FitXpress Privacy Policy

Last Revised: January 23, 2025

3DLOOK Inc. (“3DLOOK”, “Company,” “we,” or “us”) is committed to respecting privacy rights of our customers and users. Please read this privacy policy carefully to understand our practices and policies regarding information about you. This privacy policy (“Policy”) sets out how 3DLOOK uses and protects any personal data that you provide to 3DLOOK when accessing and/or using FitXpress solution (“FitXpress” or “Service”) for digital body measuring and/or 3D modeling.

This Policy does not apply to any information collected: (i) through any other means, including any other service, application or website operated by 3DLOOK or any third party, or (ii) by any third party, including through any application or content (including advertising) that may be linked to or be accessible from the Service. Please, note that any collection and use of Personal Data (as defined below) by a third party conducted via their products or digital platforms that utilize or otherwise contain the functionality of the Service is subject to such third party’s policies and terms. This Policy may apply to such services only with respect to information collected directly via FitXpress and processed by us.

Please read this Policy carefully. By accessing, visiting, or using FitXpress, you agree to this Policy. Please note that if you disagree with anything contained in this Policy, you should not use the Service.

DEFINITIONS

“Business Client” means any individual, company, organization, or other legal entity that has contracted with 3DLOOK or is evaluating FitXpress for potential integration within their websites, platforms, apps, or other services. This includes both actual customers who have entered into a service agreement with 3DLOOK and prospective customers who are testing or evaluating the Service. For the purposes of applicable data protection Laws, Business Clients act as data controllers for their end-users’ Personal Data, while 3DLOOK acts as a data processor when processing end-users’ Personal Data on behalf of Business Clients.

“Personal Data” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual (consumer) or household. However, personal information does not include publicly available, de-identified, or aggregate information.

“Personal Data Processing” or “processing” means any operation or set of operations performed upon Personal Data or sets of Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

“Law” means the applicable law, statute, subordinate legislation, regulation, order, mandatory guidance or code of practice, a judgment of a relevant court, or directives or requirements of any regulatory body which relates to the protection of individuals with regard to the processing of Personal Data, including, but not limited to, General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act, as amended by the California Privacy Rights Act and other applicable California privacy laws (“CCPA”).

“You” or “User” means the individual accessing or using the Service.

2. TYPES OF INFORMATION WE COLLECT

The categories of information (including Personal Data) we collect depend on how You use and interact with the Service. We collect the information You provide to us and information we obtain automatically when you use our Service or otherwise interact with it.

Information Provided by You. When You’re signing up for the Service as our actual or prospective Business Client (including cases when you’re signing up on behalf of a legal entity), we may ask You to provide us with certain information (including Personal Data) to set up your account/profile, such as name and job title, email address, phone number, company name, billing information and profile information (e.g., password). If You, as a Business Client, provide us, with any Personal Data relating to third-party individuals (including, but not limited to, your customers), You represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Policy.

When You’re utilizing FitXpress as an end-user, we also need to process the following information about You to provide you with the corresponding services: gender/sex, age (optional), height, weight (optional), photos (initial images – front and side photos) (collectively, the “Input Data”). Photos may be captured through our camera SDK integrated into Business Clients’ services (subject to your permission), provided directly by Business Clients through their platforms or services, or captured directly through our Service (i.e., the Service may access the camera on your device (only subject to your permission) to make and receive the photos). After the photos are processed, we will receive the information on your body parameters/measurements, indexes and weight (calculated following the processing of photos). In addition, as a result of processing, we will also generate a 3D-model of your body. Don’t worry, your face won’t be visible – we automatically remove facial features. By using FitXpress, You hereby certify that You have the full legal capacity and all the necessary authorizations to take, upload, share and/or disseminate the photos representing You and/or someone else who has expressly authorized You to do so.

When You access FitXpress through our Business Clients’ websites, platforms, apps, or other services, the collection and handling of your Personal Data by such Business Clients are subject to their own privacy policies and practices. However, this Policy will apply to your Personal Data processed by 3DLOOK for the provision of the services associated with FitXpres.

