Privacy Policy

Introduction

This Privacy Policy ("Policy") is designed to inform users of the TRYON service, including all associated software, and websites (collectively, the "Services") about how TRYON Technology Ltd. ("TRYON," "we" or "us") collects, stores, uses and discloses personal data and information in connection with the Services.

In this Policy, "user" or "you" means any person using or otherwise benefiting from the Services or otherwise submitting personal information to us via the Services. If you choose to use our Services, then you agree to the collection and use of data and information in relation to this Policy. The personal data and information that we collect are used for providing and improving the Services. We will not use or share your personal data and information with anyone except as described in this Policy.

With the exception of Section 1 and 2 of this Policy, all user “personal data and information” will be referred to as “Personal Data” in this Policy.

What personal data and information we collect

TRYON may collect the following personal data and information (sometimes with the help of the third-party providers such as Google Analytics, Firebase and Stripe):

Basic user information
If applicable, we will collect basic personal information like your name and email address, phone number and profile photo.

Payment information
To purchase subscription to some of the Services, you will be asked to provide your payment processing information, such as your full name, email address, billing address and payment method details, to us or TRYON’s third-party payment processor. This third-party will be responsible for keeping the information you disclose during the payment process confidential.

User data
If applicable, the Services allow you to upload and submit 3D models, images and related content, along with comments and other information. TRYON collects this data uploaded by you.

Device information
We collect information about your device ID, device Internet Protocol (“IP address”), model, manufacturer and operating system (e.g., iOS, Android, Windows, etc.).

Usage data
We also collect data on how you and others access and use the Services, for example:
- An act of taking a picture or recording a video using the Services;
- Photos and videos created by you with the help of the Services;
- Photos and videos taken by the Services automatically when you use the Services;
- Your finger and wrist size information, and information about your skin tone and other skin properties when you use the Services;
- Browsing information (when the Services were open, for how long, what pages were open, how you used the Services, etc.); and
- Product browsing information (what products were browsed using the Services and how they were browsed).

Cookies
Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

TRYON Services do not use these “cookies” explicitly. However, the Services may use third-party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of the Services.

Why TRYON needs this Personal Data

We use all Personal Data we collect from you to improve the Services and deliver better experience. For example, we may analyze whether application of virtual jewelry on your hand was successful, whether it needs any improvement, whether it fits the contours of your finger or wrist correctly, etc. In addition, we may use Personal Data collected from you:
- To carry out our obligations arising from any contracts entered into between you and us;
- To provide you with information, products or services that you request from us or which we consider are similar to those you have already purchased or enquired about;
-To allow you to participate in interactive features of the Services, when you choose to do so;
- To provide troubleshooting and customer support;
- To notify you about changes to the Services;
- Send you technical notices, updates, security alerts, and support and administrative messages; and
- For any other purpose with your consent.

We will also create statistical, aggregated data relating to our users and the Services for analytical purposes ("aggregate information"). Aggregate information is derived from Personal Data, but in its aggregated form it does not reveal any personal information or identify any individual. This data may be used to understand our customer base and to develop, improve and market the Services and TRYON’s other products or services.

How TRYON shares and stores your information

We do not share your Personal Data with any third parties except as specified by this Policy. We may share some of your Personal Data indicated in Section 2 of this Policy with the following third parties:

Firebase: an analytical platform, owned by Google LLC, that allows us to understand the Services’ usage and user engagement. See more about Firebase’s privacy policy here;

Google Analytics: a website analytics service, owned by Google LLC, that gives us information about how you find and use the Services. See more about Google Analytics privacy policy here; and

Stripe: a software that allows us to make and receive payments over the Internet. Stripe provides the technical, fraud prevention, and banking infrastructure required to operate online payment systems. See more about Stripe’s privacy policy here.

All your Personal Data collected by TRYON is stored on Google Cloud Services owned by Google LLC.Google LLC is located in the United States and is signed up to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks.You may choose to share your content (for example your photos with applied virtual jewelry) using our proprietary or third-party services. Please note that any such third-party services are not governed by this Policy. For instance, you may choose to send an email to share your photo using your Google account, then all applicable Google privacy policy will apply. When you access and use third-party services via the Services, we are not responsible for these third-party services and we do not endorse or make any warranties and representations about such third-party services.

Personal Data retention
If you choose stop using the Services, we may retain your Personal Data for as long as your account is active and within reasonable period thereafter in case you decide to re-activate the Services, but normally no longer than five years.

TRYON’s lawful basis for processing your Personal Data

If European data protection law applies and TRYON acts as a controller, our lawful basis for collecting and using the information described in this Policy will depend on the information concerned and the specific context in which we collect or use it.We normally collect or use information from you or others only where we have your consent to do so, where we need the information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:
- Use information to create and manage an account, we need it in order to provide relevant services.
- Use names and email addresses for email marketing purposes, we do so with your consent (which you can revoke at any time).
- Gather usage data and analyze it to improve our Services, we do so based on our legitimate interest in safeguarding and improving our Services.

