Residents of California or Nevada may refer to “Additional Disclosures for California Residents” or “Additional Disclosures for Nevada Residents” respectively, for supplementary information. Residents of the European Union may refer to “Additional Disclosures for EU Residents” for more information.
Please refer to our “Contact Us” section if any questions arise or you have decided to use your rights and choices.
Methods of Data Collection and Storage
Information Provided by You
Every time this site is used, Personal Information is collected. Information that has been collected over a 12-month period can be split into various categories, including:
- Contact Data, which includes but is not limited to name, phone number, address, email address, and other similar information related to your employer.
- Demographic Data, which includes but is not limited to date of birth, gender, profession, country, Military status or student status.
- Transaction Data, which includes but is not limited to details of past and present purchases and the final 4 numbers of the card used for payment.
- Profile Data, which includes but is not limited to your sizes, interests, favourites and preferences
- Content, which includes but is not limited to the content of feedback, questions or any such messages sent directly to us, or the content of public posts, like product reviews.
- Referral Data, which includes but is not limited to the names and email addresses of friends who have been referred through “Refer a Friend”.
- Job Application Data, which includes but is not limited to history of education and employment as well as references, transcripts and writing samples.
Information that hasn’t been requested may be provided at the user’s discretion.
Inability to provide the requested information may result in limited access to our websites and/or services.
Information is collected and held in the following ways:
- Create An Account. An account does not need to be created to have full access to and place an order through our website. When creating an account, the Contact Data and Demographic Data will be collected. Passwords are stored by service providers and we will not be able to access it nor will we ever ask you for it. We may permit the storage of Profile Data and other information in your account.
- Contact Data and Profile Data will need to be provided when placing an order while payment processing is done through service providers.
- Marketing Communications. Contact Data, among other information, is collected voluntarily when a user subscribes to our email mailing list.
- Contests and Promotions. Entering a contest or promotion is voluntary and may require you to provide Contact Data as well as other details or content based on the particularities of the contest or promotion. For every contest or promotion that you choose to enter, it is recommended that you read the rules.
- Contact Us. Contact Data, among other information or content, is collected every time a comment, complaint or concern is sent to us through social media, telephone or email.
- Surveys and Customer Research. Contact Data, among other information, is collected when you participate in our occasional surveys or customer research.
- Ambassador Program. You may choose to voluntarily apply to and participate in our FIGS Ambassador Program, which may require you to provide Contact Data and Demographic Data, among other information or content, throughout the process.
- Refer a Friend. Use of this feature implies your agreement and acknowledgement of your friend’s permission to use their contact information to send emails regarding our services.
- Apply for a Job. Applying for a job with us will require you to provide Job Application Data, which will then be used as needed when considering you for job openings.
Automatically Collected Information
Additionally, every time you use our site, some Personal Information is automatically collected and held. Information that has been automatically collected and held over a 12-month period can be split into various categories, including:
- Site Use Data, which comprises of data regarding features used, pages visited, searches made, products viewed and bought, referring/exiting pages, the name of the domain, clickstream data and the stamp with the date/time of your visit.
- Device Connectivity and Configuration Data, which comprises of data about the browser or type of device you used, your Internet Service Provider (ISP), the operating system of your device as well as several identifiers for your device, including its’ regional and language settings and its’ Internet Protocol (IP) address (this is a spontaneously generated number given to your device that changes each time you access the internet).
The methods of collecting this information when our Site is used include a variety of old and currently used tracking technologies, such as:
- Log Files, files that automatically track information about how you are using the Site.
Please refer to “Analytics and Advertising” and “Your Rights and Choices” below in order to get additional details on our utilization of tracking technologies for analytics and advertising as well as your relevant rights and choices in regards to them.
Information from Other Sources
Personal information from various other sources is also collected and held by us. Information from other sources that has been collected and held over a 12-month period can be split into various categories, including:
- Data brokers or resellers that sell us additional data to complement ours
- Social networks when you give us access to information from social networks as well as when you connect with our subject matter and refer to our Site.
- Partners which provide services through branding partnerships, are involved in the selling and distribution of our products or participate in partnered marketing endeavours.
- Customers during transaction and purchase processing
- Publicly-available sources which comprises public domain data
How We Utilize Information
- For the operation and management of our website
- For the processing of transactions and purchases
- For fulfilling our duty to provide services for you, like following up with any queries, comments or requests, and offering customer service
- Notifying you about any updates, technicalities, policy changes, security alerts, and messages regarding support and administration.
- Addressing and blocking any fraud attempts, policy or terms violations, and threats to harm.
- Tracking and analysis of usage, trends and activity
- For the purposes of research through methods such as surveys and focus groups
- For discovering methods to further develop and tailor our websites, products, marketing endeavours, apps and services.