We may also collect Personal Data provided by You when You request information about our Service or request customer or technical support in connection with the Service.

Likewise, we may collect Personal Data that You voluntarily decided to share with us. We are asking You not to provide us with Personal Data that is intended for a limited circle of people or that falls under the definition of Sensitive Data. For the purposes of this Policy, “Sensitive Data” means any information about your: (i) racial or ethnic origin; (ii) political, religious or philosophical beliefs; (iii) membership in political parties and trade unions; (iv) sentencing to criminal penalties; (v) health, sexuality; and (vi) biometric or genetic data.

Information Collected Automatically. In addition to any information that we collect directly from You, we may use a variety of technologies that automatically (or passively) collect certain information or data while using FitXpress, or whenever You interact with FitXpress on third-party websites, platforms, and services, and such websites, platforms, and services contain FitXpress functionality and a link to this Policy. We may collect usage information; this includes information about your interaction with the scanning link, status of your scanning, and other information about how You use the Service.

We do not treat information collected by automated data collection technologies as Personal Data. However, to the extent that these identifiers are considered Personal Data under the applicable Law, we will also treat these identifiers as Personal Data. Similarly, to the extent that information or data we collect that is not considered to be Personal Data is combined with Personal Data, we treat the combined information as Personal Data for the purposes of this Policy and compliance with the applicable Law.

HOW WE MAY USE INFORMATION ABOUT YOU

We may use the collected information for various business purposes as described below.

Provision of Services. If you’re using FitXpress as our Business Client, we may use your account information and contact details to provide You with access to the Service and its features (certain functionality or areas) and to manage your account (where applicable). For example, we use the contact details You provide when signing up for the Service as our Business Client to create your user account.

Business Clients are responsible for:

Ensuring they have appropriate legal grounds for processing end-users’ Personal Data before collecting and sharing Input Data with our Service;
Providing end-users with clear information about data sharing with 3DLOOK in accordance with applicable data protection Laws;
Maintaining appropriate documentation demonstrating compliance with data protection requirements, including records of consent where consent is relied upon as the legal basis for processing;
Implementing mechanisms for end-users to exercise their data protection rights, including the right to withdraw consent where applicable.

When You’re utilizing FitXpress as an end-user, we will process your Input Data to provide You with the requested services and generate the corresponding Deliverables (as defined below) in accordance with our agreement with the relevant Business Client. Based on the requirements and instructions of our Business Client (acting as a Data Controller, as this term is understood under the applicable Law), we permanently delete end-users’ photos either: (i) immediately after the processing and the completion of the generation of the Deliverables or (ii) in 30 days of the generation of the Deliverables. When temporary storage is selected, all retained photos are automatically blurred to ensure additional privacy protection. For the purposes of this Policy, the “Deliverables” means the outputs of the Service, including any text, numbers, pictures, graphics, information and data, including, but not limited to, body measurements, indexes and insights such as your body composition, 3D models (including 3D body modeling and predicted 3D body modeling) and other content generated via the Service with the use of the Input Data.

Please note that the use of photos by our Business Clients and the use of the Deliverables generated with FitXpress integrated into our Business Clients’ websites, platforms or services may be subject to the Business Clients’ own policies and practices, not this Policy. When You access FitXpress through our Business Clients’ platforms or services where FitXpress is integrated, the Deliverables may be provided to the relevant Business Client to enable their services to You. By continuing to access and use FitXpress via such Business Client’s apps, platforms, and/or services, You acknowledge and agree that your Input Data will be processed by 3DLOOK and the Deliverables may be provided to our Business Client.

Analytics, Service & Technology Improvement. We may use any information collected from You, including information that does not qualify as Personal Data to: (i) to personalize user’s experience and to allow us to deliver the type of content and product offerings in which You may be most interested; (ii) to improve our technology and services to serve you better and/or to provide services more effectively; (iii) to ensure continuous improvement and development of our technology and services, optimize our ML models, identify trends and patterns, enhance accuracy and performance of our products and services; (iv) to administer our apps and accompanying services; and (v) to diagnose possible problems.

