If you are a California or Nevada resident, please see “Additional Disclosures for California Residents” and “Additional Disclosures for Nevada Residents” below. If you are a European Union (“EU”) resident, please see “Additional Disclosures for EU Residents” below.
If you have any questions or wish to exercise your rights and choices, please contact us as set out in the “Contact Us” section.
How We Collect and Hold Information.
Information You Provide.
We collect Personal Information when you use the Site. The categories of information we collect and have collected about you in the last 12 months include the following:
- Contact Data, including but not limited to your name, email address, postal address, phone number, and similar information about your employer.
- Demographic Data, including but not limited to your birth date and month, gender, country, occupation, student or military status.
- Transaction Data, including but not limited to information about your purchases and the last four digits of your payment card.
- Profile Data, including but not limited to your interests, sizing, preferences, and favorites.
- Content, including but not limited to content within any messages you send to us (such as feedback and questions to customer support) or publicly post on the Site (such as in product reviews).
- Referral Data, including but not limited the name and email address of your friend when you use our “Refer a Friend” feature.
- Job Application Data, including but not limited to your employment and education history, transcript, writing samples, and references.
You may choose to voluntarily provide other information to us that we do not request.
If you do not provide us with the requested information, we may not be able to provide you with access to or full use of our websites and/or services.
We collect information in the following circumstances, and hold the information in the following ways:
- Create an Account. You do not have to create an account in order to browse our Site or place an order. If you choose to create an account, we will collect your Contact Data and Demographic Data. Your password is stored with our service providers and we do not have access to it. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password. We may allow you to store Profile Data and other information through your account.
- To place an order, we will require your Contact Data and Profile Data. We use service providers to process your payments.
- Marketing Communications. If you subscribe to our email mailing list, we collect your Contact Data as well as other information on an optional basis.
- Contests and Promotions. When you enter a contest or participate in a promotion, we collect your Contact Data and any additional information or content required for the contest or promotion. These contests and promotions are voluntary. We recommend that you read the rules for each contest and promotion that you enter.
- Contact Us. When you contact us with a comment, question or complaint through email, social media, or telephone, you may submit Contact Data along with other information or Content.
- Surveys and Customer Research. From time to time, we may offer you the opportunity to participate in one of our surveys or other customer research. We may collect your Contact Data and other information you submit.
- Ambassador Program. When you apply to or participate in our FIGS Ambassador Program, we may collect your Contact Data, Demographic Data, and any additional information or content required for application to or participation in the program. Applying to and participating in the Ambassador Program is voluntary.
- Refer a Friend. By using this feature, you acknowledge and agree that you have your friend’s consent for us to use their contact information to fulfill your request and send them an email about our service.
- Apply for a Job: When you apply for a job, we will collect your Job Application Data as necessary to consider you for job openings.
Information Collected Automatically.
In addition, we automatically collect and hold Personal Information when you use the Site. The categories of information we automatically collect and have automatically collected in the last 12 months include the following:
- Site Use Data, including data about the features you use, the pages you visit, the searches you make, the Products you view and purchase, the referring/exit pages, the domain name, clickstream data, and the date/time stamp for your visit.
- Device Connectivity and Configuration Data including data about your browser or device type, your device’s operating system, your Internet service provider (“ISP”), your device’s regional and language settings, your device’s Internet Protocol (“IP”) address (a number that is automatically assigned to your device when you use the Internet, which may vary from session to session), and other device identifiers.
We use various current – and later – developed tracking technologies to automatically collect information when you use the Site, including the following:
- Log Files, which are files that record information automatically in connection with your use of the Site.
- Cookies, which are small pieces of information stored on your device’s browser that act as a unique tag to identify your browser. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device for extended periods of time) to provide you with a more personal and interactive experience on our Site. Cookies allow us to make the Site more useful to you, remember your preferences, support security features, tailor your experience, better understand how you use the Site, and bring you advertising both on and off the Site.
For further information on how we use tracking technologies for analytics and advertising, and your rights and choices regarding them, see the “Analytics and Advertising” and “Your Rights and Choices” sections below.
Information from Other Sources.
We also collect and hold Personal Information from other sources. The categories of other sources from which we collect and have collected information in the last 12 months include the following:
- Data brokers or resellers from which we purchase data to supplement the data we collect.
- Social networks when you engage with our content, reference our Site, or grant us permission to access information from the social networks.
- Partners that offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
- Customers in connection with us processing their transactions and purchases.
- Publicly-available sources, including data in the public domain.
How We Use Information.
- Operating and managing our Site.
- Processing and fulfilling transactions and purchases.
