Privacy policy

This policy should be read in conjunction with our Terms of Service.

Who we are

This Privacy Policy is issued by Measmerize LTD Italian branch, whose registered address is Via Francesco Daverio, 6 – 20122 Milan (Italy) and Measmerize LTD UK branch, whose registered address is 2 Hampton Court Road, First Floor, Birmingham (England) B17 9AE (collectively, "Measmerize," "we," "us").

INTRODUCTION

Our mission is to provide you with an accurate size recommendation, and for this purpose we collect information about you. As explained on this Privacy Policy, we may collect information from different sources, for example directly from you (when you input data on our Measmerize Widget ("Widget"), which is used to provide size recommendations. We may also collect information on your internet browsing through cookies and other tracking technologies. We make use of advanced AI solutions based on machine learning, which allow us to provide accurate size recommendations. The AI based technology is not used for any decision-making process or other activities which may have a material impact on your life. We use them only to provide specific and accurate size recommendations.

We may also receive information from brands we work with ("Brand") when you interact on the Brand's website ("Brand Website") and make a purchase, particularly information about your purchases and returns on the Brand Website.

For the information that the Brand shares with us, we and the Brand have control over the personal data and act as independent controllers. The purpose and terms of Measmerize's data processing are detailed in this Privacy Policy.

We collect and process your personal data with utmost care and in compliance with the EU Regulation 2016/679 (GDPR) and other applicable data protection laws (collectively "Data Protection Laws").

We strive to provide an accurate size recommendation, however we cannot guarantee that our recommendations are correct, accurate and error free. Our recommendation is not binding on you in any way, and you can choose a different size than suggested.

This Privacy Policy applies to the website www.measmerize.com, the Widget and other applications we manage on which we publish this Privacy Policy, which explains what kind of personal data we collect, how we use it, for how long we store it, to whom we might disclose it and what rights you have regarding the data we collect about you.

Under this Privacy Policy, we will address the following topics:

This Privacy Policy was last updated in October 2024.

We invite you to review this Privacy Policy regularly to take note of any updates regarding the collection and terms of processing of your personal data.

Please carefully read this Privacy Policy before providing personal data to understand how we process your personal data and what features this processing has.

By accessing this website, the Widget, our applications or by interacting with us, you confirm that you have read this Privacy Policy and understand how we collect, process, use and disclose your personal data in accordance with this Policy.

What personal information do we collect and how do we collect it?

We collect information directly from you or from other sources, as below specified.

(i) Personal Information you provide us. We collect personal information by asking you questions about yourself in order to define the best size recommendation for you for a specific product. We upload our Widget on the Brand Website and when you open it to receive size recommendations, we ask you, depending on the product you're browsing, the following 'Widget Information':

  • for shoes: gender, year of birth, weight, height, usual shoe size, country/region of origin, width of foot sole (narrow, average, wider);
  • for apparel: gender, year of birth, weight, height, bra size, country/region of origin, qualitative description of body for shoulder, chest, waist, hips, leg length (smaller, average, wider).

(ii) Personal Information we receive from Brand.

Brand we partner with provides us with some information relating to the fit of their products. This is information about Brand's products and does not contain personal information relating to you.

In addition, Brand may provide us with information on the products you purchase (and potentially return) on the Brand Website, such as product code; price; size; quantity per size; reason for return, as applicable, transaction code, in pseudonymized form that does not allow us to identify you (the 'Brand Information')

(iii) Personal Information automatically collected. While you visit our website, applications and while you use our Widget and/or visit the Brand Website, we automatically collect information through cookies and other tracking technologies.

For more specific information on the cookies and other tracking technologies we use, please refer to our Cookie Policy.

We receive information from analytics cookies (like Google analytics) which are third party cookies placed on our website and the Brand Website providing us with information on your interaction with the websites and your Internet browsing. For these cookies, you may provide or deny consent as you land on the Brand Website through the cookie banner.

We also use cookies in our Widget, which are first-party cookies and provide us with the information you upload on our Widget and on interaction with the same, on the products browsed on the Brand Website and recommendations you receive. For these cookies, you may provide or deny consent as you land on the Brand Website through the cookie banner.

