The FIGS Privacy Policy applicable to U.S. consumers can be found here

FIGS NON-U.S. Privacy and Cookie Policy

Welcome to the FIGS Website (www.wearfigs.com, together with any mobile applications available in your jurisdiction, the “Site”), a Site operated by FIGS, Inc., 2834 Colorado Ave, Suite 100 Santa Monica, CA 90404 United States (“FIGS”, “we”, “us”, or “our”).

If you’re reading this, you know that our Site provides users with an opportunity to learn more about and purchase high quality medical apparel (such apparel, our “Products”). We developed this privacy and cookie policy (“Privacy Policy”) to explain how we collect, use, and disclose information about you, whether you are simply visiting our Site, making a purchase, or otherwise interacting with us, as well as your rights and choices regarding such information.

So we are clear about the terminology we are using, when we use the phrase “Personal Information” in this Privacy Policy, we mean any information relating to an identified or identifiable individual, which includes information (whether by itself or in combination with others) about an individual that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. This could include name, identification numbers, location data, online identifiers, or factors specific to physical, physiological, mental, economic, cultural or social identity. Personal Information may also include sensitive information such as racial or ethnic origin or health information and other information as may be provided by applicable law.

Your use of the site is governed by our Terms of Use applicable to your jurisdiction. If you are a consumer resident within Australia, Canada, EU, Israel, New Zealand or UK, please follow this link to access the Terms of Use that apply to you. If you are a consumer resident outside of the U.S., Australia, Canada, EU, Israel, New Zealand or UK, please follow this this link to access the Terms of Use that apply to you. In the process of registering for an account, you are required to accept and agree to be bound by our Terms of Use in order to complete registration. When you use the site, our collection, use and disclosure practices, and other activities in respect of your Personal Information is as described in this Privacy Policy.

If you have any questions or wish to exercise your rights and choices, please contact us as set out in the “Contact Us” section.

Joint Controllership Statement – FIGS and Global-e

Since we are a US-based business, we have partnered with a cross-border e-commerce provider Global-e US, Inc. (“Global-e”) which operates through its local affiliates in countries across the globe (for a full list of relevant affiliates see Global-e’s Privacy Policy) to ensure effective delivery of our Products to you in your location. We have integrated Global-e’s technical platform into the Site via an Application Programming Interface (“API”) for this purpose, and we co-operate with Global-e through the use of online portals.

In some (but not all) scenarios where we or Global-e are processing your Personal Information, FIGS and Global-e are “joint controllers” for the purposes of applicable data protection laws. This means that in those scenarios, FIGS and Global-e are working together to make decisions about why and how your Personal Information is processed and we are jointly responsible under data protection laws for that processing.

When are we joint controllers?

FIGS and Global-e are joint controllers in the following scenarios:

• Site localisation and insights: Global-e places tracking technologies on the Site which (i) recognise your location from your Internet Protocol (“IP”) address (a number that is automatically assigned to your device when you use the Internet, which may vary from session to session) and localise aspects of the Site (e.g. the pricing of our Products) so that it is easier for you to use in your location; and (ii) analyse your use of the Site and provides FIGS with insights based on this analysis for FIGS to use for quality improvement and trend analysis purposes. For more information about these uses of cookies, see the “Analytics, Advertising, and other Tracking Technologies” section below and Global-e’s own Privacy Policy. FIGS does not use the insights received from Global-e to identify you as an individual
• Sales process:When you purchase one of our Products, Global-e manages the checkout page and shares certain Personal Information it collects with FIGS, allowing FIGS to manage the packaging of your order and, if applicable, review and execute refund requests.
  FIGS and Global-e also deal with any complaints, disputes and customer service requests together. In addition, Global-e will share with FIGS your opt-in consent for the purposes of FIGS’ direct marketing (but not Global-e’s).

Our respective responsibilities

FIGS and Global-e have an arrangement in place which allocates responsibilities for the legal obligations arising from processing your Personal Information as joint controllers.

Both parties are responsible for providing you with information about the processing (including each party’s legal basis for processing your Personal Information), and for complying with the key principles of data protection law (including keeping your Personal Information secure).

