1. HOW WE COLLECT PERSONAL DATA
Generally, we may collect personal data and information (“Personal Data”):
(a) when you voluntarily provide us with such information (through the use of the Service or otherwise);
(b) by automatically obtaining such information when you access or use the Service and/or Website; and/or
(c) by obtaining such information from third parties that we work with, or whose services you access or use in the course of using our Service and/or Website.
Examples of situations when your Personal Data may be collected by us include when you:
(a) visit our Website with a cookies-enabled browser, use the Service, register for an account with us, update or add information to your account and/or user profile, sign up for the FIGS Newsletter and/or download the FIGS App or any of our mobile application(s) (including any updates thereto);
(b) send us messages, emails, correspondence, comments, questions, testimonials, suggestions or job applications, make any Submissions, or otherwise correspond or interact with us (whether through phone, email, the ‘Support’ function on the Service, in person or otherwise);
(c) participate in our Promotions, comment or participate in polls, surveys, blogs, forums, message boards, communities, social media feeds, and other communication channels that we make available;
(d) conduct any online transactions on our Service and/or Website;
(e) subscribe to our mailing lists for email, post or phone updates or any form of marketing;
(f) link your account under third party services (including Facebook, Twitter and Google) to your account with us, or share content from our Service using such third party services;
(g) sign up for a Trial, purchase any of our Subscription Plans, or make other purchases through the Service and/or Website;
(h) use third party payment gateways and payment processors to make payments on our Service and/or Website (save that we do not store any credit card information);
(i) grant us permission to access your information with third parties and/or grant them permission to share your information with us; and/or
(j) click on, visit or access third party services, sites or advertisements from links available from our Service and/or Website.
For the avoidance of doubt, “Personal Data” means information that can be associated with a specific person and which can be used to identify that specific person whether from that data or from that data in combination with other information that we have or are likely to have access to. Personal Data does not include information that has been made anonymous or aggregated so that it can no longer be used to identify a specific person, whether in combination with other information or otherwise.
2. TYPES OF PERSONAL DATA COLLECTED
Types of Personal Data that we may collect and store include:
(a) your name, gender, photo, password, email address, physical address, postal code, country and city of residence, contact number, date of birth and occupation;
(b) your account details under third party accounts that are linked to your account with us (e.g., Facebook) including your username and password, profile picture, date of birth, gender, friends’ names and friends’ profile pictures and networks;
(c) information on how you invest or would like to invest, including your investment experience, risk appetite and investment style;
(d) information about you, your activity and transactions which are sent to us by third parties, including information on your payment transactions such as receipts and card type;
(e) information regarding your use of the Service and/or Website, including user preferences, settings, forecasts and other activity;
(f) information you provide us, or transmit or receive using the Service, and which identifies you or another person; and/or
(g) mobile device information including access to your photos and camera, location, voice and contacts provided you have given us your explicit permission to access the information. We will ask for permission before we access the information or any features of your mobile device. If you provide such permission, we will collect the information for specific purposes explained at the time we ask for your permission.
3. USE OF YOUR PERSONAL DATA
(a) communicating with you about your account and our services, responding to, processing and handling your queries, feedback and suggestions, and generally administering and/or managing our relationship with you;
(b) processing, recording, and monitoring your communications and activities on the Service;
(c) monitoring and ensuring the technical performance and functionality of the Service and Website;
(d) providing you with the use of, improving, identifying and/or resolving problems with the Service and/or Website;
(e) customising your experience of our Service and/or Website including by displaying content according to your interests and preferences and providing a faster method for you to access your account;
(f) sending you either directly, or through one of our partners, communications relating to the Service including transactional, marketing and product updates, and other matters which may be of interest to you, provided that in relation to the sending of marketing or promotional information to you (including by voice call, email, SMS/MMS) we will comply with the requirements of applicable laws or obtain your express consent to the same;
(g) identifying you to anyone to whom you communicate with on the Service (including another user or a third party service provider);
(h) verifying your personal particulars and facilitating, processing or dealing with your online transactions and payments;
(i) sending you information on any updates or changes to our terms and conditions, guidelines, policies and/or other administrative information;
(j) auditing our business or Service, and complying with any financial, legal or accounting policies or requirements;
(k) conducting research, analysis and development activities (including data, user profile and statistical analysis, surveys, product and service development, analysis of your use of the Service including your interaction with applications, advertising, products, and services that are made available, linked to, or offered through the Service);
(l) responding to legal processes or complying with any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on us or on our related corporations or affiliates;
(n) protecting our safety, rights and property, our subsidiaries, holding company, users, or any other party, and/or the intellectual property of the Service and Website;
(o) preventing, detecting, mitigating and investigating potentially illegal acts, fraud and/or security breaches and assessing and managing risk, including alerting you if fraudulent activities have been detected on your account;
(p) other purposes which we notify you of at the time of obtaining your consent; and/or
Targeted Ads. We may display targeted advertisements based on Personal Data. Advertisers (including ad serving companies) may assume that people who interact with, view, or click targeted ads meet certain targeting criteria, such as relating to age and geographic location. We do not provide any Personal Data to the advertiser when you interact with or view a targeted ad. However, by interacting with or viewing an ad you are consenting to the possibility that the advertiser will assume that you meet the targeting criteria used to display the ad.
