Mobile App Privacy Policy – SSENSE

EU and UK Mobile App Privacy Policy

Last updated: June 1, 2023

1. About this Policy

1.1 At SSENSE ("SSENSE", "us", "we", or "our"), we respect your privacy and we want to be transparent about the types of Personal Data (as defined below) we collect about you and how we use it. This Mobile App Privacy Policy (hereafter the "Policy") explains how we collect, share and use any information that, alone or in combination with other information, relates to you ("Personal Data") when you ("you" and "your") use the SSENSE App (the "App"), or when you call us or answer our surveys.

1.2 This Policy sets out the rights that you have in relation to the Personal Data that we process about you and how you can exercise them. This Policy also describes the measures we implement to protect your Personal Data.

1.3 The App is managed by SSENSE headquartered at 333 Chabanel Street W #900, Montreal QC H2N 2E7, Canada, who is the data controller for the Personal Data that is collected via the App. As a data controller, SSENSE is responsible for ensuring that the processing of Personal Data complies with applicable data protection laws, which includes the General Data Protection Regulation ((EU) 2016/679) ("GDPR"), if you live in the EU and the UK GDPR, if you live in the UK (“UK GDPR”).

1.4 Please take the time to read this Policy carefully. If you have any questions or comments, please contact us as described in the "How to contact us" section below.

2. Quick links

2.1 We recommend that you read this Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Policy, then you can click on the relevant link below to jump to that section.

What Personal Data SSENSE collects, how and why

Cookies and other tracking technology

Who SSENSE shares your Personal Data with

How SSENSE protects your Personal Data

Data storage, retention and deletion

Transfers of Personal Data outside the EU/EEA and the United Kingdom

Profiling

Minors

Your data protection rights

External links

Updates to this Policy

How to contact us

3. What Personal Data SSENSE collects, how and why

3.1 SSENSE collects your Personal Data:

- directly from you when you download and start using our App, or subscribe to our newsletter;

- directly from you when you make a purchase with SSENSE, answer customer feedback surveys, click on our ads, respond to marketing campaigns, or directly reach out to SSENSE for inquiries; and
- via our automated chatbox which you can use to interact with us.

3.2 When you use our App, we collect the following types of Personal Data about you, which we will process for the purposes described below:

Types of Personal Data we collect	Purposes for which we process your Personal Data	Legal basis on which we rely to process your Personal Data
Contact details (Name, Surname, Phone number, Email address) Email Preferences (Language Preferences, Region/Country) Customer ID Order History Shipping address Billing address User account details (login, password)	Contract management Enabling you to create your user account Managing your user account and personal preferences Processing and shipping your orders Enabling you to access your order history with us at all times Providing you with customer service as may be required Loyalty program	Contractual necessity
Contact details (Name, Surname, Phone number, Email address) Customer ID Order History, Order Number Shipping address IP Address Financial information (Cardholder Name, Card Expiration Date, Card number, CVV or CID)	Documenting transactions you made on our website	Our legitimate interest in order to protect SSENSE's business and legal rights
Contact details (Name, Surname, Phone number, Email address) Email preferences (Language Preferences, Region/Country) Shopping preferences Customer ID	Marketing Providing you with exclusive email updates, promotions, and notifications including information about our products or services, sales/products, loyalty programs, shopping cart reminders	Your consent (unless a legal exception applies, in which case we will rely on our legitimate interest to keep you updated on our products or services)
Contact details (Name, Surname, Phone number, Email address) Email preferences (Language Preferences, Region/Country) Shopping preferences Customer ID Order Number	Conducting customer feedback and satisfaction surveys	Our legitimate interest to measure the satisfaction of our customers.
Contact details (Name, Surname, Phone number, Email address) Your inquiry and your inquiry history Customer ID Type of request Messages Order number Billing/Shipping Address	Customer relationship follow-up (including via our chatbox) Processing and responding to any inquiry that you may address to us After-sales service Handling customer requests and inquiries	Contractual necessity
Contact details (Name, Surname, Email address) Order History Financial information (last 4 digits of your credit card number, AVS code) User account details (login, password) Customer ID Shipping address/Billing address	Prevention of fraud	Legitimate Interest
Contact details (Name, Surname, Email address) User Account details (login, password)	Improvement of customer experience and management or resolving technical issues on the Website	Our legitimate interest to offer, maintain and improve our Website
IP address User account details (Name, Surname, Shipping Address, email, login, password) Shopping preferences Session browsing data and conversion behaviour Customer ID Order History Email preferences	Data analytics, statistics and audience measurement Provide brand, category or product level personalised recommendation to logged in members	Our legitimate interests in order to understand how our website is being used and to help us customise and measure the audience on our website
Session browsing data Search history Order history Customer ID Google ID	Display advertisements about our services to users of Google	Our legitimate interest to reach out to our (i) consumers and (ii) prospects who are users of Google and who share similar characteristics as our customers registered on Google
User account details (Name, Surname) Shopping preferences Shipping/Billing address Phone number (this data is used for matching audiences only)	Display advertisements about our services to users of Meta	Our legitimate interest to reach out to our (i) consumers and (ii) prospects who are users of Meta and who share similar characteristics as our customers registered on Meta
User account details (Name, Surname, Shipping and Billing addresses, Email address) Order History Financial information (last 4 digits of your credit card number and name of the cardholder)	Management of the data subjects requests rights Enabling you to exercise your rights regarding your personal data.	Compliance with our legal obligations

