The Data Controller (the “Controller”) is FASHION ENERGY SRL, Via Achille Zezon 4 – 20124 Milan (MI), Tax Code/VAT: 07843800967 – Tel.: 02-66710320 – Email: amministrazione1@fashionenergy.it – PEC: fashionenergy@pec.it.

Data Protection Officer/Privacy Officer:
The Controller has appointed a Privacy Officer whom the data subject can contact to receive any information regarding the processing of their personal data, using the Controller’s contact details.

Personal data is information relating to an identified or identifiable natural person, such as first name, last name, gender, email address, phone number, date of birth, postal address.

The Controller processes personal data of a personal, identifying, economic, financial, and payment nature collected directly from the data subject, and from their contacts (first name, last name, and contact details). Note: In some cases, it may be necessary to collect and process special categories of personal data under Articles 9 and 10 of the GDPR (so-called “sensitive” and “judicial” data).

3.1 Data entered by the user
If the user creates their personal user account, fills in the Site’s registration fields, or gives us their consent, we process the personal data provided, in particular the data as defined in section 2.

3.2 Browsing data
The computer systems and software procedures that run this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes IP addresses or domain names of the computers used by Users, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server’s response (success, error, etc.), and other parameters relating to the user’s operating system and IT environment. These data will be recorded in anonymous, aggregated form and used, always in aggregated form, solely to obtain anonymous statistical information on the use of the site and to check its correct functioning, and are deleted, again in aggregated form, immediately after processing. The data may be used to ascertain liability in the event of hypothetical computer crimes against the site.

We process your personal data when you create your personal user account, when you order products through our website, or when you subscribe to our newsletter. Unless otherwise specified in the provisions below, the legal basis for this data processing is Article 6(1)(b) and (a) GDPR (performance of a contract and consent).

5.1 Account
To shop on our site, you need to create a personal account (hereinafter “user account”). You can store personal information in your user account to make shopping in our online store easier. To create a personal user account, we need your personal details—first and last name and, where applicable, address and phone number. In addition, users must provide their email address and a password of their choice. The email address provided by users also serves as the login for the user account. Users can also store their personal data within the user account and then shop conveniently in the online store. Information can be updated at any time in the personal area of the user account (“User Profile”). During registration, the User will be asked to enter personal data, some of which—explicitly identified as such from time to time—will be mandatory and essential for registration (e.g., the email address to receive Newsletters). Other data may or may not be provided at the User’s discretion; failure to provide them does not affect registration, but may allow only partial use of the Services. Of course, the user can delete their user account at any time without giving reasons. The easiest way to do this is to send an email to shop@1stamerican.it. The legal basis for this data processing is Article 6(1)(b) GDPR (performance of a contract).

5.2. Order processing in our online store
For product orders in our online store, processing your personal data aims to enable and optimize order fulfillment, including payment and delivery. When payment is made by credit card, we receive the payment ID and the last four digits of the credit card number from our payment service provider. This helps us authenticate and assign your order and thus ensure your security. The personal data required for payment is collected directly by the payment service provider. The legal basis for the above data processing is Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (legitimate interest, based on our interest in offering you a secure credit card payment option). Among other checks, we also review all previous orders placed through your customer account. The system also checks whether the delivery address differs from the billing address, whether it is a new delivery address, or whether the order should be delivered to an interim center. After you choose the payment service provider, you will be asked for the data needed to use that service. This payment information is forwarded directly to the respective payment service provider and is not stored by 1stAmerican. We save your billing and delivery address data in your user account so you don’t have to enter them again the next time you make a purchase. These data can be changed at any time in the future. If you do not agree with the payment method(s) offered, you can inform us in writing via letter or email at shop@1stamerican.it.
We will then review the decision in light of your feedback. Personal data processed in connection with orders is deleted at the latest after the expiry of the statutory warranty periods, unless this conflicts with statutory retention obligations.

5.3 Newsletter
We offer all users of our community (users of www.1stamerican.it) the opportunity to receive our newsletter. To activate it, users can register with their email address on the appropriate page. Users can revoke their consent at any time without giving reasons. The easiest way to do this is to click on the “Unsubscribe” link found in every newsletter. The Newsletter may also contain advertising banners, advertisements, and promotional offers from both the Company and third parties. The legal basis for this process is Article 6, paragraph 1 a) GDPR (consent).

