Privacy policy Cotitolarity

This policy should be read in conjunction with our Terms of Service.

Table of Contents

  1. Who we are
  2. Introduction
  3. What personal information do we collect and how do we collect it?
  4. Why do we collect your personal information and what is the legal basis for processing and for how long we keep your personal data?
  5. How long do we keep your personal information?
  6. Who do we share personal information with?
  7. How is personal information secured?
  8. How can I exercise my privacy rights?
  9. How can I contact Measmerize?
  10. Additional Terms

Who we are

This Privacy Policy is issued by Measmerize LTD Italian branch ("Measmerize", "we", "us"), whose registered address is Via Francesco Daverio, 6 – 20122 Milan (Italy). We will soon appoint a DPO, which will be available at: privacy@measmerize.com.

INTRODUCTION

Our mission is to provide you with an accurate size recommendation, and for this purpose we collect information about you. As explained on this Privacy Policy, we may collect information from different sources, for example directly from you (when you input data on our Measmerize Widget ("Widget"), which is used to provide size recommendations. We may also collect information on your internet browsing through cookies and other tracking technologies. We make use of advanced AI solutions based on machine learning, which allow us to provide accurate size recommendations. The AI based technology is not used for any decision-making process or other activities which may have a material impact on your life. We use them only to provide specific and accurate size recommendations.

We may also receive information from brands that we partner with (collectively, "Brand") when you interact and make a purchase on websites of the Brand ("Website"), notably information on your purchases and returns made on the Website.

For the information that Brand shares with us, we and Brand act as joint controllers. The purposes and conditions of the joint processing are specified in this Privacy Policy and also in the privacy policy of Brand, available on the Website. The data processing for which Brand and Measmerize act as joint controllers is hereby referenced as "Joint Processing" and Brand and Measmerize have entered into a joint data controller agreement, in compliance with the Privacy Laws – as below defined.

We collect and process your personal information with utmost care, and in compliance with the EU Regulation 2016/679 (GDPR) and other applicable data protection laws (collectively, "Privacy Laws").

We strive to provide with an accurate size recommendation, but we cannot and do not guarantee that our recommendations are correct, accurate and free of errors. Our recommendation is in no way binding for you and you may choose a different size than the one indicated.

This Privacy Policy applies to the website www.measmerize.com, to the Widget and other applications that we manage, where we'll post this Privacy Policy, which explains what kind of personal information we collect, how we use it, for how long we store it, who we might share it with, and your rights in relation to the information we collect.

Within this privacy policy, we will address the following topics:

This Privacy Policy was last updated in October 2024.

We invite you to regularly review this Privacy Policy in order to acknowledge any updates on collection and conditions of processing your personal data.

Before submitting any personal data, please read this Privacy Policy carefully to understand how we process your personal data and the features of said processing.

By accessing or using this website, the Widget, our applications and by interacting with us, you confirm that you have read this Privacy Policy and that you understand how we collect, process, use and disclose your personal data as herein described.

What personal information do we collect and how do we collect it?

We collect information directly from you or from other sources, as below specified.

(i) Personal Information you provide us. We collect personal information by asking you questions about yourself in order to define the best size recommendation for you for a specific product. We upload our Widget on the Website and when you open it to receive size recommendations, we ask you, depending on the product you're browsing, the following 'Widget Information':

  • for shoes: gender, year of birth, weight, height, usual shoe size, country/region of origin, width of foot sole (narrow, average, wider);
  • for apparel: gender, year of birth, weight, height, bra size, country/region of origin, qualitative description of body for shoulder, chest, waist, hips, leg length (smaller, average, wider).

(ii) Personal Information we receive from Brand.

Brand we partner with provides us with some information relating to the fit of their products. This is information about Brand's products and does not contain personal information relating to you.

In addition, Brand provides us with information on the products you purchase (and potentially return) on the Website, such as product code; price; size; quantity per size; reason for return, as applicable, transaction code, in pseudonymized form (the 'Brand Information').

For the processing of Brand Information for the purposes of preparing reports on the performance of our size recommendation services on the Website and to facilitate size selection on the Website, Brand and Measmerize act joint controllers.

