Privacy Policy
Version 1.0 (1 October 2018)
Introduction
Bespokify Pte Ltd (we, us, our) complies with applicable privacy and data protection laws when dealing with personal data. Personal data is any data that identifies or potentially identifies an individual (whether living or deceased). This policy sets out how we will collect, use, disclose and protect your personal information when you access and use our website https://bespokify.com/ or services or have other dealings with us. If you are based in the European Union and use our website and/or services or have other dealings with us, the additional terms in the addendum to this privacy policy (GDPR Addendum) apply to you. This policy does not limit or exclude any of your rights under applicable laws.
We may change this policy by uploading a revised policy onto the website. The change will apply from the date that we upload the revised policy.
What personal information do we collect?
We collect, hold and process two categories of personal information:
Account and Marketing Data is personal information that we collect about you:
- in connection with the creation or administration of a customer account
- if you ask to receive information about us or our services, including signing up to follow our blog
- when you sign up to or access or use our services
- when you contact us directly (e.g. telephone call, email or website enquiry form)
- when you visit our website.
The Account and Marketing Data we collect may include company/personal names, phone numbers, email addresses and any other contact information you provide to us, your location, purchase history, information about how you use our website or services (for example, traffic volumes, time spent on pages), your IP address and/or other device identifying data, information contained in your correspondence with us or survey responses and other information required to provide a service or information you have requested from us.
We use Stripe and PayPal to process credit card transactions. We do not have access to your credit card information. You can view Stripe’s privacy policy and PayPal’s privacy policy.
Personal information that forms part of the Data (as defined in the service agreement between us and you) ("Client Data"). This may include any personal information collected by our clients, including our clients’ end customers’ first name, last name, email address, body measurements, body shape classifications, design preferences and order history. We will not collect or process Client Data except as provided in our Service Agreement and/or other agreements with our clients that govern the processing of Client Data (as applicable) and we require our clients to comply with applicable privacy and data protection laws.
The remainder of this privacy policy sets out how we will collect, use, disclose and protect Account and Marketing Data and does not apply to Client Data.
Who do we collect your personal information from?
We may collect personal information about you from:
- you, when you provide that personal information to us, including via our website and services through any registration or subscription process, through any contact with us (e.g. telephone call or email) or when you access or use our services
- third parties where you have authorised this (e.g. Facebook, Google, Twitter or LinkedIn) or the information is publicly available (e.g. LinkedIn). If possible, we will collect personal information from you directly.
When you visit or use our website or services, we may collect information about you:
- by recording clickstream data, which is information that is recorded when you click anywhere on a webpage and is used for the purposes of collecting, analysing and reporting data about how you use our website and related services; and
- through the use of cookies, web beacons and similar storage technologies. Please refer to the Cookies section of the GDPR Addendum for further information, including information on how you can disable these technologies.
How do we use your personal information?
We may use your personal information:
- to verify your identity
- to provide the website and our services to you
- to market our services to you, including contacting you electronically (e.g. by text or email for this purpose). You can stop receiving our marketing emails by following the unsubscribe instructions included in those emails
- to improve the services that we provide to you
- to respond to communications from you, including enquiries and complaints
- to conduct research and statistical analysis (on an anonymised basis)
- to tailor content or advertisements to you
- to protect and/or enforce our legal rights and interests, including defending any claim
- for any other purpose authorised by you or other applicable law
- to respond to lawful requests by public authorities, including to meet law enforcement requirements.
We may transfer your information in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
Disclosing your personal information
We may disclose your personal information to:
- another company within our group
- any business that supports our services, including any person that hosts or maintains any underlying IT system or data centre that we use to provide our website or services or that we use to process payments.
- other third parties (for anonymised statistical information)
- a person who can require us to supply your personal information (e.g. a regulatory authority);
- any other person authorised by applicable law (e.g. a law enforcement agency)
- professional advisers (e.g. accountants, lawyers, auditors)
- any other person authorised by you
- any other company in the case of a sale, merger, consolidation, liquidation, reorganisation or acquisition.
