Privacy Policy

Effective Date: July 16, 2020

1. Introduction

The purpose of this Privacy Policy is to allow you (the “User”) to understand how we, FabFitFun. Inc. (“FabFitFun”) collect and use the personal information you provide to us through the websites and mobile apps that we own and operate (in each case, the “Services”), including fabfitfun.com, the FabFitFun App, summerandrose.com, ish.co, chicandtonic.com, and xosienna.com and other channels, both offline and online, that reference or link to this Privacy Policy.

This Privacy Policy applies to information collected by FabFitFun and does not apply to information collected by any third-party sites to which FabFitFun may link or to information provided to, or collected by, third-parties through cookies, web beacons, or other third-party technologies served during your visit to the Services.

2. Information We Collect and How We Use It

Personal Account Information: If you choose to sign-up for our subscription box service, or engage in other transactions or activities (for example surveys or sweepstakes entries, among other things), or sign up for other services, on our Services, you will be asked to provide the following basic information: your name, your e-mail address, your mailing address, your telephone number and your credit card or other payment information.

We need these categories of information in order to enter into a transaction agreement with you to provide you with the goods or services you have requested.

You may also choose to provide some information about your product preferences, tastes or individual characteristics, which we will use to customize the goods or services you have requested, and to validate your prior membership activity.

All of this information submitted by you will be subject to this Privacy Policy and is called “Personal Account Information.”

As part of our agreement with you, we may use Personal Account Information to contact you or send you notifications about products and services that you have ordered. We may also, on the basis of your consent or our legitimate business interests, send you notifications about products and services that we otherwise think may be of interest to you. You can withdraw your consent at any time by using the opt-out mechanism in the notification or contacting us directly.

Technical Data: When a User visits the website Services, our servers automatically record information regarding the User’s browser type, browser language, platform type, IP address, web request, number of clicks, domain names, the amount of time spent on particular pages, the date and time of use of services and interactions with the Services (“Technical Data”). We store Technical Data through use of cookies, pixels, or other similar technologies.

FabFitFun uses Technical Data for the following legitimate business purposes:
(a) to diagnose and prevent service or technology problems that are associated with the IP addresses;
(b) to help us provide you with customized content and promotions that match your stated preferences;
(c) to prepare geographical or other statistical data to help us better serve our Users;
(d) to create new features, promotions, and services in connection with the Services;
(e) to measure the effectiveness of our advertising campaigns;
(f) to monitor the use of the Services;
(g) to confirm that Users have visited previously;
(h) to keep track of the status of your shopping cart; and
(i) to perform other functions on the Services.

You can set your browser to accept all cookies, reject all cookies, or notify you when a cookie is set. However, if you set your browser to disable all cookies, some features of the Services may not function properly. For Users in the United Kingdom or European Economic Area, please see our EU Cookie Policy for more information on your choices regarding cookies.

Referral Information: We often invite Users to tell a friend about our products or services. Where permitted, you may provide us with your friend’s name and email address (“Referral Information”). We will automatically send your friend emails inviting them to subscribe to FabFitFun’s box program or other product or service, and we will typically include a discount or other promotion to encourage your friend to become a User or customer. Your friend may opt-out of future marketing emails by clicking the “unsubscribe” link within the invitation and may contact us at privacy@fabfitfun.com to request that we remove their information from our database.

Information from Other Sources: We may obtain information about you from other sources and combine or link that with the information we have collected about you. To the extent we combine such third-party sourced information with your Personal Account Information, Technical Data, or Referral Information, we will treat the combined information in accordance with this Privacy Policy. We may also contract with third party vendors to pool browsing information about your visits to our website with other sources of information for purposes of determining whether you might be interested in receiving advertising, including direct mail or a catalog.

3. Disclosure of your Information

FabFitFun may provide your Personal Account Information, Technical Data, or Referral Information to third-party service providers that we engage to assist us with the operation of the Services and the provision of products and services. Such access is provided with the understanding that these parties will use the information for these limited purposes and in accordance with our Privacy Policy.

Unless otherwise disclosed at the time of collection of information, FabFitFun does not share Personal Account Information, Technical Data, or Referral Information with third parties for their own direct marketing purposes. We may, however, use your information to send you advertisements or display our targeted advertisements when you visit other web properties. FabFitFun will only provide your information to those web publishers or their advertising intermediaries in order for them to display the relevant FabFitFun ad to you and pursuant to a service provider contract limiting their use and disclosure of your information.