Where you have been referred to our Service and/or Website by our affiliates (including through advertisements and links on our affiliates’ websites, emails or other forms of communications to you):
(a) the fact that you are coming from their websites may be recorded by cookies, and our affiliates may be able to recognise you and attribute your activities to you through such cookies; and
(b) we may disclose to referring affiliates your Personal Data that you have visited our Website, registered for our Service and/or purchased our products/services, with your prior consent.
With respect to sub-Clause (a) above, you can prevent being tracked by choosing the appropriate preference in the privacy options of your browser or disable or delete the cookies. With respect to sub-Clause (b), if you do not wish your Personal Data to be disclosed by us to the referring affiliate, please let us know by writing to us at the contact details in Clause 13. Use of your Personal Data by referring affiliates is governed by their privacy policies, and you should approach the referring affiliate directly with requests for access to, or revision of, such Personal Data.
4. NON-PERSONAL DATA
How we collect Non-Personal Data. When you use the Service and/or the Website, we may collect, use, disclose, retain and process (or our systems may automatically collect, use, disclose, retain and process) either directly or through third party services, certain anonymous or non-personal information and data (“Non-Personal Data”), including:
(a) log data, including your unique device identifier, the IP address of your computer or device, the types of devices you are using to access or use the Service and/or Website, data from cookies, information about your computer or mobile internet browser type and operating system, the dates and times of your use of the Service, the number and frequency of visitors to the Website, the URL that you just came from and the URL you next go to, location information, languages;
(b) session and usage data about your use of the Service, including connection and service-related data such as information relating to the connection request, server communication and data sharing, network measurements, quality of service and date, time and location of usage; and/or
(c) aggregate information about the use of the Service (which may contain log data and session and usage data) in respect of a group or category of services or users but which contains no personally identifiable information about the users.
For the avoidance of doubt, “Non-Personal Data” is information that does not identify you or any other individual and does not include Personal Data. We may combine Personal Data with Non-Personal Data. If we do so, the combined information will be treated as Personal Data for as long as it remains combined.
How we use Non-Personal Data. We may use Non-Personal Data for any purpose, including:
(a) for our own internal purposes;
(b) to measure traffic patterns;
(c) for the purpose of system administration;
(d) to enable us to analyse, research and track usage of the Service including conducting internal research on user demographics, interests, behaviour and trends among our users;
(e) to provide, improve and modify the Service or the Website;
(f) to improve our algorithms, measure service usage, publish summaries online or offline, develop new features; and/or
(g) for marketing and promotional purposes.
5. DISCLOSURE TO THIRD PARTIES
You acknowledge and agree that we may disclose your Personal Data and Non-Personal Data to certain third parties approved by us including:
(a) our related companies (including our subsidiaries and holding company);
(b) our affiliates, agents, service partners and third party operators of applications or services which interface with, link to, support or are incorporated in the Service, in order to facilitate or enable our provision of services to you and the development, support, maintenance and operation of the Service and/or Website;
(c) our lawyers, auditors and other professional advisors;
(e) our affiliates and third parties who provide co-branded or jointly-offered products, services and features, such as additional features, additional content, discounts, offers and other promotions;
(f) actual or prospective purchasers, partners or investors and their respective advisers with a view to a potential merger, acquisition, business partnership, collaboration, joint venture or disposition of all or any portion of our business, assets or stock; and/or
(g) authorities and third parties where we believe such disclosure is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our rights, or as otherwise required by law.
From time to time, we may collaborate with other third parties to organise joint marketing and promotional campaigns, offers or contests, and may require disclosure of your Personal Data to such third parties. For example, where a promotion is specially offered to customers of our third party partner, we may share your information with that partner to the extent relevant to such promotional campaign. In some cases, you may not be able to enjoy the promotion, offer or participate in the contest, unless you consent to disclosure to such third party of your information.