We also collect data about how our Service is used. We use this information to develop and improve our products and services. For example, we utilize usage data to assess trends and usage across our products and services to help us determine what new features or integrations our users may be interested in. We may share usage data externally but will only do so in an anonymized and/or aggregated manner to build and improve product features.

We may also use anonymized/aggregated data for machine learning that supports certain product features and functionality with the Service, analyses, improvement of size recommendation algorithms, and similar purposes to serve You better and/or to provide the services more effectively.

We may collect, use, transfer, and disclose “publicly available” information and/or non-Personal Data, which includes information lawfully made available from federal, state, or local government records, or information in a form that does not, on its own, permit direct association with you for any purpose pointed in this Policy.

If we combine information or data in a form that does not, on its own, permit direct association with any specific individual with the Personal Data, the combined information will be treated as Personal Data for as long as it remains combined.

Communication. We may use the contact details You provide to us when signing up for the Service as our Business Client to contact You via email, SMS, or via in-app/push notification about your account, activities on our Service, policy changes, security incidents, and other administrative matters. Likewise, we may also use your information to provide customer support, such as answering requests for technical support and analyzing product outages or bugs.

If You receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt-out of receiving future emails. Please note that You will continue to receive transaction-related (non-promotional) emails regarding the Service or any of its features you have requested, updated to our policies.

Protection of our Interests and Safety. We may use your Personal Data when we believe it’s necessary to take precautions against liabilities, investigate and defend ourselves against any third-party claims or allegations, investigate and protect ourselves from fraud, protect the security or integrity of the technology and the Service and protect the rights and property of 3DLOOK, our Business Clients, users and/or partners.

Compliance with Legal and Regulatory Requirements. We may also use/disclose your information (including Personal Data) collected by us to comply with applicable legal requirements, industry standards, and our policies. Likewise, we may disclose your information in situations that we believe to be: (i) emergencies involving potential threats to the physical safety of any person or property if we believe that your information in any way relates to that threat; (ii) You use the Service in a way that we believe may be illegal or inappropriate.

Business Process Management. We may provide some of your Personal Data to our partners, clients, contractors, and affiliates if necessary for performing contractual obligations or if it is an essential part of how the services work (to the extent permitted under the applicable Law). Please see Section 4 for more information about how your information may be shared with third parties.

Other. We may use Personal Data for other purposes that are clearly disclosed to You at the time You provide Personal Data or with your consent.

We may transfer and process your Personal Data in countries other than your country of residence. When Personal Data is transferred internationally, we implement additional safeguards as required by applicable data protection laws, which may include Standard Contractual Clauses approved by the European Commission and data processing agreements. By using the Service and accepting this Privacy Policy, You acknowledge and agree that your Personal may be transferred internationally, including to countries with data protection laws that differ from those in your home country. You confirm that you have been duly informed of the conditions and potential risks associated with such transfers, including the possibility of transfer to servers located outside the country of origin of the data; You expressly agree to such transfers being carried out, as provided in this Privacy Policy and in accordance with applicable Laws.

HOW WE SHARE INFORMATION WE COLLECT

We may share your information with third parties to achieve the purposes described in this Policy. We share your information with third parties for a variety of business purposes, including when it is required by functions of the Service and its features, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below. Only the data and information strictly necessary for the provision of services will be shared.

Business Clients. We will not pass your Personal Data to third parties, except when required by functions of the Service and its features. We may share your information with our Business Clients with whom we jointly offer products or services, including cases where our Service is integrated into Business Clients’ platforms or services. If You access the Service via third-party sites, links, products, platforms, or services, we may provide information on your body parameters to such third parties for the purpose of providing such third-party services to You. Your photos may be obtained through various channels, including directly from our Business Clients’ platforms or services, through our camera SDK implemented within Business Clients’ services, or directly from You. The collection and handling of photos by our Business Clients are subject to their own privacy policies and practices. We are solely responsible for processing activities related to such photos in accordance with this Policy. Please note that the use of the Deliverables generated with FitXpress integrated into our Business Clients’ websites, platforms or services may be subject to the Business Clients’ own policies and practices, not this Policy.

