Privacy Policy
Last Revised: April 15, 2025
We are Risetex, Inc., a Delaware corporation doing business as Marcella, Marcella NYC and Marcella New York (“us” or “Marcella”). We respect your privacy and try to comply with all applicable privacy and data protection rules. Our privacy practices are based on the fundamental principles of notice, choice, accuracy, data minimization, and limited disclosure. Read on for the details about how Marcella handles personal data.
Personally Identifiable Information. Personally identifiable information (“PII”) is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you. PII does not include information that has been effectively aggregated or de-identified.
Sales: We do not sell PII for monetary compensation, and we will not do so in the future unless we first ask for and obtain your verifiable consent. We do share PII with service providers for purposes of targeted advertising and marketing of our own goods and services; this sharing may be considered a “sale” under state law. We take appropriate measures to help protect PII in our control from misuse or unauthorized access.
Application: This Privacy Policy is our representation and notice to you regarding our information privacy practices. It applies to all PII collected from you by us, at our retail location and through your use of any online services that post a link to this Privacy Policy, including our website at marcellanyc.com (“Marcella Services” or “Services”).
When you visit or use the Marcella Services, we collect information in these categories:
-
Identifiers – We collect PII, such as your first and last name and email address. We may ask for your phone number, postal address, birthday, social media, and demographic information (such as gender). We may ask you to create a username and password linked to your PII, or to share your contacts with us.
-
Financial – We do not collect financial account or payment card information. The Marcella Services are hosted by Shopify, Inc. and all payments are processed by Shopify. A list of Shopify’s third-party payment service providers is available at shopify.com/payment-gateways. You may shop Marcella as a guest, and are not required to create an account either on Shopify or with us.
-
Commercial – We collect PII about your transactions on our site or app, such as what products you browsed, purchased, or placed in the shopping cart for future purchase.
-
Online Activity – We may collect information about your device such as its IP address, MAC address, and associated advertising identifier (such as IDFA or AAID). If permitted, we may collect PII related to your online activity, such as your browsing history. This Privacy Policy describes some ways to limit this type of collection.
-
Geolocation – We may collect PII about the location of your device, but our ability to collect this information can be limited. We may use location-based technology in our retail location, to detect the presence of your device, if your device settings allow this.
-
Likeness & Biometrics – We may collect biometric PII such as your image or likeness, for example when you post a product review on our Site or on social media. With notice and your consent, we may record voice or video calls to our customer service for quality assurance.
-
Content – We collect the content of messages sent to us, our customer service or marketing teams.
-
Inferences – We may draw inferences from the PII and other information described above, such as inferences about the identity of the user of a particular device.
-
Sensitive Information – We do not knowingly collect sensitive PII such as racial/ethnic origin, religious beliefs, health conditions or diagnoses, alternative gender identity or sexual orientation, citizenship or immigration status, consumer health data, genetic or biometric data, or precise geolocation data.
This Privacy Policy explains:
-
what categories of PII we collect and from where;
-
how we use the PII;
-
with whom we may share the PII;
-
what choices you have about our collection, use and disclosure of the PII;
-
what data security procedures we employ to protect PII under our control;
-
how you can correct any inaccuracies in the PII; and
-
how you can exercise any additional rights granted by applicable state law.
Updates & Changes: We may update or modify this Privacy Policy from time to time, and we will post the changes here. If we change this Privacy Policy in a way that materially alters your rights, we will provide notice to the last-known email address, and an opportunity to exercise your rights. If state law or other applicable law gives you additional rights in these circumstances, we will follow the applicable law.
Limiting Our Collection and Use of Your PII
Industry Organization Opt-Outs
Two major US-based trade organizations offer opt-outs from interest-based advertising by their members. The Digital Advertising Alliance (DAA) and the Network Advertising Initiative (NAI) offer opt-out of interest-based advertising from their members. See the DAA’s opt-out portal and the NAI’s opt-out portal, and for mobile applications the DAA’s application.
Do Not Contact & Do Not Track
If you do not want to be contacted by us, we will promptly honor your do-not-contact request. You can opt out by replying STOP to any SMS message, following the instructions at the bottom of any Marcella marketing email, or contact us. The Marcella Services do not recognize the Global Privacy Control browser setting, which opts the user out of cookies on the browser for which it is enabled. See https://globalprivacycontrol.org/.
PII of Minors
Our site offers apparel for adult women and does not include any content designed to appeal to children. We do not knowingly collect or maintain the PII of any persons under 13 years of age. If you are the parent or guardian of a person under 13 years of age and you believe we have collected such information, please ask us to delete it by contacting us.
For persons aged 13-18, we will not sell your PII, or intentionally share it for purposes of marketing the goods or services of third parties to you in the future, unless we first ask for and obtain verifiable consent from you or (if required by applicable law) your parent or guardian.
