Welcome to JustFab! We care deeply about privacy. We’re committed to being transparent about our privacy practices, including how we treat your personal information. This privacy notice, together with the materials referred to in it, describes:
the personal information that we collect or receive on or through:
all other written or oral communications, such as email or phone, with you (together, “Services”);
how we use that information; and
the steps we take to protect that information.
We need to use your personal information to operate our business and to provide you with the Services. Please read this privacy notice carefully before using the Services. By using the Services you consent to the privacy practices described in this notice. If you don’t want us to collect or use your information in the ways described in this notice, you shouldn’t use the Services.
This notice is incorporated into, and is subject to, our terms and conditions. Capitalised terms used but not defined in this notice have the meaning given to them in the terms and conditions.
We are JUST FAB (UK) Ltd, a company registered in England and Wales with company number: 08097376 and registered office at 38 St Martin’s Lane, London WC2N 4ER (“we” or “us”). We operate the Services and are the data controller responsible for your personal information. You may contact us as detailed in section 12.
When you use the Services we collect or receive your personal information in the following ways:
Registration, account setup, Service usage: To enable us to provide the Services to you, you may need to provide us with certain personal information. Depending on which Services you use, you may need to provide us with a valid email address and your name, postal address, billing address, telephone number and payment information. You may also choose to provide other personal information, such as your birthday. You may review, edit and, in certain circumstances, delete this information through your account settings.
Automated information:We automatically receive and record information from your browser or your mobile device when you use the Services, such as your IP address or unique device identifier, cookies and data about which pages you visit, so we may operate and provide the Services. This information is stored in log files and is collected automatically. We may combine this information with other information that we or those we work with collect about you. This information is used to prevent fraud and to keep the Services secure, to analyse and understand how the Services work, and to provide advertising and a more personalised experience for you. We may also automatically collect device-specific information when you use the Services. This information may include information such as the hardware model, operating system information, App version, App usage, browser information, IP address, and device identifiers. For more information about cookies and similar technologies, see section 8.
Location information:We may collect information about your location from information you provide in your profile or from your IP address. With your consent, we may also determine your location by using other information provided by your device, such as GPS information or information about nearby wireless networks or mobile network masts. We may use and store this information to provide features and to improve and personalise the Services. For example, for internal analytics and performance monitoring, to localise content and (using non-precise location information) for marketing purposes. Certain non-precise location services, such as for security and localization of policies based on your IP or profile address, are critical for the Services to function.
Analytics information:We use data analytics to ensure the functionality of, and to improve, the Services. We use mobile analytics software to allow us to understand the functionality of the App on your mobile device. This software may record information such as how often you use the App, what happens within the App, aggregated usage, performance data, app errors and debugging information, and where the App was downloaded from. We do not link the information we store within the analytics software to any personal information that you submit within the App.
Information from third parties:You may choose to connect to the Services or register a JustFab account using a third party application, such as Facebook. We may receive information from those connected third party applications. We may also collect public information in order to connect with you. We may use that information in providing the Services to you. You may also choose to share some of your activity on the Services on certain social media networks connected to your JustFab account. You may revoke your consent anytime in your account settings.
Protecting the privacy of children is especially important to us. The Services are not directed towards children and we do not knowingly collect personal information from children. If you are under 18 years of age, please do not use the Services. If we learn that we have collected or received personal information from anyone under 18 years of age, we will delete this information. If you are a parent or guardian and discover that your child has provided us with personal information, please contact us as detailed in section 12.
When you use the Services we collect, use, share and otherwise process your personal information as described in this notice. Whenever we process your personal information we do so on one of the following legal bases:
it’s necessary to perform our contract with you;
you have given your consent for us to do so;
it’s necessary for our legitimate interests or the legitimate interests of a third party;
it’s necessary to comply with a legal obligation or in connection with a legal claim;
it’s necessary in the public interest; or
it’s necessary to protect someone’s life.
4.2. INFORMATION USES
Providing and improving the Services:We use your information to provide and improve the Services and our products, for billing and payments, for identification and authentication, for targeted marketing, for general research and aggregate reporting, and to contact you as described in section 5. We may learn about the products and services that you’re interested in from your browsing and purchasing behaviour both through and outside the Services and may suggest potential purchases as a result. We have a legitimate interest in personalising the Services to help you discover products and services of interest to you. We may use and share your information to enable us to pursue our legitimate interests in understanding how the Services are being used, and to explore ways to improve the Services and to develop and grow our business.