Service Providers. We may engage third-party service providers to perform certain business-related functions. Examples of such functions include, but are not limited to, data storage and database maintenance services, data security, etc. When we engage such third-party service providers, we will provide them with limited access to Personal Data as needed to perform their specific function. We will make sure that each third party will be bound with contractual obligations to keep such Personal Data confidential, make necessary steps to protect such Personal Data, and not to use it for any purpose other than providing services to us and other provisions as required under the applicable Law.

We use the following third-party service providers:

Service

Service Provider

Purpose

Link to Service Provider’s Privacy Policy

AWS

Amazon Web Services, Inc.

Cloud data hosting, CDN, Object Storage, Instance hosting

https://aws.amazon.com/privacy/

https://aws.amazon.com/compliance/data-privacy-faq/

Sentry

Functional Software, Inc.

Logging, performance issues detection and notification

https://sentry.io/privacy/

We may also share your information (including Personal Data) with other service providers for the purposes above, with which we will establish cooperation.

Before transferring any Personal Data to a third-party service provider, we shall make reasonable checks of such third parties regarding its compliance with the applicable Law.

Compliance With the Law. Law Enforcement. We may disclose Personal Data if required to do so by law or to comply with a legal obligation, or if we believe in good faith that such action is necessary to: (i) protect our rights or property and our customers or (ii) protect the property or safety of users of FitXpress and the accompanying services, legal owners of our website, services or our intellectual property; (iii) or any third party. If we are required by law to disclose any of your Personal Data, we will use reasonable efforts to provide You with notice of that disclosure requirement unless we are prohibited from doing so by statute, court, or administrative order.

Business Transfers. We reserve the right to sell, assign, or transfer our business or assets. In any such actual or contemplated business sale, merger, consolidation, change of control, transfer of substantial assets, reorganization, or any other corporate transaction involving 3DLOOK, or in connection with due diligence conducted in anticipation of such an event, Personal Data may be included in the transferred assets. You acknowledge that such transactions may occur and that your Personal Data may be transferred to a third party as part of the consummation of any such transaction in accordance with applicable law.

Subsidiaries and Affiliates. We may share your Personal Data with members of our corporate family.

California and EEA & UK residents may have additional rights and choices. Please see Section 7 below for more information.

HOW TO ACCESS AND CONTROL INFORMATION ABOUT YOU

We will retain your Personal Data as described in Section 6 of this Policy.

Depending on your location and applicable Law, you may have the following data protection rights:

You can request access, correction, updates, or deletion of your Personal Data.
You can object to our processing of your Personal Data, ask us to restrict processing of your Personal Data, or request portability of your Personal Data.
If we have collected and processed your Personal Data with your consent, then You can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

To exercise any of your rights regarding your Personal Data please contact us using the contact details provided in Section 9 of this Policy.

California and EEA & UK residents may have additional rights and choices; please see Section 7 to learn more.

DATA SECURITY

We may store the Personal Data we collect as described in this Policy for as long as You use our Service or as necessary to fulfill the purpose(s) for which it was collected, provide You with access to the Service or its features, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable Law. For end-users, the Personal Data we process is limited to Input Data and does not include any contact or identifying information. The retention period will be determined, taking into account the type of information that is collected and the purpose for which it was collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. The retention period for your photos depends on the requirements and instructions of our Business Clients. Photos may be either deleted immediately after processing and generation of the Deliverables, or stored for up to thirty (30) days. When temporary storage is selected, all retained photos are automatically blurred for additional privacy protection. Photos provided through Business Clients’ platforms or services may be subject to their own retention policies.

After a reasonable period of time, we will either delete or anonymize your Personal Data. Non-Personal Data, de-identified, or anonymized data can be retained by us without limitation of time. We make no warranties that your Personal Data will be available for any specific period. Please consider that we have no obligations to notify You when deleting your Personal Data and can do it at our sole discretion.

