Effective as of 19 june, 2023

Here are few key points about our privacy practices:

• We are an AI-powered platform that provides personal styling, shopping assistant and wardrobe management services.

• We make personalized recommendations of clothes (or provide advice if the items match your style and fit your wardrobe) and ready-to-wear outfits by analyzing a photo of your face (complexity and shape of facial features), as well as your figure type, height, and other parameters. We also make recommendations of clothes that can help to visually correct your figure. To use this service, you provide us with measurements of your figure. To use the ‘How to Wear’ and ‘Wardrobe management’ services, you can upload any photos of items you have, and the application will generate outfits incorporating them (all the above together the ‘Purposes’).

• To make sure our services are run smoothly, we use third-party providers – for example, Amazon Web Services for cloud storage. All such providers are bound by our mutual contractual arrangements and are not able to use your data for any purpose except the one Style DNA tells them to.

• We use the photographs or any other personal information you provide us only in accordance with this Privacy Policy and the Purposes.

• We take reasonable and appropriate measures to protect your Personal Information from loss, theft, misuse or unauthorized access.

• You have full control over your data. You can always access, correct, erase, and update your Personal Information by writing to us at info@dna.style.

• We believe in transparency and open dialogue.You can always contact us at info@dna.style.

1. Intro

This Privacy Policy explains how STYLE BY DNA SLU (“STYLE DNA” or “we” or “us”) collects, stores, uses, transfers and shares Personal Information from our users (“you”) in connection with the www.dna.style including any products and services related to it (“Website”) and the Style DNA mobile applications on iOS and Android designed for the Purpose (“App”) (all collectively, “Services”). STYLE DNA is the ‘data controller’.

Style DNA is committed to protecting your personal information while you use our Website or App. We may change this Privacy Policy from time to time. If the changes are material we will notify you. If permitted by law, your continued use of the Services after this policy has been updated indicates your acceptance of changes made. If you do not accept the terms of the Privacy Policy, please do not use the Services.

CONSENT TO PRIVACY POLICY. CONSENTING TO OUR PRIVACY POLICY DURING REGISTRATION, YOU CONSENT TO ITS CONTENTS IN ITS ENTIRETY, INCLUDING THE PROCESSING ACTIVITIES THAT RELY ON CONSENT AS A LEGAL BASIS (INCLUDING BUT NOT LIMITED TO PROCESSING OF YOUR PHOTOS TO IMPROVE OUR RECOMMENDATION ALGORITHMS). FAILURE TO ACCEPT THIS PRIVACY POLICY MEANS THAT YOU ARE NOT ALLOWED TO USE THE SERVICES.

2. What Personal information do we collect?

We collect personal information appropriate to the service you choose to sign up to. ‘Personal Information’ refers to information that can be used to identify you (whether alone or in combination with other data).
We may collect the following Personal Information directly from you:

• Photographs via your camera or camera roll (with your direct permission), figure measurements, body type, height, gender and other information provided by you when using the Service, or information contained in your social media account (if you choose to connect your social media account). We access only the specific images you choose to grant us access to using the mobile application; we do not collect or store your photo albums, even if you grant us access to them.

• Account registration information: email or social media account log-in details, username, first name, surname, age, gender and password (if using the email to register).

• Onboarding questions: your usage goal, brand recommendation options, your style and other relevant data.

• Payment details: if you choose to subscribe to our paid service, we may collect your name, ID number, post address, and financial data such as a bank account, credit card number or apple ID if you use in-app payments.

• Optional Personal Information that can make the Services more personalized. This may include: profile picture, your location, gender category of clothing, clothing size, favorite colors, price preferences and other information.

We may also collect certain Personal Information automatically:

• Application usage information such as information about how you use and interact with the Services, including your preferred language, the date and time when you first installed the App and the date and time you last used it, your onboarding path (e.g. the source you found us from), certain geolocation data (if permitted on device level).

• Data we receive from third parties - websites, services, and products when you interact with Social Features of our application.

• Purchase history such as confirmation that you are a paid subscriber of the App.

• Social media information, if you choose to log in to the Services via a third-party platform or social media network such as Facebook or Instagram, We may collect information about you from that platform or networks (for example, social media ID) in accordance with their own privacy and/ or cookie policies.

