PRIVACY POLICY
RE:STYLE APP

ONEUP B.V., Johan Huizingalaan 400, 1066JS Amsterdam, Netherlands (hereinafter referred to as “oneUp” or “we”) provides the RESTYLE APP.

ONEUP attaches great importance to the protection of your personal data and processes it exclusively in accordance with the principles laid out below and in compliance with applicable data protection laws, in particular with the EU General Data Protection Regulation (hereinafter referred to as “GDPR”).

Below you will find information about ONEUP as the data controller responsible for your personal data and about our Data Protection Officer (Section A). You will also find information about your rights as a data subject in relation to the processing of your personal data (Section B), as well as details about how ONEUP processes your personal data (Section C).

Consent Management Protocol

  1. Data Processing and Consent Management

As part of the RE:STYLE app, we use various data processing services (DPS) to ensure the app functions correctly and delivers the best user experience. These services, typically categorized as either marketing or functional, are treated as essential for the RE:STYLE app pilot. This means that, by default, all services will be active once you download and start using the app. There are 3 exceptions to this, which are listed below. We provide transparency about these services, and a detailed overview can be found in the Data Processing Service Overview Table below. Although the table lists services by category (marketing or functional), please note that, for this pilot phase, we treat them all as essential to the app's operation. As such, you are unable to individually switch off any of these services.


  1. Opt-Out Options:

  • If you do not wish for these data processing services to be active while you use the app, you have the option to opt out entirely. This can be done by deleting your account and uninstalling the app.

  • Once the app is removed from your device, all data collection and processing related to the RE:STYLE app will cease.

We also provide some specific opt-out options for particular types of data processing:

  1. Cross-App E-commerce Tracking: You can opt out via an Apple-provided modal or through your device's settings. This does mean as a user you cannot access the url provided in-app.

  2. Push Notifications: After onboarding, you can manage push notification permissions through your device settings.

  3. Email Marketing: You can unsubscribe from marketing emails via the unsubscribe link in the email itself.

However, please be aware that choosing to opt out entirely (i.e., delete your account) will result in the loss of access to the RE:STYLE app and its features.

Data Processing Service Overview

Marketing

  • Facebook Pixel

  • AppsFlyer

  • Mailchimp

  • PostHog Analytics

  • AWIN

Functional These technologies enable us to analyse usage behaviour to measure and improve performance.

  • Google Cloud

  • Apple Sign-in

  • Unbounce

  • Firebase Authentication

Essential

These technologies are required to activate the core functionality of our service.

  • Firebase Cloud Storage


DPS

Category

Version

Legal Basis

Firebase Cloud Storage

Essential

Live Version: 1.0.1

Art. 6 para. 1 s. 1 lit. b) GDPR

Apple Sign-In

Functional

Live Version: 1.0.3

Art. 6 para. 1 s. 1 lit. b) GDPR

Unbounce

Functional

Live Version: 6.2.3

Art. 6 para. 1 s. 1 lit. b) GDPR

Firebase Authentication

Functional

Live Version: 1.0.4

Art. 6 para. 1 s. 1 lit. b) GDPR

Facebook Pixel

Marketing

Live Version: 23.12.21

Art. 6 para. 1 s. 1 lit. a GDPR

AppsFlyer

Marketing

Live Version: 7.0.0

Art. 6 para. 1 s. 1 lit. a GDPR

Mailchimp

Marketing

Live Version: 9.2.6

Art. 6 para. 1 s. 1 lit. a GDPR

Table of contents

 

Information about the data controller

  1. Name and contact details of the data controller

ONEUP BV
Johan Huizingalaan 400, 1066JS Amsterdam, Netherlands
E-mail: [email protected]

  1. Contact details of the data controller’s Security Officer 

ONEUP BV
Johan Huizingalaan 400, 1066JS Amsterdam, Netherlands

 

E-mail: [email protected]

Information regarding your rights as a data subject

As a data subject you can exercise the following rights with respect to the processing of your personal data, provided that the relevant conditions are met:

 

  1. Right of access (Art. 15 GDPR) 

  2. Right to rectification (Art. 16 GDPR)

  3. Right to erasure (“right to be forgotten”) (Art. 17 GDPR)

  4. Right to restriction of processing (Art. 18 GDPR)

  5. Right to data portability (Art. 20 GDPR)

  6. Right to object (Art. 21 GDPR)

Under the conditions provided in Art. 21 No.1 GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions. Under the conditions provided in Art. 21 No.2 GDPR you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find detailed information regarding the legal basis of processing in Section C of this Privacy Policy.

 

  1. Right to withdraw consent (Art. 7 (3) GDPR)

  2. Right to lodge a complaint with the supervisory authority (Art. 77 (1) GDPR)


You may contact our Data Protection Officer (Section C.II.) for the purpose of exercising your rights.