Tracking script. This is a code script that is placed on the Brand Website and when you create an order, the following information is transmitted to us: order number, whether to purchase products you received a size recommendation and, in case you did, what size was recommended to you.

Why do we collect your personal information, what is the legal basis for processing and for how long we keep your personal data?

Below you can see a chart where we explain the purposes of data processing by Measmerize and, as applicable in your jurisdiction, the relevant legal basis, what personal information we process in relation to the processing purposes below identified and for how long your personal information is kept.

Purpose of processing Legal basis of processing Personal Information processed Data retention period
Creating reports on the performance of our size recommendation services. Art. 6.1 (f) GDPR (legitimate interest). Widget Information; Brand Information. Personal information is kept for six months and then irreversibly anonymized.
Facilitating your size selection on the Brand Website. Art. 6.1 (f) GDPR (legitimate interest). Widget Information; Brand Information. Personal information is kept for six months and then irreversibly anonymized.
We provide you with our recommendation services. Art. 6.1 (b) GDPR (processing is necessary for the performance of a contract with you, specifically to provide you with the requested size recommendation services). Widget Information; Brand Information. Personal information is kept until you receive our recommendation services and close our Widget.
To ensure the proper technical functioning of our size recommendation services, to prevent fraud, misuse of IT systems and to update and further develop our services and improve the usability and experience of the Widget. Art. 6.1 (f) GDPR (our legitimate interest). Widget Information; Brand Information. Personal information is kept for six months and then irreversibly anonymized.
To provide personalized recommendations and to remember Widget Information and size recommendations provided to you on various Brand websites. Art. 6.1 (a) GDPR (your consent). Personal information collected through cookies and other tracking technologies - except for technical/necessary cookies. Personal information is kept for the time specified in our Cookie Policy, which is linked through the Brand's cookie banner and cookie policy, and then irreversibly anonymized, unless you withdraw your consent beforehand.
Answering your queries or claims that you want to make by phone, email and post. Art. 6.1 (b) GDPR (processing is necessary for the performance of a contract with you, for information required for the provision of our services to you).
Art. 6.1 (f) GDPR (our legitimate interest in responding to your queries).		 Widget Information and other information required for this purpose. Personal information is kept for one month and then deleted.
Compliance with applicable laws and regulations. Art. 6.1 (c) GDPR (processing is necessary for compliance with a legal obligation to which we are subject). Widget Information and other information required for this purpose. Personal information is kept until it is required to meet our obligations under applicable laws and regulations, and then deleted.
To defend or exercise a legal claim, including possible related investigations. Art. 6.1 (f) GDPR (processing is necessary for the purposes of our legitimate interests). Widget Information and other information required for this purpose. Personal information is kept until it is required to exercise or defend our claims under applicable laws and regulations; thereafter it is deleted.
Possible merger and acquisition activities. Art. 6.1 (f) GDPR (processing is necessary for the purposes of our legitimate interests). Widget Information; Brand Information and other information required for this purpose. Personal information is kept until it is required for the completion of the merger and acquisition activities, and then deleted.

Where Measmerize relies on legitimate interest as the legal basis for processing, a balancing test is performed to ensure that your interests and fundamental rights and freedoms are not overridden. More information can be obtained by contacting Measmerize as detailed below. Measmerize's legitimate interests could include, in particular, improving size recommendation, improving our services and the accuracy of our recommendations, preventing fraud, misuse of IT systems, IT and network security, internal investigations or potential merger and acquisition activities.

You are not required to provide all the personal information mentioned in this Privacy Policy to use our size recommendation services or to interact with us, but we will not be able to provide the services or information you request if you do not provide certain personal information.

In the above table listing the processing purposes, the provision of data is mandatory where the legal basis for processing is contractual performance or compliance with laws and regulations, and if you do not provide it, we cannot respond to your request or provide the requested size recommendation services. Where the legal basis is legitimate interest, the provision of data is required for the corresponding processing purposes, and refusal may jeopardize those purposes. For processing purposes that rely on consent (i.e., cookies and other tracking technologies), the provision of data is optional, and non-provision of data has no consequences.

