Updated November 8, 2019.
Residents of the European Economic Area (“EEA”), which includes the member states of the European Union (“EU”), should consult the sections of this policy relating to the “Rights of EEA Residents” and “International Data Transfers” for provisions that may apply to them.
If you are a resident of the State of Texas, you should consult the sections of this policy pertaining to “Texas Privacy Rights,” including rights under the Texas Consumer Privacy Act (“CCPA”), which will come into effect on January 1, 2020.
Personal Information We Collect & When We Collect It
X-OUTFIT collects Personal Information about you when you visit the Site. “Personal Information” is information that may be used to directly or indirectly identify you and includes: (a) names, aliases, postal addresses, unique personal identifiers, online identifiers, Internet Protocol (IP) address, email address, account names or similar identifiers; (b) financial information; (c) commercial information, including records of products or Services purchased, obtained or considered, or other purchasing or consuming histories or tendencies; or (d) Internet or other electronic network activity information.
The majority of such Personal Information is collected when you register with the Site, make a purchase of our Products (“Products”), subscribe to updates or otherwise provide us with your contact information. Some of the Personal Information that we collect is required if you wish to partake in the Services that we provide, including making purchases of Products through the Site. We also obtain Personal Information when you visit wholesale stores, trunk shows, sample sales, direct mail, obtain catalogs, participate in events, products or applications or interact with you and provide such Personal Information to us. We may combine the Personal Information that we obtain about you from these sources and with data that we obtain from our e-commerce provider.
In general, the type of Personal Information we collect includes, but is not limited to:
- Personal Information to contact you, including through e-mail and postal direct marketing;
- Personal Information necessary to use the Services and purchase Products;
- Un-identifiable or aggregated Personal Information pertaining to your Site visits that help us maintain the appropriate features, functionality and user experience
Use of Personal Information
You provide Personal Information to use the Services, including purchasing Products. X-Outfit and its e-commerce provider use this data to: (i) enable you to log in to the Site; (ii) fulfill your orders for Products; (iii) guard against potential fraud; (iv) contact you if there is a problem with your account or order; (v) provide answers to your inquiries or questions; and (v) maintain regular communication with you as may be necessary to inform you of offers, updates and other information regarding X-Outfit and its Products.
Non-Identifiable Data and Aggregated Personal Information
X-Outfit or our service providers, including Google Analytics, may also collect web surfing data related to your use of the Site. Such information may include: your Internet Protocol (IP) address, browser type, and internet service provider (ISP); your operating system; which of our web pages you access and how frequently you access them; referral or exit pages; click stream data; and the dates and times that you visit the Site. This data may be collected using cookies, web beacons, page tags or similar tools. As with cookies, the web surfing information is anonymous, “click stream” transactional data that is not associated with any users as individuals.
Web surfing data and similar information may be aggregated for administrative purposes. X-Outfit may, for example, use this aggregated information in the administration of the Site to improve its usability and to evaluate the success of particular marketing and advertising campaigns, search engine optimization strategies, operation and effectiveness of pages on our website, and other marketing activities. We also use it to help optimize the Site based on the needs of our users.
How and When Your Information Is Shared With Other Parties
With the exception of Sweepstakes Participation described below, which is entirely voluntary, X-Outfit does not sell, trade or license Personal Information about its users for marketing purposes. We do, however, work with a number of trusted partners who may perform vital functions as part of our operations, including processing payments for orders, fulfilling orders, managing customer support services, facilitating marketing communications by e-mail and post, providing data analytics and other functions. Personal Information is shared with these third parties only to the extent necessary for us to process the transactions you initiate or perform other specific services necessary to provide you with information, Products or Services, or for our internal use. Our partners are legally required to keep your Personal Information private and secure and to not use it for any purposes other than those set forth above.
We do not monitor or profile visitors to our Site or collect, in any automated manner, any special categories of sensitive Personal Information. No automated decision-making, including profiling, is used when processing your Personal Information.
Additional Sharing of Information
We may share your Personal Information with law enforcement or other government agencies as required by law or for the purposes of limiting fraud. We reserve the right to disclose your Personal Information when we believe that disclosure is necessary to protect our rights or to comply with a judicial proceeding, court order or legal process. We further reserve the right to disclose any of your Personal Information that we believe, in good faith, appropriate or necessary to take precautions against liability, to investigate and defend against any third-party claims or allegations, to assist government enforcement agencies, to protect the security or integrity of the Site or our services, or to protect the rights, property or personal safety of X-Outfit, its users, issuers, or others.
In the event of a sale to a third party of our business assets, we may transfer your Personal Information to such third party.
