PRIVACY POLICY FOR E-COMMERCE CUSTOMERS www.b-exit.com

(pursuant to Article 13 of the European Union General

Data Protection Regulation 2016/679) v.1.0

With this policy, Fashion Point S.r.l., as data controller, informs that the personal data of the interested party has been communicated to Fashion Point S.r.l. upon purchase on the e-commerce platform www.b-exit.com, the information shall be processed in accordance with current privacy legislation and in the manner set out in this information on the processing of Personal Data.

1. DATA CONTROLLER

The Data Controller is Fashion Point S.r.l., in the person of its pro-tempore legal representative, VAT number 02000280681, with registered office in Strada Lungofino 185 – Blocco A Moduli 7 – 65013 – Città Sant'Angelo (PE), certified email: info@b-exit.com

2. THE DATA PROTECTION OFFICER

The Data Protection Officer is Zenko S.r.l. with registered office in Via dell'Industria, snc – Zona Ind.le – 64025 – Pineto (TE), certified email dpo@zenko.it

3. SUBJECT OF THE PROCESSING

In the context of the execution of the contractual obligations deriving from the purchase through the e-commerce platform www.b-exit.com, the Data Controller shall process the following categories of personal data ("Data"):

- Personal data, such as name, surname, company to which they belong, VAT number;
- Contact details, such as telephone number, email address, address (internal scale, postcode, city, province, country) of the shipping contact persons of customers or owners of sole proprietorships;
- shipping method chosen by the user;
- payment method chosen by the user (in the case of a credit card: credit card number expiry date, security code, name on the card).

4. PURPOSE AND LEGAL BASIS OF DATA PROCESSING

The Data Controller shall process Customer Data for the following purposes and legal bases.

4.1. Based on the execution of a contract and/or by virtue of the fulfilment of pre-contractual commitments, to allow the purchase on the e-commerce platform www.b-exit.com, for the signing and execution of contracts, for the management of any complaints, and for the management of returns.

4.2. Based on the fulfilment of legal obligations by the Data Controller:

a) for accounting and administrative purposes (such as invoicing, keeping accounting records, etc.);
b) for the possible execution of measures or orders of the competent Authorities and Supervisory Bodies.

4.3 Based on a legitimate interest of the Data Controller

a) for the protection of the rights and legitimate interests of the Data Controller and/or third parties, including in court: the interest of the Data Controller corresponds to the constitutionally guaranteed right of action (Article 24 of the Constitution) and, as such, is socially recognised as prevailing over the interests of the individual concerned;
b) to send promotional communications, exclusively by email, relating to products similar to those you have already purchased (so-called Soft spam), notwithstanding the possibility of exercising your right to opt-out, by clicking on the appropriate link at the bottom of each communication you will receive.

5. PROCESSING METHODS

The processing is carried out in compliance with fundamental rights and freedoms, based on the principles of correctness, lawfulness, transparency, and confidentiality, and is also aided by electronic instruments.

6. NATURE OF DATA PROVISION

The provision of personal data for the purposes referred to in paragraph 4 is mandatory, as it is necessary to allow you to purchase on the e-commerce platform www.b-exit.com, as well as to allow the Data Controller to send you promotional communications by email relating to products similar to those you have already purchased. We remind you that, in relation to the purpose referred to in paragraph 4.3.b, you will have the opportunity to exercise your right to opt-out at any time by clicking on the appropriate link at the bottom of each communication you will receive.

7. COMMUNICATION OF DATA

Notwithstanding communications made in fulfilment of legal and contractual obligations to public bodies and entities, your personal data are processed by internal personnel previously authorised and designated as the person in charge of processing, to whom appropriate instructions are given regarding measures, precautions, modus operandi, all aimed at the concrete protection of your personal data.

The Data Controller may communicate your data in compliance with legal obligations to public bodies and entities, such as:

- Judicial or public authorities in compliance with legal obligations or orders

Fashion Point S.r.l. may also employ third parties for the performance of activities and related processing of personal data of which the Company is the owner, such as:

• national and international couriers and shippers
• payment service providers
• consultants or external freelancers, such as accounting and administrative consultants, trusted lawyers, etc.
• suppliers of software or software platforms in the context of assistance, support and maintenance activities;
• subcontractors and/or subcontractors engaged in activities related to the execution of the Contract with the Data Controller;
• Relevant authorities in the event of legal or customs requests;

Under the legislation, these subjects have the experience, capacity, and reliability to ensure compliance with current processing provisions, including the data security profile. Said third parties, where appropriate, are designated "Data Processors" and are subject to periodic checks to verify the maintenance of the guarantee levels recorded at the time of the initial assignment. The Data Controller shall retain a list of the appointed data processors.

