Privacy Policy
for the use of SizeFlow (the "Service")
This information notice on the processing of personal data (the “Privacy Policy”) is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (the “GDPR”) and applicable international, European and Italian laws on personal data protection, as amended from time to time (collectively, the “Privacy Law”).
This Privacy Policy applies to the WE WEAR sizing widget/plug-in and related services provided by WE WEAR and integrated on third-party e-commerce websites (the “Platform” and together the “Services”), as further identified in the General Conditions available here on this site. It does not apply to any other website or application accessible via link from the Platform. Capitalised terms not defined herein have the meaning given in the General Conditions.
1. Data Controller
The data controller is We Wear S.r.l., with registered office at Corso Plebisciti 15, 20129 Milan (Italy), Tax Code and VAT no. 10337690969 (“WeWear” or the “Data Controller”).
Contact: amministrazione@we-wear.biz (privacy matters) — info@we-wear.biz (general).
2. Categories of Personal Data
WeWear processes the following categories of personal data, as applicable:
a) Data provided/used for size recommendation:
i. Anthropometric indicators strictly for fit purposes (e.g., height, weight, year of birth/age, gender, body shape), including data you enter or the system estimates for non-medical fit purposes;
ii. Product context and interaction data (e.g., viewed product, size suggested, alternative sizes shown, algorithm/model version);
iii. Identifiers (e-mail address or user ID assigned by the partner e-commerce, if available), session/device IDs.
b) Operational and diagnostic data:
i. Platform usage data and technical logs;
ii. Device information;
iii. Error/malfunction reports.
c) Purchase/return events (from partner):
i. Purchased product and size, date/channel, order/transaction ID;
ii. Return/no-return status;
iii. Partner metadata (e.g., customer internal code, SKU).
No special categories of data. For the sizing Service, WeWear does not process special categories of data under Art. 9 GDPR. Height/weight are used solely to provide fit advice, not for health purposes.
Body scan / 3D avatar (if enabled). Creating a 3D avatar from scans/photos may involve biometric data. Such processing is carried out only with your explicit consent and under a separate, dedicated notice. The sizing widget does not require body scanning.
3. Purposes and Legal Bases
WeWear processes Personal Data for the following purposes, on the basis of the corresponding lawful bases:
a) Provide the requested size recommendation and related user support; enable continuity of session/interactions (e.g., avoid re-entry of the same indicators).
Legal basis: performance of a contract/services requested by the user (Art. 6(1)(b) GDPR) and, where applicable for usability continuity, legitimate interest (Art. 6(1)(f)).
b) Measure Service performance/KPIs (e.g., purchase in suggested size, deviation and return rates) and improve the sizing algorithm in a pseudonymised manner and limited to what is necessary.
Legal basis: legitimate interest of WeWear and partners in improving accuracy, reducing returns and enhancing user experience (Art. 6(1)(f)). You may object at any time (see Art. 10).
c) Security and fraud/abuse prevention, Platform monitoring, and establishment, exercise or defence of legal claims.
Legal basis: legitimate interest (Art. 6(1)(f)) and/or legal obligation (Art. 6(1)(c)).
d) Compliance with legal obligations (tax, regulatory, requests from authorities).
Legal basis: legal obligation (Art. 6(1)(c)).
e) Body scan / 3D avatar (if enabled).
Legal basis: explicit consent (Art. 6(1)(a) and 9(2)(a) GDPR). Consent is optional and can be withdrawn at any time without affecting the sizing Service.
Legitimate-interest balancing. Improving the Service and monitoring KPIs benefits users and partners (better fit, fewer returns). Processing is proportionate, limited, and subject to safeguards (pseudonymisation, access controls, retention limits). Users have a reasonable expectation that a sizing tool evaluates and refines its accuracy. You may object at any time (Art. 21 GDPR).
4. Source of Data (Art. 14 GDPR)
a) Directly from you via the widget (fit indicators and interactions);
b) From the partner e-commerce, which shares purchase/return events and related identifiers (e.g., order ID, user ID/e-mail) for the purposes set out in Art. 3(b), as described in the partner’s privacy policy.
5. Whether Provision of Data is Mandatory
a) Providing anthropometric indicators is necessary to obtain the size recommendation.
b) Sharing purchase/return events is used only for statistical measurement and improvement. If you object, your events will not be used for KPI/improvement (you can still use the sizing Service).