3.3 Please note that the information you provide on our App may be necessary for contractual purposes and for us to comply with our legal obligations. Without such information, we may not be able to process your order or to answer your queries.

3.4 In particular, we may be required to disclose your Personal Data in response to legal and regulatory requests from public authorities, including to meet national security, anti-fraud or other legal requirements.

4. Cookies and other tracking technology

4.1 SSENSE may also collect certain information automatically from your device. Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification number (IMEI number), operating system version, the dates on which you access and use the App, user behaviour (such as your interactions with the App), broad geographic location (e.g. country or city-level location) and other technical information.

4.2 Collecting this information enables us to better understand the users of our App, where they come from, and what content on our App is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our App to our users.

4.3 Some of this information may be collected by using cookies and similar tracking technology, as explained further in our Cookie Policy which is available below.

4.4 Location-based data

If you authorise us to access the location data on your device, we will use this information to send you location-based information and to deliver services at your request.

Also, if you no longer wish to receive push notifications for location-based services you can disable this service by changing your device settings, or by altering the settings in the App by unchecking the relevant box in the “Settings” section of the App. On Apple devices, simply go to: Settings → Notifications → SSENSE → uncheck “Allow Notifications”.

5. Who SSENSE shares your Personal Data with

5.1 We may disclose your Personal Data to the following categories of recipients:

to our group companies for purposes consistent with this Policy, and in particular, so that they may contact you regarding products and services that may be of interest to you where you have given your consent. We take precautions to allow access to Personal Data only to those staff members who have a legitimate business need for access and with a contractual prohibition of using the Personal Data for any other purpose. Our group companies include: Atallah Group Inc., Atallah Group Limited, Atallah Hong Kong Limited, Atallah Group US Inc., GAI Services PTY Limited, Atallah International Inc., Atallah Group EU SARL

to our third party vendors, services providers and partners who provide data processing services to us, or who otherwise process Personal Data for purposes that are described in this Policy or notified to you when we collect your Personal Data. This may include disclosures to third party vendors and other service providers we use in connection with the services they provide to us, including to support us in areas such as IT platform management or support services, infrastructure and application services, marketing, data analytics. Our third party vendors, service providers and partners include, without being limited to:

Controllers: Worldpay (which privacy policy is available here), Paypal, First Data (Payeezy/IPG), Klarna, Google Premium Analytics, Riskified, PerimeterX, Signifyd, Partnerize, Rakuten. For more information about the manner in which these controllers are processing your data, please check the privacy policies on their respective websites.

Processors: HostedPCI, Stripe, Avalara, Zendesk, SAP, KIBO, StellaConnect, Loqate, Chatdesk, Google Cloud Platform,Google GSuite/Insight, Braze, AWS, Regalix, Chatdesk, Clearsale, Bing, SurveyMonkey, Talon.One, MailChimp, MailChimp, SendGrid, Meta (Facebook).

to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
to our auditors, advisors, legal representatives and similar agents in connection with the advisory services they provide to us for legitimate business purposes and under contractual prohibition of using the Personal Data for any other purpose;
to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Data only for the purposes disclosed in this Policy;
to any other person if you have provided your prior consent to the disclosure.