FIGS and Global-e will respond to any data subject rights requests you submit in accordance with the “Who you can contact” section below. If there is a data breach, Global-e will notify you and the relevant regulator (if required) where the breach relates to its placement of Site localisation and insights cookies. If the data breach relates to Personal Information we process on the online portals we use to manage the sales process, the parties will co-operate to decide who sends the response to the regulator and to data subjects

Who you can contact

If you want to exercise any of your rights under data protection laws (see the “Your Data Subject Rights” section below), make a complaint, or ask a question about FIGS or Global-e’s processing as joint controllers, you should contact:

• Global-e for questions relating to Global-e’s use of cookies, your use of the refund, customer support and returns portals, and the physical delivery of Products to you. Global-e’s contact details are dataprotection@global-e.com and their EU representative is Rickert Rechtsanwaltsgesellschaft mbH, Colmantstraße 15, 53225 Bonn, art-27-rep-global-e@rickert.law.
• FIGS for questions relating the general operation of the Site and the purchase of our Products other than the elements of the sales process described in the bullet above. Please use the details in the “Contact Us” section below.

When are we not joint controllers?

FIGS and Global-e are not joint controllers in other scenarios. For example, when FIGS carries out day-to-day maintenance of the Site, sends you marketing, or processes any job application you make, FIGS will be a controller independently of Global-e. Likewise, where Global-e arranges for your payments to be processed, or manages the logistics of delivering Products to you (separately from its co-operation with FIGS through online portals), Global-e will be an independent controller.

Please see the Global-e Privacy Policy for full details of the processing Global-e carries out. Please see the wording below for details about FIGS’ processing.

FIGS as controller of your Personal Information

How We Collect and Hold Information.

Information You Provide.

We collect Personal Information when you use the Site. The categories of information we collect about you include the following:

• "Contact Data," including your name, email address, postal address, phone number, and similar information about your employer.
• "Demographic Data,"including your birth date and month (for offering birthday discounts), gender, country, occupation, and student or military status (for offering student or military discounts, if these are available in your jurisdiction). See also the section on “Discounts” below.
• "Transaction Data," including information about your purchases. Credit card data will be processed separately by Global-e; please refer to the Global-e Privacy Policy for further details.
• "Profile Data," including your interests, sizing, preferences, and favorites.
• "Content,", including content within any messages you send to us (such as feedback and questions to customer support) or publicly post on the Site (such as in product reviews).
• "Referral Data,", including the name and email address of your friend when you use our “Refer a Friend” feature (to the extent we use this feature in your jurisdiction).
• "Job Application Data,", including your employment and education history, transcript, writing samples, and references.

You may choose to voluntarily provide other information to us that we do not request.

If you do not provide us with certain information we request, we may not be able to provide you with access to or full use of our websites and/or services.

We collect information in the following circumstances, and hold the information in the following ways:

• Create an Account. You do not have to create an account in order to browse our Site or place an order. If you choose to create an account, we will collect your Contact Data and Demographic Data. Your password is stored with our service providers and we do not have access to it. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password. We may allow you to store Profile Data and other information through your account.
• Discounts. On your creation of an account, we may also collect certain Demographic Data which enables us to offer you discounts (where they are available in your jurisdiction), such as birthday discounts, student discounts or military discounts. This information is optional for you to provide, and your student or military status will always be verified by a trusted third party provider and will not be collected directly by us.
• When you place an order, you will share your Contact Data and Profile Data with Global-e in the first instance, and Global-e will share this information with us. Global-e will manage the processing of your payments. For more information on these points, see the Joint Controllership Statement above.
• Advertising and Marketing Communications. If you subscribe to our email mailing list or SMS or MMS messaging list (if such service is available in your jurisdiction, we collect your Contact Data (which is initially obtained by Global-e as part of the checkout process and then shared with us) and we may also use any Profile Data you have provided us with to tailor the marketing communications we send to you. If you have consented we may also use your Contact Data and Profile Data to tailor and deliver advertising to you (or people similar to you) on social media platforms (see the section on “Matched Ads” below).
• Contests and Promotions. When you enter a contest or participate in a promotion, we collect your Contact Data and any additional information or content required for the contest or promotion. These contests and promotions are voluntary. We recommend that you read the rules for each contest and promotion that you enter.
• Contact Us. When you contact us with a comment, question or complaint through email, social media, or telephone, you may submit Contact Data along with other information or Content.
• Surveys and Customer Research. From time to time, we may offer you the opportunity to participate in one of our surveys or other customer research. We may collect your Contact Data and other information you submit.
• Ambassador Program. When you apply to or participate in our FIGS Ambassador Program, we may collect your Contact Data, Demographic Data, and any additional information or content required for application to or participation in the Ambassador Program. Applying to and participating in the Ambassador Program is voluntary.
• Refer a Friend. By using this feature (to the extent it is available in your jurisdiction), you acknowledge and agree that you have your friend’s consent for us to use their contact information to fulfil your request and for us to send them an outreach email about our service. We will not send your friend any further emails until they have given us their opt-in consent to marketing.
• Apply for a Job. When you apply for a job with us, we will collect your Job Application Data as necessary to consider you for job openings