6. Users Under 18
The Service is intended only for users aged 18 or over. We do not knowingly collect data from minors. If you believe a minor has provided data, please contact us: we will promptly delete such data.
7. Methods of Processing and Security
Data are processed by electronic means, with organisational and technical measures appropriate to the risk (Art. 32 GDPR), including:
a) Role-based access and least-privilege controls;
b) Encryption in transit and at rest where appropriate;
c) Logging/monitoring and environment separation;
d) Pseudonymisation for KPI analytics;
e) Privacy by design/default and documented data minimisation/retention policies.
8. Profiling and Automated Outputs
The size recommendation is generated through automated processing/technical profiling based on your indicators and product attributes. It is a non-binding suggestion and does not produce legal effects or similarly significant impacts on you.
a) You may request meaningful information about the logic involved in clear terms;
b) You may object to processing for KPI/improvement at any time (Art. 21 GDPR).
9. Data Retention
WeWear retains Personal Data only for as long as strictly necessary to achieve the purposes described in this Privacy Policy.
a) Service provision data (fit indicators, interaction context, identifiers): kept for the entire period of use of the Services and for no longer than 14 (fourteen) days from the date of cancellation/deactivation of the User, after which they will be deleted or irreversibly anonymised.
b) Purchase/return events used for KPI and improvement: linked to the User only for the same period (use of the Services + 14 days). Thereafter, such data are irreversibly anonymised and/or aggregated so that they can be used for statistical analysis, performance measurement and improvement of the algorithm without any possibility of re-identification.
c) Security logs: retained for up to 6 months, unless longer retention is required by law or for the defence of legal claims.
d) Body scan / 3D avatar data (if enabled): retained in accordance with the dedicated notice or until consent is withdrawn, after which they will be deleted or anonymised.
10. Data Subjects’ Rights
At any time and free of charge, you may exercise your rights under the GDPR, including:
a) Access, rectification, erasure, restriction, and portability;
b) Objection to processing based on legitimate interest (including KPI-related profiling);
c) Withdrawal of consent (where applicable, e.g., body scan) without affecting the lawfulness of processing based on consent before its withdrawal.
Requests: amministrazione@we-wear.biz.
You also have the right to lodge a complaint with the Garante per la Protezione dei Dati Personali or with your competent supervisory authority.
11. Recipients and Categories of Recipients
a) Partner e-commerce where you use the Service;
b) Processors (Art. 28 GDPR) providing hosting, IT maintenance, privacy-preserving analytics, customer support, security and related services;
c) Professional advisors and competent authorities, where required by law or for legal defence.
WeWear does not sell Personal Data.
12. Place of Processing and International Transfers
Personal Data are processed and stored on servers located within the EU/EEA. Where transfers outside the EU/EEA are necessary, WeWear will ensure an adequate level of protection pursuant to Chapter V GDPR, by relying on:
a) Adequacy decisions; or
b) Standard Contractual Clauses approved by the European Commission (and supplementary measures where appropriate); or
c) Other conditions under Arts. 46–49 GDPR.
You may request an overview/copy of the applicable safeguards at amministrazione@we-wear.biz.
13. Roles with Partners
As a rule, WeWear acts as an independent controller for the processing necessary to provide the sizing Service and to measure/improve its accuracy as described herein.
In specific projects, WeWear and the partner may act as joint controllers for jointly determined purposes (e.g., shared KPI governance). In such case, WeWear will make available an Art. 26 GDPR arrangement summary indicating the respective responsibilities and a single point of contact for data subjects.
14. Cookies and Similar Technologies
The widget may use strictly necessary technologies (e.g., to maintain session state or prevent repeated data entry). Any non-essential cookies/IDs will be used only on an appropriate legal basis (e.g., consent through the partner’s cookie banner). Please also consult the partner’s Cookie Policy.
15. Processors
An updated list of data processors is available at WeWear’s registered office and can be requested at amministrazione@we-wear.biz.
16. Changes to this Privacy Policy
WeWear may amend this Privacy Policy at any time. Where material changes occur, WeWear will provide appropriate notice through the Services and, where technically and legally feasible, via the contact details available to WeWear. Please check this page regularly.
Last update: 19/09/2025