PRIVACY POLICY

Contour Lab Privacy Policy

This Contour Lab privacy policy governs the collection, storage and use of your personal data as users of the Contour Lab solution (the “Solution“). It provides you with details about the personal data Contour Lab collects from you, how we use it and your rights to control personal data we hold about you. 

Any future updates will be posted on https://app.contourlab.io/privacy-policy.

1.              Who we are:

Contour Lab is a provider of a Solution that suggests and facilitates clothing and apparel style selection of end-customers during their shopping journey through data driven insights, having its registered offices at Sint-Pietersvliet 7, 2000 Antwerpen, Belgium (“Contour Lab” or “we“).

2.              Contour Lab as the data controller or as the data processor

Under the EU General Data Protection Regulation (the “GDPR“), “data controller” and “data processor” are important concepts in understanding Contour Lab’s responsibilities under the GDPR. Depending on the scenario, Contour Lab may be a data controller, data processor or both and has specific responsibilities as a result.

While Contour Lab operates mainly as a data processor, i.e. to provide the Solution and ancillary services, there are some instances in which we operate as a data controller.

Examples where we operate as a data controller include the processing of personal data (i) to optimize and improve our Solution and services and (ii) where the data subject provides information to us directly.

3.              The personal data we collect about you and the purposes for which we collect it:[OC1] 

Below you will find an overview of:

a)     the categories of personal data that we (or third party data processors acting on our behalf may collect – for further information on data processors acting on our behalf, see below under point 3), use and store about you;

b)     the purposes for which this data would be collected;

c)     the legal basis for processing.

Categories of personal data

Purpose(s) for processing

Legal basis for processing

Source

Contact details / identification details (first name, surname, e-mail address)

To provide you with our Solution and ancillary services (in particular to determine your body shape and send you styling advice)

Article 6,§1, (b) GDPR

Information you provide to us directly

To contact you for reasons related to the service you have signed up for or to provide information you have requested.

article 6, §1, (b) GDPR)

Information you provide to us directly

Physical characteristics (e.g. Waist, Shoulders, Hips, Height, Weight, Breast, Age)

To provide you with our Solution and ancillary services

Article 6,§1, (b) GDPR

Information you provide to us directly

Information about your online activities on our service

To improve and optimize our services

Article 6,§1, (f) GDPR

Information we collect automatically when you visit or use our website or Solution.

Personal data shared by the data subject

To send you the newsletters to which you have subscribed and/or to contact you for the purpose of marketing our products and services or those of third parties with whom we collaborate

Article 6,§1, (a) GDPR

Information you provide to us directly

IP address

To determine the number of visitors

Article 6,§1, (f) GDPR

Information we collect automatically when you visit or use our website or Solution

Log information (date, time, duration and manner of use of our services, pages visited on the website, domains of other sites to arrive at the website, etc.)

To improve and optimize our services.

Article 6,§1, (f) GDPR

Information we collect automatically when you visit or use our website or Solution

4.              How we share your personal data and who we share it with

4.1           Principle

We will not sell, rent or otherwise disclose your personal data to any third party, except as described in this policy.

4.2           Third parties

Your data may be communicated to third parties in the following cases:

        our subcontractors in the context of services we ask them to perform on our behalf (e.g. IT subcontractors);

 

        the stores concerned on whose website you have used the Solution;

        the companies called in to improve our Solution, services and our marketing activities;

4.3           Compliance with laws and legal proceedings

We may disclose your personal data where:

      we are required to do so by applicable law, by a governmental body or by a law enforcement agency;

      to establish or exercise our legal rights or defend against legal claims;

      to investigate, prevent or take actions against illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.

5.              How long do we keep your personal data?

We keep your personal data for no longer than necessary for the purposes for which the personal data is processed. The length of time for which we retain personal data depends on the purposes for which we collect and use it and/or as required to comply with applicable laws (including bookkeeping, social and tax obligations) and to establish, exercise or defend our legal rights.

Type of data

Retention period

Tax, social or legal data

for as long as required by law, increased with a period of 1 year. This allows us to correctly remove the data from our systems and archives.

The data that you as a customer share with us

7 years unless you give us permission to keep and use these data once again or unless we are legally required to store the data longer

Data related to your account

In general, we will keep your data while your account is active or for as long as needed to provide the services to you:

        Data in your online account that we do not need to prove your transactions will be deleted after 6 monthsThis storage allows you to reactivate your account if desired. The same applies to data that you remove from your account yourself.

        If you do not log in to your online account for a period of 2 years and do not use it in any other way, we will send you an e-mail with the message that we will delete your online account, unless otherwise stated. After deleting, you can reactivate your account during the period stated above.

        If you have not shown any engagement to our e-mails for 3 years, your data will be removed from that processing and you will no longer receive e-mails. You will first receive a warning before this processing is stopped.

Contact details

In certain cases, for example when you ask us to stop being contacted by us, we can store your contact details in a “non-contact” file for 36 months, in order to prevent you from being contacted by us during this period.

Data that is the subject of a dispute or be assumed to be used in a dispute

As long as necessary to be used in that dispute.

6.              International transfers

In connection with the abovementioned purposes, we try to avoid as much as possible the transfer of personal data that we collect from you to third party data processors located outside the European Economic Area.

When we transfer personal data that we collect from you to third party data processors located in countries that are outside of the European Economic Area and which do not offer an adequate level of protection, we ensure the use of appropriate data transfer tools such as the entering into of the standard contractual clauses issued by the European Commission.

7.              Security

We take appropriate technical and organisational measures to safeguard the personal data that you provide to us against unauthorized or unlawful processing and against accidental destruction, loss or damage.

?Also mention that we make your data anonymous so that they cannot be traced back to you and the data exchanges only take place via secure channels?

8.              Your rights

You have the following rights as a data subject:

a)     the right to access to personal data that we hold about you;

b)     the right to ask us to update or correct any out-of-date or incorrect personal data that we hold about you;

c)     where the processing is based on your consent, the right to withdraw consent at any given time, without affecting the lawfulness of processing based on consent before its withdrawal;

d)     the right to erasure where the conditions of article 17 of the GDPR have been met;

e)     the right to restriction of processing where the conditions of article 18 of the GDPR have been met;

f)      the right to data portability insofar the conditions of article 20 GDPR apply to you;

g)     the right to object to processing of personal data concerning you, insofar the conditions under article 21 GDPR have been met; and

h)     the right to opt out of any direct marketing communications that we (with your consent) may send you.

You can exercise these rights at any given time by emailing us at contact@contourlab.com.

You also have the right to lodge a complaint with the competent supervisory authority.

If you have any question about this privacy policy and/or how we collect, store and use your personal data, you can email us at hello@contourlab.io.