Privacy Policy

At WFX - World Fashion Exchange (including subsidiaries or affiliated companies, henceforth also referred to as 'World Fashion Exchange', 'WFX', 'we' or the 'Company'), we understand you are trusting us with confidential information and, it's your right to know about our practices concerning any information we at any time collect or use when you use any of our services or interact with WFX. WFX provides cloud-based software that enables apparel and consumer goods businesses to streamline and optimize the process of product development, production and digitize the product lifecycle. Part of the World Fashion Exchange offering also includes various software products and mobile apps multiple websites, and A User may be either an entity, for example, an employer which has executed an agreement with WFX - World Fashion Exchange or with World Fashion Exchange's resellers or distributors who provide WFX's services (“Customer “) or a Customer's users for example a Customer's employees, who avail the services or users of the Website “End User(s)“. (Customer and End User shall collectively be referred to as “Users” or “you“). Any information, by itself or in conjunction with other data, related to you and reasonably available to WFX will be regarded as your personal information (“Personal Information”). In addition, this Privacy Policy covers any of your personal information provided to WFX that is used for the marketing of services, features or content we offer (“the Services”) to customers and any support we may give to you in connection with delivering our services and mobile apps. Any third party applications and software that can be accessed from our sites, our services or our mobile apps including social media websites, partner websites, external tracking software (“Third Party Services”), will not apply to this privacy policy. For the purposes of GDPR or European Economic Area data protection law, (the “Data Protection Law“), the data controller of the data processed through the Service is the Customer who makes it available and permits end users to access and use the Service or anyone on its behalf. For data we receive through the websites or data that is not processed through the Service (i.e. contact details of prospective customers, resumes submitted etc), WFX is the owner of that data. By making use of any of our Services, you acknowledge you have read and understood this privacy policy.

Information we collect and how it is used

Non-personal Information

''Non-personal Information'' is the first type of data which is information that is non-identifiable and anonymous in nature therefore the Users real identity is not known to us. Any unconcealed information available to us when a User uses the service or the websites is Non-Personal Information. Non-personal information gathered by us includes information technical or behavioural in nature. This may consist of the Internet protocol (IP) address of the User, the Users uniform resource locators (URL), browser type/version, operating system, 'click-flow of the User on the Website and Services, any plug-ins, settings regarding time zone, screen resolution and other behavioural information collect to understand User's usage patterns of the service.

Personal Information

Unlike social media websites, e-commerce or payment sites, the Personal Information we generally collect is basic in nature due to the nature of the Service we offer:

Any Personal Information

typically attained by us through your use of the service will consist of personal details provided by a customer consciously and voluntarily including the Customer's administrator and End Users. This may include your name (first and last), birth date, gender, job title, phone number(s), the department you work in, country, city, work email address, IP address and other unique identifiers, including other information you may choose to provide to Us.

Location Information

We do not track or ask for your location when downloading our mobile apps. However, tracking location-based information from your mobile is done only during the use of some of our mobile Apps that require it to deliver features as needed for successful use of the service. The contractual obligation we have to perform the services to you is the GDPR legal basis for processing this information

If you apply for a job through the Sites, you may provide Us with your location information and this is used to offer relevant jobs available in your region. Your consent is The GDPR legal basis for processing this information.

Contact Information

When you express an interest in obtaining additional information about us, our Services, the Site, or Mobile Apps, we may ask you to provide personal contact information, (eg. name, email, phone number, company name, country). The above information is used to communicate with you by providing a response to any of your requests, questions and comments. The legitimate interest in answering your questions and communicating with you is the GDPR legal basis for processing this information.

Device Information

Access to your device's camera and photo storage may be requested by us while using the Mobile Apps. This enables you to take and upload pictures in conjunction with use of the service and the data is only used in the ways you choose. You may revoke access anytime. We do not access your device's camera and/or photos without your permission. To better understand the functionality of our Mobile Apps on your phone we use mobile analytics software that may record how often the application is used by you, aggregated usage, performance data, actions use undertake within the application or any such information for us to improve the app. Any personal information you submit within the Mobile Apps and the information we store within the usage or performance analytics is not linked by us. In addition, we may collect hardware usage statistics, operating system, versions, etc. The contractual obligation to you to perform the Services is the GDPR legal basis for processing this information.