6. How SSENSE protects your Personal Data

6.1 We will process your Personal Data in accordance with the following principles:

Fairness: We are transparent about how we process Personal Data and we will process it in accordance with applicable law.
Lawfulness: We will process Personal Data only on lawful grounds.
Purpose limitation: We will process Personal Data for specified explicit and legitimate purposes, and will not process it in a manner that is incompatible with those purposes, unless permitted by applicable laws.
Data minimization: We will process Personal Data that is adequate, relevant and limited to what is necessary to achieve the purposes for which the Personal Data are processed.
Data accuracy: We take appropriate measures to ensure that the Personal Data that we hold about you is accurate, complete and, where necessary, kept up to date. However, it is also your responsibility to ensure that your Personal Data is kept as accurate, complete and current by informing us promptly of any changes or errors to the Personal Data that we hold about you (e.g. a change of address).
Data security: We use appropriate technical and organisational measures to protect the Personal Data that we collect and process about you. These measures are designed to provide a level of security that is appropriate to the risk of processing your Personal Data. In particular, all data is protected according to the varying levels of risks through physical measures, such as secure areas, technical measures, such as encryption, and organisational measures such as employee security through vetting and supervision.
Limited Retention: We keep your Personal Data in a form that allows us to identify you for as long as necessary to achieve the purposes for which we are processing your Personal Data (as described above) and we do not store your Personal Data for longer, unless we must comply with applicable laws.

7. Data storage, retention and deletion

7.1 The Personal Data we collect from you is stored in our servers located in the United States.

7.2 We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements) only for as long as it is needed

7.3 When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

8. Transfers of Personal Data outside the EU/EEA or the UK

8.1 Your Personal Data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.

8.2 Specifically, our Website servers are located in the United States, and our group companies and third party service providers and partners operate around the world. This means that when we collect your Personal Data we may process it in any of these countries.

8.3 However, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Policy.

For transfers of personal data outside of the EU/EEA:
- When transferring your Personal Data to Canada, we rely on the EU Commission's adequacy decision 2002/2/EC available here.
- When transferring your Personal Data to other entities of the SSENSE group located in the United States or other third countries outside of the European Union/European Economic Area (EU/EEA), we rely on the EU Commission's standard contractual clauses. When transferring your Personal Data to our third party services providers who are also located in third countries outside the EU/EEA , which do not benefit from an EU Commission’s adequacy decision, we have implemented the European Commission's standard contractual clauses with those third parties.
- The EU Commission standard contractual clauses may be amended or replaced from time to time and at such time as they are amended or replaced in relation to data protected under the GDPR by the European Commission, we will amend our data transfer documents accordingly.

For transfers of personal data outside of the UK:
- When transferring your Personal Data to Canada, we rely on the UK's adequacy decision.
- When transferring your Personal Data to other entities of the SSENSE group located in the United States or other third countries outside the U.K. without a U.K. adequacy regulation, we rely on the U.K. Addendum to the EU Commission's standard contractual clauses.
- When transferring your Personal Data to our third party services providers who are also located in third countries outside the U.K. without a U.K. adequacy regulation, we rely on the U.K. Addendum to the EU Commission's standard contractual clauses.
- The U.K. Addendum to the EU Commission's standard contractual clauses may be amended or replaced from time to time and at such time as they are amended or replaced in relation to data protected under the UK GDPR by the UK Secretary of State, we will amend our data transfer documents accordingly.

9. Automated processing (including profiling)

In some instances, we may use your Personal Data in order to better understand your preferences and to provide customized products or services to you.You may also choose to submit your questions or queries to us via a chatbox. When you do, the chatbox will collect some personal data about you (such as your customer profile and the details of your order) in order to assist you.

However, we do not make any decisions based solely on automated processing of such data, which either produce legal effects that concern you or similarly significantly affect you.

10. Minors

The services we provide on this Website are not intended for individuals below the age of 16. If you are under 16, please do not use or register on this App.

11. Your data protection rights

11.1 Subject to applicable data protection legislation and certain limitations, you may - exercise the data protection rights listed below. You can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.

You can access, rectify or request erasure of your Personal Data as detailed here below.

Please note that deletion requests are subject to certain limitations, for example, we may retain Personal Data as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, and to process transactions and facilitate customer requests.

The right to access to Personal Data, which enables you to receive confirmation as to whether or not SSENSE is processing your Personal data and information about that processing, and to receive a copy of your Personal Data.

You may also request correction of any of your inaccurate Personal Data, as well as the deletion of your Personal Data.