• Device data, such as your computer and mobile device operating system type and version number, manufacturer and model, device ID, push tokens, Google Advertising ID, IDFA, browser type, screen resolution, IP address, and other information about the device you are using to visit the application. Please note, that on certain platforms we may need to ask your permission to access your device identifiers (e.g. IDFA)

• Data associated with the Cookies Policy: see our Cookies policy.

3. How do we use your personal data?

Depending on which features of the Services you use, we will process your Personal Information based on one or more of the following legal bases:

• Your consent. For example, on the registration screen when you give us permission to process your Personal Information related to the onboarding questionnaire and provide consent to our Privacy Policy.

• To fulfill our contractual obligations to you in order to provide the Services to you. For example, We may process your Personal Information to fulfill our contractual obligation to you such as account management and other administrative purposes.

• Legitimate interest. For example, We may process your Personal Information in relation to our interests in providing the Services to you, including our interest in protecting the security and integrity of the Services.

• Legal obligation. For example, We may be obligated to process some of your Personal Information to comply with applicable laws and regulations.

Below your can find some examples of our core processing activities, including but not limited to:

Data minimization and purpose limitation. We will not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Personal Information that is not needed for the mentioned purposes.

No sale of Personal Information. We will not sell or rent your Personal Information for monetary gain. We will not disclose your Personal Information except as otherwise described in this Privacy Policy.

Advertisement. We can work with advertising partners to display advertisements within the Services. These advertisements are delivered by our advertising partners and may be targeted based on your use of the Services or your activity. To learn more about your choices in connection with advertisements, please see the section below titled “Targeted online advertising.”

Anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your Personal Information and Personal Information of other individuals. We may aggregate, anonymize, or de-identify your Personal Information by removing information that makes the data personally identifiable. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes or use it for internal business improvements.

Communication with you. We may contact you from time to time via email or through other means (like pop ups or push notifications) to communicate with you about products, services, offers, promotions, rewards offered by us, and provide news and information that we think will be of interest to you. You can always opt out of receiving emails by unsubscribing via the “Unsubscribe” link contained in the email. Opting-out of these emails or notifications will not end the transmission of important service-related emails that are necessary to your use of the Services. You may also opt out of receiving pop ups or push notifications by adjusting your settings in your device. If applicable laws prescribe so, we may ask some users to provide their additional consent for such communications.

Please note that we may contact you with information about products, services, offers, promotions, rewards offered by us and others via third-party platforms (like social media).

No automated decision-making. Processing of your Personal Information will not be subject to decisions based on automated processing that may produce legal effects or significantly affect you.
Referrals. Please note that we may introduce certain referral programs that allow you to take selfies of your friends to refer them to the Services. Subject to the Terms of Use, you agree and certify that the party whose selfie you are taking, fully agrees to this Privacy Policy and processing of Personal Information as specified herein. We may request the proof of such consent, if we elect to. Please note that we do not store such selfies for more than a month in case your referral to the Services was not accepted (i.e. your friend does not become our users). After this period, such photos are permanently deleted.

4. How long will we keep your Personal infromation?

Your Personal Information shall be stored as long as your contractual relationship with us lasts.

However, we shall store certain personal identification and traffic data for a maximum period of 2 years after your last day of inactivity to make sure you can resume our Services.

We do not store photographs that you provide to the service on a long term basis, only the results based on the image(s). After the analysis of the image is complete, we keep it for a short period of time (e.g. photos of your face are stored for 12 months since your last visit, and photos of clothes are stored for 24 months). After the storage period has expired, the image(s) will be deleted.

Impact of account deactivation/requests to erase Personal Information. At any time, you can deactivate your account and erase your Personal Information by emailing info@dna.style or by submitting in-app deleting request. We will address your deletion request within 30 days after receipt. It may take us up to 90 days in some cases, to complete full erasure of your Personal Information stored in our backup systems. If you choose to deactivate your account, we will generally delete all your Personal Information and it will not be recoverable should you later create another account.