In addition, we automatically collect and hold Personal Information when you use the Site. The categories of information we automatically collect include the following:

• Site Use Data, including data about the features you use, the pages you visit, the searches you make, the Products you view and purchase, the referring/exit pages, the domain name, clickstream data, and the date/time stamp for your visit.
• Device Connectivity and Configuration Data including data about your browser or device type, your device’s operating system, your Internet service provider (“ISP”), your device’s regional and language settings, your device’s IP address, and other device identifiers.

We use various tracking technologies to automatically collect information when you use the Site, including the following:

• Log Files, which are files that record information automatically in connection with your use of the Site.
• Cookies, which are small pieces of information stored on your device’s browser that act as a unique tag to identify your browser. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device for extended periods of time) to provide you with a more personal and interactive experience on our Site. Cookies allow us to make the Site more useful to you, remember your preferences, support security features, tailor your experience, better understand how you use the Site, and bring you advertising both on and off the Site.
• Pixels (also known as web beacons), which are pieces of code embedded in a website, video, email, SMS or MMS message or advertisement that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, video, email, SMS or MMS message, or advertisement that contains a pixel, the pixel may permit us or a third party to drop or read cookies on your browser. Pixels are often used in combination with cookies to track activity by a particular browser on a particular device. We use information collected from pixels to analyze trends, administer the Site, track users’ movements around the Site, gather demographic information about our user base as a whole, better tailor our Site to our users’ needs, and bring you advertising both on and off the Site. For example, some of the information may be collected so that when you visit the Site or again, it will recognize you and the information could then be used to serve advertisements and other information appropriate to your interests.
• Device Fingerprinting, which is the process of analyzing and combining sets of information elements from your device’s browser, such as JavaScript objects and installed fonts, in order to create a “fingerprint” of your device and uniquely identify your browser and device.

For further information on how we use tracking technologies for analytics and advertising (including the cookies we use which are placed by Global-e as part of our partnership with them as described in the Joint Controllership Statement), and your rights and choices regarding them, see the “Analytics, Advertising, and other Tracking Technologies” and “Your Rights and Choices” sections below.

Information from Other Sources.

We also collect and hold Personal Information from other sources. The categories of other sources from which we collect include the following:

• Data brokers or resellers from which we purchase data to supplement the data we collect.
• Social networks when you engage with our content, reference our Site, or grant us permission to access information from the social networks.
• Partners that offer co-branded services, sell or distribute our products, or engage in joint marketing activities. This includes the information that is shared with us by Global-e as part of our partnership with them as described in the Joint Controllership Statement.
• Customers in connection with us processing their transactions and purchases.
• Information you have made public, such as information you have posted as part of a review on our Site.

How We Use Information.

We collect, hold and use the Personal Information we collect for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our business purposes for collecting, holding and using information when you use the Site include the following:

• Operating and managing our Site.
• Fulfilling your purchases of our Products.
• Performing services requested by you, such as responding to your comments, questions, and requests, and providing customer service, in collaboration with Global-e.
• Sending you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages (which will either be sent by us or by Global-e on our behalf).
• Preventing and addressing breach of policies or terms, and threats or harm.
• Monitoring and analysing trends, usage, and activities, including aggregating or de-identifying information for these purposes.
• Conducting research, including focus groups and surveys.
• Improving and customizing the Site and our other websites, apps, marketing efforts, products and services.
• Evaluating whether you are a good match for our Ambassador Program and to administer the benefits of the program.
• Developing and sending you direct marketing, including advertisements and communications about our and other party products, offers, promotions, rewards, discounts, events, and services.
• Administering your participation in a contest or promotion, including to deliver a prize to you if you are the winner.
• Providing you advertising.
• Fulfilling any other business or commercial purposes at your direction or with your consent.
• Notwithstanding the above, we may use information which is no longer Personal Information under applicable data protection law in your jurisdiction (including, to the extent it falls within such a definition, information that has been aggregated or de-identified as per the above) for any purpose except as prohibited by applicable law.

For information on your rights and choices regarding how we use information about you, please see the “Your Rights and Choices” section below.

Our Legal Basis for Processing.