6. CROSS-BORDER TRANSFERS OF PERSONAL DATA
We may transfer, process and store information about our users on servers located in a number of countries including Singapore, Japan, Hong Kong, China, Taiwan, Philippines and the United States. You acknowledge and agree that we may disclose your Personal Data with other entities in the FIGS group of companies and to third parties located outside your country of residence, and as such, your Personal Data may be transferred to such countries. Your Personal Data may therefore be subject to privacy laws that are different from those in your country of residence.
Transfers outside Singapore. To the extent that FIGS may need to transfer Personal Data outside of Singapore, FIGS shall do so in accordance with the Personal Data Protection Act 2012 (“PDPA”) to ensure that we provide a standard of protection to personal data so transferred that is comparable to the protection under the PDPA. You consent to the transfer of your Personal Data to third parties located outside your country of residence, and to their collection, use and disclosure of such Personal Data in accordance with their respective privacy policies, as summarised below.
Third party service name, provider and description
Summary of how your Personal Data is collected, used and processed
(The Rocket Science Group, LLC)
Description: Email Service Provider
MailChimp uses the Personal Data (including your email address) it receives as necessary and appropriate to (and to enable us to) contact customers, generate automated responses and/or notifications, and send updates and publications where you have requested or consented to be on our mailing list, in relation to the Service and/or the Website.
Types of data which may be collected: Name, gender, photo, email address, physical address, country and city of residence, contact number, date of birth and occupation.
(Ematic Solutions Pte. Ltd.)
Description: Email marketing optimisation Software-as-a-Service
Ematic Solutions uses artificial intelligence to help us analyse and optimise our email marketing service. The information collected about you and your email behaviour, preferences and interests will be transmitted to and stored by Ematic. Ematic will use this information for the purpose of evaluating your use of your email, compiling reports on email activity for us and providing other services relating to email activity. Ematic may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Ematic’s behalf.
Types of data which may be collected: Name, gender, photo, email address, physical address, country and city of residence, contact number, date of birth and occupation.
Countries Personal Data may be transferred to: Various countries including Japan, Hong Kong, Taiwan, China, Australia, Malaysia, Indonesia, Thailand, Philippines, Vietnam and the United States of America.
(Google Inc. and its affiliates)
Description: Web analytics service
Types of data which may be collected: Cookies and usage data.
Countries Personal Data may be transferred to: Various countries. Google adheres to several self-regulatory frameworks including the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (please refer to https://www.google.com/intl/en/policies/privacy/frameworks/).
Description: Payment processing services
PayPal and Stripe use the payment-related information that it receives as necessary and appropriate to fulfil requests to process payment transactions (by credit card, bank transfer or other means on the Service), to facilitate billing, and to otherwise deliver payment services.
Types of data which may be collected: Name, credit card and debit card information, email address, physical address, country and city of residence, contact number.
Countries Personal Data may be transferred to: Various countries including North America, Asia, Europe.
Countries Personal Data may be transferred to: United States of America, and various other countries where Stripe has operations or where Stripe engages service providers.
Description: Social media and network services. Registration and authentication services.
Your accounts of with these third party services can be used to sign in to our Service. We may ask for permissions to allow us to perform actions with your social media account and to retrieve information, including your Personal Data, from it.
Types of data which may be collected: Various types of Personal Data as specified in their privacy policies.
Countries Personal Data may be transferred to: USA.
Countries Personal Data may be transferred to: United States, Ireland, and other countries where Twitter operates.
You acknowledge that links to the privacy policies of the third parties above are provided herein for your convenience only and may not be current or updated. The privacy policies of third parties are also subject to change, without notice to us. You agree to refer to the respective websites of such third parties for up to date information on how they collect, use and store your Personal Data.
We, our partners, affiliates and service providers use ‘cookies’ to collect information. A cookie is a small data file that we transfer to your computer's or device’s hard drive for record-keeping purposes. Each time you visit our Website or FIGS App from the same computer or device, the cookie will be retrieved from your computer or device, enabling our Website or FIGS App to recognise your computer or device as having previously visited our Website or FIGS App and thereby increase the functionality of our Website or FIGS App on your computer or device. Third party advertisers on the Website and/or Service may also place or read cookies on your browser. Cookies help us store preferences, and measure the number of visits, average time spent, page views and other statistics relating to your access to the Service and/or Website. This information allows us to better administer the Service and/or Website, and provide a more tailored and user-friendly service to our visitors and users.