Data Collected

As a service provider we only collect information as per the Customer's need. Our agreements governs any access, delivery and use of our Mobile Apps, website and Service, including personal collected by us. The Customer has total control over the platform and associated data. For any questions you have about the service, settings or personal information or privacy practices, please contact the Customer's administrator of the wfx service you use. Customer data is only used by us in accordance with the Customer's instructions, applicable terms in our Agreements, Customer's use of the Service's and as required by any applicable law. Under applicable GDPR, World Fashion Exchange is a processor of Customer Data and the Customer is the controller.

Sharing of Information

Third-Party Services

Through our sites, service and mobile apps you may be able to access Third-Party Services (eg. by Clicking on a link). This privacy policy does not cover practices of these Third Party Services are not our responsibility. Reading and understanding Third Party Service providers privacy policies is your responsibility.

Information Shared with Our Service Providers.

We may share your information with any third parties who provide us with services we need. These third parties will be authorized to use your personal information only to the extent which is deemed necessary to provide services to us. These third party services may include but not limited to (A) customer support or service (B) cloud computing infrastructure (C) mapping services (D) email services for marketing communications etc.

Information Shared with Our Sub-Contractors

Our "Sub-Contractors" are entities and people we contract and employ that perform specific tasks for us, for example, an email service provider who sends emails for us, customer support providers, mapping service providers. In order to provide services to you, we may need at times to share personal information with our Sub-contractors. Unless we mention otherwise, our Sub-contractors do not have any right to use Personal Information and we only share what is necessary to assist us.

Information Disclosed Pursuant to Business Transfers

One of the transferrable business assets in some cases in the event we choose to buy or sell assets are user information. If all our assets were acquired, or in case we go out of business or file for bankruptcy, one of the assets transferred or acquired by a third party is User information. You acknowledge that such transfer might happen and that anyone who acquires our assets or us might continue to use your personal information as defined in this privacy policy. In such event, you will receive a notification via email and/or there will be a notice on our Site as to any changes regarding your personal information or any change in the legal owner.

Information disclosure to protect others and us

In particular situations, we may have to disclose personal information as a response to a lawful request by public authorities, including to meet requirements for national security or law enforcement. We also have the right to access, read, preserve and disclose any information that we understandably believe is essential to

  • To meet any applicable law, regulation, legal process or government request
  • Enforce this Privacy Policy, including investigation of potential violations hereof
  • Detect, prevent, or otherwise address fraud, security, or technical issues;
  • Respond to user support requests
  • Protect Our rights, property, or safety.

This may include any exchange of information with other companies and organizations for protection against fraud and for prevention against spam/malware. It is required that all third parties respect the security of your personal information and it is to be treated in accordance with applicable laws. We do not allow third-party service providers and Sub-contractors with who we may share your Personal Information to use it for their own purposes and only permit them to process any of your Personal Information for specified purposes in accordance with our instructions. Unless we have your consent, your personal information will only be shared by us in the ways we have described in this privacy policy

Information Security Management System Policy Statement

WFX is committed:

To ensure that all the information security risks pertaining to customer data, and internal company data associated with its operations while providing the products & services to the customers are identified, analyzed, evaluated, and treated and all applicable requirements (legal/ others) related to information security of data are in compliance.

To protect our Information Assets and data from all kinds of threats and vulnerabilities, whether internal or external, deliberate or accidental, taking into consideration the cost-effectiveness and suitability of the counter measures being deployed.

To continually improve our established information security management system by preserving the Confidentiality, Integrity & Availability of business-related information, and to minimize business damage by preventing or minimizing the impact of information security & privacy incidents.

It is the Policy of WFX to ensure that:

  • Confidentiality, Integrity, and Availability of information (including customer data, company data, acquired, provided, or created permanently/ temporarily or stored in cloud/locally or in transit), are ensured at all times.
  • Critical data is protected from unauthorized access, use, disclosure, modification, and disposal, whether intentional or unintentional.
  • All breaches of personal and other data, actual or suspected, are reported, investigated by the designated personnel, and appropriate corrective and preventive actions are taken.
  • All our employees and wherever applicable to third parties e.g. subcontractors, consultants, vendors, cloud service providers, etc. are adequately communicated on information security programs.
  • Information security objectives resulting from risk assessment are documented, communicated, and monitored for their progress and evaluated for their results.
  • Risk Assessment and treatment are re-reviewed after every six months

The policy shall be reviewed at periodic intervals (Half Yearly) - to check for its effectiveness and applicability, changes in technology, changes in Risk Levels that may have an impact on Confidentiality, Integrity, Availability of data, and legal & contractual requirements.

