We prioritize your privacy and are committed to protecting it. This policy details the way we handle any personal data you share through our website (marbazzar.com) and the Marbazzar app. We, Marbazzar, Inc. [address] are the data controller of your personal data. We encourage you to review this policy carefully to fully understand our privacy practices.
Where the applicable law requires a legal basis for personal data processing, we rely on the following legal bases:
Our legal basis for processing specific categories of data depends on our processing purposes and the categories of data processed.
We process various categories of personal data for the following purposes:
Although you may be asked about your payment details when using our website and app, we do not process payment information. Your payment details will be processed by third parties such as Stripe, according to the strict international standards for payment processing. When you pay for anything on Marbazzar, we and the buyer do not get access to your payment details. Only the payment processor gets access to it.
We process the following categories of personal data:
We use each of these data categories for one or more specific processing purposes at a time.
We gather data in two ways:
1. Information you give us directly.
2. Information from third-party tools.
When you create a user account or when you reach out for technical support, you share some information with us. That's the data you directly provide.
Besides this, we use tools from other companies to help run our website. These tools use cookies and similar trackers and collect data.
We provide buyers on our platform with the choice to build a 3D avatar for virtual try-ons. The avatar is created by our own AI model based on the photos and videos you voluntarily provide, as well as your body measurements and facial features.
The data is used to further refine the AI model by embedding the personal data into the model. It means that the body measurements and the facial features are melted into the AI model (embedded into it) and cannot be extracted back to identify a person or to be removed from the AI model.
Where the applicable laws, such as the consumer data privacy laws of the US states, require allowing users to opt out from the personal information processing, opt-out from the processing of the data embedded in the AI model may not be possible.
Where the applicable law, such as the EU GDPR and other similar laws, requires consent for such data processing, we process such data only upon users’ explicit consent.
We use third-party service providers for some of the processing activities. These service providers are our contractors (in the GDPR called data processors).
Please note that our service providers only have access to your personal information to perform the tasks we have assigned to them, and they are obligated not to disclose or use it for any other purpose.
We vet all our service providers carefully and ensure that they are committed to Data Privacy Frameworks, where applicable.
We use the following service providers:
We do not share users’ facial features and body measurements with any third party. They are part of our proprietary AI model stored on Amazon Web Services and Google Firebase encrypted servers.
The data retention period for each data category depends on the purpose of the processing of the data and varies.
We make decisions on data retention as follows:
If you are an EU user, or user from another region, country, or state with a comprehensive data protection law that grants data subject rights, you may have the following data subject rights:
If you would like to exercise your rights under the GDPR or another data protection law, you may submit your requests to us through the following channels:
[channels]
Keep in mind, that we might ask you to confirm who you are before we answer your request. This is to keep your personal information safe.
Remember, you can also raise concerns with a Data Protection Authority about how we handle your data. To learn more, reach out to your local data protection agency.
We store the personal data on our servers in the United States.
We also use third-party service providers, such as Mailchimp, Google, Meta, and others. These providers transfer the personal data to the United States for processing purposes.
However, both Marbazzar and its US service providers are certified under the EU-US Privacy Framework to ensure safe international data transfers of EU users’ data.
Marbazzar is committed to complying with the EU-US Data Privacy Framework, the UK-US Data Privacy Framework, and the Swiss-US Data Privacy Framework.
Please note that we, as a US company, are required by law to disclose your personal information in response to a lawful request by public authorities. In case we disclose such data to authorities and you are not satisfied with our actions, you have the right to a free dispute resolution through the EU Data Protection Review Court, the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC). You can submit the complaint through your national data protection authority.
You can also submit a complaint directly to us, by [email/web form]. We are obliged to respond to your complaint within 45 days from the day of submission.
If your case is not resolved through the available redress mechanisms, we are committed to a binding arbitration upon your request.
The US Federal Trade Commission is competent for the enforcement of the DPF Principles.
We implement technical and organizational measures sufficient to ensure that your personal information is secure. We also ensure that our service providers implement appropriate measures to keep the data safe.
Your user account data, including facial features and body measurements, are kept safe on our servers with AES256 encryption. However, you also have to ensure that you keep the data safe by implementing a strong and unique password that you keep confidential and not use on shared devices.
Marbazzar is not intended for persons below the age of 18. We do not collect children’s data knowingly.
If you become aware that we have collected your child’s data without knowing, please contact us and we will delete it as soon as possible.
Occasionally, we might make changes to this Privacy Policy. When we do, we'll refresh the "last updated" date at the beginning of the policy. If there are significant changes, we'll let you know—whether it's on our website, through a blog post, an email, or any other way we see fit.
For any inquiries regarding privacy, contact us at [email protected].