You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions or functionalities of the Service and/or Website.
We have implemented reasonable security arrangements to protect your Personal Data, including physical, administrative, technical and electronic measures and safeguards to prevent loss of or damage to your Personal Data including unauthorised disclosure thereof or access thereto. Please be aware that no security arrangements or measures that we take to protect your Personal Data is absolutely guaranteed to avoid unauthorised access or use of your Personal Data or is impenetrable. We hereby disclaim all liability for the security of your Personal Data, which may be compromised by unauthorised entry, use or disclosure, hardware or software failure and other factors.
You are solely responsible for protecting your usernames and passwords that are used to access the Service and/or any third party service to which it is linked, against unauthorised access and use and for all actions taken with such usernames and passwords. You acknowledge that if you lose control of your usernames and passwords, you may lose substantial control over your Personal Data and be potentially subject to legally binding actions taken on your behalf by an unauthorised user. If any of your usernames and passwords has been compromised for any reason, you should immediately change the same. You should also sign off once you have finished using a shared computer.
9. RETENTION PERIOD
11. LEGAL AGE
We do not knowingly collect or solicit personal data from those below the age of eighteen (18), or knowingly allow such persons to register an account with us. The Service is not intended for use by persons under eighteen (18) years of age. If you are under eighteen (18) years of age, please do not attempt to register for or to use the Service and/or the Website, or send us any personal data about yourself.
12. ACCESSING/UPDATING YOUR PERSONAL DATA
If you wish to access, correct or update your Personal Data, you may do so by accessing your account settings through the Website or the FIGS App. We may maintain a copy of the unrevised information in our records.
13. CONTACTING US / REPORTING VIOLATIONS
Subject to exceptions under law, you have the right to request a copy of the Personal Data that we hold about you. Please contact our Data Protection Officer by email in writing at email@example.com, providing your name, contact number and email address, if:
(b) you would like a copy of some or all of your Personal Data; and/or
(c) you would like to review, correct, update, suppress, delete or otherwise limit our use of your Personal Data that has been previously provided to us.
In your request relating to sub-Clauses (a), (b) and (c) above, please make clear (where applicable) what information you would like to have changed, or what records of Personal Data you wish to retrieve, and/or otherwise let us know what limitations you would like to put on our use of your Personal Data. We will try to comply with your request as soon as and to the extent reasonably practicable. You agree that where you submit a request relating to sub-Clause (b), that we may charge you a fee to cover the cost of verifying your request and identity, and locating, retrieving, collating, copying and forwarding any records so requested. You acknowledge that we will not be able to remove your Personal Data from the database of any other users with whom you have shared such information or from the databases of third parties which you previously authorised us to share such information with. We may also not be in a position to continue to provide the Service (or parts thereof) to you if you withdraw your consent to us collecting, using or retaining your Personal Data for certain purposes.
If you do not wish to receive emails, SMSes or other communications from us, you can unsubscribe from such communications by using the unsubscribe facility that may be provided with such SMS, email or communication, by adjusting your email settings under your profile, by using the ‘Support’ function on the Service or by emailing us at firstname.lastname@example.org. Please note that if you do opt out of receiving marketing-related communications from us, we may still send you important administrative messages and that you cannot opt out of receiving such administrative or other important messages.
14. COUNTRY-SPECIFIC TERMS (JAPAN)
(i) “us”, “we”, and “our” shall mean FIGS Japan;
(ii) “FIGS” means FIGS Japan and/or FIGS Inc., as appropriate;
(iv) “Terms of Service” means the Terms of Service at https://support.figsinc.jp/hc/ja/articles/115004887314;
(vi) We will not collect, use, or disclose “Sensitive Personal Information” as defined under Article 2, Paragraph 3 of the PIPA such as political opinions, faith (religion, thoughts and beliefs), membership of labor unions, race or ethnicity, family and domicile of origin, information regarding medical treatment, sexual orientation or criminal records, except as permitted under the PIPA.
(viii) We do not knowingly collect or solicit personal data from residents of Japan who are below the age of twenty (20), or knowingly allow such persons to register an account with us. The Service is not intended for use by persons resident in Japan who are under twenty (20) years of age. If you are under twenty (20) years of age, please do not attempt to register for or to use the Service and/or the Website, or send us any personal data about yourself.
(ix) Please contact our Data Protection Officer by email in writing at email@example.com.
(x) Please email us at firstname.lastname@example.org.
Effective date: 23 March 2018
Last updated: 23 March 2018