(iii) Personal Information automatically collected. While you visit our website, applications and while you use our Widget and/or visit the Website, we automatically collect information through cookies and other tracking technologies.

For more specific information on the cookies and other tracking technologies we use, please refer to our Cookie Policy.

We receive information from analytics cookies (like Google analytics) which are third party cookies placed on Website and providing us with information on your interaction with the Website and your Internet browsing. For these cookies, you may provide or deny consent as you land on the Website through the cookie banner of the Brand.

We also use cookies in our Widget, which are first-party cookies and provide us with the information you upload on our Widget and on interaction with the same, on the products browsed on the Website and recommendations you receive. For these cookies, you may provide or deny consent as you land on the Website through the cookie banner of the Brand.

Tracking script. This is a code script that is placed on the Website and when you create an order, the following information is transmitted to us: order number, whether to purchase products you received a size recommendation and, in case you did, what size was recommended to you.

Why do we collect your personal information, what is the legal basis for processing and for how long we keep your personal data?

Below you can see a chart where we explain the purposes of data processing of Measmerize as data controller and the processing for which Measmerize and Brand act as joint data controllers, the relevant legal basis, what personal information we process in relation to the processing purposes below identified and for how long your personal information is kept.

Purpose of processing Legal basis of processing Personal Information processed Data retention period
Preparing reports on the performance of our size recommendation services. Art. 6.1 (f) GDPR (legitimate interest). Widget Information; Brand Information. Personal data will be kept for six months and thereafter will be made irreversibly anonymous.
Facilitating your size selection on the Brand Website. Art. 6.1 (f) GDPR (legitimate interest). Widget Information; Brand Information. Personal data will be kept for six months and thereafter will be made irreversibly anonymous.
Providing you with our recommendation services. Art. 6.1 (b) GDPR (processing is necessary for the performance of a contract with you, notably to provide you with the requested size recommendation services). Widget Information; Brand Information. Personal data will be kept until you receive our recommendation services and close our Widget.
To ensure the proper technical functioning of our size recommendation services, to prevent frauds, misuse of IT systems as well as the update and evolution of our services and to improve the usability and experience of the Widget. Art. 6.1 (f) GDPR (our legitimate interest). Widget Information; Brand Information. Personal data will be kept for six months and thereafter will be made irreversibly anonymous.
To provide personalized recommendations and remember the Widget Information and size recommendations provided to you on different Brand's websites. Art. 6.1 (a) GDPR (your consent). Personal Information collected through cookies and other tracking technologies – other than technical/necessary cookies. Personal data will be kept for the time specified in our Cookie Policy, which is linked through the Brand's cookie banner and cookie policy, and thereafter will be made irreversibly anonymous, unless you revoke your consent before.
To respond to your requests or claim you wish to make by telephone, email and ordinary mail. Art. 6.1 (b) GDPR (processing is necessary for the performance of a contract with you, for information functional to delivery to you of our services).
Art. 6.1 (f) GDPR (our legitimate interest in responding to your requests).		 Widget Information; and other information necessary for this purpose. Personal data will be kept for one month and then will be deleted.
To comply with applicable laws and regulations. Art. 6.1 (c) GDPR (processing is necessary for compliance with a legal obligation to which we are subject). Widget Information; and other information necessary for this purpose. Personal data will be kept until necessary to comply with our obligations under applicable laws and regulations and thereafter will be deleted.
To defend or exercise a legal claim, including possible related investigations. Art. 6.1 (f) GDPR (processing is necessary for the purposes of our legitimate interests). Widget Information; and other information necessary for this purpose. Personal data will be kept until necessary to exercise or defend our claims under applicable laws and regulations and thereafter will be deleted.
Potential merger and acquisition activities. Art. 6.1 (f) GDPR (processing is necessary for the purposes of our legitimate interests). Widget Information; Brand Information and other information necessary for this purpose. Personal data will be kept until necessary to finalize the merger and acquisition activities and thereafter will be deleted.