We may also link and/or combine the information we collect about you from the various devices you use.

How long do we keep your personal information?

We will only keep your data for as long as necessary to provide our services or as required by law. Please refer to the section above Why do we collect your personal information and what is the legal basis for processing and for how long we keep your personal data? for more information about data retention periods.

Please note that Measmerize uses an automated procedure to provide you with a recommendation. We do not consider this to be "automated decision-making" (as defined in the GDPR) as you can make a final decision independently of our recommendation.

Who do we share personal information with?

Privacy protection and security of your personal data is a priority for Measmerize. Except as described in this Privacy Policy, we do not share, sell or rent your personal data to third parties.

We may share your personal data with third parties as follows:

  • Competent authorities and as required by law. Measmerize may disclose your personal data if we reasonably determine that such disclosure is necessary to (a) comply with laws, regulations, court proceedings or requests from competent authorities; (b) enforce or apply the terms of our policies or user agreements; or (c) protect the rights, property or safety of Measmerize, our employees, our customers, users or others in accordance with Data Protection Laws.

  • Sales, mergers and acquisitions. If Measmerize becomes involved in a merger, acquisition or any form of sale of some or all of its business or assets, your personal data may be disclosed to the companies and advisors involved. We will provide you with an updated privacy notice or publish an updated privacy notice on our website, Widgets and applications if the purposes and terms of processing described in this Privacy Policy change as a result of such a transaction.

We may share your personal data with third-party service providers who act as our data processors and provide services appropriate to the above processing purposes, for example IT maintenance services. These third parties are contractually obligated to process personal data only in accordance with our instructions and the Data Protection Laws. The updated list of processors is available when you contact us using the contact details provided below under How can I contact Measmerize?.

How is personal information secured?

We take reasonable security measures, including physical, technological and procedural measures, to protect your personal data and prevent unauthorized access and disclosure. In addition, when transmitting certain personal data, we use industry-standard technologies such as edge protection and encryption to prevent unauthorized persons from gaining access to such data, and we will implement additional measures to improve security as technology develops. However, no method of transmission over the Internet and no method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.

How can I exercise my privacy rights?

You can contact us or our DPO using the contact details provided below under How can I contact Measmerize? to exercise your privacy rights at any time.

If you have given your consent to certain processing activities, you can withdraw it at any time with effect for the future. Such withdrawal does not affect the lawfulness of processing before the withdrawal of consent. Under the Data Protection Laws, you have the right to:

  • Right of access: You can request information about your personal data. If you apply for such information, we will provide you with all information required by the Data Protection Laws, in particular about the purposes of processing, categories of data processed, categories of recipients, retention periods and your rights. Where permitted by the Data Protection Laws, to facilitate processing of your request, you may be asked to specify: (a) what processing activity you want to exercise and (b) what categories of data you want to access. If you request more than one copy of the personal data processed, you may be charged a reasonable fee, taking into account administrative costs. In any case, we must consider the rights and freedoms of others, so this right is not absolute.

  • Right to portability: In certain cases, you may also receive a copy of your personal data that is commonly used and machine-readable so that you can exercise your right to data portability and transfer it to another data controller or ask us to transfer such data directly to another data controller, where technically feasible.

  • Right to rectification: You can also ask us to correct any inaccurate personal data concerning you and to complete any incomplete information.

  • Right to erasure: Under certain circumstances, you may request the deletion of your personal data, e.g., if such data is no longer needed for the purposes described in the section Why do we collect your personal information and what is the legal basis for processing above, if you withdraw your consent, if your personal data has been processed unlawfully, or if you have objected to processing and we have no overriding legitimate grounds for processing. However, we may need to retain certain limited data in an archived database, particularly if it has a legal retention obligation for personal data or if the data is required to exercise or defend a right in court.