Service providers:We work with third party service providers (“partners”), such as payment processors, couriers, and analytics and security providers, to help us operate, provide, and market the Services. These service providers have only limited access to your personal information, may use your information only to perform their specific tasks on our behalf, and are obligated not to disclose or use your information for any other purpose. Our engagement of service providers is often necessary for us to provide the Services to you, particularly where the providers perform important functions like payment processing and shipping. In some other cases these service providers aren’t necessary for us to provide the Services, but help us to improve them, for example, by helping us to conduct market research. In such cases we have a legitimate interest in working with service providers to improve the Services.
Other third parties:Third party plug-ins or add-ons may collect information about your use of the Services. For example, when you load a page on the Site that has a social plug-in from a third party site or service, such as a ‘Like’ or ‘Send’ button, you are also loading content from that third party site. These interactions are subject to the privacy practices of the third party. In addition, certain cookies and other similar technologies on the Site are used by third parties for targeted online marketing and other purposes. These technologies allow the third party to recognise your computer or mobile device each time you use the Services.
Legal and safety obligations:We may retain your personal information or release it to a third party in the following limited circumstances:
in response to lawful requests by public authorities, including to meet legitimate national security or law enforcement requirements;
to protect, establish, or exercise our legal rights or to defend against legal claims, including to collect a debt;
to comply with a subpoena, court order, legal process, or other legal requirement; or
when we believe in good faith that such processing is reasonably necessary to comply with the law, prevent imminent physical harm or financial loss, or investigate, prevent, or take action regarding illegal activities, suspected fraud, threats to our property, or violations of our terms and conditions.
In these cases, our use of your information may be necessary for the purposes of our or a third party’s legitimate interest in keeping our Services secure, preventing harm or crime, enforcing or defending legal rights, or preventing damage. Such use may also be necessary to comply with a legal obligation, a court order, or to exercise or defend legal claims. In rare cases it may also be necessary in the public interest or to prevent loss of life or personal injury. If we receive a lawful request for information in one of the limited circumstances described in this paragraph, we may disclose your personal information.
Aggregated information:We may share demographic information with third parties for various purposes, including to comply with our reporting obligations, for business or marketing reasons, or to assist third parties in understanding the Services and our business. Such demographic information will be aggregated and de-personalised, so that your personal information is not revealed.
Corporate actions:We may enter into transactions such as a sale, merger, liquidation, receivership or transfer of all or a significant portion of our business or assets. Such transactions may be necessary and in our legitimate interests, particularly our interest in making decisions that enable our business to develop over the long term. In such transactions user information may be transferred. If we intend to transfer information about you we will notify you as described in section 12 and, to the extent required by applicable law, you will be given an opportunity to opt out before information about you becomes subject to different privacy practices.
We may need to contact you from time to time. You agree that we may send you service-related emails or messages. Examples of service-related messages include an email address confirmation or welcome email when you register an account, a confirmation when you place order, information concerning service availability, information about changes to key Service features or functions, and correspondence with our support team. We may also contact you by telephone for transaction-related purposes or to provide support.
If you have consented for us to do so, we may also send you marketing emails or messages. You may unsubscribe at any time from marketing messages through the opt-out link included in the messages or through your account settings.
We are part of a global group of companies. By using the Services you acknowledge that we may use the personal information we collect or receive about you in the European Economic Area (“EEA”), US and other countries in which we and our partners operate for purposes described in this notice. This includes sharing your information with TechStyle Inc., our US parent company, and other companies in our global group.
When your personal information is transferred from your home country to another country, the laws and rules protecting that information in the country to which it is transferred may be different from those in the country in which you live. We will transfer your information only to those countries to which we are permitted by law to do so, and we will take steps to ensure that your information continues to enjoy appropriate protections.
Whenever we transfer personal information outside of the EEA, we do so on one or more of the following legal bases:
Privacy Shield. TechStyle Inc.and certain other companies in our global group participate in the EU-US Privacy Shield Framework. Privacy Shield provides companies with a mechanism to comply with data protection requirements when transferring personal data from the EU to the US. To learn more about Privacy Shield and to confirm TechStyle Inc.’s participation, see here. We have committed to refer unresolved complaints under Privacy Shield to BBB EU Privacy Shield, an independent dispute resolution service operated by the Council of Better Business Bureaus (“CBBB”). CBBB is a non-profit organization based in the US. Please see here for more information and to file a complaint. There is no charge to you for using this service. In addition, under certain limited conditions, you may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the US Department of Commerce and the European Commission.
Model Clauses. The European Commission has adopted standard contractual clauses, also known as Model Clauses, which provide safeguards for personal information that is transferred outside of the EU or EEA. You may view the Model Clauses on the Commission’s website, here.