We rely on different legal bases for collecting and processing your Personal Information, which may include (depending on the circumstances and the requirements of law that apply in the circumstances): (i) as necessary to perform or take steps prior to entering into a contract (e.g., processing and fulfilling purchases, applying discounts to your purchases, administering your participation in contests and promotions, including to deliver a prize to you if you are the winner and performing services requested by you); (ii) as necessary to comply with a legal obligation (e.g., sending you information regarding changes to our policies, responding to data subject rights requests, and preventing and addressing breach of policies or terms and threats or harm); (iii) consent (where you have provided consent as appropriate under applicable law, such as monitoring and analysing trends, usage and activities, providing you with advertising and customizing our marketing efforts, developing and sending you direct marketing, including advertisements and communications about our and other party products, surveys and customer research, offers, promotions, rewards, events, and services, evaluating whether you are a good match for our Ambassador Program and to administer the benefits of the program), and where consent is otherwise required under applicable law; and (iv) as necessary for our legitimate interests.

With respect to our legitimate interests, where applicable, except where such interests are overridden by the interests or fundamental rights and freedoms of you that require protection of Personal Information, such legitimate interests include operating and managing our Site, sending you technical notices, updates, security alerts, and support and administrative messages, responding to and engaging in customer service telephone calls and (in each case only to the extent we are not legally required to obtain your consent to do so): monitoring and analysing trends, usage and activities, conducting research, improving and customizing the Site and our other websites, apps, products and services, developing and sending you some forms of direct marketing, including advertisements and communications about our and other party products, offers, promotions, rewards, events, and services, and fulfilling any other business or commercial purposes at your direction

How We Share Information.

We share the Personal Information we collect in accordance with the practices described in this Privacy Policy. The categories of entities to whom we disclose include the following:

• Service Providers. Your information may be transferred to service providers who process the information on our behalf, including service providers that host the Site, help with technical support, verify your eligibility for certain discounts, and provide analytics, advertising, and marketing services. Our service providers are only provided with the information they need to perform their designated functions and are not authorized to use or disclose the information for their own marketing or other purposes, although we may permit them to use information which is no longer Personal Information under applicable data protection law in your jurisdiction (including, to the extent it falls within such a definition, information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. Our service providers may be located in the U.S., Canada, E.U. or other foreign jurisdictions.
• Analytics and Advertising Technology-Related Vendors and Companies. We share analytics and advertising information with vendors and other companies who facilitate our use of analytics and advertising technology including ad exchange platforms, and social media and search engine providers who advertise our products. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information. For more information on advertising and analytics, see the “Analytics, Advertising, and other Tracking Technologies” section below.
• Affiliates. To a parent company, any subsidiaries, joint ventures, or other companies under a common control (collectively, “Affiliates”), in the event we have such Affiliates in the future, in order to facilitate the provision of our products to you and to meet our compliance obligations under applicable law.
• Partners. We share information with our partners in connection with offering co-branded services, selling or distributing our products, providing promotions, or engaging in joint marketing activities. These partners include Global-e, who we co-operate with in accordance with our Joint Controllership Statement.
• Legal and Compliance. We disclose your information to (i) comply with relevant laws or to respond to requests from public authorities or public entities, law enforcement, regulatory bodies or other government officials relating to investigations or alleged illegal activity (if the request is lawfully made and legally binding), or in response to a subpoena, a search warrant or other legally valid inquiry or order (in each case if lawfully made and legally binding); or (ii) another organization to the extent necessary to investigate a breach of an agreement or contravention of law, or to protect and defend our rights or property or the rights and property of you or third parties.
• Sale of Business. We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of FIGS or as part of a corporate reorganization or other change in corporate control.
• Facilitating Requests. We share information at your request or direction, such as when you use our “Refer a Friend” feature.
• Consent. We share information in accordance with your consent if you have provided us consent to share information.

Notwithstanding the above, we may disclose information which is no longer Personal Information under applicable data protection law in your jurisdiction (including, to the extent it falls within such a definition, information that has been aggregated or de-identified) except as prohibited by applicable law.

For information on your rights and choices regarding how we share information about you, please see the “Your Rights and Choices” section below.

Social Media and Technology Integrations.

Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.