Information regarding the processing of personal data

In relation to our online activities, we process different kinds of personal data for different purposes. Below you will find detailed information regarding the specific instances in which we process your personal data and how. A further use of your personal data for secondary purposes beyond the scope specified below does not take place.

 

      1. Visiting our App

When you visit our App for informational purposes only, the App automatically sends certain technical data, such as your IP address, to our server. This data is temporarily stored in a Web Server Log File to ensure the security of the IT infrastructure that supports the App.

We also provide different functions intended to support you when visiting our App. Depending on which functions you use, additional data is processed.

You will find more detailed information in the table below. 

 

      1. Details regarding personal data to be processed

 

Categories of personal data to be processed

Personal data contained in these categories

Obligation to provide personal data

Storage period 

Protocol data that is generated for technical reasons via the Hypertext Transfer Protocol (Secure) when the app is accessed (“HTTP(S) data”).

Device ID (IMEI), IP-address, operating system, date and time of access. 

There is no statutory or contractual requirement for the provision of personal data, nor is it a requirement necessary to enter a contract. There is no obligation to provide the personal data. If the data is not made available, we will not be able to provide the accessed APP content. 

Data is stored in Web Server Log Files in a way that allows for identification of the individual concerned and for a maximum period of 7 days, unless a security-relevant event occurs (e.g. a DDos attack). In the event of a security-relevant event, Web Server Log Files are stored until the security-relevant event has been corrected and fully resolved.

This category includes information related to user accounts, such as account creation, account deletion, and user profile details. Contact data comprises user contact information provided during the sign-up and sign-in process, enabling communication with users. (Personal Identification Data”)

E-mail address, name, surname

Provision is not a statutory or contractual requirement, or a requirement necessary to enter a contract. There is no obligation to provide the data.

Not providing these data means that we cannot provide you the core functionality of the app: generating looks based on your wardrobe.

The data is given by you to use the App Sign up.

This category involves data related to user preferences, style choices, and fashion-related information collected during onboarding, style surveys, and interactions with the app’s fashion library; like colours & patterns you like, clothing categories you wear, looks you might like, basics you own. 

(User Preferences and Style Data”)

Preferences in styling, filters, personal favourites

Obligation to provide data because this will ensure a personalized experience.

The data is given by you to use the Style Advise and get the inspiration. 

When creating your digital wardrobe, we store the images locally on your phone and on the cloud to restore potentially. 

If you upload a picture of yourself, we prefer not to have personal photos, images with person. (“Photo Data”)

Photo

Obligation to provide data because this will ensure a personalised experience.

No obligation to upload images with persons or yourself.

Own storage and in the cloud during usage, and keeping in the cloud for 1 month after deletion of user account

When using our Contact form function on the Web-Landing page (optional):
Information you provide us with via the Contact forms on our APP (“Contact form data”).

Name, surname, Email address (mandatory), company name, website, title, message 

There is no statutory or contractual requirement for the provision of personal data, nor is it a requirement necessary to enter into a contract. There is no obligation to provide the personal data. If the data is not provided, we will not be able to process your request. 

 

Information you provide us with when making contact (“Contact data”).

Email address when contacting us via email. In addition, we store the information you provided us with in relation to your reason for contacting us. 

There is no statutory or contractual requirement for the provision of personal data, nor is it a requirement necessary to enter a contract. There is no obligation to provide the personal data. If the data is not provided, we cannot accept your request. 

 

Protocol data that accrue for technical reasons when subscribing to push notifications (“Push Notification Protocol Data”).

Date and time of subscription, push-token, device ID, operating system 

There is no obligation to provide the data.

Not providing this data means that you cannot subscribe to push notifications.

We store this data for as long as you subscribe to push notifications.

In addition, we may retain this data beyond the standard retention period if and to the extent we are required to do so by law, including under the UK GDPR and the Data Protection Act 2018, such as to comply with statutory retention or documentation obligations, or where it is necessary for the establishment, exercise, or defence of legal claims.

This category encompasses data associated with how users interact with the app, including actions like generating looks, voting on looks, saving and customising looks, sharing looks, and various other user interactions within the app (“User Behavior and Interaction Data”)

Clicking behaviour, visits, User ID 



Obligation to provide data because this will ensure a personalised experience. 

14 months stored in google analytics, but then we can hold it indefinitely in BigQuery. 

PostHog hold the anonymous data indefinitely

Technical data: device used and iOS versions etc

Device ID

There is no obligation to provide the data.

Not providing this data means that you cannot download the APP.

We store the data as long you have installed the APP.

When a user deletes their account, their data has to be manually removed from 3rd party services, this is done every 6 months

 

      1. Details regarding the processing of personal data

Purpose of the processing of personal data

Categories of personal data to be processed

Legal basis and legitimate interests, if applicable 

Recipient

Provision of content of App accessed by the user.

HTTP(S) data: Looks saved, wish-list products, previous search

Balancing of interests (Art. 6 (1) (f) GDPR). Our legitimate interest is the provision of the APP content accessed by the user.