Necessary to perform our contract with you. You may choose whether or not to use the Services. However, if you want to use the Services, you must to agree to the terms and conditions, which set out the contract between us and you. As we use technical infrastructure in the EEA, US and other countries to deliver the Services to you, in accordance with our contract with you, we need to transfer your personal information within the EEA, to the US and to other jurisdictions as necessary to provide the Services. We can’t provide you with the Services and perform our contract with you without transferring your information in this way.
You may review, update, correct or delete certain personal information we collect or receive about you through your account settings, or by contacting us as detailed in section 12.
You may also benefit from certain legal rights in respect of your personal information. Upon request, we will provide you with information about our processing of your personal information. In certain circumstances, you may have the right to receive a copy of your information in an easily accessible format, and to request the deletion of your information other than information we are required to retain. In certain cases, you may also have a right to restrict or limit the ways in which we use your personal information. If, as explained in section 4.2, we process your information based on our legitimate interests or in the public interest, you may object to this processing in certain circumstances; in such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
Where you have provided your consent to processing of your information, you have the right to withdraw your consent at any time. If you no longer wish to receive marketing messages you may opt out as detailed in section 5. If you have consented to share your precise device location details but no longer wish to do so, you may withdraw your consent through the settings in the App or on your mobile device.
If you no longer wish to use the Services or receive service-related messages you may close your account at any time by following the instructions detailed here. Please be aware that this deletion is permanent and your account cannot be reinstated.
Cookies and other similar technologies (collectively, “Cookie Technologies”) are used by us and our partners. Cookie Technologies serve a number of purposes, including allowing the Services to function and helping us to understand how you use the Services.
8.1. Types of Cookie Technologies
Cookies: These are small data files sent from a server to your browser. They are stored in your browser’s cache and allow a website or a third party to recognise your browser. There are three main types of cookies:
Session cookiesare specific to a particular visit and carry information as you view different pages so you don’t have to re-enter information every time you change pages or attempt to checkout. Session cookies expire and delete themselves automatically within a short period of time, for example, after you leave the Site or when you close your browser.
Persistent cookiesremember certain information about your preferences for viewing the Site, and allow us to recognise you each time you return. Persistent cookies are stored in your browser’s cache or on your mobile device until either you choose to delete them or they expire and delete themselves.
Third party cookiesare placed by a third party may gather browsing activity across multiple websites and sessions. They are usually a type of persistent cookie and are stored until you delete them or they expire based on the time period set in each cookie.
Cookies allow the Services to function and enable us to personalise your experience. You may configure your browser’s settings to reflect your preference to accept or reject cookies, including how to handle third party cookies. For more information, see section 8.5.
Local storage objects:These are sets of data, sometimes called flash cookies, that may be stored on your browser. They may be used to maintain your preferences, history of usage, or the state or settings of an app.
Web beacons:These are tiny graphics, sometimes called “clear GIFs” or “web pixels”, with a unique identifier that are used to understand your browsing activity. Web beacons are rendered invisibly on web pages when you open a page.
Social widgets:These are buttons or icons provided by third party social media providers that allow you to interact with social media services when you view a web page or a mobile app screen. These widgets may collect browsing data, which may be received by the third party that provided the widget, and are controlled by the third parties.
UTM codes:These are code strings that may appear in a URL when a user moves from one web page or website to another. The string may represent information about your browsing, such as which ad, page, or publisher sent you to the receiving website.
Application SDKs:These are third party software development kits (“SDKs”) that are embedded in the App. These SDKs permit the collection of information about the App itself, activity in the App, and the device the App is running on.
8.2. Purposes OF COOKIE TECHNOLOGIES
We use Cookie Technologies to recognise you on the Site, to make the Site function for you, and to help personalise your experience and use of the Services. More specifically, we use Cookie Technologies for:
Security and authentication: Some Cookie Technologies are essential to ensuring that the Services function, such as authenticating you and maintaining the security, safety and integrity of the Services. Without these Cookie Technologies we cannot provide the Services to you.
Account and user preferences: Some Cookie Technologies are used to remember your account and preferences over time. For example, to automatically log you in when you return to the Site, to maintain your choices on Site features, and to personalise content based on how you use the Services.
Social networks: Some Cookie Technologies help you to interact with social networks while using the Services, such as sharing content with the network. Social networks may also work with us for analytics or marketing purposes, as detailed below. You may be able to manage your privacy preferences for these social networks and their tools and widgets via your account with the network.