You can object to the processing of your Personal Data at any time (including profiling) when the processing is based on our legitimate interest. You may also object at any time to the processing of your Personal Data for direct marketing purposes (which includes any profiling to the extent that it is related to such direct marketing).
You may also ask us to restrict (block) the processing of your Personal Data under certain conditions.
When the processing is based on your consent or the performance of your contract with us, you may exercise your right to data portability, which enables you to receive your Personal Data in a structured, commonly used and maching-readable format and have it transmitted to another controller.
If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
You have the right to opt-out of marketing communications we send you at any time. You may unsubscribe from our newsletters or marketing notifications at any time by selecting the unsubscribe option in the "Email Preferences" section of your account, or by clicking the unsubscribe link at the bottom of every newsletter email. When you use the App, if you accept push notifications, we may send you promotional offers about our products and services via push notifications. If you no longer wish to receive push notifications about promotional offers from SSENSE, you can disable this service by changing your app settings in the device settings.

On Apple devices, simply go to: Settings → Notifications → SSENSE → uncheck “Allow Notifications”.

Post mortem right: concerning France only, according to the French Data Protection Act, you have the right to define general or specific directives regarding the fate of your Personal Data after your death.
You can also request to close your account at any time by contacting us as described below. You should be aware that once the App is uninstalled, you will not be able to use certain functionalities of the App.
If you have a complaint or concern about how we are processing your Personal Data then we will endeavour to address such concern(s). If you feel we have not sufficiently addressed your complaint or concern, you have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Union/European Economic Area, United Kingdom, Switzerland and certain non-European countries (including the US and Canada) are available here.

11.2 You may exercise any of the rights above at any time by contacting us as described under the “How to contact us” section below. We will respond to your request in accordance with applicable data protection laws.

12. External links

12.1 If any part of this App provides links to third party websites, such websites do not operate under this Policy. We recommend you examine the privacy notices posted on those websites to understand their procedures for collecting, using and disclosing personal data.

12.2 We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.

13. Updates to this Policy

13.1 We may update this Policy from time to time in response to changing legal, technical or business developments. When we update our Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Policy changes if and where this is required by applicable data protection laws.

13.2 You can see when this Policy was last updated by checking the “last updated” date displayed at the top of this Policy.

14. How to contact us

14.1 If you have any questions or concerns about this Policy or the way we process your Personal Data, or if you want to exercise your rights as described above, please contact us via email at dataprotection@ssense.com.

14.2 If you wish to exercise your data protection rights, you can do so at any time by using this SSENSE Data Request Form (please click here for the form in English, here for the form in French, here for the form in Japanese, here for the form in Korean and here for the form in Chinese).

14.3 The data controller of EU/EEA and UK residents’ personal data is Atallah Group Inc. 333 Chabanel Street W #900, Montreal QC H2N 2E7, Canada.

14.4 With respect to Atallah Group Inc., you may contact its representatives in the EU/EEA and UK for data protection matters using the following details: dataprotection@ssense.com.

Business Contacts Privacy Policy

Last updated: June 1, 2023

About this Policy

At SSENSE ("SSENSE", "us", "we", or "our"), we respect your privacy and we want to be transparent about the types of Personal Data (as defined below) we collect about you and how we use it. This Business Contacts Privacy Policy (hereafter the "Policy"), explains how we collect, share and use any information that, alone or in combination with other information that relates to our Business Contacts ("Personal Data"). A "Business Contact" (hereafter also referred to as "you") means any employee, agent or other individual working for or otherwise representing any legal entity that is (i) an existing or prospective business customer, vendor, supplier, service provider, business partner or other third party and (ii) who has a business and/or contractual relationship with SSENSE or any of SSENSE's affiliated entities.

This Policy sets out the rights that you have in relation to the Personal Data that we process about you and how you can exercise them. This Policy also describes the measures we implement to protect your Personal Data.

SSENSE, headquartered at 333 Chabanel Street W #900, Montreal QC H2N 2E7, Canada, is the data controller for all Personal Data that is collected for business management purposes and is responsible for ensuring that the processing of Personal Data complies with applicable data protection laws, including with the General Data Protection Regulation (GDPR) ((EU) 2016/679) ("GDPR") and the UK GDPR as it forms part of UK law by virtue of section 3 of the European Union (Withdrawal) Act 2018 (the "UK GDPR").

Please take the time to read this Policy carefully. If you have any comments or questions about this Policy, please contact us as described in the section "How to contact us" below.

Quick links
1. We recommend that you read this Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Policy, then you can click on the relevant link below to jump to that section.

What Personal Data does SSENSE collect and why

Cookies and other tracking technology

How we obtain your Personal Data

Who does SSENSE share your Personal Data with

How SSENSE protects your Personal Data