We will maintain industry-standard physical, electronic and procedural safeguards designed to protect any data in our possession from loss, misuse, corruption, and unauthorized access or disclosure. Wherever we collect Personal Data, we make commercially reasonable efforts to provide the necessary level of encryption. We may provide such security measures using third parties (e.g., vendors, contractors, etc.).

The safety and security of your information also depend on You. Do not disclose your contact information, password, or other data that allows or enables unauthorized access to the Service, and keep this information confidential.

Unfortunately, no method of transmission or method of electronic storage is 100% secure. Although we do our best to protect your Personal Data, we cannot guarantee that the data stored during your use of the Service is invulnerable to hacking and will not be subject to a security breach. We make no warranty, guarantee, or representation that the Service is or will be protected from all viruses, security threats, or other vulnerabilities or that your Personal Data and other information will always be secure.

In the event of a data breach involving Personal Data processed by 3DLOOK, we will: (i) notify the relevant Business Client (data controller) without undue delay and in any case within a maximum of 48 hours after becoming aware of the breach; (ii) provide all necessary information about the nature and scope of the breach;(iii) document all facts, effects, and remedial actions taken with respect to such breach. Responsibility for notifying affected data subjects and competent authorities will be determined in coordination with the controller, in accordance with applicable Law.

Privacy Safeguards within the Company. To ensure your Personal Data is secure, we communicate our privacy and security guidelines to our staff and strictly enforce privacy safeguards within the Company. We ensure that all the members of our team have committed to confidentiality.

Information Transferred to Third Parties. Before transferring any Personal Data to a third party (processor, contractor, affiliate, partner, supplier, vendor, etc.), we shall make a reasonable check of such third party regarding its compliance with applicable the applicable Laws and the implementation of the appropriate safeguards.

Information Received from Third Parties. In cases where we receive your Personal Data from a third party (i.e., our Business Client who is the controller of such data) during the fulfillment of contractual obligations, we act as a processor. In order to secure such Personal Data, we treat it with the same level of security as we treat Personal Data as if we collected it, as provided in this Policy (if applicable or if we are not obliged by the relevant contract to provide additional security measures).

Technical Measures. All the data (including Personal Data) is automatically encrypted both during transmission and at-rest using advanced encryption protocols. Encryption is enforced by default; storage encryption is always on and cannot be disabled. The Service is hosted on a leading cloud infrastructure provider. Our system continuously monitors for and prevents unauthorized access attempts. Vulnerability scanning is conducted regularly.

SPECIFIC NOTICES

Children

FitXpress is not intended for children under 16 years of age (or age equivalent in the relevant jurisdiction). No one under the age of 16 shall provide any information to or on FitXpress. We do not knowingly collect or process data from minors. If You are under 16 (or age equivalent in the relevant jurisdiction), please do not use or provide any information to or via FitXpress. If we learn that we have collected or received Personal Data from a minor without verification of parental consent, we will promptly delete that information. If You believe we might have any information from or about a child under 16, please contact us via privacy@3dlook.me.

Data from International Visitors and Transfers to the United States

If you are interacting with FitXpress from outside the United States and provide us with Personal Data, please note that, to provide you with the requested service or otherwise communicate with you as described in this Privacy Policy, your data will need to be transferred to, stored, and processed in the United States. The data protection laws in the United States may differ from those in your home country. By using FitXpress, you consent to the transfer, storage, and processing of your Personal Data in the United States and any other locations selected by 3DLOOK.

Notice to European Economic Area (EEA) and UK Residents

This section applies only to EEA and UK residents. This Policy will govern the use of your “Personal Data,” which the GDPR defines as any information relating to an identified or identifiable data subject. Examples include data that directly, or when used in conjunction with other provided data, enables the identification of a specific individual. Personal Data does not include data in a form that does not, on its own, permit direct association with any particular individual.

