Last updated: July 26, 2021
Custom Men is committed to protecting the privacy of all its users.
In order to ensure that our customers and users are fully informed of our data handling policies and their rights pertaining to this data, we maintain this page which details our practices around information collected through the Custom Men platform.
Our approach to data security and privacy includes but is not limited to:
- State-of-the-art platform security
- At-rest and in-transit encryption of all customer and end-user data
- Providing customers with the tools to control the amount of personally-identifiable information (PII) handled by Custom Men.
Kinds of Information We Collect
Custom Men processes four different categories of data, which reflect the different levels of sensitivity in context. However, there are several common traits about how we handle the data, regardless of type:
- We never sell this data to third parties. In limited cases, we provide it to third-party services for usage strictly within the Custom Men product or business; for example, to provide analytics graphs on the Custom Men dashboard.
- All data is subject to the protections of the General Data Protection Regulation, in the case it originates from the European Union.
Type 1: End-user PII
This data can be used to identify a specific user. Examples of end-user PII include:
- User profile data passed to Custom Men by the customer.
- Browser information that is collected by default in the Custom Men SDK (e.g., OS, device type, browser language, user agent), when associated with a particular user; and
- Browsing history data that is collected by default in the Custom Men SDK (e.g., current page URL, current page title).
Again, like all data we collect, we never sell end-user PII to third parties.
Customers may opt out of browser and browser history information by contacting Custom Men Support.
We use this data to customize and deliver Custom Men content.
Type 2: End-user Custom Men Data
This data pertains to how end users are interacting with Custom Men content; This category also includes user responses to Custom Men forms or surveys.
We do not actively collect PII for use in this category, and no PII is required in this category in order to use www.CustomMen.com. Note, however, that form or survey responses may add PII to this data.
We use data in this category to customize and deliver Custom Men content, as well as display analytics on the Custom Men dashboard.
It is this data stream which is available for CSV download on the Custom Men dashboard.
Type 3: Customer PII
We collect customer PII through the Custom Men dashboard. This category of data includes business-relationship information, such as the name and email address of each of a customer’s team members who are authorized to use the Custom Men platform.
Custom Men does not handle or store financial data about customers (e.g., credit card information). Instead, we use a fully PCI DSS compliant payments processor.
We use this type of data mainly in the Custom Men dashboard and editor, and within the Custom Men business.
Type 4: Customer Aggregate Data
This category includes customer-wide, aggregated statistics such as active user count.
This data does not contain PII.
We use data in this category mainly in the Custom Men dashboard and editor, customer emails, and within the Custom Men business.
Security and Compliance
Custom Men is committed to the privacy of information as it passes over our network, as well as to preventing unauthorized access to customer or end-user data. Among other technical and organizational measures we have implemented to protect data, we use industry-leading encryption to protect all external traffic in transit (via HTTPS/TLS) and at rest (using AES-256 and an automated key rotation system).
We delete end-user and customer data promptly upon verified request by the applicable customer or end user, except to the extent required by applicable law or to perform or enforce the terms of applicable contracts.
Requests for data deletion may be addressed to email@example.com.
European Union-United States and Swiss-United States Privacy Shield
We are aware of the July 16, 2020 decision of the European Court of Justice relating to the EU-US Privacy Shield and the September 8, 2020 opinion of the Federal Data Protection and Information Commissioner of Switzerland (FDPIC) relating to the Swiss-US Privacy Shield, in each case causing the applicable Privacy Shield Framework to be unavailable as a valid mechanism for data transfers to the United States. Nevertheless, in accordance with guidance from the United States Department of Commerce, Custom Men continues to be responsible for its obligations under both frameworks. Accordingly, we remain committed to the Privacy Shield Frameworks as set forth below, pending the outcome of negotiations between the Commerce Department and EU and Swiss authorities for an enhanced Privacy Shield program. Meantime, for concerned customers, Custom Men will be happy to enter into an appropriate data processing addendum, including the “standard contractual clauses” approved by the European Commission and recognized by the FDPIC.
In compliance with the Privacy Shield Principles, Custom Men commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Custom Men at:
Custom Men, LLC
144 East 44 Street
New York, NY 10017 USA
Custom Men has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
As a last resort and under certain limited and prescribed circumstances and conditions, you have the right to invoke a “last resort” binding arbitration process between you and us to resolve a dispute related to our collection, use or disclosure of your personal information.
Accountability for Onward Transfer
If we transfer your personal information to another country, we may remain liable and will take appropriate measures to protect your privacy and the personal information we transfer.
Data Integrity and Purpose Limitation
We will collect only as much personal information as we need for specific, identified purposes, and we will not use it for other purposes without obtaining your consent. We will take appropriate steps to make sure the personal information in our records is accurate.
Recourse, Enforcement, and Liability
Other Applicable Law
As noted above, we do not sell PII for direct marketing or any other purpose. Therefore, the elements of CCPA or other applicable law relating to the sale or “commercial” use of PII do not apply to us. Similarly, we do not track users over time across third-party, non-customer websites, and therefore we do not recognize or respond to browser-initiated “do not track” signals. You do not need to establish an account with us or be a registered user in order to send us a request, but if you already have an account with us, we may communicate with you about your request through your account. We do not discriminate against our users based on their data-privacy choices or the exercise of their rights under applicable data protection laws.
We respect the privacy rights of all of our users. We are committed to complying with data protection laws to the extent they apply to us, and to assist our customers in their compliance obligations as applicable and appropriate. To exercise your rights, please contact us at the address listed below. Please allow us a reasonable time to respond to your request.
Please note that your rights under certain data protection laws depend in part on the nature of your relationship with us. For example, if we are processing your PII in the role of a service provider to your organization as our customer, then your organization is responsible for the instructions it gives to us regarding your PII, and if you wish to exercise any rights you may have under applicable data protection laws, please direct your inquiry to your organization. Because we may only access and use our customer’s data (which may include your PII) in accordance with instructions from the applicable customer, if you are a customer user and you make your request directly to us, we will refer your request to that customer, although we will support them as required by applicable data protection laws in responding to your request.
Other Uses of Data
Transfer of Ownership
We use the information you provide about yourself when doing business with us only to provide the service that you have requested, including customer service, during the term of your or your organization’s agreement with us. We do not share this information with outside parties, other than the service providers described above, without your permission.
Finally, we never use or share PII provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses, except under the circumstances described in this section.
Custom Men, LLC.
144 East 44 Street
New York, NY 10017 USA