- Performing services requested by you, such as responding to your comments, questions, and requests, and providing customer service.
- Sending you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
- Preventing and addressing fraud, breach of policies or terms, and threats or harm.
- Monitoring and analysing trends, usage, and activities.
- Conducting research, including focus groups and surveys.
- Improving and customizing the Site and our other websites, apps, marketing efforts, products and services.
- Evaluating whether you are a good match for our Ambassador Program and to administer the benefits of the program.
- Developing and sending you direct marketing, including advertisements and communications about our and other party products, offers, promotions, rewards, events, and services.
- Administering your participation in the contest or promotion, including to deliver a prize to you if you are the winner.
- Providing you advertising.
- Fulfilling any other business or commercial purposes at your direction or with your consent.
- Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see the “Your Rights and Choices” section below.
How We Share Information.
- Service Providers. Your information may be transferred to service providers who process the information on our behalf, including service providers that process purchases for us, host the Site, help with fraud prevention and technical support, verify your eligibility for certain discounts, and provide analytics, advertising, and marketing services. Our service providers are only provided with the information they need to perform their designated functions and are not authorized to use or disclose the information for their own marketing or other purposes, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. Our service providers may be located in the U.S., Canada or other foreign jurisdictions.
- Vendors and Other Parties. We share information with vendors and other parties, including analytics and advertising technology companies. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information. For more information on advertising and analytics, see the “Advertising and Analytics” section below.
- Affiliates. To a parent company, any subsidiaries, joint ventures, or other companies under a common control (collectively, “Affiliates”), in the event we have such Affiliates in the future.
- Partners. We share information with our partners in connection with offering co-branded services, selling or distributing our products, providing promotions, or engaging in joint marketing activities.
- Customers. We share information with our customers in connection with us processing their transactions and purchases.
- Sale of Business. We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of FIGS or as part of a corporate reorganization or other change in corporate control.
- We share information you make public through the Site, such as information when you post a review. Please think carefully before making information public as you are solely responsible for any information you make public. Once you have posted information, you may not be able to edit or delete such information, subject to additional rights set out in the “Your Rights and Choices” section below.
- Facilitating Requests. We share information at your request or direction, such as when you use our “Refer a Friend” feature.
- Consent. We share information with notice to you and your consent.
Notwithstanding the above, we may disclose information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see the “Your Rights and Choices” section below.
Social Media and Technology Integrations.
We offer parts of our Site through websites, platforms, and services operated or controlled by separate entities. In addition, we integrate technologies operated or controlled by separate entities into parts of our Site. Some examples include:
Analytics and Advertising.
As part of this process, we may incorporate tracking technologies (including cookies and pixel tags) on our Site in order to provide you with tailored advertisements across the Internet. These tracking technologies may collect information about your activity across time and services (including on our Site and other websites such as web pages you visit and your interaction with our advertising and other communications) and use this information to make predictions about your preferences, develop personalized content, compile reports and deliver ads that are more relevant to you on other websites (“Interest-based Advertising”). This information may also be used to evaluate the effectiveness of our online advertising campaigns.
We also use audience matching services to reach people (or people similar to people) who have visited our Site or are identified in one or more of our databases (“Matched Ads”). This is done by us uploading a customer list to a technology service or incorporating a pixel from a technology service into our own Site, and the technology service matching common factors between our data and their data. For instance, we incorporate the Facebook pixel on our Site and may share your email address with Facebook as part of our use of Facebook Custom Audiences.
For further information on the types of tracking technologies we use on the Site and your rights and choices regarding analytics, Interest-based Advertising, and Matched Ads, please see the “Information Collected Automatically” and “Your Rights and Choices” sections.
Your Rights and Choices.
Account Information and Ambassador Program.
If you have an account with us or are a member of our Ambassador Program, you may request access to, updating of, or corrections of inaccuracies to any information you have submitted to us through your account or to our Ambassador Program by emailing us at firstname.lastname@example.org. We may request certain information for the purpose of verifying the identity of the individual seeking access to his or her records.
You may also request deletion of information you have submitted to us through your account or to our Ambassador Program, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete information, it will be deleted from the active database, but may remain in our archives and we may also retain information that does not identify you (including information that has been aggregated or de-identified) about use of our Site and purchase of Products as permitted by applicable law.
With your consent, we may send marketing communication to you through various channels, including by email and physical mail.
You can opt out of receiving marketing emails from us at any time by clicking the “Unsubscribe” link at the bottom of each email or emailing us at email@example.com with the word UNSUBSCRIBE in the subject field of the email. Please note that even if you unsubscribe or opt-out, we may still send you transactional, order, Site and Product related communications (e.g., emails related to your orders or comments).