When Measmerize and Brand as joint controllers rely on legitimate interest as legal basis for the processing, a balancing test is performed in order to ensure that your interests and fundamental rights and freedoms are not overridden, which can be obtained by contacting Measmerize and Brand as joint controllers as described below. The legitimate interests of Measmerize and Brand as joint controllers could in particular be enhancing size recommendation on the Website; the legitimate interest of Measmerize could in particular be improving our services and the accuracy of our recommendations, prevention of fraud, misuse of IT systems, IT and network security, internal investigations, or potential merger and acquisition activities.

You are not required to provide all personal information identified in this Privacy Policy to use our size recommendation services or to interact with us, but we may not provide the services or information you request if you do not provide certain personal data.

In the above chart listing the purposes of processing, when the legal basis of processing is contract performance or compliance with laws and regulations, providing of data is mandatory and if you do not provide them, we will not be able to respond to your request or provide the requested size recommendation services. When the legal basis is legitimate interest, providing of data is functional to the applicable processing purposes and denial may jeopardize the same. For the processing purposes based on consent (i.e., cookies and other tracking technologies), providing of data is optional and not providing data will not have any consequence.

We may also link and/or combine the information we collect about you from the various devices you use.

How long do we keep your personal information?

We will only keep your data for as long as necessary to carry out our services or as long as we are required by law. Please see the section Why do we collect your personal information, what is the legal basis for processing and for how long we keep your personal data above for further information on data retention periods.

Please be aware that Measmerize uses an automated process to provide you with a recommendation. We do not consider this to be an "automated decision" (as defined by GDPR) as you are free to make any final decision regardless of what we recommend.

Who do we share personal information with?

Protecting the privacy and security of your personal data is a priority at Measmerize. Except as otherwise described in this Privacy Policy, we do not share with, sell or rent your personal data to third parties.

We may share your personal data with third parties as follows:

  • Competent Authorities and as Required by Law. Measmerize may release your personal data when we determine, in our reasonable judgment, that it is necessary to (a) comply with the law, regulation, legal process, or requests of competent authorities; (b) enforce or apply the terms of any of our policies or user agreements; or (c) protect the rights, property or safety of Measmerize, our employees, our customers, users, or others, in line with the Privacy Laws.

  • Sales, Mergers, and Acquisitions. If Measmerize becomes involved in a merger, acquisition, or any form of sale of some or all of its business or assets, your personal data may be provided to the entities and advisors involved. We will provide you with an updated privacy notice or we will publish on our website, Widget and applications and updated privacy notice in case the purposes and conditions of processing described in this Privacy Policy change as a result of any such transaction.

We may disclose your personal information to third party service providers acting as our data processors which provide services functional to the processing purposes above identified, for example for IT maintenance services. These third party are bound by contract to process personal data only according to our instructions and the Privacy Laws. The updated list of processors is available contacting us at the contact details indicated below at How can I contact Measmerize.

We may share your personal data with Measmerize Ltd, our headquarter located in the UK, for administrative and management purposes. The transfer of personal data to the UK is authorized by the adequacy decisions adopted on 28 June 2021 by the European Commission – for more information, see:

https://ec.europa.eu/commission/presscorner/detail/%20en/ip_21_3183.

How is personal information secured?

We take appropriate security measures, including physical, technological, and procedural measures, to help to safeguard your personal data and to prevent unauthorized access and disclosure. In addition, we use industry-standard technology, such as edge-protection devices and encryption in the transmission of certain personal data, designed to prevent unauthorized persons from gaining access to the same, and, as technology develops, we will take additional measures to improve security. No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, we cannot guarantee its absolute security.

How can I exercise my privacy rights?

For the data processing for which Measmerize and Brand act as joint controllers you can contact Brand at the contact details specified in Brand's privacy policy, available at the website you used to access the Widget and us or our DPO (which will soon be appointed) at the contact details indicated below at How can I contact Measmerize to exercise at any time your privacy rights.

For the processing for which Measmerize is data controller, you may contact us at the same contact details above indicated to exercise your privacy rights. If you have provided your consent for some processing activities, you can withdraw it at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. Pursuant to the Privacy Laws, you have the right to:

  • Right of access: You may request access to your personal data. If you request such access, we will provide you with all the information required by the Privacy Laws, including in particular the purposes of the processing, categories of data processed, categories of recipients, data retention periods, and your rights. To the extent permitted by the Privacy Laws, to facilitate the management of your request, you may be asked to specify: (a) which processing activity you wish to exercise your right to access and (b) which data categories you wish to gain access to. If you request more than one copy of the personal data processed, you may be charged a reasonable fee, taking into account the administrative costs. In any case, we must take into account the rights and freedoms of others, so this right is not absolute.

