Last updated: 1.1.2023
Sizey Oy (“Sizey” or “us”, “our” and similar expressions) provides an online service on its platform enabling private persons to perform 3D human body modeling and receive his/her body measurement information (“Platform”).
When a user of our (“you” and similar expressions) Platform applies for and uses our services, we collect, use and share your personal data in the manner described in this policy. By personal data we mean any information about an individual from which that person can be identified, either directly or indirectly.
This policy applies to your use of:
a) Sizey websites;
b) Sizey Platform; and
c) any of Sizey’s services accessible through the applications or the websites (such applications and websites of Sizey’s customers).
We may update this policy from time to time in response to changing legal, technical or business developments. When we update this policy, we will strive to inform you in a manner consistent with the significance of the changes we make and provided that you have provided your contact details allowing us to notify you of such changes.
2. Personal data we may collect about you
|We may collect, use, store and transfer the following kinds of personal data about you: Contact Data||Provided that you have contacted us and given your contact details in connection with starting to the use of the Platform, your contact data, such as your name and email address.|
|Transaction Data||Details on measurement transactions carried out on the Platform such as your gender, height, your body measurements created by our service on the Platform and your|
3. How we collect the data
We may collect personal data from you in the following ways:
• Information provided by you: You may give us your Contact, Transaction and Communications Data by submitting it to us through our website or the Platform, or by communicating with us by phone, email or otherwise. The data may be submitted in connection with, for example, registering for our Platform, using the Platform or support requests related to our services.
• Automated technologies: We may automatically collect Transaction, Marketing, Technical and Usage Data, as well as certain Communications Data, based on your use of our website and Platform.
Where we need to collect certain data by law or based on a contract between you and us or our customer, and you fail to provide that data when requested, we may not be able to
provide you with the services you have requested. We will notify you about such requirements separately.
4. How we use the data
Below we have set out the purposes for which we intend to process your personal data and the legal bases we are relying on to do that. Most commonly, we will rely on the following lawful grounds to collect, use and disclose your personal data:
1) Contract: We need to data for the performance of a contract with you and in order that a contract with you can be entered into.
2) Legitimate interests: The processing of data is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
3) Legal obligation: We need to comply with a legal or regulatory obligation.
We may rely on more than one legal basis depending on the specific purpose for which we are using your data. If you need details about the grounds we are relying on with respect to specific data or circumstances, please contact us as set out above.
|Type of data||Purpose||Legal basis|
|Contact, Transaction, Technical, Usage, Communications||Providing our services, including customer support||Contract Consent (where legally required)|
|Contact, Transaction, Technical, Usage, Communications.||Analyzing and improving the use and functionality of our website, Platform and services (including e.g. system maintenance, troubleshooting, logging, debugging, data analysis and testing) and ensuring information security||Contract Legitimate interests (monitoring, safeguarding and improving our website, Platform and services)|
|Contact, Transaction, Technical, Usage, Communications||Optional customization and improvement of user experience||Consent (where legally required) Contract|
|Contact, Communications, Marketing||Managing our customer relationship, communicating with you and keeping records of our communications||Legitimate interests (managing customer relationship)|
|Contact, Marketing||Offering and marketing relevant goods and/or services to you, delivering relevant content and advertisements, and measuring the effectiveness||Legitimate interests (marketing our services, showing you relevant content) Consent (where legally required)|
5. Sharing your data
Where necessary for the purposes detailed above, your personal data may be shared to the following categories of recipients:
• Our service providers for the purposes of accounting, financial, ICT, legal and other services provided to us
• Buyers and potential buyers (and their agents and advisers) in connection with any (proposed) purchase, merger or acquisition of any part of our business, provided that the buyer is informed that it must use your personal data only for the purposes set out in this document
• Competent courts, law enforcement bodies, or other authorities or third parties where we deem that disclosing your personal data is necessary to protect your vital interests or those of any other person, or for compliance with laws or regulations, or to exercise, establish or defend our legal rights, including when we enforce or apply our terms of service and/or any other agreements between you and us, investigate potential breaches or take measures to protect the rights, property or safety of Sizey, our users or others. This includes exchanging information with other companies and organizations for the purposes of fraud prevention.
• Any other person – but only with your separate consent.
For more information of the third parties to which we share your personal data from please contact us as set out above.
6. Storing your personal data and data transfers outside EEA
We store and process your personal data (if any) on third party servers. We store your personal data in secure locations and servers within the European Economic Area. However, our use of third party service providers may require that your personal data is transferred to countries outside the European Union or the European Economic Area. We will only transfer your personal data outside the said territory where the European Commission has held that the country ensures an adequate level of protection for personal data, or where we have taken appropriate safeguards to require that your personal data remains protected in accordance with this policy, such as by implementing the European Commission’s Standard Contractual Clauses for transfers of personal data. You may contact us for more information on the safeguards in place. In individual cases, such transfers may also take place based on your separate consent or in order to provide you with a service you have specifically requested or where otherwise allowed by applicable data protection laws.
7. Data retention
We keep your personal data only as long as we have a legitimate business need to retain it for the purposes described above, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period, we consider the scope, nature, and sensitivity of the personal data we process, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data and the relevant legal requirements. We will also regularly assess the data we keep, and where we deem retention unnecessary, we will either erase or anonymize the data or, if this is not possible – for example, for information stored in backup archives – we will store the data securely and block any further processing until deletion is possible.
We will usually retain personal data related to a customer relationship only for the duration of the relationship and for a reasonable period thereafter in order for us to be able to respond to inquiries or pending issues related to the relationship. However, some data may be retained for longer where we believe retention is necessary for compliance with laws or regulations (such as in the fields of accounting and taxation), or to exercise, establish or defend our legal rights or those of our customers, affiliates or partners.
To protect your personal data, we use appropriate technical and organizational measures designed to provide a level of security appropriate to the risk of processing and to protect your personal data against accidental or unlawful destruction, loss, alteration and unauthorized disclosure or access. Our personnel have been trained to observe information security in their work and we limit access to your personal data on a strict need-to-know basis. Our employees, agents, contractors and service providers will only process your personal data on our instructions subject to a duty of confidentiality.
9. Data subject rights
We do not require you to identify yourself when accessing to our website or when using the Platform and we are not in the position to identify you from the data you will provide to us when accessing our website or while using the Platform. In order to fully use your rights as data subject, you have the possibility to contact us in connection with starting to use the Platform in which case we will also register you and your Contact Data.
In case you have provided your Contact Data, for instance, you have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed by us, and where that is the case, access to that personal data, as well as to have any inaccurate or incomplete personal data rectified or completed. In certain circumstances, you may also have the right to request the erasure, or the restriction of processing, of your personal data or parts of it, to object to the processing (including our direct marketing) and/or to receive the data in a structured, commonly used and machine-readable format.
Please contact us for any inquiries related to exercising the above rights.
If you consider our processing activities of your personal data to be inconsistent with applicable data protection laws, you may lodge a complaint with the responsible supervisory authority. Contact information for the supervisory authority in Finland can be found here: www.tietosuoja.fi
We use Google Analytics which is one of the most common and trusted analytical tools. The cookies of Google Analytics may for instance track how long you spend time on our website and which sub-sites you visit. For more information see Google Analytics and its cookies at the Google Analytics info page: www.google.com/policies/privacy/partners/
Please note that in case all cookies have been blocked our service may not function for some parts or at all.