FabFitFun may also provide your information to service-providers who provide marketing insights, such as lookalike models or other statistical research. FabFitFun may also provide general demographic, aggregated, or deidentified information about Users and customers and their preferences to advertisers and other existing or prospective business partners.

In addition, FabFitFun reserves the right to share Personal Account Information, Technical Data, and Referral Information with authorized third parties if:

(a) we believe we are required to do so in accordance with a law or to respond to a subpoena, court order, or other lawful request by a public authority, including to meet national security or law enforcement requirements;

(b) we believe that such disclosure is necessary or appropriate to enforce our Terms of Use and Sale;
(c) we believe that such disclosure is necessary or appropriate to take precautions against liability;

(d) we believe that such disclosure is necessary or appropriate to investigate and defend ourselves against any third-party claims or allegations;

(e) we believe that such disclosure is necessary or appropriate to assist government agencies;
(f) we believe that such disclosure is necessary or appropriate to protect the security or integrity of the Services;

(g) we believe that such disclosure is necessary or appropriate to protect the rights, safety or property of FabFitFun, our Users or others; or
(h) FabFitFun becomes involved in a merger, acquisition, or other transaction resulting in a change of control of FabFitFun or a sale of substantially all of the assets of the business or of a particular product line or division of the business, in which case Personal Account Information may be transferred in connection with the transaction and may become subject to the privacy policy of another entity.

4. Third-Party Advertising

Advertisers may download cookies onto your computer, or use other technology like web beacons, to enable them to recognize your computer each time they send you an advertisement even when you are visiting another site. As a result, the advertiser would have the ability to deliver targeted advertisements that they believe would be of most interest to you. FabFitFun does not have access to or control of the cookies that may be placed on your computer by third-party advertisers.

In some instances you can opt-out of receiving personalized ads from third party advertisers and ad networks. Advertisers and ad networks that are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising provide opt-out choices at the following websites:

NAI Website

DAA Website

5. Security

We take reasonable and appropriate measures to help keep information secure and to help prevent it from becoming disclosed. Even though we follow reasonable procedures to try to protect the information in our possession, no security system is perfect so we cannot guarantee, and you should not expect, that your information will be secure in all circumstances.

6. Choice

We do not collect, use, or disclose your Personal Account Information in any ways or for any purposes that are materially different from those set forth herein. However, if we wish to do so in the future, we will obtain your consent first, and offer you the choice to opt-out of such collection, use, or disclosure.

7. Data Quality, Access, and Rectification

We will make reasonable efforts to ensure your Personal Account Information is accurate and complete and we will update or correct your information as needed when notified by you. In addition, you can manage your Personal Account Information through your FabFitFun account. If you would like to request access to your personal information, request to verify your personal information, identify any inaccuracy in your personal information, or change your personal information in any way, please contact us. Users in the United Kingdom or European Economic Area have the additional rights to request erasure of, restrict the processing of, or object to certain processing of their personal information, as well as to data portability. If you wish to request erasure of your personal information, please click here. You may also contact us at GDPRDSR@fabfitfun.com or contact our United Kingdom and EU Representative at dpo@twico.com if you wish to exercise these rights.

8. Retention

We will keep your Personal Account Information in active files or systems as long as needed to meet the purposes for which it was collected or to fulfill the other purposes outlined herein.

9. International Transfers

This website is hosted in, and our Services are provided from, the United States. Accordingly, by providing your Personal Account Information through the Services, you consent to the transfer of your information from your country of residence to the United States. With regard to data transfers from the United Kingdom or European Economic Area to the U.S., we have self-certified to the EU-U.S. Privacy Shield Framework as more particularly described below. We may also engage service providers or business partners located in other countries, who may receive your information, all in accordance with this privacy policy and applicable law. Those countries may offer less privacy protection than your country of residence, and in certain instances your personal information may be accessible by foreign courts, law enforcement authorities and national security authorities in those countries.

10. Privacy Shield

FabFitFun, Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability with regard to all personal information received in reliance on the Privacy Shield. We have put in place appropriate contractual safeguards and procedures with the third parties with whom we share your personal information but in cases of onward transfer to third parties of personal information of individuals received pursuant to the EU-U.S. Privacy Shield framework, FabFitFun remains potentially liable. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view FabFitFun’s certification, please visit https://www.privacyshield.gov.

