Tailor Brands Ltd. and its subsidiaries (collectively, “we”, “us”, “our”, “Tailor”, or “Tailor Brands”) own and operate the Website.
We help you to design your own unique brand identity.
1.1. We provide an online platform that helps users to create a logo, website, domain, designs, social tools, and develop a unique brand identity.
1.2. Accordingly, our users can use the Tailor’s services to design, create and customize their logo website, domain, designs and other branded items, such as “branding packages”, “logos”, “website”, “domain”, “designs” “brand guidelines”, “letterheads” and “business cards” (collectively, “Services“).
We collect and share personal data related to you to enable you to personalize your designs, purchase products, and utilize our Website and Services.
Types and Purposes of Processing Personal Data
2.1. We commit to process personal data related to you solely for the purposes described below. To the extent relevant and possible, we will make efforts to maintain personal data related to you accurate, complete and up to date.
2.2. If you create an account on the Website or use our Services, we will require certain personal data (for example, your name and email address) for the following purposes: (i) personalizing your products; (ii) allowing you to use the Services and purchase products; and, (iii) legal defense, where applicable.
2.3. If you wish to purchase products, we will further require you to provide payment details (for example, your credit card number and billing address) for the following purposes: (i) billing; and, (ii) legal defense, where applicable.
2.4. You hereby provide us with your freely given, specific, informed and unambiguous consent to use your name and likeness, including your Tailor Brands’ products, for our internal and marketing purposes, as further descried under the Tailor Brands Terms of Service.
2.5. We use third-party payment processing services called Braintree, Stripe, PayPal and Recurly (“Processing Services”) to process personally identifiable payment data related to you. The Processing Services have committed that they will comply with the necessary security standards. If you want to learn more, we recommend going over the Processing Services’ privacy policies.
2.6. If you contact our customer service, we will use the content of your message for the following purposes: (i) addressing your request; (ii) improving our Website and Services; and, (iii) legal defense, where applicable.
2.7. We will also process personal data related to you to improve the Website, establish statistical data about our web traffic, identify potential cases of abuse of our systems, as well as prevent cyber-attacks, fraud, and identity theft.
2.8. We use your email address to send out account-related and promotional emails. The emails are sent by third-party providers with whom we share your name and email address.
2.9. You can register to our mailing list to receive updates and marketing materials. You can opt-out from the list by simply click on the unsubscribed request written in the received email message.
2.10. If you use our Services to send emails to others, you acknowledge and agree to obtain their sufficient consent and send these email messages at your sole responsibility and risk.
2.11. To the extent that we utilize third-party processors or providers to process personal data, we engage with them under a data processing agreement to ensure we have their contractual commitments to protect personal data and process such personal data for specific purposes.
For example, all Google Display Network’s marketing services and features that Tailor Brands uses are also subject to Google’s relevant policies and agreements and the option to opt-out from them via the following web page is available here: tools.google.com/dlpage/gaoptout.
Similarly, all Facebook’s marketing services and features that Tailor Brands uses are also subject to Facebook’s relevant policies and agreements and the option to opt-out from them via the Facebook relevant help center page is available here: www.facebook.com/help/568137493302217.
2.12. We report and share personal data if we believe that we are required to do so by law. Furthermore, we need to disclose personal data in response to lawful requests by public authorities, including, without limitation, to meet national security or law enforcement requirements.
2.14. Your interaction with social media features, widgets, or websites are governed by the privacy policies of the applicable social media websites.
If you contact us via these social media websites, we will use the content of your message for the following purposes: (i) addressing your request; (ii) improving our Website and Services; and, (iii) legal defense, where applicable.
We are not responsible for any use, misuse or unlawful use of the identifiable data that you choose to post or share on these platforms.
2.15. We gather some data automatically, such as IP addresses, browser type, internet service providers, referral links, geo-locations and clickstream data.
2.17. We process aggregated data that is not personally identifiable data. For example, we use statistical analysis to improve our Services and share marketing data with our partners where such data do not identify individuals.
You can opt-out of our mailing list and terminate your use of the Website. Our Services do not respond to Do Not Track (DNT) signals.
4.1. You can unsubscribe from our mailing list directly from the email sent, by choosing to opt-out in the settings portion of your account profile or sending an opt-out request message to: [email protected].
4.2. You can object to the transfer of personal data related to you to a third party, other than third parties who are strictly necessary for us to comply with applicable law and/or agreement.