We offer parts of our Site through websites, platforms, and services operated or controlled by separate entities. In addition, we integrate technologies operated or controlled by separate entities into parts of our Site. Some examples include:

• Links. The Site contains links to other websites that are not owned or controlled by us, including our partner sites and social media websites. These links are not intended as an endorsement of or referral to the linked websites. When you click on such a link, you will leave our Site and go to another site. The linked websites have separate and independent privacy policies, notices and terms of use.
• Brand Pages and Chatbots. We may offer our content through social media. Any information you provide to us when you engage with our content (such as through our brand page on Facebook or Instagram or via our chatbot on Facebook Messenger) is treated in accordance with this Privacy Policy. In particular, we use the statistical information relating to the use of our brand page on Facebook that Facebook makes available via its “Insights” service in an anonymised form – see here for more information. FIGS is a joint controller with Facebook for these purposes and has entered into a joint controller arrangement with Facebook in order to allocate the parties’ responsibilities under the GDPR between them – see the agreement here, which also contains information about who you can contact and how you can exercise your data subject rights. Also, if you publicly reference our Site on social media (e.g., by using a hashtag associated with us in a tweet or post), we may use your reference on or in connection with our Site.

Please note that when you interact with other entities, including when you leave our Site, those entities may independently collect information about you and solicit information from you. We have no control over, do not review and are not responsible for the privacy policies of or content displayed on such other websites, and therefore to the full extent permitted by law, we have no responsibility or liability in any manner for the manner in which the organizations that operate such websites may collect, use or disclose, secure or otherwise treat information. We recommend that you review the privacy policy of any other website you visit.

Analytics, Advertising, and other Tracking Technologies.

Our analytics and advertising activities

We use tracking and analytics services such as Google Analytics and the insights service offered by Global-e (see the Joint Controllership Statement above for further detail) to track and analyze how visitors use our Site.

In addition, we work with agencies, ad networks, and other advertising companies to place ads for our products on other websites and services. For example, we place ads through Google and Facebook that you may view on their platforms as well as on other websites and services.

Use of analytics and advertising tracking technologies

As part of this process, we may incorporate tracking technologies (including cookies and pixel tags) on our Site in order to provide you with tailored advertisements across the Internet and in order to help us improve or optimise the experience we provide, including by measuring how you interact with the Site and other technical information about your use of the Site. For a detailed summary of the tracking technologies we use and for further information from third parties about the tracking technologies they place on our Site, please see the table in the Appendix which is accessible here. In respect of the Global-e and Google Analytics tracking technologies referenced above, you can visit the following additional sources of information:

• Google’s right to use and share information collected by Google Analytics about your visits to the Site is governed by the Google Analytics Terms of Service and the Google Privacy Policy.
• Global-e’s right to use analytics cookies to provide us with insights about your use of our Site is governed by Global-e’s Privacy Policy.

Some of these tracking technologies may collect information about your activity across time and services (including on our Site and other websites such as web pages you visit and your interaction with our advertising and other communications) and use this information to make predictions about your preferences, develop personalized content, compile reports and deliver ads that are more relevant to you on other websites (“Interest-based Advertising”). This information may also be used to evaluate the effectiveness of our online advertising campaigns.

We also use audience matching services to reach people (or people similar to people) who have visited our Site or are identified in one or more of our databases (“Matched Ads”). This is done by us uploading a customer list to a technology service (for example a social media or search engine company) or incorporating a pixel or other tracking technology from a technology service into our own Site, and the technology service matching common factors between our data and their data. For instance, we may incorporate the Facebook pixel on our Site and may share your email address with Facebook as part of our use of Facebook Custom and Lookalike Audiences. When Facebook receives this information it uses it to display relevant ads to you (or people similar to you which it has identified). Similarly, we may also incorporate Google pixel tags into our Site which result in relevant ads being displayed to you (or people similar to you) when certain keywords are searched for on Google.

Information about Facebook’s right to use the information it collects through the Facebook pixel and Facebook Custom and Lookalike Audiences can be found as part of Facebook’s Privacy Policy. FIGS will be a joint controller with Facebook in respect of the Personal Information collected by the Facebook pixel, and has entered into a joint controller arrangement with Facebook in order to allocate the parties’ responsibilities under the GDPR between them – see the agreement here, which also contains information about who you can contact and how you can exercise your data subject rights. Information about Google’s right to use the information it collects through Google pixel tags can be found as part of Google’s Privacy Policy.

Use of other tracking technologies

We may also use the following types of tracking technologies, in addition to analytics and advertising tracking technologies:

• Essential – we place these tracking technologies to enable core functionality. If you disable these tracking technologies certain parts of the Site may not function for you, for example, adding items to your basket and proceeding to checkout.
• Functional – We place these tracking technologies which are not essential, but enable various helpful features on our Site. For example, these tracking technologies collect information about your interaction with the Site and may be used on our Site to remember your preferences (such as your language preference).