Data Retention

Customers can contact us and request information concerning the storage and retention of data (“Audit”) We shall make reasonable efforts to respond to the in a reasonable time and subject to applicable law and to the protection of World Fashion Exchange's trade secrets.

WFX will continue to keep possession of data on behalf of Customers as is required to provide the Service to Customers, enforce its agreements and resolve disputes. Because of system continuity purposes, the data is backed up via a data backup policy.

Each user is responsible for all their data. Any deletion of data any or incorrect data or any database breach is not the responsibility of WFX unless contrarily agreed with Customer.

If a Customer chooses to discontinue the service, upon termination of the service by customer and fulfilling all obligations as per our agreements, Customer data will be permanently deleted.

Personal information and other data about an end-user might be retained by the customer which is owned by the controller (Customer or the Customer's administrator) and the end-user might not have access to it. Any question regarding this data should be raised directly by you to the customer if it pertains to the right to retain and process your personal information. You hereby agree not to assert any claim against World Fashion Exchange or its' affiliates in this regard and waive any rights regarding such Data and Personal Information including the right to view and control such Data and Information.

While all Customer data will be deleted, some data not be deleted will be kept in an anonymized manner. We collect and retains metadata and statistical information concerning the use of the Service which is not subjected to the deletion procedures in this policy and may be retained for no more time than required. Any of our third-party service providers may retain some of your data in accordance with their retention policies. Any of your metadata or statistical information that is retained by the third-party service providers, will not be identifiable.

Anonymized aggregated data may be retained by World Fashion Exchange for as long it is required to provide its services. Contracts and billing information may be retained as required by World Fashion Exchange for at least 5 years from termination or expiration of the relationship with the Customer or entity.

Where do we store your Data?

The data collected is typically stored on AWS (Amazon Web Services) or at another infrastructure provider. They provide advanced security features and are compliant with ISO 27001 standards.

In providing your Personal Information to us, your Personal Information will be sent to any location which enables us to successfully provide a reliable services (Singapore, US , India, Ireland, Hong Kong etc). Any European Union data protection law that is applicable will be adhered to and laws regarding the transfer of personal information from European Union territory to any other Non-EU territory will be strictly followed.

All reasonably necessary steps will be taken by us to appropriately safeguard your data as and when it is transferred outside of the EEA, such as relying on a recognized legal mechanism and making sure it will be treated securely and in accordance with this privacy policy.

Security and storage of information

We take great care in implementing, enforcing and maintaining the security of the service and the personal information of our Users. We have security policies that are maintained, implemented and enforced in regards to prevention of unauthorized or accidental access, or destruction, loss, modification, use or disclosure of personal data and compliance of such policies are monitored on an ongoing basis by our internal security and infrastructure team.

We limit access to any personal data only to those personnel who: (i) require access in order for World Fashion Exchange to fulfil its obligations under this Privacy Policy and agreements executed with us or our affiliates and (ii) have been appropriately trained on the requirements that are applicable to the processing, care and handling of the Personal Information (iii) are under confidentiality obligations as required. Also we take measures to ensure that any staff who has access to personal data are honest, reliable, competent and properly trained.

World Fashion Exchange shall act in accordance with its policies to promptly notify Customer in the event that any personal data processed by us on behalf of a Customer is lost, stolen, or in case of any unauthorized access to it, subject to applicable law and instructions from any agency or authority. Furthermore, in case of any breach The company will cooperate with the customer regarding the investigation and remedying of any such security breach. In the event of a security breach that involves any form of Personal Information, we would promptly take remedial measures not limited to but including measures to restore the security of the Personal Information and limit unauthorized or illegal dissemination of the Personal Information or any part thereof.

World Fashion Exchange maintains documentation regarding compliance with the requirements of the law, including without limitation documentation of any known breaches and we hold reasonable insurance policies with respect to data security.

We do not take responsibility for the operation, privacy policies or the content of any links to external sites that may be found from time to time in the service.

Your Rights associated with your information

If we are storing your personal information, you will have the subsequent rights to your information on the basis of the services and your region.