4.3. You can exercise your choice by contacting us at: [email protected]. To the extent necessary, we will ask you to provide us with necessary details to authenticate your identity and to identify data related to you on our systems.
4.4. Some web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is an HTTP header field indicating your preference for tracking your activities on our Services or through cross-site user tracking. Our Website and Services do not respond to DNT signals.
You can request access to personal data that we keep about you. You can also request us to correct wrong details about you or delete them from our systems.
Accessing Personal Data Related to You
5.1. You can contact us at: [email protected] and request access to the personal data that we keep about you. You can also request to correct wrong details about you or delete them. We will consider your request in accordance with applicable laws and regulations.
5.2. To the extent necessary, we will ask you to provide us with certain credentials or details to make sure that you are who you claim to be.
5.3. Note that we can delete personal data related to you in different manners, including by removing any identifying data and transforming personal data that relates to you into anonymized data.
We retain data as needed, to provide our Services and for legitimate and lawful purposes. We implement information security measures to secure personal data related to you and minimize the risks.
Data Retention; Information Security
6.1. We retain data as needed to provide our Services as well as for legitimate and lawful purposes. We also retain data pursuant to legal requirements under applicable laws.
6.2. We will make efforts to guarantee that personal data is kept for no longer than is necessary for the purposes for which the personal data is processed.
6.3. If we retain personal data related to you for any legitimate business purpose other than providing our Services, we will make efforts to limit the access to the personal data and the retention time to minimum.
6.4. Note that we can keep aggregated non-identifiable data without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable data, when we no longer need to process the data.
6.5. We implement information security measures, including internal policies and procedures, to secure personal data related to you as well as minimize the risks of theft, damage, loss of data, or unauthorized access.
6.6. These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that our Services will be immune from any wrongdoings, malfunctions, unlawful access or other kinds of abuse and misuse.
We store and process personal data in the U.S. and Israel.
Transfer of Personal Data Outside Your Territory
7.1. We store and process data in the U.S. and Israel, including sites operated and maintained by cloud-based hosting service providers in the U.S.
7.2. When we transfer personal data related to you from the European Union, our transfer of personal data related to you is governed by the provisions stated in Chapter 5 of the General Data Protection Regulation (EU) 2016/679 (Transfers of Personal Data to Third Countries or International Organisations).
7.3. If you are a resident in a jurisdiction where transfer of personal data related to you to another jurisdiction requires your consent, then you hereby provide us with your freely given, specific, informed and unambiguous consent to such transfer.
8.2. Unless required otherwise to comply with applicable laws, rules, regulations, and agreements, all minor changes (which have minor, if any, consequences) will take effect 7 days after we post or send the Notice, and substantial changes will be effective 30 days after post or send the Notice.
8.4. Note that we can modify, enhance or improve the Website and Services, and can accordingly offer additional tools and features. Where necessary, at our sole discretion, such additional tools and features will be governed by additional or different terms, as provided by us.
If the European Union data protection laws apply to the processing of personal data related to you, this Supplement A is also relevant for you.
Supplement A: EU Data Subjects’ Privacy Rights
9.1. If the European Union data protection laws apply to the processing of personal data related to you by Tailor Brands, then, as of May 25, 2018, the following information, rights and obligations also apply.
9.2. We process personal data related to you for the following lawful grounds –
9.2.1. All processing of personal data related to you which are not based on the lawful grounds indicated below, are based on your consent.
9.2.2. We process your account and payment details to perform the contract with you.
9.2.3. We will process personal data related to you to comply with legal obligations and to protect your and others’ vital interests.
9.2.4. We will further rely on our legitimate interests, which we have good-faith belief that they are not overridden by your fundamental rights and freedoms, for the following purposes –
18.104.22.168. Communications with you, including direct marketing where you are our client, or a user of our client, or where you contact us or show interest in our Services through our Website and other digital assets.
22.214.171.124. Cyber security.
126.96.36.199. Support, improving the Services, customer relations, and service operations.
188.8.131.52. Enhancements and improvements to your and other users’ experience with our Services.
184.108.40.206. Fraud detection and misuse of our Services.
9.3.1. Contact us if you want to withdraw your consent to the processing of personal data related to you. Exercising this right will not affect the lawfulness of processing based on consent before its withdrawal.
9.3.2. Request to delete or restrict access to personal data related to you. We will review your request and use our judgment, pursuant to the provisions of the applicable law, to reach a decision about your request.