5. Will we share your Personal Information?

Your photographs. We do not share your photographs with third parties with the exception of uploading encrypted images to our cloud provider, Amazon Web Services, and processing them as specified in this Privacy Policy. You may voluntarily choose to share your outfit photos in our feed or on your social media platforms, such as Instagram or Facebook; however, we will never share them without your consent or knowledge.

Service providers. In some situations, we engage other companies to process your Personal Information on our behalf. This is normal in the tech industry: even if we wanted, it would be extremely difficult and impractical for us to build our own storage facilities, analytics services, and email providers. We refer to these companies or service providers as “processors.” We prohibit the service providers we engage from using Personal Information for any purpose that is not related to our engagement.

Processors are companies that help us run the Services, support our communication with you or perform other Services-related activities. They may process certain Personal Information on our behalf to accomplish the goals related to the App functions, deliver the Services and associated activities. We remain responsible for any acts or omissions of our processors and undertake to execute formal data processing agreements with them to the extent required by applicable law.

Here are some of the main processors we rely on:

Affiliates. We may share your information with our subsidiaries and affiliates, for purposes consistent with this Privacy Policy.

Promotion activities. We may collect certain basic technical information, such as IDFA, installs, subscription status (but never photos or your answers) to analyze your use of the website and the Services, to understand the effectiveness of our promotion efforts and Services (and related content). This data may be shared to certain third parties for the mentioned purposes. Please note, that you might need to separately consent to such tracking, if required by applicable laws. Unless a separate consent is required under applicable law, consent to this Privacy Policy shall constitute a consent to such activity.

Third-party platforms and social media networks. If you have enabled features or functionality that connect the Services to a third-party platform or social media network (such as by logging into the App using your account with the third-party, providing your API key or similar access token for the Service to a third-party, or otherwise linking your account with the Service to a third-party’s services), we may disclose the Personal Information that you authorized us to share, such as when you elect to upload a photograph from the Services to your social media account. We do not control the third-party platforms’ use of your Personal Information, which is governed by that third party’s privacy policy and terms and conditions.

Professional advisors. We may disclose your Personal Information to professional advisors, such as lawyers, bankers, IT developers, auditors and insurers, where it is necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your Personal Information for the compliance, fraud prevention and safety purposes described.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your Personal Information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Compliance with Law. We may be required to use and share your Personal Information to comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities.

6. Your Rights

We believe privacy is a human right. Therefore, all our users have the following universal rights:

• You have a right to request information about what Personal Information we process about you, to access all your Personal Information (‘Access right’)
• You may ask us to erase your Personal Information if you withdraw your consent to processing or if you believe such processing is unlawful (‘Deletion right’). Please be aware that erasing some Personal Information may affect your experience using certain features of the Services that rely on historical data. You can exercise your Deletion right from within the App.
• In some cases, you can object to the processing of your Personal Information, for example, if we process it under the legitimate interest basis, by contacting us at info@dna.style (‘Objection right’)
• If you believe your Personal Information is inaccurate or incomplete, you can request to correct or, in some cases, correct it yourself from within the App. (‘Correction right’)

How to exercise your rights. Сontact us at info@dna.style to exercise your Access right, Deletion right, Objection right, and Correction right.
Alternatively, you can also mail us at Aribau street, 185, 3rd floor, Barcelona, Spain 08021. We will address your request within 30 days after receipt. It can take us up to 90 days in some cases, for example for full erasure of your Personal Information stored in our backup systems. We will let you know if we need more time and explain the reasons for the delay.

Opt out of marketing communications and other push notifications. You may opt out of marketing-related communications and other push notifications we may send you by changing the settings on your mobile device or the website.

Device permissions. You may revoke any permissions you previously granted to us, such as permission to access your camera or camera roll, through the settings on your device.

Cookies & Web Browser Storage. Please read our Cookies Policy for more information.

Targeted online advertising. Some of the business partners that collect information about users’ activities on or through the Services may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile Service usage for purposes of targeted advertising. So you can always adjust your settings. In addition, your mobile device settings may provide functionality to limit ours or our partners’ ability to engage in ad tracking or targeted advertising using the Google Advertising ID or Service ID for Advertising associated with your mobile device.