5.4 Contact via contact form
If you send us information requests using the contact form, we will process the information you provide, including your contact details, in order to process the request. In case of subsequent requests, this additional data will also be stored. The legal basis is Article 6.1 b) GDPR (contract fulfillment – the processing of user data is necessary for the fulfillment of the contract to respond to questions or requests) as well as Article 6 paragraph 1 f) GDPR (balancing of interests – based on our interest in processing requests from users of our website). As the Data Controller, 1stAmerican informs that Users’ personal data, subject to their consent, may be processed by 1stAmerican for the following purposes: a) sending informative, promotional, and advertising material related to 1stAmerican brands (for example but not limited to: sending newsletters, promotions, etc.); b) conducting statistical studies and research; c) collecting general and specific data and information on consumer orientations and preferences and processing them through electronic tools in order to identify products that may be of greater interest to them, so as to send them promotional communications specifically addressed to such products (so-called profiling).

You are granted the right to express or deny consent by ticking the appropriate box in the specific form dedicated to expressions of will (IF PRESENT). The expressed consent can be revoked at any time. The revocation is valid for the future and does not affect the processing that took place previously.

We do not carry out processing that consists of automated decision-making processes, including profiling.

The data will be processed through paper and electronic aids; We assure you that we have put in place all organizational, physical, and logical measures deemed necessary and/or appropriate.

Personal data is processed with automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access. The database is accessible only by authorized subjects through methods that guarantee its protection and confidentiality, thanks to the adoption of security measures designed to prevent data loss, illicit or incorrect use, and unauthorized access. Despite all the measures taken to safeguard your information, we cannot guarantee, given the current state of technology, that unauthorized access or abuse of services by third parties can be completely excluded.

PLACE OF DATA PROCESSING
The processing related to the Services of this Site takes place at the headquarters of the Data Controller and is carried out only by technical personnel of the Controller specifically appointed as data processors, or by any persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated. Personal data provided by Users who submit requests for membership to the Services are used solely for the purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose. In its capacity as data controller, 1stAmerican may proceed, directly or through any external data processors indicated on the Site, to save Users’ personal data on specific servers and to carry out all other processing operations through personnel – of the controller and the processor – specifically appointed as data processors, or through any external appointees on the occasion of maintenance operations.

Data is processed by internal subjects regularly Authorized for processing pursuant to Art.29 of the GDPR. It is possible to obtain information on any external subjects who act as Data Processors (designated pursuant to art. 28 of the GDPR) and/or as independent Controllers (or in some cases Joint Controllers, ex art. 26 GDPR), and in any case where communication is mandatory by law/regulation or by order of the authorities (e.g., INPS, INAIL, Financial Administration, etc.). Outside of the aforementioned cases, your data will not be disseminated.

The management and storage of data will take place on servers located within the EU. It is understood that the Controller, if it becomes necessary to transfer data outside the EU, ensures from now on that the transfer will take place in accordance with legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the EC.

For the operation of our website, we engage external data processing service providers (e.g., order shipping, newsletter software, computing centers). If necessary, these service providers also process personal data. The service providers are carefully selected and monitored by us. The data is processed exclusively in accordance with our instructions and is also bound by this data protection declaration. Only with the express authorization of the User, 1stAmerican proceeds to use their data for the same activities as in the previous point with the aid of automated tools without the intervention of an operator and/or for other purposes from time to time authorized by the User. The updated list of all Data Processors is available at each office of the Controller and can be requested at the following email address: shop@1stamerican.it. This list may be subsequently integrated and/or updated as needed.

In order to offer the user Klarna’s payment methods, at checkout we may transmit the user’s personal data in the form of contact details and order details to Klarna, so that Klarna can assess the user’s eligibility for its payment methods and customize these payment methods. The user’s personal data transferred is processed in line with Klarna’s privacy policy.

The Data Controller retains and processes personal data for the time strictly necessary to fulfill the indicated purposes or for the period imposed by current provisions on the matter. The data you enter pursuant to section 3.1 will therefore be deleted at the latest after 10 years from the expiry of any retention periods provided for by commercial and tax law. The automatically recorded data, as defined in section 3.2, will therefore be deleted or anonymized after 24 months.

Pursuant to Articles 15 et seq. of the GDPR, the data subject can exercise their rights by writing to the Data Controller at the above-mentioned contact details (by post, Email/PEC, by hand). The possibility remains, in case one considers the exercise of their rights not satisfied, to lodge a complaint with the Supervisory Authority.