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding this privacy policy should first contact us at privacy@fabfitfun.com or dpo@twico.com. We have further committed to refer unresolved Privacy Shield complaints to our independent recourse mechanism the International Centre for Dispute Resolution® of the American Arbitration Association® (ICDR/AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the ICDR/AAA for more information or to file a complaint. The services of the ICDR/AAA are provided at no cost to you. In addition, in certain circumstances as a last resort, individuals may be able to invoke binding arbitration through the Privacy Shield panel. Lastly, we are also subject to the investigatory and enforcement powers of the Federal Trade Commission and any other authorized U.S. statutory body.

11. Other Sites

As noted above, this Privacy Policy only applies to our Services. Our Services may include links to other sites, but FabFitFun does not control the privacy practices of other sites. FabFitFun is not responsible for the privacy practices of other websites.

12. Changes to this Policy

FabFitFun may change its Privacy Policy from time to time. Any updated policy will be posted on this page and the effective date of the updated policy will be indicated at the top of the page.

13. How We Communicate with You

If you have any questions about our Privacy Policy, you can contact us by emailing us at privacy@fabfitfun.com. If we need, or are required, to contact you concerning any event that involves your information, you agree that we may do so by email, telephone, or mail.

14. Do Not Track Signals: Some web browsers and devices allow you to broadcast a preference that your activities online not be “tracked”. At this time, our Services do not take action in response to “do not track” signals.


15. Children: We do not provide products and services to children. We do not knowingly collect or solicit information from children under the age of 13.

If you are a parent or guardian of a child under the age of thirteen (13) and believe he or she has disclosed personally identifiable information to us, please contact us at privacy@fabfitfun.com.

A parent or guardian of a child under the age of thirteen (13) may review and request deletion of a child’s personally identifiable information as well as prohibit the use thereof. If we become aware that a child under 13 has provided us with personal information, we take steps to remove that information and terminate the child’s account.

16. Your California Privacy Rights: Effective January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) affords California residents (i) the right to request disclosure of data collection and sales practices in connection with the requesting consumer, including the categories of personal information collected, the source of the information, use of the information and, if the information was disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold; (ii) the right to request a copy of the specific personal information collected about the requesting consumer during the 12 months before their request (together with right (i), a “request to know”); (iii) the right to have such information deleted, subject to certain exceptions; (iv) the right to request that their personal information not be sold to third parties, if applicable; and (v) the right not to be discriminated against because they exercised any of these rights.

California residents (or their designated authorized agents) may submit a request to know or a deletion request via email to privacy@fabfitfun.com or by calling our toll-free number 855-313-6267.

We may need to collect information from the requesting party to verify their identity or their status as an authorized agent, as the case may be, and may use a two-step process to confirm requests to delete. We will confirm receipt of your request within 10 days and will respond in full within 45 days (subject to an additional 45-day extension in certain circumstances). We are only obligated to respond to a request to know twice within a 12-month period.

We collect and use the categories of personal information set forth in Section 2 above for the business or commercial purposes described therein. Section 3 describes the categories of third parties with whom we share personal information, and what information may be shared under different circumstances. We do not disclose or sell personal information to third-parties for their “business purposes” or “commercial purposes” as such terms are defined in the CCPA, nor do we offer financial incentives associated with our collection, use, or disclosure of your personal information.

Separate from the CCPA, residents of the State of California, under California’s “shine the light” law, have the right to request from companies conducting business in California a list of all third-parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third-party direct marketing purposes.
FabFitFun does not disclose personally identifiable information to third-parties for their direct marketing purposes.

17. Changing and Deleting: You may access your Personal Account Information through your profile on our Services and delete, change, or modify certain information. For additional assistance with modifying or deleting information provided to our Services, contact us at privacy@fabfitfun.com.

18. Direct Mail: To opt-out of receiving our direct mail or catalogs, you may send us an email at privacy@fabfitfun.com or call us at 855-313-6267.

19. Questions or Complaints

Should you have any questions or complaints regarding our Privacy Policy, please feel free to contact us at privacy@fabfitfun.com. United Kingdom or European individuals may also contact our United Kingdom and EU representative, The Document Warehouse International Compliance Office, at dpo@tdwico.com and if we cannot resolve your question or complaint to your satisfaction, you have the right to file a complaint with the competent data protection Supervisory Authority in your jurisdiction.

SCROLL TO TOP