  • Right to portability: In certain cases, you may also obtain a copy of your personal data that is commonly used and machine-readable in order to enable you to exercise your right to data portability and to transfer them to another data controller or request us to transfer such data directly to another data controller to the extent this is technically possible.

  • Right of rectification: You may also ask us to rectify all personal data pertaining to you that is inaccurate and to complete any incomplete information.

  • Right of erasure: Under certain circumstances, you may request that your personal data be erased, for example if such data is no longer required for the purposes set out in section Why do we collect your personal information and what is the legal basis for processing above, if you withdraw your consent, if your personal data has been unlawfully processed, or if you have objected to the processing and we have no overriding legitimate grounds for the processing. We may nevertheless need to retain certain limited data in an archived database, in particular if they have a statutory personal data retention obligation or if the data is necessary to exercise or defend a right in a court of law.

  • Right to limit the processing: Under certain circumstances, you may request to limit the processing of your personal data, in particular when you request that your personal data be rectified where, notably, one of the following applies (a) you contest the accuracy of the data, (b) the processing is unlawful and you oppose the deletion of your data, or (c) the data is no longer needed for the purposes listed in section Why do we collect your personal information and what is the legal basis for processing above, but are required by you for the establishment, exercise, or defense of legal claims. In this case, your personal data, except for storage, may only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest.

  • Right to withdraw your consent: Where the processing of your personal data is based on your consent, you may at any time withdraw any consent you have previously given to us. Such withdrawal will not affect the lawfulness of the processing based on your consent prior to such withdrawal.

  • Right to lodge a complaint: You have the right to lodge a complaint with a competent supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes the Privacy Laws. For details about the competent supervisory authority in your jurisdiction, see European Data Protection Board (EDPB) members.

  • Right to object: As applicable under the Privacy Laws, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data and we may be required to no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing or for the establishment, exercise, or defense of legal claims.

  • Right to object to direct marketing: When your personal data is processed for direct marketing purposes, you have the right to object at any time and without justification to the processing of your personal data for such direct marketing purposes (including profiling insofar as it relates to such direct marketing).

You may contact us or our DPO (which will soon be appointed) using the contact details indicated at How can I contact Measmerize below to exercise your privacy rights, ask the update list of data processors, information on legitimate interest balancing and any information on the processing of your personal data.

The above also applies to the data processing for which Measmerize and Brand act as joint controllers.

How can I contact Measmerize?

If you have questions or comments regarding this Privacy Policy or our privacy practices, to enforce your privacy rights, for the updated list of our data processors and of third parties with whom we share your personal data, as well as for information on the legitimate interest balancing, you can contact us:

Measmerize Ltd, Italian branch registered address at Via Francesco Daverio, 6 – 20122 Milan (Italy). We will soon appoint a DPO, which will be available at: privacy@measmerize.com.

If you would like to report a security concern about any of our services, please contact us at hello@measmerize.com.

For the data processing for which Measmerize and Brand as joint controllers you can contact Brand at the contact details specified in Brand's privacy policy, available at www.measmerize.com/privacy-policy-v3.

Additional Terms.

Children's and Minor's Privacy. Our website, Widget, applications and services are not designed to attract minors, in particular children under the age of 18. Measmerize does not market to or knowingly collect personal data from anyone under the age of 18. Children should not use our website, Widget, applications and services without permission from their parents.

Our website, Widget, services and applications may provide links to websites, applications and services of third parties. We do not approve and are not responsible for the processing of your personal data by these third parties, even if we provide a link to the relevant websites, applications and services. These companies have their own personal data protection policies, and we strongly recommend that you read them. Our website, services and applications may be offered through third-party websites, platforms or channels. These companies have their own personal data protection policies, and we strongly recommend that you read them. We decline all liability regarding the personal data protection practices of these websites, applications and services not provided by us. This Privacy Policy applies solely to personal data collected by Measmerize.