App provider

Personalised displays of information, e.g. on the attractiveness of our products, on current price or product changes, and on equivalent or thematically related products and content, in order to tailor the APP visit to the respective personal interests in the best possible way.

This includes tracking the response behaviour to the personalised displays of information (e.g. click and purchase behaviour).


For RE:STYLE this means that we show personalised looks and product recommendations in the looks.

HTTP(S) Data: products available, brand, and price. 

Consent (Art. 6 (1) (a) GDPR) via the cookie banner.

Service provider

Processing your request

Contact form data and / Contact data, Online Chat Data

Consent (Art. 6 (1) (a) GDPR) via the cookie banner.

Insofar as your enquiry concerns the performance of a contract to which you are a contracting party, or the implementation of pre-contractual steps: Art. 6 (1) (b) GDPR. 

Otherwise: Balancing of interests (Art. 6 (1) (f) GDPR). In this case, our legitimate interest is the processing of your request. 

Hosting provider and communications service provider, if applicable 

Storage and processing for evidence purposes for the establishment, exercise or defence of any legal claims. 

Contact Form Data, Contact Data, Online Chat Data.

Art. 6 No.1 (f) GDPR. After balancing of the interests our legitimate interest is the establishment, exercise or defence of any legal claims.

 

  Automated decision-making in the sense of Art. 22 GDPR does not take place.

 

      1. Details regarding recipients of personal data and the transfer of personal data to a third country and / or international organisations

Recipient

Recipient’s role 

Recipient’s location

Adequacy decision or appropriate safeguards for transfers of personal data to a third country and / or international organisations

Hosting provider 

Processor

EU

Service provider – PostHog

Processor/ Joint Controller

EU

App provider

Controller 

EU

Communications service provider- Mailchimp

Controller 

Depending on your means of communication and your location

– 

Service Provider – Firebase

Processor

USA

The transfer is subject to the EU standard data protection clauses pursuant to Art. 46 (2) (c), (5) GDPR.

 

Buying through RE:STYLE

 

In addition to the purely informational use of our APP (as described above ) you have the option of making purchases through Partners’ Stores. Use of Partners’ Stores will trigger further data processing, as described below. We process different kinds of personal and purchase data in relation to different functions within Partners’ Stores. 

 

You will find more detailed information in the table below.

 

      1. Details regarding personal data to be processed

Categories of personal data to be processed

Personal data contained in these categories

Obligation to provide personal data

Storage period

Information regarding your purchase required to improve the recommendation in the app (“Purchase data”).

Information regarding product(s) purchased (product name, product number, quantity, clothing size, colour, purchase price, currency, date and time of respective purchase, status of your order including information on product returns).


Provision is required for the conclusion of a purchase contract. 

If the data is not provided, you will not be able to purchase products.

Data is stored and captured by our affiliate network partners, AWIN & Impact. 



      1. Details regarding the processing of personal data

Purpose of the processing of personal data

Categories of personal data to be processed

Legal basis and legitimate interests, if applicable

Recipient

Provision of our affiliate functions in the App.

HTTP(S) data

Balancing of interests (Art. 6 (1) (f) GDPR). Our legitimate interest is the provision of the APP content accessed by the user.



Hosting provider 

Storage and processing of data for evidential purposes in relation to the possible assertation, exercise or defence of legal claims. 

Purchase order form data, Purchase data ((product name, product number, quantity, clothing size, colour, purchase price, currency, date and time of respective purchase, status of your order including information on product returns), Transaction e-mail data

Balancing of interests (Art. 6 (1) (f) GDPR. Our legitimate interest is the enforcement, exercise or defence of legal claims. 

Hosting provider

Storage of data in compliance with statutory retention obligations, in particular under commercial and tax law. 

Purchase order form data, Payment data ((product name, product number, quantity, clothing size, colour, purchase price, currency, date and time of respective purchase, status of your order including information on product returns), Purchase data, Transaction e-mail data 

Compliance with a legal obligation (Art. 6 (1) (c) GDPR).

Hosting provider

 

  Automated decision-making in the sense of Art. 22 GDPR does not take place.

 

      1. Details regarding recipients of personal data and the transfer of personal data to a third country and / or international organisations

Legal Entities

Recipient’s role 

Recipient’s location

Adequacy decision or appropriate safeguards for transfers of personal data to a third country and / or international organisations

Hosting provider

Processor

EU

Email service provider

Processor 

EU

 

The marketplace partner of the sales platform remains responsible for the processing of your data under data protection law. There is no joint processing of your data with the marketplace partner or on our behalf. Our marketplace partners have their own privacy policies, which can usually be found on their APPs. We are not responsible for the privacy policies and data processing practices of the marketplace partners.

 

Changes to this privacy policy

 

It may become necessary to adapt this Privacy Policy due to technical development and / or changes in legal requirements and / or regulatory standards. The latest Privacy Policy can be accessed at restyle-app.com/privacystatement/ any time at under Data Protection.