Privacy Policy

1. Information Obligation

Who is the personal data administrator?

The administrator of your personal data is WEARFITS Sp. z o.o., with its registered office at: Wadowicka 7, 30-374 Kraków, Poland 🇵🇱 🇪🇺

Who to contact for data protection concerns?

You may contact our Data Protection Officer (DPO) at: [email protected]

2. Definitions

• Administrator: WEARFITS Sp. z o.o.
• Service: Our website and any functionalities, including services provided via wearfits.com.
• Cookies: Small files placed on your device to track activity and enhance user experience.
• Personal Data: Any information relating to an identified or identifiable individual.
• GDPR: General Data Protection Regulation (EU 2016/679).

3. Types of Data We Collect

Personal Data

We may collect personal data such as:

• Email address, name, and contact details
• Usage data (e.g., IP address, browser type, device information, API request logs)
• Body measurements (optional, if provided by the User for virtual try-on features)
• Foot scans (optional, if provided by the User for footwear sizing features)
• Images uploaded or captured for generative AI virtual try-on features
• Any data provided via our contact forms or email

Cookies and Tracking Data

We use cookies and similar technologies to:

• Provide essential website functionality (session management, security, preferences)
• Perform analytics and improve our services (Google Analytics - requires consent)

Non-essential cookies (analytics) require your explicit consent before being activated. You can manage your cookie preferences through our cookie consent banner.

Social Plugins

We may utilize plugins from social platforms like Instagram and LinkedIn, which may exchange data between you and those platforms. Ensure you review their privacy policies for detailed information.

4. Purpose of Data Processing

We process your data for the following purposes:

• Service Functionality: To provide and maintain our services.
• Marketing: For direct marketing of WEARFITS' products/services and those of trusted partners.
• Analytics: To conduct research and statistical analysis.
• Communication: To address inquiries or provide requested information.
• Compliance: To meet legal obligations such as billing and tax regulations.

5. Legal Basis for Processing

• Contractual Necessity (Art. 6(1)(b) GDPR): For the performance of services or agreements.
• Consent (Art. 6(1)(a) GDPR): For direct marketing or tracking preferences.
• Legitimate Interests (Art. 6(1)(f) GDPR): For security, analytics, and improving service quality.
• Legal Obligations (Art. 6(1)(c) GDPR): For compliance with applicable laws.

6. Data Retention

• Account Data: Retained during the active use of the Service and for up to 6 years after account closure for legal purposes.
• Images and Videos (AR/3D Try-On): Not stored by WEARFITS.
• Images and Videos (Generative AI Features): Deleted within 24 hours of upload.
• Visualization Results (Generative AI Features): Stored temporarily for up to 30 days or according to the User's or Client's package limits, after which they are automatically deleted.
• Body Measurements and Foot Scans: Retained in cookies and database for future use during service provision or until deletion is requested.
• Usage Logs and API Request Data: Retained for up to 90 days.
• Billing Records: Retained for 7 years to comply with tax and legal obligations.
• Marketing Data: Retained until you withdraw consent.
• Cookie Data: Retention duration depends on cookie type (session cookies expire after browser closure, persistent cookies as specified in cookie settings).

7. Your Rights

Under GDPR, you have the right to:

• Access: Request a copy of your personal data in a structured, commonly used, and machine-readable format (e.g., JSON, CSV).
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request limitation of processing in certain circumstances.
• Data Portability: Receive your personal data in a portable format and transmit it to another controller.
• Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw Consent: Withdraw consent at any time (does not affect lawfulness of processing based on consent before withdrawal).
• Lodge Complaints: File a complaint with a supervisory authority.

Supervisory Authority:
If you believe your rights have been violated, you have the right to lodge a complaint with the Polish Data Protection Authority:

Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
Phone: +48 22 531 03 00
Website: https://uodo.gov.pl

To exercise these rights, contact us at [email protected].

8. Data Sharing

We may share your personal data with:

• Service Providers: For IT, analytics, marketing, and payment processing services.
• Payment Processors: Such as Stripe for processing payments and managing billing information.
• Authorities: To comply with legal obligations.
• Analytics Tools: Google Analytics for website usage analysis and service improvement.

9. Data Storing

Where Your Data is Stored

Your personal data is securely stored and processed within the European Economic Area (EEA). We work with trusted partners who ensure compliance with applicable data protection regulations, including GDPR.