You can also opt out of receiving physical mail marketing communications by emailing us at firstname.lastname@example.org.
After you opt-out or update your marketing preferences, please allow us sufficient time to process your marketing preferences. Unless otherwise required to process your requests earlier by law, it may take up to 5 business days to process your opt out requests in relation to receipt of electronic marketing materials such as emails, and up to 30 days for all other marketing-related requests.
Tracking Technology Choices.
Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. We do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com. Please be aware that if you disable or remove tracking technologies some parts of the Site may not function correctly.
Analytics and Interest-Based Advertising.
You can opt out of the processing of certain data collected by Google Analytics, by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout. The companies we work with to provide you with targeted ads are required by us to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance (“DAA”) and/or the Network Advertising Initiative (“NAI”). For more information about Interest-based Advertising and to understand your options, including how you can opt-out of receiving behavioural ads from participating companies, please visit the DAA website opt-out at http://www.aboutads.info/choices, the DAA of Canada website opt-out at http://youradchoices.ca/choices, or the NAI opt-out at https://www.networkadvertising.org/choices/. Even if you opt-out of interest-based advertising by a participant, tracking technologies used on the Site may still collect data for other purposes including analytics. You may still see ads from us, but the ads from the participants with whom you opted out will not be targeted based on behavioural information about you and may therefore be less relevant to you and your interests.
Please note that your opt out only applies to the specific web browser you use so you must opt out of each web browser on each device you use. To successfully opt out, you must have cookies enabled in your web browser (see your browser’s instructions for information on cookies and how to enable them). Once you opt out, if you delete your browser’s saved cookies, you will need to opt out again.
To opt out of us using your data for Matched Ads, please contact us as set forth in the “Contact Us” section below and specify that you wish to opt out of Matched ads. We will request that the applicable technology service not serve you Matched ads based on information we provide to it. Alternatively, you may directly contact the applicable technology service to opt out.
We are not responsible for the effectiveness of, or compliance with, any opt out options or programs, or the accuracy of any company statements regarding their opt out options or programs.
We implement reasonable administrative, technical and physical measures in an effort to safeguard the information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information.
Access to and Correction of Information.
We will correct, update and/or make our file of your information available to you within a reasonable time from receipt of your request to the contact details as set out in the “Contact Us” section. We will only withhold access where permitted by law.
Retention and Deletion of Information.
We will retain and process your personal data only for as long as is necessary for the purposes for which the information is collected, and to the extent necessary to comply with our legal obligations under applicable law.
When we no longer need to use your personal information or retain it pursuant to legal obligations in order to exercise our legal rights, we will remove it from our systems and records or take steps to anonymise it so that you can no longer be identified from it in accordance with applicable law. When we delete information, it will be deleted from the active database, but may remain in our archives and we may also retain information that does not identify you (including information that has been aggregated or de-identified) about use of our Site and purchase of Products as permitted by applicable law.
The Site is not directed to children under 13 and we do not knowingly collect personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children under 13. If you are a parent or guardian and you believe we have collected personal information from your child, contact us at email@example.com. If we learn that we have collected personal information from a child under 13, we will delete the information. Additionally, if you are under the age of majority (typically 18 or 19 years, depending on your jurisdiction), you may not purchase any Products. We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.
In most cases we will ask that you put your request in writing to us. We will investigate your complaint and will respond to you in writing as soon as reasonably possible. If we fail to respond to your complaint or if you are dissatisfied with the response that you receive from us, you might also have the right to make a complaint to the applicable privacy authorities. In Australia, this is the Office of the Australian Information Commissioner (www.oaic.gov.au).
Additional Disclosures for California Residents.
These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.
California Notice of Collection.
In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:
- Identifiers, including name, address, email address, account name, IP address.
- Customer records, phone number, billing address, employment or education information.
- Demographic information, such as your gender. This category includes pieces of personal information that also qualify as a protected classification characteristics under other pre-existing California or federal laws.
- Commercial information, including purchases and engagement with the Services.
- Internet activity, including history of visiting and interacting with our Service, browser type, browser language and other information collected automatically.
- Employment and education data, including information you provide when you apply for a job with us.
- Inferences, including information about your interests, preferences and favorites.
- For more information on information we collect, including the sources we receive information from, review the “How We Collect Information” section above. We collect and use these categories of personal information for the business purposes described in the “How We Use Information” section above, including to provide and manage our Site.