8. TRANSFER ABROAD

Since e-commerce also makes sales to non-EU countries, some data (e.g. shipping address, company data, tax documents) may be transferred outside the European Economic Area (EEA).

In these cases, the legal basis of the transfer is the execution of the contract (e.g. international shipping).

In any case, the Data Controller guarantees that the transfer will take place in compliance with Articles 44 et seq. of the GDPR, in particular by:

• EU Commission adequacy decisions
• Standard Contractual Clauses (SCC)
• Technical and organisational measures

9. DATA RETENTION TIMES

The Personal Data collected for the above purposes will be kept for a period equal to the duration of the Contract and for ten years following the termination of the same, only the personal data necessary for the regular storage of administrative documentation and accounting and tax records, pursuant to Article 2220 of the Italian Civil Code, and to assert any rights in court or defend against legal disputes, pursuant to Article 2946 of the Italian Civil Code, will be kept, except in cases where the storage.

For a subsequent period is required for the continuation of disputes, requests from the competent Authorities or in compliance with legal obligations borne by the Data Controller.

The Personal Data collected for the purposes referred to in Point 4.3.b will be kept for a maximum of 12 months from the last commercial interaction with the e-commerce platform www.b-exit.com, notwithstanding your right to opt-out, which you can exercise at any time by clicking on the appropriate link in each communication you receive.

10. RIGHTS OF DATA SUBJECTS

Data subjects may exercise the rights provided for in Art. 15 et seq. of EU Regulation 2016/679 and in particular the right to:

a) access their personal data;
b) to request rectification or updating if incomplete or erroneous;
c) to request its cancellation for one of the reasons indicated in Art. 17 Paragraph 1 of the GDPR;
d) to request a limitation in the cases expressly provided for by Art. 18, Paragraph of the GDPR;
e) to request portability, in the cases indicated in Art. 20 of the GDPR;
f) to object at any time, for reasons related to their particular situation, to the processing of personal data
concerning them pursuant to Article 6 Paragraph 1, Letters (e) or (f), including profiling based on these
provisions; in this case, the Data Controller shall refrain from further processing the Data Subjects' Data
unless he proves the existence of compelling legitimate grounds for processing that prevail over the
interests, rights and freedoms of the data subject or for the establishment, exercise or defence of a
right in court; if the personal data are processed for direct marketing purposes, the data subject shall
have the right to object at any time to the processing of personal data concerning him carried out for
such purposes, including profiling to the extent that it is connected with such direct marketing; if he
objects to processing for direct marketing purposes, the Data Subjects shall no longer be subject to
processing for such purposes;
g) not to be subject to a decision based solely on automated processing, including profiling, that
produces legal effects concerning them or that significantly affects your person similarly; this right
applies only to the provisions of Art. 22 of the GDPR.

To facilitate the exercise of the above rights, the Data Controller may be sent the form "exercise of rights regarding the protection of personal data", published on the Privacy Guarantor's portal at http://www.garanteprivacy.it, duly completed.

Finally, we inform you that the interested parties, if they consider that the processing of personal data related to them takes place in violation of the provisions of EU Regulation 2016/679 (Art. 77), have the right to lodge a complaint with the Guarantor (www.garanteprivacy.it) or to bring the appropriate legal proceedings.

10. METHODS OF EXERCISING RIGHTS

You may exercise your rights at any time by sending:

• a registered letter with return receipt to Fashion Point S.r.l. with its registered office in Strada Lungofino 185 – Block A Moduli 7 – 65013 Città Sant'Angelo (PE);

• an email to info@b-exit.com

Or you can directly contact the DPO (Data Protection Officer) or Fashion Point S.r.l.'s DPO at the certified email address dpo@zenko.it

11. CHANGES AND UPDATES

This policy is valid from the date on which it was presented. However, the Company could make changes and/or additions to this policy, also as a consequence of any subsequent amendments and/or regulatory additions.