If You are located in the European Economic Area or the UK, we may process your Personal Data for the purposes described in Section 3 of this Policy when:

You have consented to the processing of your Personal Data;
We need your Personal Data to provide You with access to the Service and its functionality as requested by You, or to respond to your inquiries;
We have a legal obligation to use your Personal Data; or
We have a legitimate interest in using your Personal Data. In particular, we have a legitimate interest in using your Personal Data to ensure and improve the safety, security, to suppress illegal activity on our Service, to take precautions against liabilities, investigate and defend ourselves against any third-party claims or allegations, investigate and protect ourselves from fraud, protect the rights and property of 3DLOOK, its users and/or partners, etc.

We may retain your Personal Data for as long as is required to fulfill the purposes of the processing of the Personal Data outlined in Section 3 of this Policy, or for a longer period as required under the applicable Law. The retention period will be determined taking into account the type of Personal Data collected, the instruction of the controller, and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused data at the earliest reasonable time. We can delete your Personal Data at any time and we do not guarantee that your Personal Data will be available for any specific period of time. Please consider that we have no obligations to notify You when deleting your Personal Data, and we can do it at our sole discretion.

Before transferring any Personal Data to a third party (including partners, suppliers, or vendors), we will conduct a reasonable assessment to ensure that the third party has implemented appropriate safeguards. These safeguards include contractual and organizational measures to protect your Personal Data wherever it is transferred. By accepting this Privacy Policy, you provide your explicit and unambiguous consent for your Personal Data (and any non-identifiable data, if applicable) to be stored outside your country of residence, domicile, or economic region, as required.

We may process certain information in a form that does not, on its own, permit direct association with you for various purposes. These purposes include improving our services, enhancing the functionality and user experience of our technology, optimizing content delivery, analyzing usage patterns, and developing new features. Additionally, this information may be used to generate aggregated statistics that help us better understand user behavior, interests, and preferences to improve the overall quality of the Service. This type of information is not associated with any Personal Data that can identify an individual.

Our Service may utilize automated processing of your Input Data to generate body measurements and 3D models. This does not involve automated decision-making that produces legal effects or similarly significant effects.

The GDPR provides data subjects with specific rights and choices in connection with their Personal Data. You may have the following rights according to the applicable Law:

You can express and withdraw consent for your Personal Data processing. Please note that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
You can request access, correction, or updates of your Personal Data.
You can object to our processing of your Personal Data, ask us to restrict processing of your Personal Data, or request portability of your Personal Data.
You can request the deletion of your Personal Data. You may ask to delete your Personal Data at any time, but in such case, it may lead to the impossibility to use our Service.
You have the right to complain to a Data Protection Authority (subject to the applicable Law) about our collection and use of your Personal Data. However, we’d appreciate the chance to deal with your concerns before You approach the respective Data Protection Authority. Please contact us in the first instance by e-mailing at privacy@3dlook.me. We also provide you with an easy way to submit us privacy-related request like a request to access or erase your Personal Data. If you want to make use of your data subject rights, please visit our public privacy landing page: https://app.prighter.com/portal/12970373.

If You wish to exercise any of the aforementioned rights or receive more information, please contact us using the contact details provided in Section 9 of this Policy.

To protect your privacy and ensure the security of your Personal Data when fulfilling your request, we may need to request specific information from you to verify your identity. This verification process helps us ensure that requests to access Personal Data or exercise other rights granted to data subjects are made only by authorized individuals. It is a necessary security measure to prevent the unauthorized disclosure of your Personal Data.

Within one month of receiving your request, we will provide You with information about the actions taken in connection with your request. If we require more time (up to 45 days), we will inform You of the reason and extension period in writing.

If You found out that someone has illegally provided us with your Personal Data, please, contact us promptly using the contact details provided in Section 9 of this Policy. Upon your request, we will delete your Personal Data without undue delay, but in any case, within one month from the day of receipt of your request (or more due to the complex nature of the request or the number of requests). We will only retain such copies of the information necessary for us to comply with the Law for such cases.

Please kindly note that if your request turns out to be unreasonable or excessive, in particular, due to its repeated nature, we may request a reasonable fee for the fulfillment of the request or refuse to take action in connection with the request.