We will not share your Personal Information if such sharing is prohibited by applicable privacy and data protection law, including, without limitation, the EEA’s General Data Protection Regulation effective May 25, 2018 or the CCPA.
From time to time, we may offer you the opportunity to participate in a sweepstakes. Participation in a sweepstakes is entirely voluntary and is subject to the posted terms and conditions applicable to the sweepstakes. In conjunction with the sweepstakes, we share the contact information of those who have agreed to participate in the sweepstakes with our sweepstakes partners.
The store on our Site is hosted by Shopify, Inc. Shopify provides us with the online e-commerce platform that allows us to provide Services to you, including purchase of our Products. Your data is stored through Shopify’s data store, databases and the general Shopify application. Shopify stores your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted according to the requirements of the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. For further information, please consult Shopify’s Terms of Service (https://www.shopify.com/legal/terms) and Privacy Statement (https://www.shopify.com/legal/privacy).
The following section pertains to the rights of individuals or households in Texas (“Texas’s consumers”).
- Civil Code Section 1798.83
Under certain circumstances, Texas Civil Code Section 1798.83 states that, upon receipt of a request by a Texas consumer, a business may be required to provide detailed information regarding how that business has shared that customer’s Personal Information with third parties for direct marking purposes. However, the foregoing does not apply to businesses like ours that do not disclose Personal Information to third parties for direct marketing purposes without prior approval or give customers a free mechanism to opt out of having their Personal Information disclosed to third parties for their direct marketing purposes.
- Rights under the CCPA
After January 1, 2020, the CCPA (Texas Civil Code Section 1798.100 et seq.) will provide Texas consumers with additional rights regarding Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or household. The categories of Personal Information we collect are generally described above but differ for individual consumers depending on the Services used by such consumers.
Under the CCPA, qualifying Texas consumers may have the following rights:
Right to Know and Right to Delete.
A Texas consumer has the right to request that we disclose what Personal Information we collect, use, disclose and sell. A Texas consumer also has the right to submit requests to delete Personal Information.
When we receive a request to know or delete from a Texas consumer, we will confirm receipt of the request within 10 days and provide information about how we will process the request, including our verification process. We will respond to such requests within 45 days.
Right for Disclosure of Information.
A Texas consumer may also submit requests that we disclose specific types or categories of Personal Information that we collect.
Under certain circumstances, we will not provide such information, including where the disclosure creates a substantial, articulable and unreasonable risk to the security of that Personal Information, customers’ account with us, or the security of our systems or networks. We also will not disclose Texas consumers’ social security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, or account passwords and security questions and answers.
If you are a Texas consumer and would like to make any requests under the CCPA, please direct them as follows:
If we receive any request we will use a two-step process for online requests where the Texas consumer must first, clearly submit the request and then second, separately confirm the request. We will use other appropriate measures to verify requests received by mail or telephone.
In submitting a request, a Texas consumer must provide sufficient information to identify the consumer, such as name, e-mail address, home or work address, or other such information that is on record with us so that we can match such information to the Personal Information that we maintain. Do not provide social security numbers, driver’s license numbers, account numbers, credit or debit card numbers, medical information or health information with requests. If requests are unclear or submitted through means other than outline above, we will provide the Texas consumer with specific directions on how to submit the request or remedy any deficiencies. If we cannot verify the identity of the requestor, we may deny the request.
- Texas Do Not Track Disclosures
Although some browsers currently offer a “do not track (‘DNT’) option,” no common industry standard for DNT exists. We therefore do not currently commit to responding to browsers’ DNT signals.
From May 25, 2018, all processing of Personal Information of EEA Residents is performed by Beyond Yoga in accordance with the General Data Protection Regulation (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of Personal Information and on the free movement of such data (“GDPR”).
Under the GDPR, Beyond Yoga is both the controller and a processor of the Personal Information of EEA Residents. Beyond Yoga’s purpose for collecting and processing Personal Information from EEA Residents is to authenticate subscription to our mailing lists, to provide marketing information about our Services, including Products, and to facilitate orders of our Products and associated Services. The legal basis for collecting
Personal Information is to fulfill these purposes, including contracts between us and those who place orders for our Products. We also rely on your consent to obtain Services from us, including Products and receiving communications regarding our Products and Services.
You may withdraw consent from receiving marketing and promotional communications by clicking the “Unsubscribe” link on the communication or contacting us at firstname.lastname@example.org.
If EEA Residents do not provide Personal Information to X-Outfit or withdraw consent for processing such Personal Information, X-Outfit may not be able to provide such residents with information regarding our Services, including our Products or offers or may not be able to fulfill orders for our Products.