  • Right to restriction of processing: Under certain circumstances, you may request the restriction of processing of your personal data, in particular if you request the rectification of your personal data, where in particular one of the following applies: (a) you dispute the accuracy of the data, (b) the processing is unlawful and you oppose the erasure of your data, or (c) the data is no longer needed for the purposes listed in the section Why do we collect your personal information and what is the legal basis for processing above, but is needed by you for the establishment, exercise or defense of legal claims. In this case, your personal data may, other than storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

  • Right to withdraw your consent: If the processing of your personal data is based on your consent, you may withdraw the consent you have previously given us at any time. Such withdrawal does not affect the lawfulness of processing based on your consent before such withdrawal.

  • Right to complaint: You have the right to lodge a complaint with a competent supervisory authority, particularly in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes the Data Protection Laws. Details of the competent supervisory authority in your jurisdiction can be found at European Data Protection Board (EDPB) members.

  • Right to object: Where applicable under the Data Protection Laws, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data and we may be required to no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing or for the establishment, exercise or defense of legal claims.

  • Right to object to direct marketing: Where your personal data is processed for direct marketing purposes, you have the right to object at any time and without giving reasons to the processing of your personal data for such direct marketing purposes (including profiling to the extent that it is related to such direct marketing).

You can contact us or our DPO using the contact details provided under How can I contact Measmerize? to exercise your privacy rights, receive the updated list of data processors, and request all information about the processing of your personal data.

How can I contact Measmerize?

If you have questions or comments about this Privacy Policy or our privacy practices, to exercise your privacy rights, to request an updated list of our data processors and third parties with whom we share your personal data, and for all information about the processing of your personal data, you can contact us:

Measmerize Ltd, Italian branch with registered address Via Francesco Daverio, 6 – 20122 Milan (Italy), Email: [email protected].

If you want to report security concerns about any of our services, please contact us at [email protected].

Additional Terms

Children's and Minor's Privacy. Our website, Widget, applications and services are not designed to attract minors, in particular children under the age of 18. Measmerize does not market to or knowingly collect personal data from anyone under the age of 18. Children should not use our website, Widget, applications and services without permission from their parents.

Our website, Widget, services and applications may provide links to websites, applications and services of third parties. We do not approve and are not responsible for the processing of your personal data by these third parties, even if we provide a link to the relevant websites, applications and services. These companies have their own personal data protection policies, and we strongly recommend that you read them. Our website, services and applications may be offered through third-party websites, platforms or channels. These companies have their own personal data protection policies, and we strongly recommend that you read them. We decline all liability regarding the personal data protection practices of these websites, applications and services not provided by us. This Privacy Policy applies solely to personal data collected by Measmerize.

Additional information for US residents

Information for California Residents

If you reside in California, we are required by the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA") (collectively, "California Privacy Law") to provide you with information about how we use and disclose your Personal Information, and you may have certain rights with regard to your Personal Information. We have included this California-specific information below.

CA Personal Information. We may collect certain categories and specific pieces of information about individuals that are considered "Personal Information" in California ("CA Personal Information"). Specifically, we may collect the following categories of CA Personal Information:

  • Personal identifiers (gender, date of birth, weight, height, typical bra size, qualitative body/foot description, typical shoe size, country of origin);
  • Internet activity data (internet usage data); and
  • Inferences drawn from personal information that could be used to create a profile about a person.

Sources of CA Personal Information. We may collect this CA Personal Information directly from you, from your interactions with us, and from third parties. The categories of third parties from whom we collect CA Personal Information include the following: third-party partners (e.g., Brand); third-party service providers; and advertising service providers and partners.

Purposes of Collection. We collect and use CA Personal Information as follows:

  • Business Purposes

    • Creating reports on the performance of our size recommendation services on the Brand Website;
    • Facilitating your size selection on the Brand Website;
    • Providing our recommendation services;
    • Ensuring the proper technical functioning of our size recommendation services, preventing fraud, misuse of IT systems and updating and further developing our services and improving the usability and experience of the Widget;
    • Providing personalized recommendations and remembering Widget Information and size recommendations provided to you on various Brand websites;
    • Answering your queries or claims by phone, email and post;
    • Compliance with applicable laws and regulations;
    • Defending or exercising a legal claim, including possible related investigations;
    • Possible merger and acquisition activities.

  • Commercial Purposes

    • Providing marketing and advertising, to the extent that we collect this CA Personal Information only from users of our corporate website and not the Widget.