International Data Transfers

Personal data may be transferred outside the European Economic Area (EEA). Such transfers are based on:

• Standard contractual clauses approved by the European Commission
• Additional security measures such as encryption

Sub-Processors

To provide our services effectively, we rely on the following sub-processors:

Microsoft
Contact Details: Microsoft EU Data Protection Officer - One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Services Subcontracted: Cloud services.
Personal Data Accessed: All data processed for service provision.
Location of Processing: Europe.

Google
Contact Details: Google Ireland Limited - Gordon House, Barrow Street, Dublin 4, Ireland
Services Subcontracted: Cloud services.
Personal Data Accessed: All data processed for service provision.
Location of Processing: Europe.

Amazon
Contact Details: Amazon Web Services EMEA SARL - 38 Avenue John F. Kennedy, L-1855, Luxembourg
Services Subcontracted: Cloud services.
Personal Data Accessed: All data processed for service provision.
Location of Processing: Europe.

Stripe
Contact Details: Stripe Payments Europe, Ltd. - 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland
Services Subcontracted: Payment processing.
Personal Data Accessed: Payment information, billing details, transaction data.
Location of Processing: Europe.

Data Protection Measures

• We ensure that all data transferred to sub-processors is subject to rigorous security measures and complies with GDPR requirements.
• Contracts with sub-processors include Standard Contractual Clauses and additional safeguards, such as encryption, to ensure data integrity and protection.
• Data is retained only as long as necessary for the purposes outlined in this Privacy Policy.

9a. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

• HTTPS/TLS Encryption: All data transmitted between your device and our services is encrypted using HTTPS protocol.
• Access Controls: Strict access controls ensure that only authorized personnel can access personal data.
• Encryption: Data is encrypted both in transit and at rest where applicable.
• Secure Data Centers: We use certified data centers within the European Economic Area that comply with industry security standards.

9b. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, WEARFITS will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Affected Users or Clients will be informed without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

9c. AI Model Training

WEARFITS will not use User images or personal data to train artificial intelligence models or machine learning systems without informing the User. This prohibition applies regardless of any other license grants or data processing purposes outlined in this Privacy Policy. If WEARFITS decides to use such data for AI training purposes in the future, affected Users will be notified in advance and given the opportunity to object or withdraw their data.

10. Automated Decision-Making and Profiling

We may process your data automatically, including profiling, to:

• Analyze preferences
• Personalize marketing offers

Such processing does not produce legal effects or significantly impact you.

11. Cookies Policy

We use cookies and similar tracking technologies to provide and improve our services. Cookies are small text files stored on your device that help us understand how you interact with our website.

Types of Cookies We Use:

Essential Cookies
These cookies are necessary for the website to function properly and cannot be disabled. They include:

• Session management cookies
• Security and authentication cookies
• User preference cookies (e.g., language, saved measurements)

Analytics Cookies (Non-Essential - Requires Consent)
We use Google Analytics to understand how visitors use our website and to improve our services. These cookies collect information such as:

• Pages visited and time spent on pages
• Click behavior and navigation patterns
• Browser type, device information, and screen resolution
• Referring website or source
• Approximate geographic location (country/city level)

Google Analytics Cookies:

Your Consent:
Analytics cookies are only activated after you provide your consent through our cookie consent banner. You can withdraw your consent at any time by adjusting your cookie preferences or using the opt-out mechanisms described below.

How to Manage Cookies:
You can manage or disable cookies through:

• Cookie Consent Banner: Adjust your preferences via the cookie banner on our website.
• Browser Settings: Most browsers allow you to refuse or delete cookies. Visit your browser's help section for guidance.
• Google Analytics Opt-Out: Install the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.

Please note that disabling essential cookies may affect website functionality, but disabling analytics cookies will not impact your ability to use our services.

12. Third-Party Tools and Social Media

Google Analytics and Tag Manager

We use Google Analytics (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyze website usage and improve our services. Google Analytics uses cookies to collect information about your use of our website. This information is transmitted to and stored by Google on servers in the United States and other countries.

Google may also transfer this information to third parties where required by law or where such third parties process the information on Google's behalf. For more information about how Google processes data, please visit: https://policies.google.com/privacy

You can opt-out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on available at https://tools.google.com/dlpage/gaoptout.

13. Children's Privacy

Our services are not intended for use by individuals under 18 years of age. If you believe a minor has provided us with personal data, please contact us immediately at [email protected] so that we can take appropriate action to delete such information.

14. Changes to this Policy

We may update this policy periodically. Changes will be communicated via our website or email. This Privacy Policy should be read in conjunction with our Terms and Conditions.

15. Contact Us

For privacy concerns, contact:

• Website: https://wearfits.com
• Email: [email protected]