PRIVACY POLICY
Welcome to DNA Style Privacy Policy!

Here are few key points about our privacy practices:
• We are an AI-powered platform that serves as a professional stylist while you shop online. We make personalized recommendations of clothes (or assess whether your selected items match your style) and ready-to-wear outfits by analyzing an image of your face, as well as your figure type, height, gender and other information.
• We also make recommendations of clothes that can help to visually correct your figure. To use this service, you provide us with measurements of you figure.
• To use the ‘How to Wear’ and ‘Color Inspiration’ services, you can upload any photos of items you have, and the application will generate outfits incorporating them.
• For our work, we use third-party cloud providers – specifically, Amazon Web Services.
• We do not use your photographs or any other personal information you may provide when using the Service for any reason other than generating clothing recommendations and improving our Service.
1. Who is the data controller?

DNA Style is committed to protecting your personal information while you use our website or mobile application. This Privacy Policy relates to our use of any personal information you provide to us through www.dna.style and the DNA Style mobile application.
In order to provide you with the full range of DNA Style products and services, we may need to collect personal information about you which will be collected by the controller AI STYLE BY DNA SLU, with VAT ES B-67543991, registered office at Aribau street, 185, 3rd floor, 08021, Barcelona, Spain, and the email support@dna.style, referred to hereafter as “DNA Style”.
DNA Style is legally obliged to safeguard and use your personal information in accordance with all laws concerning the protection of personal information, including the General Data Protection Regulation (EU) 2016/679.
Below is more information on our privacy practices. Individuals located in California should also read our Notice to Californian users below.
2. What information do we collect?

We will collect personal information appropriate to the service you choose to sign up to. ‘Personal Information’ refers to information that can be used to identify you (whether alone or in combination with other data). The types of Personal Information that we may collect about you are:
· Photographs via your camera or camera roll (if you have given us express permission to access your camera or camera roll), figure measurements, body type, height, gender and other information provided by you when using the Service, or information contained in your social media account (if you choose to connect your social media account). We access only the specific images you choose to grant us access to using the mobile application; we do not collect or store your photo albums, even if you grant us access to them.

· The Personal Information you provide to us
In order to register as a user of the mobile application and/ or perform certain actions with us, you must fill out the electronic registration form providing the necessary information for the provision of our service. The Personal Details form specifies the required data which must be filled in by you. Failure to provide this data will mean that you are unable to register (in the case of the registration form) or will not be able to perform certain actions with our Service or save the results of your actions. Registering for the Service also involves having a profile with open fields that you can choose to fill out if you so wish.
The data requested in the registration form is as follows: e-mail or social media account log-in details, username, first name, surname, age, gender and password (if using the e-mail to register).
More extensive registration data may be required to make Service more personalized to you. This includes: Profile picture, your location, gender category of clothing, clothing size, favorite colors, price preferences and other information.
Payment details If you choose to use our paid service, we will need your full name, ID number, post address, and financial data such as a bank account, credit card number or apple ID if you use in-app payments.
To receive a consultation: When using the ‘Personal style’ or ‘Color type’ services, we ask you to provide us with your photographs of choice, figure type, gender. For the ‘Figure correction’ service, we ask you to provide figure measurements. For other services, you can provide any photographs you select to be used to generate outfits.
· Application usage information may be collected, such as information about how you use and interact with the service, including your preferred language, the date and time when you first installed the Service and the date and time you last used the Service. Your geolocation, to the extent that you have configured your device to permit us to collect such information, date and time stamps associated with transactions, and location preferences. Click-stream data (internet or other electronic information about your browsing history, search history, the webpage you visited before you came to our website, length of visit and number of pageviews, click-stream data meaning the page-by-page paths you take as you browse through our Services).

· Data we receive from third parties (websites, services, and products when you interact with Social Features of our application).

· Purchase history, (if you choose to purchase paid services or an application subscription) such as confirmation that you are a paid subscriber to the application.

· Social media information, if you choose to log in to the DNA Style application or website via a third-party platform or social media network such as Facebook or Instagram, or web portal to which you are redirected from our Service. We may collect information about you from that platform or networks they provide us with in accordance with their own privacy and/ or cookie policies (to which you have previously consented). We will try our hardest not to access more data than deemed necessary to ensure a good user experience and proper functioning of the application.

· Device data, such as your computer and mobile device operating system type and version number, manufacturer and model, device ID, push tokens, Google Advertising ID, Service ID for Advertising, browser type, screen resolution, IP address (and the associated country in which you are located), and other information about the device you are using to visit the application.