- For the administration of our Ambassador Program as well as evaluation of candidates for it.
- In order to supply you with direct marketing, such as advertisements and communications regarding products, promotions, services, events, offers and rewards from us or other parties.
- For the administration of contest or promotion participation and the delivery of prizes to winners
- Advertising purposes
- Meeting other potential business or commercial purposes with your consent
- Notwithstanding the above, information not used for identifying you (such as aggregated or de-identified information) may be utilized for various purposes excluding those that the relevant laws prohibit.
Please refer to “Your Rights and Choices” below for further information on your rights and choices in regards to our use of your information.
How We Share Information
- Service Providers. Service providers receive and process your information for us in various ways, such us processing your purchases, Site hosting, providing analytics, providing technical support, supporting prevention of fraud, evaluating whether or not you are eligible for certain discounts, marketing and advertising. Information sent to service providers only comprises that which is necessary for them to do their appointed task and the use of this information by them for other purposes is strictly prohibited, though information not identifying you (such as aggregated and de-identified information) may be utilized for other purposes excluding those that the relevant laws prohibit. The service providers that we use may be based in the U.S., Canada or various other foreign jurisdictions.
- Vendors and Other Parties. Vendors and other parties, such as analytics and advertising technology companies, may use the information we disclose to perform tasks as service providers or, depending on the situations, may choose a different way to process this information at their own discretion. Please refer to “Advertising and Analytics” for further details on advertising and analytics.
- Affiliates. This category includes a parent company, joint ventures, subsidiaries as well as other companies that may be under common control, if such affiliations were to occur in the future.
- Partners. Information sent to partners are for the purpose of participating in branding partnerships, involvement in the selling and distribution of our products, promotional activities or participation in partnered marketing endeavours.
- Customers. Information shared to customers is related to the transaction and purchase processing.
- Sale of Business. Your information may prove essential for a potential or finalized sale, acquisition or merger (transfers in response to insolvency or bankruptcy proceeding included) in relation to all or part of FIGS or in relation to a corporate reorganization or any other modifications to corporate control.
- Reviews are included in information you share that we make public and this information may or may not be editable, so discretion is advised about your choice of content as you and you alone will be responsible for its publicizing. Please refer to “You Rights and Choices” for additional information.
- Facilitating Requests. Information may be shared in relation to a request or direction made by you, such as through the “Refer a Friend” feature.
- Consent. We notify you and receive your consent before sharing your information
Notwithstanding the above, information not used for identifying you (such as aggregated or de-identified information) may be disclosed for various purposes excluding those that the relevant laws prohibit. Please refer to “You Rights and Choices” for additional information in regards to your rights and choices in relation to how we share your information.
Social Media and Technology Integrations
Certain websites, services and platforms that we use for our Site as well as a variety of technologies are controlled or operated by various other external parties, including:
- Links. Our website may include links that will direct you to external sites, such as social media websites or our partners’ sites, not in our control or ownership. The existence of these links does not imply endorsement or referral to the linked website. Clicking on these links will direct you off of our website and linked websites will include their own notices, privacy policies, and terms or use.
It is highly recommended that you read the privacy policies of any external website you visit as we cannot take responsibility for, have no power over and do not review these privacy policies or any part of their content. Therefore, as far as the law permits us, we do not have any responsibility or liability for the ways in which the organizations that run these websites collect, use, disclose, secure or otherwise handle information that they may collect or ask from you separately.
Analytics and Advertising
For this purpose, tracking technologies, such as cookies and pixels, may be used to collect various information about your use over time (incuding your use of the Site, other visited web pages, interactions with ads and other communications) in order to tailor the advertisements you see on the Internet to you. This information is used in order to predict and match your preferences, make the content more personalized, gather reports as well as deliver ads tailored especially to you on other websites (“Internet-based Advertising”). We may also utilize this information during ad campaign evaluations.
Through audience matching services, which involve uploading a customer list onto a technology service or making a pixel from a different technology service part of our Site and subsequently using the service to find common factors between our and their data, we can reach a larger scope of people (or alike people) that visit our Site or have been identified by at least one of our many databases (“Matched Ads”). We may, for example, choose to integrate the Facebook pixel onto our Site while also sharing your email address with Facebook as part of our utilization of Facebook Custom Audiences.
Please refer to “Information Collected Automatically” and “Your Rights and Choices” to get more information on tracking technologies and your rights and choices in regards to analytics, Internet-based Advertising, Matched-Ads.
Your Rights and Choices
Account Information and Ambassador Program
Users that have created an account with us or are participants of our Ambassador Program can make requests in regards to accessing, updating or making corrections to any information that was you contributed through your account or into the Ambassador Program by emailing us at firstname.lastname@example.org. For the purposes of confirming the identity of the person requesting access to their records, we may require you to provide additional information.