Sources of PII
PII We Collect Directly from Your Input
We collect PII directly from you when you use the Services, such as when you order products from us, contact us for customer service or to express interest in our products, post a product review on our Site, and tag or connect with us on social media.
PII We Collect Passively
We passively collect PII or information that may be combined with PII (such as browser type, ISP, IP address, referring/exit pages, platform type, date/time stamp, and number/nature of clicks) when you use the Services. Sources for this type of collection include internet service providers, device operating systems, and our advertising and data analytics providers. If we combine your PII with information that is not by itself personally identifiable, we will treat the combined result as PII.
PII from Cookies, Web Beacons & Other Technologies
The Services use various technical means to collect information about their usage, such as cookies, web beacons, local storage, entity tags and JavaScript. Most device and software browser settings can be adjusted to prevent or reduce the use of these technologies.
The Marcella Services use first and third-party cookies to collect information about how they are used, such as the pages viewed and the amount of time. The Marcella Services use both session ID cookies and persistent cookies. The session ID cookie terminates once you close the browser or application. The persistent cookie stores a text file on your computer. If you allow the persistent cookie, we can recognize your computer and your browser can (if applicable) remember your preferences and login information. If you reject the cookie, your user experience may be limited.
Third-party web beacons and similar technologies may associate your actions across different web sites. Web beacons (also known as clear gifs or pixel tags) are graphics with a unique identifier, used to track the online actions or movements of users. We may include web beacons in email messages or newsletters to determine whether messages have been opened and acted upon. We may use such information to improve the Marcella Services, reconstruct activity from a session or by a user, and for troubleshooting.
The Services use local storage and entity tags to store content on your device, allowing the site to load more quickly. These technologies are also used for performance monitoring and targeted advertising. The Services also use JavaScript, code embedded in sites or applications. The code is executed (if allowed) by your device and software e.g., to speed load times and monitor systems usage.
PII From Social Media & Other Sources
We may collect PII from our interactions with you on social media, and we may use this PII for the purposes and uses described in this Policy. If you follow or interact with one of our social media accounts, our access to your information on that platform will be as allowed by the terms of service and privacy policy of that platform. Generally, when you use a separate entity’s site, platform, or service, the terms of service and privacy policy of that entity apply, so you should determine the information practices of that separate entity. We also may obtain PII of actual or potential customers from third parties such as consumer data resellers, credit reporting agencies, government agencies, public records and other sources.
Our Use of Your PII
Use for Marketing Communications: We may send you notices about Marcella products or services, unless you withdraw your permission to receive marketing communications from us. You may do this at any time. You can opt out by replying STOP to any SMS message, following the instructions at the bottom of any Marcella marketing email, or contact us.
Use for Internal Business Purposes (last 12 months): We use PII for our internal business purposes, such as:
-
To administer, maintain, and understand your use of, or interest in, the Marcella Services;
-
To personalize the Services to your preferences;
-
To respond to you or communicate with you;
-
To measure and improve the overall effectiveness of our advertising and content; and
-
For data analysis, research, audits, fraud monitoring and prevention, and new product development.
Our Disclosures of Your PII (last 12 months):
Marcella discloses your PII as follows:
To Service Providers: We may share your PII with professional service providers that perform services on our behalf. For our customers, this includes Shopify. Third parties are required to treat your PII according to their own respective privacy policies, and to follow applicable law.
To Providers of Analytics and Targeted Advertising on Our Behalf (last twelve months):
We may use Google Analytics and other analytics providers to help measure trends, performance and traffic, and to provide targeted advertisements. These analytics providers collect PII through tracking technologies, including those embedded in the Marcella Services. The tracking technologies use PII to make inferences based on connections among related browsers and devices, such as those using the same wi-fi access point, combined with geolocation data if available, and to show advertisements based on such inferences. You may limit some of this tracking and advertising through technical means, such as the Google Analytics opt-out browser extension, and by exercising industry organization opt-outs as described above.
As Required by Law or Legal Process: We may disclose your PII in response to a lawful subpoena, court order or request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as we reasonably believe is required by law. In such cases, we may raise or waive any legal objection or right available to us.
To Protect Our Business: We may disclose your PII when we reasonably believe disclosure is necessary to investigate or prevent actual or suspected unlawful activity; to protect and defend the rights, property or safety of our company, employees, customers or others; or to enforce our Terms of Service or other agreements between us and you.
To Successors in Business Transitions: If Marcella goes through a business transition, such as a merger, being acquired by another company, or sale of its assets, PII held by us will, in most instances, be part of the assets transferred. We will use our best efforts to ensure that the transferee assumes the responsibility of maintaining the PII under a policy at least as protective as this Policy.
Accuracy and Maintenance of Your PII
Accuracy: We will strive to ensure that your PII held by us, if any, is accurate. You may also contact us to inquire about or correct the accuracy of these records.