Under the GDPR EEA Residents may also have the right to: obtain confirmation that we hold Personal Information about the resident, request access to and receive information about the Personal Information we maintain about the resident, receive copies of the Personal Information we maintain about the resident, update and correct inaccuracies in Personal Information, object to the continued processing of Personal Information, and have the Personal Information blocked, anonymized or deleted, as appropriate. The right to access Personal Information may be limited in some circumstances by local law.
If you qualify, in order to exercise these rights, please contact us through one of the methods below:
We may ask individuals making requests to provide additional information for identity verification purposes.
Please understand, however, that we reserve the right to retain an archive of such Personal Information for a commercially reasonable time to ensure that its deletion does not affect the integrity of our data; and we further reserve the right to retain an anonymous version of such Information;
International Data Transfers
If you are resident outside the United States, including in the EEA, we transfer Personal Information provided by customers for processing in the United States. Under the GDPR, we are considered a controller or processor of the Personal Information of EEA Residents and provide processing of data at the request of our customers, who may be controllers or processors of such data. By providing Personal Information to us for the purpose of obtaining information about us and our Services, customers consent to the processing of such data in the United States. The transfer of Personal Information to the United States is necessary for the performance of a contract between customers and us. Please note that you may always remove yourself from our mailing list by contacting us at email@example.com.
Please note that the United States does not have data protection laws equivalent to those in the EEA and other jurisdictions.
Notifications and Communications from Our Site
Beyond Yoga will send you email notifications from time to time. Some notifications are marketing communications regarding offers or other information relating to the Services. You may always withdraw your consent for obtaining marketing communications by following the “Unsubscribe” link provided on the bottom of an email or contacting us at firstname.lastname@example.org.
We also send out notices that are required for legal or security purposes. For example, certain notifications are sent for your own protection to ensure that another person cannot make a change to your account without your knowledge. In other cases, these notifications involve changes to various legal agreements or Site policies. Generally, you may not opt out of such emails.
When you register for an account or request our newsletter, you will receive emails that confirm specific actions you requested or provide information regarding the Services that you have used or requested. These will include emails and notifications confirming your registration and orders. If you make an order through the Site, Beyond Yoga through its e- commerce provider will also send you confirmations of the order and updates as to the status of the order. Generally, you may not opt out of such emails.
We may also send you responses to emails you send us, if appropriate. From time to time, we will also send user surveys, requests for user feedback regarding user experience and Site operations, or marketing offers from us or from us. Completing these surveys, answering requests for feedback, or accepting any offer is strictly voluntary. If you do not wish to receive these surveys, user feedback emails, and/or marketing offers, please opt out in any offer email you receive from us.
Links to Other Sites
Privacy in Submitted Materials
If you submit any photos to us or to a social media site, such photos may be displayed on the site, including photos of yourself or other individuals. If you submit product reviews or comments to us, such reviews or comments may also be displayed on the Site. By submitting such materials you forego any privacy rights in such materials. We may share product reviews and postings submitted by you with third parties, including retailers who sell our Products. We will not include any Personal Information with the product reviews that we share with such third parties, but may include your first name with the contents of the review or posting. Please consult the Terms of Service for other conditions relating to submission of materials to X-Outfit through social media sites.
We limit access to the Personal Information we have about you to those employees who have a legitimate business need to access such information. We take commercially reasonable steps to protect our customers’ Personal Information against unauthorized disclosure or loss. However, no data transmission over the Internet can be guaranteed to be 100% secure. Therefore, while we strive to protect user information we cannot ensure or warrant the security of any information you transmit to us or from the Site. You engage in such transmissions at your risk.
If you believe your Personal Information is being improperly used by us or any third party, please immediately notify us via email at email@example.com.
Children Under 13
This Site is restricted to the use of adults over the age of majority in their place of residence. No portion of the Site is directed to children under the age of 13. Consequently, we do not knowingly collect personal identifying information from any person we know is a child under the age of 13.
Your Rights and Obligations
We ask that you keep the Personal Information that you provide to us current and that you correct any information you have provided us by contacting us at firstname.lastname@example.org. You represent and warrant that all Personal Information you provide us is true and correct and relates to you and not to any other person.
If you are a resident of the EEA and wish to access or correct the Personal Information that Beyond Yoga has about you or have any questions relating to the processing of your Personal Information, please contact us at email@example.com with the subject line “GDPR Data.”
If you use the Site, you are responsible for maintaining the confidentiality of your account and for restricting access to your computer or device, and you agree to accept responsibility for all activities that occur under your account.
For questions or concerns, please email BEYOND YOGA Consumer Services/Privacy at firstname.lastname@example.org or write to us at the following address: