Privacy Policy

Shop Sussed Corp. (“Sussed”, “Company”, “our”, “we” or “us”) has created this Privacy Policy (“Privacy Policy”) to set out how we collect, use, and disclose information about identifiable individuals and information which can be used to identify an individual (“Personal Information”) through our Website (defined below) and in the course of providing our products, software (“Products”) and services (collectively, all of the foregoing the “Services”).

Privacy is of great importance to us. We do not actively collect Personal Information for the purpose of selling or marketing that Personal Information to third parties. In other words, we do not sell customer lists. Personal Information may be collected about users and visitors to the Website, as well as our customers and their end users who interact with our Services. By visiting our website located at https://shopsussed.com/, including subpages, (collectively, the “Website”), or using the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and you hereby consent to the collection, use and disclosure of your Personal Information in accordance with this Privacy Policy. If you are using services operated by one of our customers, then the collection, use and disclosure of your Personal Information may be subject to that customer’s relevant privacy policy (including how it may reference this Privacy Policy), and Sussed will be entitled to collect, use and disclose your Personal Information in accordance with that customer’s privacy policy (including how it may reference this Privacy Policy) and Sussed’s rights under applicable law and Sussed’s rights pursuant to Sussed’s contract with that customer.

1. Overview

1.1 A Note About Children

The Services are intended for business use and are not intended for minors. We do not intentionally gather Personal Information (defined in Collection of Information below) from persons who are under the age of 14. If a child under 14 submits Personal Information to Sussed and we learn that the Personal Information is the Personal Information of a child under 14, we will attempt to delete the Personal Information as soon as possible. If you believe that we might have any Personal Information from a child under 14, please contact us at [email protected].

1.2 International Users

If you are a non-U.S. or non-Canadian user of the Services, by visiting the Services and providing us with data, you acknowledge and agree that your Personal Information may be processed for the purposes identified in this Privacy Policy. In addition, your Personal Information may be processed in the country in which it was collected and in other countries, including the United States and Canada, where laws regarding processing of Personal Information may be less stringent than the laws in your country. By providing your data, you consent to such transfer. If you are in the UK or EEA please see specific terms which apply to you further below.

1.3 Lawful Processing

We process your Personal Information only to the extent necessary for the purposes described in this Privacy Policy. We set out below the type of Personal Information we collect and how we use such Personal Information. Except as set forth in this Privacy Policy, your Personal Information will not be used for any other purpose without your consent. You may withdraw your consent to our processing of your Personal Information at any time. However, withdrawing consent may result in your inability to continue using the Services.

1.4 Scope

This Privacy Policy covers the activities of Sussed but does not apply to the practices of companies that we do not own or control, including our customers and third parties that may resell Sussed products and services and any services offered by other companies or other sites linked from our Services. You are responsible for ensuring that you have obtained the necessary authorizations and consents for any Personal Information you make available to us for use in accordance with this Privacy Policy, in particular, our customers represent and warrant to Sussed that they have the necessary rights under applicable law or have obtained the necessary consents from each end user whose Personal Information is provided by that customer to Sussed in order to allow Sussed to use, disclose and otherwise process such Personal Information for the purposes described in this Privacy Policy in the manner described in this Privacy Policy.

2. Collection and Use of Personal Information

2.1 What We Collect

Set out below are the ways in which we may collect Personal Information:

• Personal Information We Collect from our Customers. We may collect business contact information of individuals who work for our customers (i.e. companies that are in the fashion business) in order to communicate with those customers about their business relationship with Sussed. We may also collect payment credentials or related information from our customers in order to allow those customers to pay Sussed for Services procured by such customers or in order to remit to such customers their share of transaction fees collected from end users.
• Personal Information Collected in the Course of the Services. We may collect Personal Information about our customers’ end users through web forms and other communications methods used by the Services. The Personal Information provided by end users consists of their name, address, phone number, identification documentation, occupation and proof of address and any other Personal Information required to meet regulatory requirements for our customers. End users will also submit payment information to us. In some instances, end user information may be collected by our customers and provided to Sussed. If a customer has a privacy policy that applies to its end users, then that privacy policy shall take precedence over this privacy policy, and subject to our obligations under applicable law and our contractual arrangements with the applicable customer, we will comply with that privacy policy.
• Device Information. We may collect information about devices you use to access the Services and information about how you use the Services, such as your IP address and which websites you visited before accessing our Services.
• Logs. Our servers automatically record information created by your use of our Services to help us diagnose and fix technical issues, and to improve the overall quality and user experience of our Services. Logs may include information such as your IP address, browser type, operating system, details of how you used our Services (such as the functions you asked our Services to perform), diagnostic information related to the Services (such as crash activity reports), the referring web page, pages visited, location, your mobile carrier, device and application IDs, search terms, and cookie information.
• Cookies. We use technologies like cookies and pixel tags to gather information about how you are interacting with the Services, which may include identifying your IP address, browser type, and referring page.
• Employee and Contractor Candidate Information. When we seek candidates for potential jobs or contracting engagements with Sussed, we collect information that those candidates choose to provide to us when applying, which may include contact information, education and employment history, credentials, place of residence and other information the candidate believes to be relevant. For people who become our employees or contractors, we will typically retain the information provided by those candidates in the application process along with additional information to manage their employment or contractor relationship with us, including, without limitation, information related to income tax reporting and withholding and enrollment in Sussed benefit plans (in each case, to the extent applicable for the relevant relationship).
• Marketing Information. From time to time, we may conduct surveys or hold contests or other events and in connection with such surveys, contests, or events, we may collect information you elect to provide about yourself, such as your name, email address, telephone number, organization name and address; and general information about the company for whom you work. In addition, we may use third-party service providers to collect business-related information about your employer such as its name, size, and publicly available revenue in connection with potentially offering the Services to your employer.
• Sussed Suppliers and Partners. Sussed collects business contact information of individuals who work for our suppliers and other partners to communicate with those suppliers and partners about their business relationship with the Company.

2.2 Use of Personal Information

We may use your Personal Information and Usage Information in a manner that is consistent with this Privacy Policy and the context of our relationship with you. We will use your Personal Information and Usage Information collected through the Site for the following purposes:

1. verify end users’ identities for the purposes of know-your-customer laws and regulations;
2. provide, operate, maintain and improve the Services;
3. send technical notices, updates, security alerts and support and administrative messages;
4. complete transactions (including end user transactions), and send related information to the relevant transaction participants, including confirmations and invoices;
5. respond to comments, questions, and requests and provide customer service and support;
6. communicate with you and provide news or information about us;
7. investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;
8. monitor and analyze trends, usage, and activities in connection with the Services, including generating aggregated and anonymized statistics;
9. conduct business and contractual relationships that we have with various persons and companies (such as customers, suppliers, partners and employees);
10. for other purposes which we will notify you about and seek your consent; and
11. as otherwise specifically described in this Privacy Policy.

3. Storage Location and Transfer of Personal Information

Sussed processes and stores its data, including Personal Information, on servers located in Canada, the United States and the EEA. Sussed also transfers data to third-party service providers, including the third-party service providers described in the Sub-Processors section below (“Sub-Processors”). You agree to this transfer, storing or processing of your Personal Information in Canada and the United States. You acknowledge and agree that your Personal Information may be accessible to law enforcement and governmental agencies in Canada and the United States under lawful access regimes or court order.

4. Disclosure of Personal Information with Third Parties

4.1 Service Providers and Business Partners

We may from time to time employ third parties to perform tasks for us and we may need to share Personal Information (including account information) with them to perform those tasks. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary for them to perform the relevant tasks for us. The third parties we currently engage include third-party companies and individuals employed or contracted by us to provide certain capabilities within the Services and for certain general business functions, including the provision of database management, payment processing and customer relationship management tools, including the Sub-Processors.

4.2 Business Transfers

If our business (or substantially all of our assets) are acquired by a third party, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be made available or otherwise transferred to the new controlling entity, where permitted under applicable law. Your Personal Information may also be transferred in connection with due diligence for any such transactions. In all cases, if any such transactions occur, your Personal Information will remain subject to the restrictions and protections set forth in this Privacy Policy.

4.3 With Your Consent

If we need to use or disclose any Personal Information in a way not identified in this Privacy Policy, we will notify you and/or obtain consent as required under applicable privacy laws.

4.4 As Required by Law

We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. Further, we may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law.

We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to:

• satisfy any applicable law, regulation, legal process or governmental request (including pursuant to subpoenas, civil investigative demands, or similar processes); enforce our contracts or user agreements, including investigation of potential violations hereof; and
• detect, prevent, or otherwise address fraud, security, or technical issues.

The above may include exchanging information with other companies and organizations for fraud protection, spam/malware prevention, and know-your-customer purposes. Notwithstanding the general terms of this policy, the collection, use, and disclosure of Personal Information may be made outside of the terms of this Privacy Policy to the extent provided for in any applicable privacy or other legislation in effect from time to time, or pursuant to court orders (including in respect to depositions, interrogatories, subpoenas, civil investigative demands, and other court or regulatory-mandated discovery processes).

5. Retention

We will keep your Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. Personal Information in respect to financial transactions is retained for at least five years by Sussed for financial compliance and to meet regulatory requirements. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained Personal Information will remain subject to the terms of this Privacy Policy.

6. Residents of the European Economic Area (“EEA”) and the UK

If you are a resident of the EEA or the UK, you have certain data protection rights. Sussed takes reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information (known as “Personal Data” under the EU General Data Protection Regulation and under the UK Data Protection Act 2018).

If you wish to be informed about what Personal Data we hold about you and if you want that Personal Data to be removed from our systems, please contact us using the contact information set out below. Note that where we act as a data processor on behalf of our customers, you will be required to contact the data controller directly to exercise your rights.

In certain circumstances, where we act as data controller, you have the following data protection rights:

• Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you where we are the data controller and to check that we are lawfully processing it.
• Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
• Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the information’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local Data Protection Authority. If you wish to exercise any of the rights set out above, please contact us using the contact details below.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

We may also contact you to ask you for further information in relation to your request to speed up our response.

7. Access, Correction and Accuracy

You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that Personal Information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances, and as permitted under law, we may not be able to make all relevant Personal Information available to you, such as where that Personal Information also pertains to another individual. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access to and modifications of Personal Information in a timely manner.

We will make every reasonable effort to keep your Personal Information accurate and up to date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your Personal Information. Having accurate Personal Information about you enables us to give you the best possible service.

8. California Privacy Rights

This section provides additional details about the Personal Information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (the CCPA).

For more details about the Personal Information Sussed has collected over the last 12 months, please see Section 2.1 (“What We Collect”) above. We collect this Personal Information for commercial purposes described above. Sussed does not sell (as that term is defined in the CCPA) the Personal Information we collect.

Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of Personal Information we collect about them (including how we use and disclose this Personal Information), to delete their Personal Information, to opt out of any “sales” of Personal Information that may be occurring, and to not be discriminated against for exercising these rights.

California consumers may make a request pursuant to their rights under the CCPA by contacting us at the contact information below. We will verify your request using the information (including Personal Information) associated with your account, if available, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.

9. Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated above. We may amend this Privacy Policy from time to time. Processing of Personal Information we collect is subject to the Privacy Policy in effect at the time such Personal Information is collected, used or disclosed as this Privacy Policy may subsequently be updated in accordance with this Section 9. If we make material changes or changes in the way we use Personal Information, we will notify you by posting an announcement on our Website or via the Services or sending you an email prior to the change becoming effective. By accessing the Site or using the Services after we make any such changes to this Privacy Policy, you are deemed to have accepted and agree to be bound by such changes. Please refer back to this Privacy Policy on a regular basis.

10. Additional Information

Questions regarding this Privacy Policy or Sussed’s privacy practices should be directed to our Privacy Officer at [email protected].

Sub-Processors

To support Sussed in delivering the Services, Sussed engages third-party service providers as sub-processors.

This page identifies our sub-processors, describes where they are located, lists the services they provide to us and identifies the type of Personal Information processed.

Our business needs may change from time to time and Sussed will periodically update this page to provide notice of additions and removals to our list of sub-processors.