Proof of identity. We might also require you to prove your identity in some cases. Normally, we make sure to verify that the request is coming from a legit persona. In some cases, we may ask you to undergo additional verification measures in an effort to ensure we are appropriately responding to requests.

National laws. Please note, that if your local laws provide for additional rights and protection otherwise not specified in this Privacy Policy, we undertake to comply with such additional requirements, if Style DNA is obligated to do so in accordance with the applicable laws.

7. Other Sites, Mobile Applications and Services

The Services may contain links to other websites, mobile applications and online services operated by third parties. These links are not an endorsement of, or indication that we are affiliated with, any third party. In addition, our content may be included on webpages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services and we are not responsible for their actions. Other websites, mobile applications and online services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

8. Data Security and Retention.

We implement technical and organizational measures in an effort to protect Personal Information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Information that we process and risks associated with special categories of Personal Information we collect.
Specifically, We implemented the following measures to protect your Personal Information:

• Encryption: We use an industry standard security protocol (Secure Sockets Layer – SSL) to help ensure that the information is encrypted and protected from third parties. SSL helps ensure that the communication between your browser and our servers is private and that the information contained therein is safe and delivered only to our computers.
• Firewall: Once your information reaches our servers, we protect it in many ways, including storing the information on secure servers and using a device known as a firewall which protects your information by detecting and preventing unauthorized access to the information.
• Authorized access: Using our firewalls and other mechanisms, we also protect your information by only allowing access to it by employees and authorized parties who have a legitimate and verified need to access the information in order to service your requests and administer policies and claims.

9. Cross-Border Data Transfers

STYLE DNA is based in Spain. Personal Information we collect is transferred to and processed in the U.S. (where it is governed by U.S. law) and to other countries (where it is governed by the laws of those countries). The laws of the U.S. and the laws of other countries may not offer the same protections as the laws of your jurisdiction.
Personal Information in the European Union (EU), the EEA and the United Kingdom (UK) is protected by the General Data Protection Regulation (GDPR) and Data Protection Act 2018, but some other countries may not necessarily have the same standard of protection for your Personal Information. When transferring Personal Information outside the EU, EEA and UK we either implement standard contractual clauses or rely on current European Commission adequacy decisions. For further information please contact info@dna.style.

10. Children

Minors under 18 years of age are not able to contractually agree to the terms of use required by this and its paid edition. For this reason, for the protection of minors, the application is not directed at minors under the age of 18, and our Тerms of Use do not allow minors under 18 years of age to use the Service. If we learn that we have collected the personal information of a child under the age of 18, we will delete it. We encourage parents with concerns to contact us. We do not store or process Personal data of anyone below 18.

11. How to Contact Us

Please direct any questions or comments regarding this Policy or our privacy practices to info@dna.style. You may also write to us via post at:
AI STYLE BY DNA, S.L.
Aribau street, 185, 3rd floor, Barcelona, Spain 08021

12. Notice to California and Virginia Residents

We do not sell personal information. Under California and Virginia law, if we disclose Personal Information to a third party for any benefit, this can be considered a “sale” or “share” of Personal Information, even if the third party does not use the Personal Information for any other purpose. We “share” Personal Information if we disclose personal information to a company for purposes of cross-context behavioral advertising.

California and Virginia laws grant its residents the following additional rights.

• Request to opt out: While we do not sell your Personal Information for monetary gain, you have the right to opt out of our “sale” or “sharing” of your personal information to our analytics and advertising partners. To exercise this right, you can adjust your browser or device settings, or contact us.
• Request to know/access: In addition to the other rights mentioned in this policy, you have the right to request to know: (i) the personal and sensitive information we have collected about you and our purposes of use; and (ii) the categories, sources and third parties involved in Personal Information we have collected about you or ‘sold’ or disclosed in the past 12 months. You may exercise your right to request to know twice a year, free of charge.
• Shine the Light. California residents may also request information from us once a calendar year about any personal information shared with third parties for their own direct marketing purposes. We don’t share information with third parties for their own marketing uses, but please contact us at info@dna.style if you have questions. You’ll need to specify “California Privacy Rights Request” in the subject line of the email, and also include your name, street address, city, state, and ZIP code.