Performance and analytics: Some Cookie Technologies provide performance data on how the Services are functioning in order to help improve them. We use these Cookie Technologies to collect information about your use of the Site, such as pages visited or any errors you may encounter. These Cookie Technologies either do not collect personal information, or aggregate the information in such a way that it is anonymised. The Site and App also employ Google Analytics to help understand how the Services are used. For some of the marketing services listed below, like retargeting, data from Google Analytics may be combined with data we hold and with third party cookies. For information on how to opt out of Google Analytics Advertising Features, see section 8.5. For more information on Google Analytics, see here.
Marketing services: We work with partners who may use Cookie Technologies to enable us and them to learn about the ads you see and click when you use the Services, or to show you ads within and outside the Services. These Cookie Technologies may include:
Frequency capping, which limits the number of times your browser or mobile device displays the same ad.
Attribution tracking, which identifies the ad or marketing source that brought you to the Site, or determines what source led to actions like a visit or a purchase.
Remarketing, which shows relevant ads to an audience based on prior browsing and purchasing patterns.
Audience targeting, which refers to targeting ads to a large audience based on the audience’s demographics.
Cross-device recognition, which recognises actions across multiple devices or browsers.
These Cookie Technologies allow a partner to recognise your computer or mobile device each time you visit the Site or App or other websites and mobile applications based on data like a cookie, your IP address, or device ID, but do not allow access to other personal information. These third parties are required to follow applicable laws, self-regulatory programmes, and our data protection rules where applicable. However, we do not control these third parties, who each have their own privacy practices.
8.3. Services in the App
The App may include third party application SDKs that provide mobile performance and analytics data, bug reporting features, and APIs to third parties that help provide the Services, for social media functionality, and for marketing and advertising.
8.4. LEGAL BASES FOR PROCESSING
We use certain Cookie Technologies to ensure the Site and App function for their intended purpose. We do this on the basis of contractual necessity based on your agreement with us to perform the Services you have requested. By using the Services after having been notified of our use of Cookie Technologies in the ways described in this notice and, where applicable, through notice and unambiguous acknowledgement of your consent, you agree to such use.
8.5. Managing Cookie Technologies
You have the ability to control the use of certain Cookie Technologies:
Marketing preferences: You may manage your marketing preferences as detailed in section 5.
Browser settings: You may change your browser's settings to reflect your preferences relating to Cookie Technologies. Each browser differs, but these settings are typically under an ‘options’ or ‘preferences’ menu. Please be aware that if you reject or block all Cookie Technologies in your browser settings, you will not be able to use some or all of the Services as some Cookie Technologies are essential for the Services to function.
Third party networks: If you do not wish Cookie Technologies to be used to serve you interest-based ads, you may opt out of receiving interest-based ads through Your Online Choices. Please note that you will continue to receive generic ads.
Third party tools: Various third parties provide plug-ins and apps that may help provide you information on, and limit or block, Cookie Technologies.
App: If you access Services through the App, you may also control interest-based ads on your iOS or Android device by selecting the “Limit Ad Tracking” option in the privacy section of the Settings app in iOS, or via advertising preferences on Android devices, usually in the Google Settings app. Please note you will continue to see generic ads.
We will retain your personal information only for as long as your account is active, as needed to provide the Services to you, or otherwise as necessary for the purposes described in this policy. If you no longer want us to use your information to provide the Services to you, you may close your account at any time by following the instructions detailed here.
The security of your personal information is very important to us. We follow generally accepted standards to protect the information we collect and receive, both during transmission and after it is received. We maintain appropriate administrative, technical and physical safeguards to protect your information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing. This includes, for example, firewalls, encryption, password protection and other access and authentication controls. However, no method of transmission or storage is completely secure. While we strive to protect your personal information, we can't guarantee its absolute security. Your account information is protected by a password. It is important that you protect against unauthorised access to your account and information by choosing your password carefully and by keeping your password and computer secure, such as by signing out after using the Services. If you believe the security of your personal information has been compromised, please contact us as detailed in section 12. If we become aware that your information has been compromised, we will inform you in accordance with applicable law.
We may amend or update this notice from time to time. If we believe the changes are material, we’ll notify you by posting the changes on or through the Services, by sending you an email or message about the changes, and/or by posting an update in the version notes on the App’s platform. We encourage you to check back regularly and review any updates.
You may also have the right to file a complaint against us with the Berlin Commissioner for Data Protection and Freedom of Information. The Berlin Commissioner is our lead supervisory authority for data protection matters. The Berlin Commissioner’s contact details are:
Address: Berliner Beauftragte für Datenschutz und Informationsfreiheit