Notice to California Residents

This section applies only to individuals who reside in the State of California. This Policy will govern the use of your “Personal Information,” as defined in the CCPA. Personal Information does not include “publicly available” information, which includes information lawfully made available from federal, state, or local government records or information in a form that does not, on its own, permit direct association with any specific individual. If You are a California resident, California law may provide You with additional rights regarding our use of your Personal Information.

We do not knowingly process, “sell,” or “share” Personal Information (as defined in the CCPA) of children under 16 years of age. We may share certain Personal Information with third parties, as outlined in Section 4, if they are our service providers or Business Clients to whom we provide services in connection with our contractual obligations. This may be considered a “sale” or “sharing” under certain state privacy laws, such as the CCPA. If you’d like your information to be removed from our dataset, or would like to opt out from the “sharing” of your Personal Information for the purposes described herein, please contact us as described in Section 9 below.

We have collected the following categories of Personal Information from our consumers (end-users of FitXpress) within the last twelve (12) months:

Commercial information, such as information about returns made via the website, platform, or service where You utilize FitXpress functionality. We collect this information directly from You or third-party sources.
Protected classification characteristics, such as biological sex and age. We collect this information directly from You.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as physical characteristics or description (e.g., height, weight). We collect this information directly from You and/or upon processing the images provided to us.
Biometric information, such as biological characteristics or physical patterns. We collect this information directly from You upon processing the images provided to us.
Internet or network information, such as information on your interaction with the Service. We collect this information directly from your device.
Sensory data, such as your images. We collect this information directly from You.
Other Personal Information, in instances, when You interact with us online, by phone, or mail in the context of receiving help in connection with the Service.

The purposes for which we collect this information are described in Section 3 of this Policy.

You have certain rights regarding the Personal Information we collect or maintain about You. Please note, these rights are not absolute, and there may be cases when we decline your request as permitted by law.

The right of access means that You have the right to request that we disclose what Personal Information we have collected, used, and disclosed about You in the past 12 months.

The right of deletion means that You have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.

The right to non-discrimination means that You will not receive any discriminatory treatment when You exercise one of your privacy rights.

You can exercise your rights by yourself, or You can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request You are making. We may also request that your authorized agent has written permission from You to make requests on your behalf. We may also need to verify your authorized agent’s identity to protect your Personal Information.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform You of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow You to transmit the information from one entity to another without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell You why we made that decision and provide You with a cost estimate before completing your request.

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by please use the contact details from Section 9 below.

8. CHANGES TO THIS POLICY

We may revise this Policy from time to time at our sole discretion. At the beginning of the Policy, the date on which this Policy was last updated will always appear. You understand and agree that You will be deemed to have accepted the updated Policy if You continue to use FitXpress after the updated Policy takes effect. We encourage You to review this Policy periodically.

9. HOW TO CONTACT US

FitXpress is operated by 3DLOOK Inc., 2918 Avenue I Unit #5399, Brooklyn, NY 11210.

If You have any questions, concerns, or complaints regarding the way we collect and handle your Personal Data, or if You have any thoughts or questions about this Policy, or about a contact person (representative) for compliance with the applicable Law, You can contact us at: privacy@3dlook.me

3DLOOK Inc.

Attn: Legal Department

2918 Avenue I, Unit #5399

Brooklyn, NY 11210

United States

For EEA and UK Residents:

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

European Union (EU)
United Kingdom (UK)

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website:https://app.prighter.com/portal/12970373.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-92309701-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
personalization_id	2 years	This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.

Cookie	Duration	Description
_ga_NXNB16WGX6	2 years	No description
_hjAbsoluteSessionInProgress	30 minutes	No description
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description
_lfa	2 years	This cookie is set by the provider Leadfeeder. This cookie is used for identifying the IP address of devices visiting the website. The cookie collects information such as IP addresses, time spent on website and page requests for the visits.This collected information is used for retargeting of multiple users routing from the same IP address.
_pin_unauth	1 year	No description
_pinterest_ct_ua	1 year	No description
AnalyticsSyncHistory	1 month	No description
RUL	1 year	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.