We share information about your use of the website with our trusted social media, advertising and analytics partners through the use of cookies, web beacons and similar storage technologies. Please refer to the Cookies section of the GDPR Addendum for further information.
Transfers of personal information
A business that supports our website or services may be located outside the European Economic Area ("EEA") or Singapore. This may mean your personal information is held and processed outside the EEA or Singapore. Please see the GDPR Addendum for further information about personal data transfers from the EEA.
Protecting your personal information
We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse. We implement appropriate technical and organisational measures to ensure a level of security appropriate to risks inherent in processing personal information.
You can play an important role in keeping your personal information secure by maintaining the confidentiality of any password and accounts used in relation to our services. Please do not disclose your password to third parties. Please notify us immediately if there is any unauthorised use of your account or any other breach of security.
Accessing and correcting your personal information
Subject to certain grounds for refusal set out in applicable law, you may have the right to access your readily retrievable personal information that we hold and to request a correction to your personal information. Before you exercise this right, we will need evidence to confirm that you are the individual to whom the personal information relates.
In respect of a request for correction, if we think the correction is reasonable and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to note on the personal information that you requested the correction.
If you want to exercise any of the above rights, email us at contact@bespokify.com. Your email should provide evidence of who you are and set out the details of your request (e.g. the personal information, or the correction, that you are requesting).
Internet use
While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
If you follow a link on our website to another site, the owner of that site will have its own privacy policy relating to your personal information. We suggest you review that site’s privacy policy before you provide personal information.
Contact us
If you have any questions about this privacy policy, our privacy practices, or if you would like to request access to, or correction of, your personal information, you can contact us by email: contact@bespokify.com.
GDPR Addendum
If you are based in the European Union ("EU") and use our website and/or our services, these additional terms ("GDPR Addendum") form part of our privacy policy.
The General Data Protection Regulation ("GDPR") regulates the collection, processing and transfer of EU individuals’ personal data (as defined in the GDPR). The personal information described in our privacy policy is personal data under the GDPR. We are committed to complying with the GDPR when dealing with personal data of our website visitors and service users based in the EU.
This GDPR Addendum was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal data. However, we are happy to provide any additional information or explanation needed. Any requests for further information should be sent to contact@bespokify.com.
For the purposes of the GDPR:
- we are the data controller (as defined in the GDPR) when processing Account and Marketing Data; and
- our clients are the data controller when processing Client Data.
We will not process Client Data except as provided in our Service Agreement and/or other agreements with our clients that govern the processing of Client Data (as applicable) and we require our clients to comply with applicable privacy and data protection laws. If we receive any data subject requests relating to Client Data, such as requests to access personal data, we will forward this request to the relevant client.
The remainder of this GDPR Addendum applies to Account and Marketing Data only, and does not apply to Client Data.
Processing personal data
The personal data we may process consists of the Account and Marketing Data described in our privacy policy. We may process the Account and Marketing Data for the purposes outlined in our privacy policy.
The legal basis for our processing of Account and Marketing Data is your consent, and for certain Account and Marketing Data, processing is necessary for the performance of a contract to which you are a party.
Despite the above, we may process any of your personal data where such processing is necessary for compliance with applicable laws.
You do not have to provide us with your name and email address to access and use the website. However, you must provide us with your name and email address when using some of our services such as signing up for our newsletter or setting up an account. The consequence of not providing your name and email address is that we will not be able to provide all of our services to you.
Your rights
Your rights in relation to your personal data under the GDPR include:
- right of access - if you ask us, we will confirm whether we are processing your personal data and provide you with a copy of that personal data.
- right to rectification - if the personal data we hold about you is inaccurate or incomplete, you have the right to have it rectified or completed. We will take every reasonable step to ensure personal data which is inaccurate is rectified. If we have shared your personal data with any third parties, we will tell them about the rectification where possible.