Disclosure of CA Personal Information. We also share and/or disclose your CA Personal Information as follows:

  • Sharing of your CA Personal Information for Business Purposes. We may share the above categories of CA Personal Information with third-party service providers; other Measmerize companies; relevant parties and advisors in the event of a sale, merger or acquisition; and law enforcement agencies, as permitted and required by applicable law, for any of the business purposes described above.
  • Sharing of your CA Personal Information for Commercial Purposes. We may share the above categories of CA Personal Information with third-party applications (e.g., Google Analytics) and advertising service providers and partners for any of the commercial purposes described above.

We do not collect any CA Personal Information that may be considered sensitive personal information within the meaning of California Privacy Law.

We do not knowingly share the CA Personal Information of individuals under 16 years of age, in a manner that constitutes a "sale" under California law.

Retention of CA Personal Information. We retain your CA Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) for as long as we have an ongoing relationship with you; (ii) as required by a legal obligation to which we are subject to; or (iii) as advisable in light of our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations).

Your Rights under California Law. Subject to certain exceptions detailed in California Law and other applicable laws and regulations, as a California resident, you have the right to: (i) request to know/access your CA Personal Information, including the specific pieces and the categories of CA Personal Information we have collected or shared about you and the categories of sources from which we have collected the CA Personal Information; (ii) request deletion of your CA Personal Information; (iii) receive information about the CA Personal Information about you that we have "sold" to (as such term is defined under California Law) or "shared" with third parties within the past 12 months, including the categories of third parties; and (iv) request correction of your CA Personal Information; and (v) opt-out of the "Sale" or "sharing" of your CA Personal Information, as such terms are defined under California Privacy Law.

Exercising California Consumer Rights. If you are a California resident and wish to request the exercise of these rights as detailed above or have questions regarding the CA Personal Information collected or shared with third parties, please contact us via [email protected].

  • You may be asked to provide additional proof of identification so that we can verify your identity and validate the request.
  • Please note that you are limited by law in the number of requests you may submit per year. In some instances, we may decline to honor your request. For example, we may decline to honor your request if we cannot verify your identity or confirm that the CA Personal Information that we maintain relates to you. In other instances, we may decline to honor your request where an exception under California privacy laws applies, such as where the disclosure of CA Personal Information would adversely affect the rights and freedoms of another consumer.
  • In any case, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of products, based solely upon this request.

Authorized Agents: To the extent that you elect to designate an authorized agent to make a request on your behalf, they must provide appropriate documentation including written signed permission from you, proof of your identity, and verification of their identity; or a valid, designated power of attorney as defined under the California Probate Code.

CA Shine the Light. Under California's "Shine the Light" law (California Civil Code Section 1798.83), if you are a California resident who provides Personal Information in obtaining products or services for personal, family, or household use, you may request to opt-out of such sharing by a brand at no-cost by following the instructions in the "Consumer Rights" section above. Please be aware that your opt-out will apply only to the sharing by that particular brand.

Information for Other US Residents

Where required by applicable law, you may have the right to obtain confirmation that we maintain certain personal information relating to you, to verify its content, origin, and accuracy, as well as the right to access your personal information, request its correction, and request deletion or portability of your personal information. Additionally, in certain US states, we may only process your sensitive personal information, as those terms are defined under applicable law, with your consent. You can exercise your rights, as applicable depending on the US state where you reside, by contacting us as detailed below.

  • In some US states, you can designate an authorized agent to make a request on your behalf. We will comply with your request as soon as reasonably practicable and as required by applicable law. Please note that we may need to retain certain information for record-keeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or permitted by applicable law. In any event, should you choose to exercise any of your rights as detailed above, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of products, based solely upon this request.
  • In certain US states, if we refuse to take action on a request, you may appeal our decision within a reasonable period of time by contacting us as outlined below and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the appropriate regulatory authority for your jurisdiction.

Opt-Out of Sale, Sharing, and Targeted Advertising. You may have the right to opt-out of the sale or sharing (as those terms are defined by applicable law), or the use of or processing of your data for targeted advertising purposes. To exercise this right, you can email us at [email protected].