· Online activity data, such as information about your use of and actions on the Service and the Sites, including pages or screens you viewed, how long you spent on a page or screen and navigation paths between pages or screens.

· Data associated with the Cookies Policy: see our Cookies policy.
3. How do we use your personal data?

DNA Stylemay use your personal information for the following purposes: 1) to provide services that you have requested or interacted with; 2) retail offers: to let you know about other services which may be of interest to you (where you have agreed to this); 3) to inform you about changes and improvements to the application. All collection and processing of your personal data is treated using the principle of minimization, limiting the data we collect to what is necessary and relevant to the purposes for which it is collected and always respecting the user’s wishes.
For the nature of the provided service, based specifically on the use of the mobile application ‘DNA Style’, this includes:
Managing Your Account If you provide us with Personal Information, we may use it to: (i) process your registration to our Services, including verifying whether your email address is active and valid and enrolling you in our programs; (ii) monitor and manage your account; (iii) track your shopping, deliverany rewards or payments, and identify opportunities for rewards and/or offers; (iv) send you technical notices, updates, security alerts, and administrative messages; (v) provide you with customer service regarding your account and replying to your questions, comments and requests; and (vi) comply with legal and regulatory provisions enforced by judicial authorities in each geographical jurisdiction that the Company operates in. We may also use your information to assess risk and prevent fraud.
To monitor your activity on web portals that you are redirected to from the application or website (usually e-commerce portals of fashion retailers or online stores), including tracking product purchases or potential purchases in order to sustain the affiliate program and manage the relationship between us and those responsible for the web portals.
Improve Our Services We may process information by analyzing and monitoring usage and trends and performing statistical analyses to improve our Services and the websites, Service applications, marketing efforts, and the products and services of our affiliates to provide a better experience for you in the future. We may also use this information to adapt Service content to be more personalized to you. We may also internally use your photos in order to improve our service and train the neural networks for IT and scientific purposes.
To display advertisements. We can work with advertising partners to display advertisements within the Service. These advertisements are delivered by our advertising partners and may be targeted based on your use of the Service or your activity elsewhere online. To learn more about your choices in connection with advertisements, please see the section below titled “Targeted online advertising.”
For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
To send you e-mail about the features of our services. We may also ask for your consent to send you advertising by email.
To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes or use it for internal business improvements.
For commercial purposes by sending electronic communications: we are only able to send you these communications if you have previously consented to this. At the time of registration, we'll ask for your permission. You may choose to revoke your consent easily at any time by pressing the ‘unsubscribe’ button in any of our commercial communications.
The purposes for which each category of data is used is below:
Category «a) Data from the forms on the Service and the User Profile»: the Service (especially the Website) may include forms that are clearly linked to specific purposes and this shall be indicated on the Service (e.g. data collected in the Contact form will be processed for the purpose of responding to and communicating with those who wish to be contacted by us).
Category «f) Data associated with the Cookies Policy»: will be processed for the purposes set out in the Cookies Policy.
Category «h) Data included in the User Content»: will only be processed on behalf of DNA Style as data processors.
4.What is the legal basis of this data processing?

The legal basis for the data processing for the purposes described about is your consent which will be requested when you register with the platform and accept the conditions of service.
Failure to provide the requested personal data or failure to accept this data protection policy means that you will not be able to subscribe to, register for or receive information about the Provider's products and services.
In cases in which a prior contractual relationship between the parties exists, the legitimacy for the development of administrative, tax, accounting and labor obligations that might be necessary under current legislation shall be grounded in the prior existence of the commercial relationship established between the parties.
Your voluntary subscription to DNA Style will be considered a formal establishment of a contractual relationship between us, the Service Provider and you, the User. This contractual relationship is an agreement to send and to receive information about the fashion industry, service features, newsletters, regular updates regarding clothing and accessories related to fashion and trends. All forms of communication regarding the topics mentioned is to be considered part of the service contracted by you when subscribing to DNA Style. At any time, you may unsubscribe to any communications that you no longer wish to receive or modify your profile settings to stop or modify any further notices or forms of communication.
To unsubscribe, you can go directly to the application at any time access the Profile section and choose the option to unsubscribe.
In case the previous option is not enabled or does not work for any reason, you can also revoke your consent at any time by sending an email with the subject “User Low” to info@dna.style, including in the content of the message your (username) and the email address or username of the social network that you used when registering with the Service.
According to the LSSI, DNA Style does not perform spam practices: it does not send any commercial e-mails that have not been previously requested or authorized by you. Consequently, in all communications that you may receive from DNA Style, you will have the option of cancelling this express consent to receive our communications.
We shall not treat or process your personal data for any other purpose than those described here, except if required by legal obligation or judicial requirement.
Data processing shall not be subject to decisions based on automated processing that may modify or transform your data.
5. How long will we keep your personal data?

