/data processor, to make, any attempt to find out the identities of those visiting our website through such analytics information.
Marketing
If you requested, or opted-in to receive, marketing or other communications from us, from time-to-time we may send you information about Decent Apparel news, events, promotions, services, and other information. You may request us to stop contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please click the unsubscribe link in the email we sent you or send a request to hello@decentapparel.com asking to be unsubscribed.
Consent for Electronic Communications
We use the contact information you provide us with to communicate with you regarding the Service. By providing this contact information, you consent to receive such communications at such e-mail address, mailing address, and/or telephone number.
What are Cookies and how do we use them?
Cookies are pieces of information that are transferred to your computer or mobile device through a browser. For further information, visit www.allaboutcookies.org. We use cookies to collect and store certain information. We may use both session cookies (which expire when you close your web browser) and persistent cookies (which stay on your device until you delete them).
We use cookies so that we can identify the device being used and to re-establish access. Cookies also enable us to gain information about your use of the Service and to enhance it to meet your preferences. These cookies persist until you delete them. We do not use web beacons. The Help option on the toolbar of most browsers will tell you how to prevent or limit the browser from accepting cookies, how to have the browser notify you when you receive a cookie, or how to disable cookies altogether.
It is possible that you may be able to access third party websites, online services, or apps from the Service. The use of cookies, web beacons, or similar technologies on such other websites, online services, or apps is subject to any applicable privacy policies that they may have, not this Privacy Policy.
How we treat “Do Not Track” or similar signals?
Some browsers provide you with “do not track” options. Because there is not yet a common understanding of how to interpret the “do not track” signal, unless required to do so by applicable law, we do not currently respond to the browser “do not track” signals when you access our Website.
How long is the Personal Data kept?
We retain your Personal Data only for as long as is necessary to fulfill orders; maintain your Account; maintain records until they cannot be lawfully challenged and legal proceedings may no longer be pursued; carry out marketing activities; comply with applicable law, regulatory requests, and relevant orders from government authorities; and fulfill any of the other purposes detailed in this Privacy Policy.
Do we use any service providers/data processors?
Yes, we have service providers/data processors that act on our behalf that process your Personal Data. This would include our hosting service, Squarespace, and our technology partner, Size Stream LLC. These service providers/data processors do not have our permission to extract or use your Personal Data for other purposes.
International processing
We may share your Personal Data with our affiliates, resellers, channel partners, service providers/data processors, and agents who are located, or who process such data, outside of the US. We will take steps to ensure that your Personal Data receives an adequate level of protection in jurisdictions in which it is processed. When we share Personal Data with such third parties, we do so in a manner consistent with our privacy protocols and in compliance with applicable law.
Data security
We take commercially reasonable physical, organizational, and technical measures to protect your Personal Data in our possession. We limit access to your Personal Data to those employees, affiliates, resellers, channel partners, service providers/data processors, agents, and other third parties who have a business need to know. They are permitted to only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
We cannot guarantee the absolute security of our Service and database, nor can we guarantee that any information supplied will not be intercepted while being transmitted over wireless networks or the Internet. We have procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Legal basis for processing
If you are in the EU or UK, the legal basis we rely on to process your Personal Data is article 6(1)(f) of the GDPR or the UK DPA, as applicable, which allows us to process Personal Data when it is necessary for the purposes of our legitimate interests.
Data rights for EU and UK residents:
Your right of access
You have the right to ask us for copies of your Personal Data.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
You have the right to ask us to erase your Personal Data in certain circumstances. This right enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your Personal Data to comply with applicable law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
Your right to restriction of processing
You have a limited right to ask us to restrict the processing of your information in certain circumstances. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) where you have contested the accuracy of your data, processing will be restricted until we have determined the accuracy of the data; (b) where you have objected to processing of your data, processing will be restricted until we have determined the outcome of your objection; (c) where our use of the data is unlawful but you want us to restrict processing rather than erasing the data; or (d) where you require data for the purpose of a legal claim, you can request restriction even when we no longer need the data. Where you have obtained restriction of processing of your data, we will inform you before lifting the restriction.
Your right to object to processing
You have the right to object to certain types of processing of your Personal Data.
You have the right to object to processing of your Personal Data where the processing is carried out in connection with tasks: in the public interest; under official authority; or in the legitimate interests of others.
You also have a right to object to processing of your Personal Data where the processing relates to direct marketing. Where we are using your Personal Data for the purpose of marketing something directly to you, or profiling you for direct marketing purposes, you can object at any time, and we will stop processing as soon as we receive your objection.
You may also object to processing of your Personal Data for research purposes, unless the processing is necessary for the performance of a task carried out in the public interest.
To object to processing, you must contact us and state the grounds for your objection. These grounds must relate to your particular situation. Where you have made a valid objection, we will cease processing your Personal Data, unless we can provide compelling legitimate reasons to continue processing your Personal Data. We can also lawfully continue to process your Personal Data if doing so is necessary for certain types of legal claims.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organization to another or give it to you. This right only applies where processing of Personal Data (supplied by you) is carried out by automated means, and where you have either consented to processing, or where processing is conducted in connection with a contract between you and us. This right only applies to the extent that it does not affect the rights and freedoms of others.
