top of page

Privacy Policy

Effective Date: 17th, July, 2025

This Privacy Policy explains how garment by, operated by S3 Venture Studio Ltd ("we", "us", or "our"), collects, uses, discloses, and protects your personal data when you access or use our platform, website, or services.

  1. Data Controller

S3 Venture Studio Ltd (Company No. 15048607), trading as 'garment by'

Registered Office: 254-258 Goswell Road, London, EC1V 7EB, United Kingdom.

 

2. Scope

This Policy applies to:

  • Registered Clients and Suppliers

  • Website Visitors

  • Individuals contacting us via any channel

Jurisdiction-Specific Provisions Apply for:

  • United Kingdom (UK GDPR)

  • European Union/EEA (EU GDPR)

  • China (PIPL)

  • California, USA (CCPA/CPRA)

This Policy is global in scope and applies to users in the UK, the EU/EEA, China, USA and all other jurisdictions where we operate.

 

3. Personal Data We Collect

We may collect the following categories of personal data:

  • Identity Data: name, title, company name, username, and password

  • Contact Data: email address, phone number, mailing address

  • Business Information: company registration details, tax ID, licenses, and insurance

  • Technical Data: IP address, browser type, device identifiers, operating system, usage logs

  • Transactional Data: records of orders, invoices, payments

  • Communication Data: emails, chats, and correspondence

For users in China, we may also collect additional business licenses or regulatory information as required under Chinese law.

 

4. How We Collect Personal Data

  • Account registration and platform usage

  • Forms, surveys, customer support interactions

  • Automated technologies (cookies, analytics)

  • Third-party sources (compliant with applicable laws)

 

5. Legal Basis for Processing

Depending on your jurisdiction, our legal basis for processing includes:

UK/EU (under UK GDPR / EU GDPR):

  • Your consent

  • Contractual necessity

  • Legal obligation

  • Legitimate interests (e.g., platform performance, fraud prevention)

China (under PIPL):

  • Your explicit consent

  • Necessary for contract performance

  • Required by law

  • Necessary for public interest or emergency

  • Publicly available information used reasonably

Where required under PIPL, we will seek separate consent for sensitive personal data and cross-border transfers.

 

6. How We Use Personal Data

  • Account management and authentication

  • Order processing and supplier matching

  • Customer support and service improvements

  • Compliance with legal obligations

  • With consent: Marketing communications

 

7. Sharing and Disclosure

We may share with:

  • Suppliers/Clients for order fulfillment

  • IT and cloud service providers (under strict contracts)

  • Legal/regulatory authorities when required

All third parties sign:

  • GDPR Article 28 Data Processing Agreements

  • PIPL Article 38 Processor Contracts

 

8. International Transfers

Your data may be transferred to/in processed in:

  • United Kingdom (primary operations)

  • European Economic Area

  • China (for supplier coordination)

Safeguards:

  • EU/UK Standard Contractual Clauses (SCCs)

  • China PIPL Standard Contracts (CAC-filed)

 

9. Data Security

We implement:

  • AES-256 encryption for data at rest

  • TLS 1.3 for data in transit

  • Annual penetration testing

  • Role-based access controls

 

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • To comply with applicable legal, regulatory, tax, accounting, or reporting obligations (e.g., financial records are retained for seven (7) years);

  • To enforce our agreements and resolve disputes;

  • Until a user requests account deletion, unless subject to legal hold or ongoing investigation.

Data that is no longer required will be securely deleted, anonymised, or archived in accordance with applicable data protection laws.

Specific Retention Periods:

  • Order data: 7 years (tax compliance)

  • Supplier credentials: 5 years after last transaction

  • Client designs: Until 2 years after last order

Cross-Border Considerations:

Where data is transferred internationally (e.g., to suppliers outside the UK/EU), we ensure that appropriate safeguards are in place in line with GDPR and other applicable frameworks, including standard contractual clauses or local adequacy rulings.

Breach Notification Timelines:

In the event of a data breach, we will notify supervisory authorities and affected individuals in line with applicable regulations:

(a) EU GDPR: Within 72 hours;

(b) UK GDPR: Within 24 hours;

(c) China PIPL: Without undue delay.

 

11. Your Rights

Under GDPR:

✓ Access/rectification

✓ Erasure ("right to be forgotten")

✓ Data portability

✓ Object to processing

Under PIPL:

✓ Access/copy your data

✓ Correct/delete inaccuracies

✓ Withdraw consent

Under CCPA:

✓ Do Not Sell My Personal Information [Opt-Out Link]

✓ Limit use of sensitive data

 

12. Cookies

Our website uses cookies to enhance user experience and gather analytics. You can manage cookie preferences in your browser settings.

 

13. Changes to This Policy

Material updates will be notified via:

  • Platform announcements

  • Email to registered users

 

14. Contact Us

For questions or data protection inquiries:

bottom of page