Your data shall be stored as long as your business relationship with us lasts or you exercise your right of cancellation, opposition, or limitation to data processing. However, we shall store certain personal identification and traffic data for a maximum period of 3 years, in case it is required by Judges and Courts or in order to initiate internal actions as a result of any improper use of the Service. We do not store photographs that you provide to the service on a long term basis, only the results of the consultation based on the image(s). After the analysis of the image is complete, we no longer require the photo, and in accordance with the data minimization principle (art. 5 GDPR) we therefore only keep it for a short period of time (e.g. photos of your face are stored for 6 months since your last visit, and photos of clothes are stored for 3 months). After the storage period has expired, the image(s) will be deleted.
6. Will we share your personal data?

We do not share your photographs with third parties (with the exception of uploading encrypted images to our cloud providers, Google Cloud Platform and Amazon Web Services). You may voluntarily choose to share your outfit photos in our feed or on your social media platforms, such as Instagram or Facebook; however, we will never share them without your consent or knowledge.
We may share your non-photographic information in the following circumstances:
Affiliates. We may share your information with our subsidiaries and affiliates, for purposes consistent with this Privacy Policy.
Service providers. We may share your personal information with service providers that perform services on our behalf or help us to operate the Service (such as customer support, hosting, analytics, email delivery, marketing and database management services). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy and are prohibited from using or disclosing your information for any other purpose.
Advertising partners. When we use third-party cookies and other tracking tools, our advertising partners may collect information from your device to help us analyze use of the website and the Service, display advertisements on the Service and advertise the website and Service (and related content) elsewhere online.
Third-party platforms and social media networks. If you have enabled features or functionality that connect the Service to a third-party platform or social media network (such as by logging into DNA Style using your account with the third-party, providing your API key or similar access token for the Service to a third-party, or otherwise linking your account with the Service to a third-party’s services), we may disclose the personal information that you authorized us to share, such as when you elect to upload a photograph from the Service to your social media account. We do not control the third-party platforms’ use of your personal information, which is governed by that third party’s privacy policy and terms and conditions.
Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, IT developers, auditors and insurers, where it is necessary in the course of the professional services that they render to us.
For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
Compliance with Law: We may be required to use and share your personal information to comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities.
7. Your Rights:

In this section, we describe the rights and choices available to all users.
Opt out of marketing communications and other push notifications. You may opt out of marketing-related communications and other push notifications we may send you by changing the settings on your mobile device or the website.
Device permissions. You may revoke any permissions you previously granted to us, such as permission to access your camera or camera roll, through the settings on your device.
Cookies & Web Browser Storage. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Site may not work properly. Similarly, your browser settings may allow you to clear your browser web storage.
Targeted online advertising. Some of the business partners that collect information about users’ activities on or through the Site or Service may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile Service usage for purposes of targeted advertising.
In addition, your mobile device settings may provide functionality to limit ours or our partners’ ability to engage in ad tracking or targeted advertising using the Google Advertising ID or Service ID for Advertising associated with your mobile device.
If you choose to opt-out of targeted advertisements, you will still see advertisements online, but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, so you may still receive some cookies and tailored advertisements from companies that are not listed.
Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information for provision of the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to use the Service by designating it as required at the time of collection or through other Service means.
Third-party platforms or social media networks. If you choose to connect to the Service via a third-party platform or social media network, you may have the ability to limit the information that we may obtain from the third party at the time you login to the Service using the third party’s authentication service or otherwise connect your account.
Data protection rights:
We respect your right to access your personal data, correct it, request its erasure or request that our use of your personal data be restricted within the limits established by current law. We also take the measures necessary to ensure that the personal information we collect is accurate and up-to-date.
Anyone has the right to access their personal data.
If your personal information is incorrect or incomplete, you have the right to ask us to update it.
You can ask us to delete your personal information.
You may request the limitation of the processing of your data, in which case we will only keep it for the exercise or defense of claims.
In certain circumstances and for reasons related specific to the situation, the interested parties may object to the processing of their data. If you have granted consent for a specific purpose, you have the right to withdraw it at any time, without affecting the legality of the data processing based on the prior consent given, which may have taken place before to its withdrawal. In these cases, we will stop processing your data or, where appropriate, we will stop doing so for the specific purpose requested, except for compelling legitimate reasons or the exercise or defense of possible claims.
You can exercise any of these rights by sending a written request to Aribau street, 185, 3rd floor, Barcelona, Spain 08021, or by email to support@dna.style.
Upon receipt of your request, and as long as it contains within it all the information required by the data protection law (a copy of your ID card), we will respond to your request to guarantee the exercise of your rights.
You can consult the rest of your personal data rights and their exercise according your nationality in sections 15 and 16.
8. Other Sites, Mobile Applications and Services

The Service may contain links to other websites, mobile applications and online services operated by third parties. These links are not an endorsement of, or indication that we are affiliated with, any third party. In addition, our content may be included on webpages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services and we are not responsible for their actions. Other websites, mobile applications and online services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.
9. Data Security and Retention.