Maintenance and Retention: We retain PII as long as necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required, by law and/or under our document retention policy. In determining the retention period, we consider the need to satisfy our legal or reporting requirements; the nature and sensitivity of the PII; the potential risk of harm from unauthorized use or disclosure of the PII; the purposes for which we use the PII; and whether we can achieve the purposes through other means. We may be unable to delete your information from our database until the expiration of the applicable period. State law may give you additional rights; see the state-specific notices at the end of this Privacy Policy.
Data Security: We take reasonable precautions in accordance with industry standards to protect PII held by us from unauthorized access. We reasonably restrict access to PII according to its sensitivity, and we employ information security safeguards when allowing employees and service providers with proper authorization to access it. We use firewalls and other intrusion detection and prevention controls to help prevent unauthorized persons from gaining access to your PII. We also use administrative and physical security measures. These measures include secured files and buildings. Security measures are by nature not a perfect or complete defense against malicious actors. Accordingly, we do not guarantee that your PII will be completely secured against unauthorized access.
Data Breach Notification: Marcella maintains procedures for notifying you in the event of a data security breach. If Marcella experiences a data security breach and is required to notify you under applicable law, Marcella will notify you by electronic mail using the last-known e-mail address you have provided. You are responsible for ensuring that your contact information is current and correct. To review or change your information and correct any inaccuracies, contact us.
Procedures
Questions about this Policy: If you have questions about this Policy, our information practices or other aspects of the Marcella Services, contact us.
Rights under Applicable State Law
If your state has adopted a law granting you additional rights relating to PII collected by us, and the state law applies to us, we will comply with the state law. As of April, 2024, five US states had currently effective and potentially applicable laws of this type: California, Colorado, Connecticut, Utah and Virginia. Two other states had potentially applicable laws about to go into effect: Oregon and Texas. Applicable state law may give you some or all of these rights: to request additional information from us regarding our collection and use of PII, to ask us to correct or delete your PII, to direct us not to sell your PII, to limit our use and disclosure of sensitive PII, to appeal any denial by us of your request to exercise rights under state law, and to opt out of the use of your PII for automated decision-making. If we initially refuse your request to exercise rights you believe you have under state law, you may appeal for reconsideration, and the request will be re-considered by our senior management.
Verification of Identity for Exercise of State Law Rights
If you contact us to exercise a right under state law, such as the right to access, verify or correct your PII, before granting access we will take reasonable steps to verify your identity securely. We will not use any additional PII acquired by us in this process other than for the purpose of verifying your identity. Our procedure is to match identifying information provided by you with PII held by us, but we may need to request additional information to verify your identity (to be used solely for the purpose). We may also use a third-party identification service. We will not discriminate or take any adverse action against you for exercising these rights. You may designate an authorized agent to exercise these rights on your behalf. To exercise these rights, contact us. We will respond within 10 days or the period required by applicable law. We will comply with verifiable requests within 45 days (90 days if we notify you of the reason for the delay), or as required by applicable law.
Requests for Additional Information under State Law. This privacy policy describes the following for the preceding calendar year:
-
The categories of PII we collected;
-
The categories of sources of PII we collected;
-
The purposes for which we collected PII;
-
The categories of third parties that received PII from us;
-
The categories of business purposes for which we used PII; and
-
The categories of PII sold/shared for marketing purposes, and the recipients.
Your state law may give you the additional right to ask us about specific PII we have collected about you during the preceding calendar year.
State Law Rights of Access, Portability, Correction or Deletion. You may have the right to demand access to your PII collected or maintained by us, to require us to provide a copy in data-interchange format, and to require us to correct or delete it. If we use effective de-identification to satisfy a deletion request, we will maintain the data in de-identified form and not attempt to reassociate it with PII. Applicable laws, regulations and legal obligations may prevent us from completely deleting all of your PII.
State Law Rights in Sensitive PII. Although the definition of sensitive PII varies by state, this category generally includes PII relating to religious or philosophical beliefs, medical information, sexual orientation or practices, gender identity, and racial or ethnic origin. We do not deliberately attempt to acquire PII of this type, but we may acquire it inadvertently or through your deliberate disclosure. You may have the right to ask us to limit our use and disclosure of sensitive PII in a way that reasonably corresponds to the purpose of collection.
State Law Rights against Targeted Advertising & Sales of PII. You may have the right to tell us not to use your PII for targeted or behavioral advertising, meaning advertising based on your personal preferences. You may have a related right, to tell us not to sell your PII for monetary compensation, but such data sales are not part of our business model.
State Law Rights against Automated Decision Making. You may have the right to tell us not to use your PII for automated decision-making that has legally significant effects, such as for employment, credit or housing decisions.
State Law Rights of Minors & Teens. If you are between the ages of 13 and 18, state law may require us to assume that you would select the more privacy-protective options for your PII, unless you expressly tell us otherwise.
Last Revised: April 15, 2025