Requests for the deletion of certain information from your account or from the Ambassador Program may also be accepted, though if necessary we may (in accordance with relevant laws or otherwise) have to keep this information and will therefore be unable to delete it (or we may choose to keep the information for a limited time period and will therefore process your deletion request after this time period). Deleted information is removed from the active database, though it may be retained in the archives. Information not identifying you regarding the use of our Site as well as product purchasing information may be retained in accordance with relevant laws.
You may consent to receiving marketing communications through mail, email or any other channel.
In order to stop receiving these marketing emails, you may unsubscribe at any time by clicking the link labelled “unsubscribe” at the end of every email or by contacting us at email@example.com with the subject field being UNSUBSCRIBE. However, emails regarding transactions, placing an order, or communications regarding the Site or a product (such as emails regarding your comments or orders) may still be sent to you by us.
In order to stop receiving marketing communications by mail, you can email us at firstname.lastname@example.org.
We may need up to 5 business days to process your opt-out request regarding marketing emails or up to 30 days for any other changes made to your marketing preferences or in response to any marketing-related requests unless the law requires us to process your requests earlier.
Tracking Technology Choices
Cookies are usually accepted automatically by browsers and you can modify your browser settings to decline and delete cookies. Each separate browser on your device has its own settings and limitations regarding cookies and you will have to modify each separately.
You may choose to allow your browser to transmit a “Do Not Track” signal automatically through your settings to various online services that you use. Though it is important to note that there is no industry consensus about what should be done by operators of apps or sites regarding these signals. We ourselves do not observe or take measures in relation to these signals or any other mechanisms. Visit https://www.allaboutdnt.com for further information regarding “Do Not Track”. It is important to note that certain Site functions may not work if tracking technologies are blocked or removed.
Analytics and Internet-Based Advertising
You have the option to stop Google Analytics from processing certain data by installing a plug-in for your browser through https://tools.google.com/dlpage/gaoptout that gives you the option to opt out. It is compulsory for companies that we cooperate with us to create ads tailored to you to provide you with the option to opt- out of receiving those ads. A variety of these companies are part of the Digital Advertising Alliance (DAA) and/or the Network Advertising Initiative (NAI). Additional information regarding internet-based Advertising as well as details about your options, such as your ability to opt-out of behavioural ads from contributing companies, can be found on the DAA website opt-out at https://optout.aboutads.info/?c=2&lang=EN, the DAA of Canada website opt out at https://youradchoices.ca/choices, or the NAI opt-out at https://www.networkadvertising.org/choices/. Opting-out of a contributing party’s internet-based advertising may still allow the collection of data for analytics or other purposes by tracking technologies. Our ads will still be shown to you however ads from contributors that you have chosen to opt-out of will be less tailored to your interests, as the relevant behavioural information will not be available.
It is important to make note of the fact that each separate browser will require you to individually select the opt-out option on every device you use. Cookies need to be enabled on your browser (check your browser’s instructions on cookies and the way to enable them) in order to opt-out successfully. You will be required to opt-out once again if saved cookies are deleted.
In order to stop us from utilizing your data for Matched ads, you may get in touch with us through the channels specified in our “Contact Us” section below and let us know about your wish to opt-out. We will send a request to the relevant technology service to stop giving you Matched Ads that depend on the information we have provided it. You may also choose to get in touch with the relevant technology service yourself in order to opt out.
The statements made by companies in regards to their opt-out options or programs as well as the potential success of and compliance with these options and programs, are not our responsibility.
A variety of administrative, technical and physical procedures have been put in place to safeguard the information we have stored and protect against theft, loss and unauthorized access, utilization, changes and release. However we cannot fully guarantee the protection of your information as the internet is not always secure.
Access to and Correction of Information
We will make all attempts to fulfil the requests that you make through the contact channels outlined in our “Contact Us” section for corrections, updates or access to the information on your file in a timely manner and will only deny access where the law permits.
Retention and Deletion of Information
Your personal data will only be retained and processed for the amount of time it takes to fulfil the purpose for which it was collected in the first place and however long we are legally obligated to do so by the relevant laws.
Once your personal information is no longer useful to us and we have retained it in accordance to our legal obligations in order to exercise our legal rights, your information will be removed from our records and systems and we will take necessary measures to protect your anonymity by ensuring that this information cannot be used to identify you in agreement with relevant laws. Deleted information is removed from the active database, though it may be retained in the archives. Information not identifying you (including de-indentified or aggregated information) regarding the use of our Site as well as product purchasing information may be retained in accordance with relevant laws.