9.3.4. You can ask to transfer personal data related to you in accordance with your right to data portability.
9.3.6. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affecting you.
9.3.7. You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
9.3.8. A summary and further details about your rights under the European Union data protection laws, is available on the European Union Commission’s website: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.
9.3.9. Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will ask you further questions to understand the nature and scope of your request.
9.3.10. If we need to delete personal data related to you following your request, it will take some time until we completely delete residual copies of personal data related to you from our active servers and from our backup systems.
9.5. If you have any concerns about the way we process personal data related to you, you are welcome to contact our data protection team at [email protected]. We will investigate your inquiry and make good-faith efforts to resolve any existing or potential dispute with you.
9.6. Our EU-GDPR Representative is: Rickert Rechtsanwaltsgesellschaft mbH – Tailorbrands -, Colmantstraße 15, 53115, Bonn, Germany, e-mail: [email protected] Our UK-GDPR Representative is: Rickert Services Ltd UK – Tailorbrands -, PO Box 1487, Peterborough, PE1 9XX, United Kingdom, e-mail: [email protected]
If you are a California resident, this Supplement B is also relevant for you.
Supplement B: Californians’ Privacy Rights
10.1. If you are a California resident, California Civil Code Section 1798.83 permits you to request in writing a list of the categories of personal data relating third parties to which we have disclosed certain categories of personal data during the preceding year for the third parties’ direct marketing purposes. To make such a request, please contact us at: [email protected].
10.2. In addition, as a California resident, the California Consumer Privacy Act (“CCPA”) applies to you, therefore, as of January 1, 2020, the following information, rights and obligations also apply.
10.2.1. Tailor Brands has collected the following categories of personal data from consumers within the last twelve (12) months:
10.2.1.1. Identifiers such as your real name, online identifier Internet Protocol address and email address.
10.2.1.2. Personal data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as address, credit card number and billing details.
10.2.1.3. Your Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an Internet website, application or advertisement.
10.2.1.4. Inferences drawn from any of the information identified to create a profile about you which reflects your preferences, characteristics, behavior, attitudes, intelligence and abilities.
10.2.1.5. In the preceding twelve (12) months, Tailor Brands has disclosed the categories of personal data related to you for business purposes to vendors, service providers and partners, as further described in Sections 2 and 7 above.
10.3. Tailor Brands collects and uses personal data related to you in order to provide you with the Services and shares personal data related to you as indicated in Sections 2 and 7 above.
10.4. The CCPA further provides you with the following privacy rights about personal data related to you, as follows –
10.4.1. Access to Specific Information and Data Portability Rights
You have the right to request that Tailor Brands will disclose certain information to you about our collection and use of personal data related to you over the past 12 months.
Following our confirmation of your request, we will disclose to you –
10.4.1.1. The categories of personal data we have collected about you.
10.4.1.2. The categories of sources for the personal data we have collected about you.
10.4.1.3. Our business and commercial purposes for collecting such personal data.
10.4.1.4. The categories of third parties with whom we have shared such personal data.
10.4.1.5. The specific pieces of personal data we have collected about you.
10.4.1.6. If we disclose personal data related to you for a business purpose, we will provide you with a list which will identify the personal data categories that each category of recipient obtained.
10.4.2. Deletion Request Rights
10.4.2.1. You have the right to request that we delete any of personal data related to you that we have collected from you.
10.4.2.2. Upon confirmation of your request, we will delete – and direct our service providers to delete – personal data related to you from our records, unless retaining the information is necessary for us or for our service providers to complete the transaction with you, detect security incidents, identify and repair errors, exercise free speech or another right provided by law, comply with specific laws or legal obligations or any other internal and lawful use.
10.4.3. Exercising Access and Deletion Rights
10.4.3.1. In order to exercise your access, data portability and deletion privacy rights, as described above, please submit a request here: support.tailorbrands.com/#contactModal or email us to: [email protected].
10.4.3.2. Only you or a person authorized to act on your behalf, can make a request related to personal data related to you. You can also submit a request on behalf of your minor child. Please note that a request for access can be made by you only twice within a 12-month period.
10.4.3.3. We will need to ask you to provide us with credentials to verify your identity or authority, address your request, and confirm the personal data relates to you. Note that we will only use the personal data provided in your request to verify your identity or authority and address your request.
10.4.3.4. We will do our best to respond to your request within 45 days of its receipt. If we require more time (up to additional 45 days), we will inform you of the reason and extension period in writing.