As an interested party, you have the right to: a) obtain confirmation of the processing of your personal data; b) access your personal data and know its origin (when data is not obtained directly from you), the purposes and objectives of processing, the data of subjects to whom they are communicated, the retention period of your data or the criteria used to determine it; c) obtain the updating and correction of your personal data so that it is always accurate; d) obtain the deletion, in cases provided by Article 17 of GDPR, of your personal data or request the limitation of processing; e) obtain a copy of your personal data. You can therefore know which of your personal data we possess, their origin and how they are used, request their update, correction or integration as well as, in cases provided by current regulations, deletion, limitation of processing or object to their processing. If you wish, you can request to receive your personal data in our possession in an electronic device-readable format and, where technically possible, we can transfer your data directly to a third party you specify. Any requests will be processed no later than one month from receipt, except for the possibility to extend this term for an additional two months, if necessary, taking into account the complexity and number of requests received by the Data Controller.

Providing data is optional, however, any refusal to provide it will result in the inability to properly and effectively fulfill the contractual obligations assumed. Note: Refusing to process data for any MARKETING PURPOSES AND SENDING ADVERTISING MATERIAL will not affect the contractual relationship and related activities in any way.

We reserve the right to modify this Privacy Policy at any time. We will provide notice of substantial changes to this Privacy Policy by sending an email to the address you provided to us. Such substantial changes will take effect seven (7) days after such notice is provided.

Cookies are small text files that websites visited by users send to their terminals or devices, where they are stored to be transmitted back to the same sites during subsequent visits. Cookies (and/or similar technologies such as SDK technologies for the mobile world) can be stored permanently (persistent cookies) on your device or have a variable duration; they can be deleted when the browser is closed or have a duration limited to a single session (session cookies). Cookies can be installed by 1stAmerican (first-party cookies) or by other websites (third-party cookies).

Cookies are used for different purposes as specified in point 2 below.

For profiling activities, personal data collected through cookies is processed for a maximum period of 12 months from when consent to processing is given. Below you will find all information about cookies installed through the 1stAmerican website and/or related applications and the necessary instructions on how to manage your preferences regarding them.

We remind you that our platform supports recent and updated browsers and/or applications, 1stAmerican cannot guarantee the proper functioning of the service and the effectiveness of the information contained in this notice for obsolete versions of browsers and/or unsupported apps.

The main purposes of installed cookies are:

A) technical, meaning they are used for purposes connected to service delivery and to allow or improve navigation on Subito or store searches. These cookies are essential to ensure our platform functions correctly.

B) analytical, to collect statistical information about service usage by users (e.g., number of visitors, pages visited). We use these cookies to analyze traffic on our pages anonymously, without storing personal data.

C) third-party analytics: to collect statistical information about service usage by users (e.g., number of visitors, pages visited). These cookies are used to analyze traffic on our pages and user behavior in anonymous and aggregate form.

D) marketing profiling: we analyze your online actions so we can provide you, including through third-party partners, with content and commercial offers in line with your interests based on your previous browsing experience.

Additionally, cookies specifically designed for “social networks” may be activated. They allow users to interact through social networks (share function, Facebook). When a page contains this command, a direct connection is established with the selected social network. 1stAmerican, in addition to cookies, to improve service and navigation or for profiling activities, may allow the use of similar technologies on your mobile devices such as Google Tag Manager tools and Facebook Pixel. The use of these technologies is governed by the privacy policies of these companies and not by 1stAmerican’s privacy policy.

Consent to the use of profiling cookies is given by the user through the following methods: closing the banner containing the brief information, scrolling the page hosting the banner or clicking any of its elements and can be revoked at any time. All technical cookies do not require consent, therefore they are automatically installed following access to the site or service.

Cookies can be completely deactivated from the browser using the appropriate function provided in most navigation programs. However, it’s good to know that by deactivating cookies, some of 1stAmerican’s functionalities might not be usable.

We provide below the links to the information of the main browsers for more information on cookie deactivation: Chrome, Firefox, Internet Explorer, Safari, Edge.

Regarding profiling cookies aimed at offering you personalized advertising, we inform you that if you exercise the opt-out, you will continue to receive generic advertising in any case.

To exercise the opt-out and disable personalized advertisements by modifying your mobile device settings, follow the instructions below:

4.1. Android

on your device open “Google Settings” app, scroll down and select “Google”, select “Ads”, select “Disable interest-based ads” or “Disable ads personalization”

4.2. iOS

iOS devices use Apple’s Advertising Identifier. For more information on how to limit ad tracking with this identifier, visit the “Settings app on your device” or visit https://support.apple.com/it-it/HT205223.

The platforms Youonlinechoice and Networkadvertising.org offer the possibility to refuse or accept cookies from many digital advertising professionals, we recommend using these platforms to manage the revocation of consent to cookie usage.

To learn more about targeted advertising, you can consult the following pages:

• European Interactive Digital Advertising Alliance (EIDAA)
• Network Advertising Initiative (NAI)
• Interactive Advertising Bureau (IAB)