We take our responsibility to protect your information very seriously and employ multiple safeguards in order to help ensure that your information is protected as it is transmitted from your device and stored on our servers. We take the following measures to protect your data:
Encryption: When dealing with your personal/private information on our server, and working in partnership with your browser, we use an industry standard security protocol (Secure Sockets Layer – SSL) to help ensure that the information is encrypted and protected from third parties. SSL helps ensure that the communication between your browser and our servers is private and that the information contained therein is safe and delivered only to our computers.
Firewall: Once your information reaches our servers, we protect it in many ways, including storing the information on secure servers and using a device known as a firewall which protects your information by detecting and preventing unauthorized access to the information.
Authorized access: Using our firewalls and other mechanisms, we also protect your information by only allowing access to it by employees and authorized parties who have a legitimate and verified need to access the information in order to service your requests and administer policies and claims.
10.Cross-Border Data Transfers

We store the information we collect in connection with the Service on Amazon Web Services and Google Cloud Platform. For Amazon Web Services, we specify the US as the data storage location. For Google Cloud Platform, we specify data storage at the closest available location to you when you use the device. Your personal information may be accessed by our service providers in locations outside of your state, province, or country. Your device ID (and general Service usage information) may also be accessed by the Company’s technical support team in other locations outside of your state, province, or country. We rely on the Privacy Shield, as described, for transfers of data from the EU and Switzerland to United States.
11. Children

According to article 8 of the GDPR, processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child.
Nevertheless, minors under 18 years of age are not able to contractually agree to the terms of use required by this and its paid edition. For this reason, for the protection of minors, the application is not directed at minors under the age of 18, and our Тerms of Use do not allow minors under 18 years of age to use the Service. If we learn that we have collected the personal information of a child under the age of 18, we will delete it. We encourage parents with concerns to contact us.
12. Changes to Privacy Policy. 

This Privacy Policy is current as of the date set forth above. We reserve the right to change this Privacy Policy from time to time, consistent with applicable privacy laws and principles. If we make changes to this Privacy Policy, we will notify you by revising the date at the top of this Privacy Policy, and where such changes will impact you as a data subject, we will provide you with additional notice (such as adding a statement to the homepage of our Services or sending you an email notification). 
13. Legislation

For all purposes, the relationship between DNA Style and you through use of its services and platform, is subject to Spanish legislation and jurisdiction to which the parties hereby expressly submit themselves, the Courts and Tribunals of BARCELONA being considered adequate for the resolution of all and any disputes arising from or related to the use of said services.
14. How to Contact Us

Please direct any questions or comments regarding this Policy or our privacy practices to support@dna.style. You may also write to us via post at:
AI STYLE BY DNA, S.L.
Aribau street, 185, 3 d floor, Barcelona, Spain 08021
support@dna.style
15. Notice to California Residents

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide to California residents with an explanation of how we collect, use and share their personal information, and of the rights and choices we offer California residents regarding our handling of their personal information.
We do not sell personal information. As we explain in this Privacy Policy, we use cookies and other tracking technologies to analyze Site and Service traffic and use, and to facilitate advertising.
In addition to disclosures of personal information to our service providers and professional advisors for compliance, fraud prevention and safety, and in connection with a business transfer, the following chart further describes our privacy practices with respect to the personal information of our Californian consumers.
16. California Residents’ Privacy Rights

Except as excluded from the scope of this notice above, the CCPA grants California residents the following rights.
Information. You can request information about how we have collected, used and shared your personal information in the past 12 months. We have made this this information available to California residents without having to request it by including it in this notice, in the above chart.
Access. You can request a copy of the personal information that we maintain about you.
Deletion. You can ask us to delete the personal information that we have collected or maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
You are entitled to exercise the rights described above free from discrimination.
How to Submit a Request
To request access to or deletion of personal information, email support@dna.style.
Identity verification. The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. We may attempt to verify your identity by asking you to confirm information that we have on file about you or your interactions with us. Where we ask for additional personal information for verification purposes, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have written authorization confirming such authority.