10.4.3.5. Any disclosures we provide will only cover the 12-month period preceding receipt of your request.
10.4.3.6. The response we provide will also explain the reasons we cannot comply with a request, where applicable.
10.4.3.7. We do not charge a fee to process or respond to your request unless it is excessive, repetitive or manifestly unfounded. If we determine that the request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before completing your request.
If the Brazilian General Data Privacy Law applies to the processing of personal data related to you, this Supplement C is also relevant for you.
Supplement C: Brazilian Privacy Rights
11.1. If the Brazilian General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais, hereinafter: the “LGPD”) applies to the processing of personal data related to you by Tailor Brands, then, as of August 1, 2020, the following information, rights and obligations also apply –
11.2. Our Position under the LGPD
11.3. DPO Contact Details
Tailor Brands has appointed a data protection officer in accordance with Article 41 of the LGPD (“DPO”). The DPO’s contact details are as follows: [email protected]. The activities of the DPO consist of the following –
11.3.1. to accept complaints and communications from data subjects, provide clarifications and take measures;
11.3.2. to receive communications from the supervisory authority and take measures;
11.3.3. to instruct the employees and contractors of the entity on the practices to be adopted in relation to personal data protection;
11.3.4. to carry out any other duties established by the controller or in supplementary rules; and,
11.3.5. to comply with the Brazilian data protection authority (‘ANPD’)’s supplementary rules, where applicable.
11.4. Types of Processing
We process personal data related to you for the following lawful grounds –
11.4.1. based on your consent;
11.4.2. for compliance with our statutory or regulatory obligation;
11.4.3. when necessary for the performance of agreements or preliminary procedures relating to agreements to which you are a party to, following your request;
11.4.4. for our regular exercise of rights in lawsuits, administrative or arbitration proceedings;
11.4.5. for protection of the life or of the physical safety of you or third parties; or,
11.4.6. when necessary to serve our relevant third-parties’ legitimate interests or our own legitimate interests, in accordance with the LGPD, except for cases in which your fundamental rights and liberties prevail.
11.5. Our Main Responsibilities under the LGPD
11.5.1. It is Tailor Brands’ responsibility to engage with all its processors (service providers who have access to personal data related to you) in order to protect personal data related to you in a suitable and secure manner as well as to indicate where personal data related to you is stored or processed.
11.5.2. In addition, Tailor Brands is responsible to provide you, where applicable, with the following privacy rights –
220.127.116.11. You have the right to request a confirmation of the existence of processing of personal data related to you.
18.104.22.168. You have the right to request an access to data personal data related to you.
22.214.171.124. You have the right to request the correction of incomplete, inaccurate or outdated personal data related to you.
126.96.36.199. You have the right to request a confirmation that anonymisation, blocking, or elimination of unnecessary or excessive of personal data related to you or personal data processed in noncompliance with the provisions of the LGPD have been implemented by Tailor Brands.
188.8.131.52. You have the right to be notified if a data breach related to personal data related to you occurs. The notification will include: (a) a description of the nature of the affected personal data; (b) information on the data subjects involved, without violating their privacy; (c) indication of the technical and security measures used for data protection, with due regard for trade and industrial secrets; (d) the risks relating to the data breach; (e) the reasons for the delay, in case the notice is not immediate; and, (f) the measures that were or will be adopted to reverse or mitigate the effects of the loss related to the data breach.
184.108.40.206. You have the right to request the portability of personal data related to you to other service providers or suppliers of product, at the express request, and observing the business and industrial secrets, in accordance with the regulation of the controlling body.
220.127.116.11. You have the right to request the elimination of personal data related to you, processed with the consent, except for the cases set forth in Article 16 of the LGPD (for example, to comply with legal obligations).
18.104.22.168. You are not obligated to provide us with your consent for the processing of personal data related to you. Without your consent, we will still provide you with any service that is not based on the processing of personal data. Please bear in mind that most of our Services require a membership which are based on the processing of personal data related to you, and we cannot provide such Services otherwise.
22.214.171.124. You have the right to withdraw your consent, pursuant to the provisions of paragraph 5 of Article 8 of the LGPD – by simply contacting our DPA at: [email protected].
11.6. Should you wish to exercise any of your LGPD’s rights, please contact our DPO at: [email protected].
11.7. We do not charge a fee to process or respond to your request unless otherwise provided or permitted under the LGPD, in which case we will provide you with the relevant notice in advance.