- right to erasure - we delete your personal data when it is no longer needed for the purposes for which you provided it. You may request that we delete your personal data and we will do so if deletion does not contravene any applicable laws. If we have shared your personal data with any third parties, we will take reasonable steps to inform those third parties to delete such personal data.
- right to withdraw consent - if the basis of our processing of your personal data is consent, you can withdraw that consent at any time.
- right to restrict processing - you may request that we restrict or block the processing of your personal data in certain circumstances. If we have shared your personal data with third parties, we will tell them about this request where possible.
- right to object to processing - you may request that we stop processing your personal data at any time and we will do so to the extent required by the GDPR.
- right to data portability - you may obtain your personal data from us that you have consented to give us or that is necessary to perform a contract with you. We will provide this personal data in a commonly used, machine-readable and interoperable format to enable data portability to another data controller. Where technically feasible, and at your request, we will transmit your personal data directly to another data controller.
- the right to complain to a supervisory authority - you can report any concerns you have about our privacy practices to the relevant data protection supervisory authority.
Where personal data is processed for the purposes of direct marketing, you have the right to object to such processing, including profiling related to direct marketing.
If you would like to exercise any of your above rights, please contact us at contact@bespokify.com. If you are not satisfied by the way your query is dealt with by our data protection officer, you may refer your query to your local data protection supervisory authority e.g. in the United Kingdom, this is the Information Commissioner’s Office.
Children
We do not intend to collect personal data from children aged under 16. If you have reason to believe that a child under the age of 16 has provided personal data to us through our website and/or by using our services, please contact our data protection officer.
Please note that the above statement relates only to personal data where we are the data controller i.e. for Account and Marketing Data as defined in our privacy policy. Our client is the data controller when processing Client Data about your (or a child under your care). Please contact the relevant client if you have any concerns about its processing of Client Data.
Cookies
We use cookies to monitor your use of the website, perform analytics, deliver marketing that we believe is relevant to you. Your continued use of our website and related services will signify your agreement for us to use the cookies described below.
Cookies are text files containing small amounts of information which are downloaded to your browsing device, e.g. a computer or smartphone, when you visit a website. Cookies can be recognised by the website that downloaded them, or other websites that use the same cookies. This helps websites know if the browsing device has visited them before.
Cookies do lots of things, like helping us understand how the website is being used, letting users navigate between pages effectively, remembering your preferences, and generally improving your browsing experience. Cookies can also help ensure marketing you see online is more relevant to you and your interests.
The types of cookies used by us and most websites can generally be put into the following categories: strictly necessary, performance, functionality, tailored content and targeting (described further below). You can see what cookies we use for what purposes in the Cookies we use at the date of this GDPR Addendum table below.
Strictly necessary cookies
These cookies are essential for the full functionality of our website. They enable you to navigate around our website and use their features, such as accessing secure areas. Without these cookies, you may not be able to access all the functions of our website.
Performance cookies
These cookies collect information about how you use our website, e.g. which pages are the most visited and if you receive any error messages from any pages. These cookies do not gather information that identifies you. All information these cookies collect is anonymous and only used to improve how our website works.
We receive reports from our third party analytics partners such as Google Analytics as aggregate numbers and trends. To refuse these cookies, please follow the instructions under the heading below “how to control and delete cookies through your browser”. You can also opt out of Google Analytics’ cookies. Information about Google’s cookies is available here. Google’s applicable privacy policy for Google Analytics cookies is available here.
Functionality cookies
These cookies allow our website to remember the choices you make, e.g. your user name, language or your region. These cookies can also be used to remember the changes you made to text size, font, and other parts of pages that you can customise. They may also be used to provide services you have requested, e.g. watching a video. The information these cookies collect may be anonymous and they cannot track your browsing activity on other websites. To refuse these cookies, please follow the instructions under the heading below “how to control and delete cookies through your browser”.
Tailored content cookies
These cookies help our website provide enhance features and display non-advertising content in a way that is relevant to you. They help determine what information is shown on our website based on how you have used our website previously. These cookies also track your browsing activity on other websites.