Your rights in relation to automated decision making
You have the right to not be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you. Automated processing is permitted only with your express consent, when necessary for the performance of a contract, or when authorized by the EU or Member State law.
Withdraw consent at any time when we are relying on consent to process your Personal Data
This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain information, materials, goods, or services to you. We will advise you if this is the case at the time you withdraw your consent.
Processing Personal Data for criminal law enforcement purposes
If we are processing your Personal Data for criminal law enforcement purposes, your rights are slightly different.
Exercising your rights
Contact us at hello@decentapparel.com if you wish to exercise any or your rights. Be as specific as possible in relation to your request and the specific Personal Data involved. You may be asked to provide evidence of your identity.
We generally have one (1) month to respond to you, but this period may be extended in certain circumstances. You are not required to pay any charge for exercising your rights, but where requests from you are considered ‘manifestly unfounded or excessive’ we may either charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested, or refuse to act on your request.
Data rights for California residents:
The California Consumer Privacy Act (CCPA) provides users who are California residents with specific rights regarding their Personal Data.
If you reside in California, you may exercise the following rights:
• A right to know about the Personal Data we have collected, used, shared, or sold about you, and why we collected, used, shared, or sold it.
• A right to delete your Personal Data collected by us (subject to certain exceptions outlined below).
• A right to receive Personal Data in a format that will allow its transfer to third parties by you.
• A right to opt-out of the sale of Personal Data, where a “sale” under the CCPA means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Data to another business or a third party for monetary or other valuable consideration.” We do not sell your Personal Data.
• A right to sue for security breaches of Personal Data.
Access to specific information and data portability rights
You have the right to request that we disclose to you your Personal Data we have collected about you over the past twelve (12) months from the date of your request. Once we receive and confirm your request, we will disclose to you, as applicable:
• The categories of Personal Data we collected about you.
• The categories of sources for the Personal Data we collected about you.
• Our business and commercial purposes for collecting that Personal Data.
• The categories of third parties with whom we shared that Personal Data.
• The specific pieces of Personal Data we collected about you.
• If we “sold” or disclosed your Personal Data for a business purpose, up to two separate lists disclosing:
o if we “sold” your Personal Data, identifying the Personal Data categories that each category of recipient “purchased”; and
o if we disclosed your Personal Data for a business purpose, identifying the Personal Data categories that each category of recipient obtained.
• That we have not “sold” any of your Personal Data.
Deletion request rights
You have the right to request that we delete any of Personal Data that we collected from you and retained, subject to certain Exceptions (listed below). Once we receive and confirm your request, we will delete your Personal Data from our records except to the extent an Exception applies.
We may deny a deletion request if retaining the information is necessary for us or our service providers for the following Exceptions:
• to complete the transaction for which we collected the Personal Data, provide information, materials, goods, or services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise respond to your requests;
• to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
• to debug products to identify and repair errors that impair existing intended functionality;
• to exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
• to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
• to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
• to enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
• to comply with a legal obligation; or
• to make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
• deny you goods or services;
• charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
• provide you a different level or quality of goods or services; or
• suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may still offer you certain financial incentives that can result in different prices, rates, or service quality levels as permitted by the CCPA. We do not currently offer such financial incentives.
Exercising access, data portability, and deletion rights
To exercise your rights described above, please submit a request to us that specifies your request type (disclosure, deletion, etc.) as detailed below. Requests may be sent by either:
• emailing us at: hello@decentapparel.com; or
• mailing us at: Decent Startup LLC
Attn Privacy
PO Box 581408
Salt Lake City UT 84158 USA
Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Data. You may also make a request on behalf of your minor child. We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. You may only make a request for access or data portability twice within a twelve (12) month period. The request must:
• provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative; and
• describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Making a request does not require you to create an account with us. Also, we will only use Personal Data provided in a request to verify the requestor’s identity or authority to make the request.
Your authorized agent
You have the right to designate an authorized agent to make a request under the CCPA on your behalf.
Response timing and format
We will confirm that we received your request within ten (10) days and will respond within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response electronically or, at your option, by mail.
Any disclosures we provide will only cover the twelve (12) month period preceding our receipt of the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Can this Privacy Policy be modified?
We reserve the right to modify this Privacy Policy at any time. Accessing the Website or the Service after we have published a modified Privacy Policy constitutes acceptance of such modified policy.
How we notify you of modifications?
We will publish a link to the modified Privacy Policy on the Website and on the Service’s landing page. The modified Privacy Policy becomes effective upon publishing. If the modifications are material, we will provide more prominent notice as appropriate under the circumstances (for example, for a period following publication the icon or link to the Privacy Policy may be highlighted or include the word such as “modified,” “revised,” “updated,” or similar).
How can we be contacted?
You can contact us by email at hello@decentapparel.com or by mail at: Decent Startup LLC, Attn Privacy, PO Box 581408, Salt Lake City UT 84158 USA.