- We do not sell any of your personal information to third parties for profit. Like most online businesses, we do share some information with contracted third parties in order to provide better services and advertising to you, as disclosed in the “Analytics and Advertising” section above. The CCPA may classify our limited sharing with these contracted third parties as a “sale” of personal information. To the extent “sale” under the CCPA is interpreted to include advertising technology activities, we will comply with applicable law as to such activity. We disclose the following categories of personal information for commercial purposes: identifiers, demographic information, commercial information, internet activity, and inferences. We use and partner with different types of entities to assist with our daily operations and to manage our Site. Please review the “How We Share Information” section for more detail about the parties we have shared information with.
Right to Know and Delete.
If you are a California resident, you have the rights to delete the personal information we have collected from you and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the personal information; and
- The specific pieces of personal information we have collected about you.
To exercise any of these rights, please submit a request through our online form available through our online request portal, call our toll free number at 1-888-688-0059, or email us at firstname.lastname@example.org. In the request, please specify which right you are seeking to exercise and the scope of the request. We will request the following information: (i) your full name (ii) the region in which you are located at the time you are making your request, (iii) the data subject rights you wish to exercise. We may also require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
Right to Opt-Out of Sale.
We do not sell any of your personal information to third parties for profit. Like most online businesses, we do share some information with contracted third parties in order to provide better services and advertising to you. California law may classify our limited sharing with these contracted third parties as a “sale” of personal information, and we do afford you the option to opt-out of sharing this information. You may submit a request to opt-out through our online request portal. You may also submit a request to opt-out by emailing us at email@example.com.
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
Right to Non-Discrimination.
You have the right not to receive discriminatory treatment by us for the exercise of any your rights.
Shine the Light.
Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in “Contact Us” above and specify that you are making a “California Shine the Light” request. We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
Additional Disclosures for Nevada Residents.
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at firstname.lastname@example.org.
Additional Disclosures for EU Residents.
These additional disclosures apply only to EU residents. FIGS, Inc., 2834 Colorado Ave, Suite 100
Santa Monica, CA 90404 United States, collects and processes EU residents’ Personal Information in compliance with applicable data protection laws, in particular the General Data Protection Regulation, European Regulation 2016/679 (“GDPR”).
The types of Personal Information we collect are detailed in the “How We Collect Information” section above. The “How We Use Information” section above describes the purposes for which we use and otherwise process Personal Information, and the “How We Share Information” section above describes the entities to whom we disclose Personal Information. We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
We rely on several different legal bases for collecting and processing your Personal Information, including: (i) as necessary to perform a transaction (e.g., processing and fulfilling transactions and purchases); (ii) as necessary to comply with a legal obligation (e.g., sending you information regarding changes to our policies and preventing and addressing fraud, breach of policies or terms, and threats or harm); (iii) consent (where you have provided consent as appropriate under applicable law, such as fulfilling any other business or commercial purposes at your direction, performing services requested by you, administering your participation in a contest or promotion, including to deliver a prize to you if you are the winner, evaluating whether you are a good match for our Ambassador Program and to administer the benefits of the program); and (iv) as necessary for our legitimate interests. With respect to our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of you that require protection of Personal Information, such legitimate interests include operating and managing our Site, sending you technical notices, updates, security alerts, and support and administrative messages, monitoring and analysing trends, usage, and activities, conducting research, improving and customizing the Site and our other websites, apps, marketing efforts, products and services, providing you advertising, and developing and sending you direct marketing, including advertisements and communications about our and other party products, offers, promotions, rewards, events, and services.
We retain your Personal Information only for as long as is necessary for the purposes for which the information is collected, and as otherwise described in the “Retention and Deletion of Information” section above.
As an EU resident, you are entitled to the following:
- The right to access. You have the right to request copies of your Personal Information.
- The right to rectification. You have the right to request that we correct any information you believe is inaccurate or incomplete.
- The right to erasure. You have the right to request that we erase your Personal Information, under certain conditions.
- The right to restrict processing. You have the right to request that we restrict the processing of your Personal Information, under certain conditions.
- The right to object to processing. You have the right to object to our processing of your Personal Information, under certain conditions.
- The right to data portability. You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- The right to withdraw consent. You have the right to withdraw your consent to our processing of your Personal Information at any time where we relied on your consent to process your Personal Information. Please note that withdrawal of your consent does not affect our use or processing of your Personal Information prior to your consent being withdrawn.
You may contact us as described in the “Contact Us” section described above to exercise your rights. Finally, you can always lodge a complaint with your data protection authority, if you would feel that we have not acted in accordance with applicable data privacy legislation.
Last updated: May 4, 2020