Targeting cookies
These cookies are used to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you seen an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information may be shared with other organisations such as advertisers. This means that after you have been to our website, you may see some advertisements about our services elsewhere on the Internet.
Google Adwords presents advertising relevant to your interests when you access the website or our services, generated from data relating to your access and use of the website or our services. Google Adwords places cookies on your browser to collect information about your past use of the website and then places ads on sites across the Internet that are more likely to be of interest to you. If you would like to customise or opt out of Google Adword’s behavioural advertising, you can visit this link.
You may also opt-out or targeted advertising at youronlinechoices.eu. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.
You can learn more about interest-based advertising and opt out of interest-based advertising from participating online advertising companies at the following links:
- Network Advertising Initiative (NAI)
- Digital Advertising Alliance (DAA)
- Digital Advertising Alliance EU (EDAA)
- DAA AppChoices page
Please note that opting out of interest-based advertising does not mean you will no longer be served advertising. You will continue to receive generic ads.
How to control or delete cookies through your browser
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our website and attempt use our services, you may not be able to access certain parts of our website or services, and some functionalities may not work. You can find out more information about how to change your browser cookie settings here.
Third party website cookies
Other websites may use different cookies from those we use. You acknowledge and agree that we are not responsible for any third party websites or applications and you access third party websites and applications at your own risk. Please understand other websites and applications are independent from us so you must inform yourself of their separate cookie policies.
Cookies we use at the date of this GDPR Addendum
Types of cookie | Who serves these cookies | How to turn these off and further information |
---|---|---|
Strictly necessary cookies | Us | These cookies are essential for our website to work in the way you have requested. These cookies are used to identify trusted web traffic. Because these cookies are strictly necessary to deliver the website to you, you cannot refuse them. You can block or delete them by changing your browser settings, however, blocking them entirely will prevent certain parts of the website from operating as intended, e.g. access to certain parts of the website. |
Performance cookies | Google Analytics | We use these cookies to collect data from visitors to the website on a unique but anonymous basis. The results are reported to us by Google as aggregate numbers and trends. To refuse these cookies, please follow the instructions under the above heading “how to control and delete cookies through your browser?” You can also opt out of Google Analytics’ cookies. Further information about Google’s cookies is available here, and you can review their privacy policy here. |
Targeting cookies | Google Adwords | We use these cookies to present advertising relevant to your interests when you access the website or our services, generated from data relating to your access and use of the website or our services and your other browsing history. Goolge Adwords places cookies on your browser to collect information about your past use of our website and then places ads on sites across the Internet that are more likely to be of interest to you. Further information about Google’s advertising tools can be found here. If you would like to customise or opt out of AdWord’s behavioural advertising, you can edit settings here. |
International transfer of data
The Account and Marketing Data we collect through our website and/or the provision of services may be transferred to, and stored in, a country operating outside the EEA. Under the GDPR, the transfer of personal data to a country outside the EEA may take place where the European Commission has decided that the country ensures an adequate level of protection. In the absence of an adequacy decision, we may transfer personal data provided appropriate safeguards are in place.
Some of the Account and Marketing Data we collect is processed in Singapore (where our operations are located) and some of the Account and Marketing Data we collect is processed by us and/or third party data processors in other countries, including United States, Thailand, Vietnam and Japan. Where Account and Marketing Data is transferred outside the EEA, it will only be transferred to countries or specified sectors within a country that have been identified as providing adequate protection for EEA data (e.g. organisations in the United States under the EU-U.S. Privacy Shield framework), or to a third party where we have approved transfer mechanisms in place to protect your personal data (e.g. by entering into the European Commission’s Standard Contractual Clauses). For further information, please contact us using the details set out in set out in our privacy policy.
Data retention policy
Account and Marketing Data that we collect and process will not be kept longer than necessary for the purposes for which it is collected, or for the duration required for compliance with applicable law, whichever is longer.
Contact us
You can contact us as set out in our privacy policy. You may also contact our European GDPR representative by emailing contact@bespokify.com.