If you have questions about or need further information concerning the lawful basis on which we collect and use your personal information, please contact us at privacy@tryon.technology

How our users can exercise their data rights

Modification, correction and erasure
You have a right to modify, correct, erase and update your Personal Data by writing us at privacy@tryon.technology

Access
You have a right to access your Personal Data you provided and ask us about what king of Personal Data we have about you. You can do this by writing us at privacy@tryon.technology

EEA residents
Individuals residing in the countries of the European Economic Area have certain statutory rights in relation to their personal data introduced by the General Data Protection Regulation (the “GDPR”). Subject to any exemptions provided by law, you have the following rights:

- Rectification of Personal Data and restriction of processing. You are responsible for ensuring the accuracy of your Personal Data that you submit to TRYON. If you believe that your Personal Data is inaccurate, you have the right to ask us to correct such Personal Data by contacting us at privacy@tryon.technology. You shall also have right to request restriction of processing of your Personal Data if you contest the accuracy of the Personal Data, and we need some time to verify its accuracy.

- Access to your Personal Data and data portability. You shall have the right to request information about whether we have any Personal Data about you, to access your Personal Data (including in a structured and portable form) by writing us at privacy@tryon.technology.

- Erasure of your Personal Data. If you believe that your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or in cases where you have withdrawn your consent or object to the processing of your Personal Data, or in cases where the processing of your Personal Data does not otherwise comply with the GDPR, you have the right to contact us and ask us to erase such Personal Data. You can write us at privacy@tryon.technology. Please be aware that erasing some Personal Data inserted by you may affect your possibility to utilize the Services and their features. Erasure of some Personal Data may also take some time due to technical reasons.

- Notification requirements. We commit to notifying you within a reasonable period of time and/or your data protection authority within the timeframe specified in applicable law (72 hours) about any personal data breaches on the TRYON website or mobile applications.

- Data Protection Authorities. Subject to GDPR, you also have the right to (i) restrict our use of Personal Data and (ii) lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with GDPR.

Please keep in mind that in case of a vague access, erasure, objection request or any other request in exercise of the mentioned rights we may engage the individual in a dialogue so as to better understand the motivation for the request and to locate responsive information. In case this is impossible, we reserve the right to refuse granting your request.

Please note that we will grant your request within 30 days after receiving it, but it may take us up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems — this is due to the size and complexity of the systems we use to store data.

Your removal from our mailing list or database will not remove your Personal Data and information you have submitted to us or records of past use of the Services, nor delete information stored in our data backups and archives. All Personal Data will be maintained and/or deleted in the ordinary course of our business.

How TRYON is keeping Personal Data safe

We take all reasonable and appropriate measures to protect all collected Personal Data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Among others, we utilize the following information security measures:

- Pseudo-minimization and tokenization of certain categories of your Personal Data;
- Encryption of your Personal Data in transit and in rest;
- Systematic vulnerability scanning and penetration testing; and
- Protection of data integrity.

Please understand that no security system is perfect and, as such, we cannot guarantee the absolute security of the Services, or that your information will not be intercepted while being transmitted to us. If we learn of a security systems breach, we may post a notice and will take reasonable steps to remedy the breach.

Legal exception
Notwithstanding anything to the contrary in this Policy, we may preserve or disclose your Personal Data if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect our rights or property. However, nothing in this Policy is intended to limit any legal defenses or objections that you may have to a third party's, including a government's, request to disclose your information.

Business transfers
In the event that TRYON is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your Personal Data may be sold or transferred as part of that transaction. This Policy will apply to your Personal Data as transferred to the new entity.

8. Other

Links
The Services may contain links to other websites and services, including payment services. We are not responsible for the privacy practices or the content of those websites, and you should review the privacy statements of each third-party website you visit. This Policy applies solely to Personal Data collected by the Services.

Amendments
We may revise this Policy from time to time. The most current version of the Policy will govern our use of your Personal Data and will always be located at https://tryon.jewelry/policy. If we make a change to this Policy that, in our sole discretion, is material, we will notify you via the Services or via email using the email address associated with your account. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Policy.

California residents’ privacy
If you are a California resident, you may ask for a list of third parties that have received your Personal Data for direct marketing purposes during the previous calendar year. This list also contains the types of information shared. We provide this list at no cost. We do not share your Personal Data with third parties for their own marketing purposes.

“Do Not Track” Signals
Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application.

Our Policy Toward Children
We understand the importance of protecting the privacy and safety of children using the Services, as outlined by the Children’s Online Privacy Protection Act of 1998 (COPPA). We do not knowingly collect or retain personally identifiable information about persons under 13 years of age. Any person who provides their Personal Data to us via the Services represents that they are 13 years of age or older. We encourage parents and legal guardians to monitor the activity of those under 13 years of age. If you have reason to believe that a child under the age of 13 has provided personally identifiable data to us, please contact us at privacy@tryon.technology, and we will make every effort to delete that information from our databases.

9. Effective date of this Policy

The effective date of this Policy is April 12, 2019. Last updated on August 2, 2019.

10. Contacting Us

TRYON’s Data Protection Officer’s (DPO) responsibilities are performed by Andrii Tsok. If you would like to contact TRYON’s DPO, please reach out to privacy@tryon.technology and we will respond to your request accordingly.

Any questions about this Privacy Policy should be addressed to privacy@tryon.technology or TRYON Att: Andrii Tsok Suite 200, 175 Bloor Street East Toronto, Ontario M4W 3R8