In the event that you have provided Personal Information to Us, on our website or we will provide you with information about whether we actually hold any of your Personal Information. Contact Us at regarding the requests for the access, correction and deletion of any personal information. You can expect a response from us within a reasonable timeframe.

When acting as a service provider of our Customer, WFX has no direct relationship with the individuals whose Personal Information is provided through the Services so any request should be directed at the Customer’s administrator who is the controller of such data.

Regarding your personal information we directly collected from you and that we control, you have the following rights if you are located in the European Economic Area ("EEA").

Right of Access

You may request details of any personal information we may hold of you. Along with a confirmation on whether we are processing your personal information, there will be a disclosure about additional information such as the types of personal information, source of origin, the purpose and safeguards concerning the data transfer to non-EEA countries and the expected retention period, subject to the limitations set out in applicable laws and regulations.

Right of correction

You may request correction of any of your personal information we hold, subject to verification of the accuracy of the newly supplied information.

Right to be forgotten

Your personal information will be deleted by us at your request provided that:

  • it is not necessary for us to retain
  • if you withdraw the consent, the legal basis for processing your personal information
  • There is an objection by you to the processing of your Personal Information (see below) and no legitimate reason for such processing exists
  • the Personal Information was processed illegally
  • In order to comply with our legal obligations, your personal information must be deleted.
  • We may refuse your request of personal information deletion if it is necessary:
    1. a) To meet our legal obligation
    2. b) To exercise or defence of legal claims
    3. c) To perform a task in favour of public interest

Right to restrict processing

We will restrict processing your Personal Information at your request if

  • You have a disputed its accuracy
  • You request a limitation on processing the information rather than the deletion because it was processed illegally
  • We no longer need it but you require it in connection with the establishment or to exercise or defend a legal claim
  • you object to the processing of your Personal Information pending verification as to whether a legitimate ground for such processing exists

We may continue to store your Personal Information to the extent required to ensure that your request to restrict processing is respected going forward.

Right to data portability

We will provide you with a structured, commonly used and machine-readable format of your personal information, free of charge at your request provided that

  • We were provided by you with your personal information
  • the processing of your Personal Information is required to perform a contract
  • processing is executed in an automated fashion.

Right to object

Where we rely based on our legitimate interests (or the legitimate interests of a third party) to process your Personal Information, If you feel the processing of the information impacts your rights and freedoms or on the grounds of your particular situation, you have the right to object to it. Unless we have compelling and a legitimate ground that processing your personal information will supersede your rights and freedoms, or the processing of the information is in connection with the establishment, to exercise or defend legal claims, we will comply. Any objection to the processing of personal information for direct marketing purposes will be complied with.

Right not to be subject to decisions based solely on automated processing.

You will not be subjected to decisions based solely on the automated processing of your Personal Information that have a legal or significant effect (which includes profiling) unless we have been given your consent or is necessary in order to fulfil a contract with us.

Right to withdraw consent

You have the right to withdraw any consent you may have given us in the past at any time. We might need to ask for certain identifying information in order to ensure security of your Personal data if you wish to exercise your right to withdraw consent. Please contact us at if you wish to exercise any of the above mention rights. You can expect a response within 30 days or we will provide reasons for any delay.

If you exercise any of your rights usually a fee is not charged. Although, a fee is chargeable in case your request is unfounded or excessive, for example, because of its repetitive character and reasonable related administrative costs in complying with your request will be charged. In case we refuse your request, the relevant reasons will be notified to you.

Changes to the privacy policy

The terms of this Privacy Policy governs the use of the Service, sites, mobile apps and any information collected in connection there with, however, we may amend or update this Privacy Policy from time to time. If any material changes are made to this privacy policy, we will strive to provide a notice on the homepage of the website or via email, unless agreed otherwise with the Customer. Any material changes will go into effect seven (7) days after the notice was posted on our website or sent by email. Otherwise, any changes made to this privacy policy are to remain in effect as of the stated “Last Revised” date and if you continue to use the service it will be constituted as your active acceptance of, an agreement to be bound by, the changes to the Privacy Policy.

For any questions or comments in regards to this Privacy Policy, please send us an email or contact us at . We will strive to reply within a reasonable timeframe or under 30 business days.

Last Revised: November 10, 2021