Our website is not intended for use by children under the age of 13 and personal information collected about children under 13 is not collected intentionally (as outlined by the U.S. Children’s Privacy Protection Act , or COPPA). You may contact us at email@example.com if you believe that we have collected information about a child under 13 and we will promptly delete any information from a child under 13 when found. Furthermore, products may not be purchased by those under the age of the majority (usually 18 or 19, or according to your jurisdiction). It is not our intention to “sell”, according to the definition of this word under the CCPA, the personal information of California residents under the age of 16.
Your request will need to be written out to us in a majority of cases and after sufficient investigation into your complaint has been done, we will do our best to respond promptly. If you do not receive a response from us or the response you have received is not to your liking then you may have the right to submit a complaint to relevant privacy authorities. For example, in Australia, complaints can be directed to the Office of the Australian Information Commissioner (www.oaic.gov.au).
Additional Disclosure for California Residents
Right to Opt-Out of Sale
Although we, much like other online businesses, may opt to disclose certain information to contracted third parties for the purposes of improving our services and advertising, as outlined in our “Analytics and Advertising” section above, we do not sell any part of this information to these parties for a profit. Our limited disclosure of personal information to these third parties may be classified as “sale” of personal information according to the CCPA. As such, we provide the option to op-out of sharing this information. Requests for opting-out can be submitted through email at firstname.lastname@example.org.
An authorized agent can be chosen by you to send requests on your behalf as long as there is sufficient written proof that the agent has received permission and your identity has been verified directly.
Right to Non-Discrimination
It is your right to not be discriminated against by us for exercising any of your rights.
Additional Disclosures for EU Residents
EU residents are the only ones that these additional disclosures apply to. The personal information of EU residents is collected and processed by Penguin health, Inc., located in Toronto, Canada in accordance with relevant data protection laws, particularly the General Data Protection Regulation, European Regulation 2016/679 (GDPR).
The “How we Collect Information” section above can provide you with additional details on how information is collected, while the “How we Use Information” section above outlines the various ways in which we utilize and process various categories of information for the purpose of business. Our “How We Share Information” section provides details regarding the different parties that we have shared our information with. We are not involved in the use of automated decision-making that excludes human involvement, such as profiling, in a way which may create legal effects in relation to you or may considerably affect you in other ways.
Our collection and processing of your personal information depends on a variety of legal bases, including: (i) as needed to make a transaction ( for example, transaction and purchase processing and fulfilment); (ii) as needed for compliance with legal obligations (for example, providing you with notice about changes to our policies as well as the addressing and prevention of fraud, violation of policies or terms and threats or harm); (iii) consent (where consent has been provided in accordance with relevant law, like performing various business or commercial purposes as directed by you, completing your requested services, overseeing your involvement in a contest or promotion as well as making sure you receive your prize should you win, assess your eligibility for our Ambassador Program as well as administering its benefits); and (iv) as needed for our own justifiable interests. These justifiable interests, excluding those that are overruled by you that needs protection of personal information and by your interests, your rights and your freedoms, include the operation and management of our Site, sending of technical notices, security alerts, updates, and support and administrative messages, discovering methods to improve and tailor our Site and other websites, apps, products, services and marketing efforts, bringing advertising to you, and for the development and delivery of direct marketing, which includes ads and communications regarding our products, and those of third parties, promotions, events, offers, rewards and services.
As detailed in our “Retention and Deletion of Information” section above, your personal data will only be retained and processed for the amount of time it takes to fulfil the purpose for which it was collected in the first place.
Our “How We Share Information” section provides details regarding the different parties that we have shared our information with. This may include entities located within or outside of the European Economic Area (EEA), which may also include countries that do not have the same stringent personal information protection laws as the EEA, such as the United States, for the above listed purposes. Nevertheless, relevant technical and organizational safeguards that follow the appropriate data protection laws will be put in place in order to provide a sufficient amount of protection to the information being transferred out of the EEA.
You entitlement as a EU resident include:
- The right to access. You reserve the right to have access to copies of your Personal Information.
- The right to rectification. You reserve the right to request the correction of any information you have deemed inaccurate or incomplete.
- The right to erasure. You reserve the right to request for the conditional erasure of your Personal Information.
- The right to restrict processing. Giver certain circumstances, you reserve the right to restrict our the ways in which we process Personal Information.
- The right to object to processing. Giver certain circumstances, you reserve the right to object to the ways in which we process your Personal Information.
- The right to data portability. Giver certain circumstances, you reserve the right to request a transfer of our collected data to you directly or to another organization.
- The right to withdraw consent. You reserve the right to, at any time, withdraw consent in regards to the processing of your Personal Information where consent was required. It is important to note that Personal Information that was processed and used before withdrawal will not be affected after withdrawal.
Please refer to our “Contact Us” section if you wish to exercise your rights. If you believe that we are not in compliance with relevant data privacy legislation, you may, at any time, also choose to file a complaint through your data protection authority.
Last updated: October 2, 2020