Data Processing Terms (DPT)

Last updated: september 16th 2025

These Data Processing Terms (“Terms”) form an integral part of the agreement between Faslet B.V. (“Faslet”) and the Client (“Controller”). They describe how Faslet processes personal data on behalf of the Client in accordance with the General Data Protection Regulation (GDPR).

1. Roles

  • Controller: the Client, who determines the purposes and means of processing personal data.

  • Processor: Faslet, which processes personal data on behalf of the Client.

2. Subject Matter & Purpose

Faslet processes personal data solely for the purpose of providing its sizing and recommendation services, including related insights and analytics. Personal data will not be processed for any other purpose.

3. Categories of Data

The personal data processed may include, but is not limited to:

  • Profile data provided by shoppers (e.g., gender, height, weight, preferences).

  • Behavioural and transactional data (e.g., size selections, product interactions, return behaviour).

    Faslet does not require or process special category data.

4. Security

Faslet applies appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Measures include access controls, encryption in transit, monitoring, and regular testing of systems.

5. Sub-processors

Faslet may engage sub-processors, such as hosting providers. All sub-processors are bound by written agreements imposing equivalent data protection obligations. A current list of sub-processors is available upon request.

6. International Transfers

Where personal data is transferred outside the European Economic Area (EEA), Faslet ensures a valid legal transfer mechanism is in place, such as the European Commission’s Standard Contractual Clauses.

7. Data Subject Rights

Faslet assists the Client in fulfilling its obligations to respond to data subject rights requests, including rights of access, rectification, erasure, portability, restriction, and objection.

8. Incident Management

Faslet will notify the Client without undue delay after becoming aware of a personal data breach, and will provide relevant information to enable the Client to comply with its legal obligations.

9. Audit Rights

Upon reasonable notice, the Client may request information necessary to demonstrate compliance. Independent audit reports may be shared. On-site audits may be conducted no more than once per year, during business hours, under confidentiality.

10. Confidentiality

All persons authorized by Faslet to process personal data are subject to strict confidentiality obligations.

11. Data Sharing

Personal data collected through Faslet’s services is processed solely for the Client’s benefit. Such data is accessible only to the Client and Faslet, to the extent necessary to provide the services. Faslet does not sell, rent, or otherwise share personal data with third parties, except for approved sub-processors engaged under these Terms.