Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Faslet is a Dutch AI powered size recommendation widget for fashion brands, developed by Faslet B.V. in Amsterdam. Shoppers click a Find Your Size button on a product page and provide a few inputs (height, weight, age band, body shape, fit preference), and Faslet returns a size suggestion based on the brand size chart and historical data. Because Faslet handles body measurements, sets identification cookies and transfers data to its EU based backend, prior consent is required under the GDPR and the ePrivacy Directive.
Faslet is a size and fit recommendation platform built by Faslet B.V. in Amsterdam. It is mainly used by direct to consumer fashion brands and multi brand retailers in Europe to reduce returns caused by sizing errors. The shopper interacts with a Find Your Size widget on a product page, answers a few questions (height, weight, age band, body shape, preferred fit) and receives a size recommendation derived from the brand size chart, the product specific tolerances and historical data from other shoppers.
When the widget is opened it sets a first party or third party cookie that stores a pseudonymous Faslet visitor identifier and the answers provided by the shopper. On the server side, Faslet stores the body measurements, fit preference and the recommended sizes per product, all linked to the pseudonymous identifier. Personally identifying fields such as email or name are not collected by default; they are only stored if the merchant explicitly enables a saved profile feature linked to the customer account.
The Faslet cookies and body measurement processing are not strictly necessary for the storefront to function, so the widget falls under the ePrivacy consent requirement and the GDPR Article 6(1)(a) consent base. Body measurements can be considered sensitive in some contexts (especially in combination with age, gender or health related queries), so the privacy notice must clearly explain what is stored, for how long, and who has access. The merchant remains the controller; Faslet B.V. is a processor under Article 28 GDPR.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
The widget loading, the cookies and the storage of body measurements rely on consent under Article 6(1)(a) GDPR. Aggregated, anonymous reporting back to the merchant (size distribution, fit issues per product) can rely on legitimate interest under Article 6(1)(f) GDPR. The Faslet data processing agreement and the sub processor list should be reviewed by the merchant data protection officer before go live, and the merchant should reflect the processing in its records of processing activities.
Faslet hosts its backend on AWS in EU regions (Ireland and Frankfurt), which keeps the bulk of personal data in the EEA. Sub processors used for analytics, customer support and email may involve US controllers, in which case transfers rely on Standard Contractual Clauses and the EU US Data Privacy Framework. Operators should consult the Faslet sub processor list and reflect the transfer chain in the privacy notice.
Sign the Faslet DPA, list Faslet B.V. as a sub processor in your privacy notice, document the EU hosting and the sub processor chain, and integrate the Faslet widget in your CMP under the functional or marketing category (consent gated). Configure the integration so that personally identifying fields are only stored when the shopper opts into a saved profile, run a DPIA covering the body measurement processing and configure retention to delete inactive profiles within a defined period.
Websites using Faslet must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA should be performed in most Faslet deployments because the widget processes body measurements (height, weight, body shape, age band) that can be considered sensitive in some contexts and that are used for automated size recommendations. The volume of profiles built by Faslet for a busy fashion store, combined with the personalisation logic, meets several Article 35 GDPR criteria (large scale processing, profiling that influences shopper behaviour) and should be reflected in a documented DPIA.
Sample consent text
Our product pages use the Faslet size recommendation widget by Faslet B.V. (Netherlands). With your consent, Faslet places cookies on your device and stores the height, weight, body shape and fit preference you enter, in order to compute a personalised size recommendation. Your data is processed on EU based AWS infrastructure and is never sold to third parties.
Third-party domains contacted
api.faslet.netwidget.faslet.netstatic.faslet.netcdn.faslet.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| faslet_user_id (localStorage) | Functional / Personalization | Persistent | Persistent identifier kept in browser localStorage to retrieve previously entered body measurements and size preferences on subsequent visits. |
| faslet_session | Strictly necessary | Session | Session token used to authenticate widget API calls during a single browsing session. |
| faslet_consent | Functional | 1 year | Records the visitor's acceptance of the Faslet first-use notice to avoid re-prompting on repeat visits. |
Faslet uses cookies for user preferences — inform visitors with a consent banner.
Faslet typically writes a persistent identifier (faslet_user_id) into localStorage to remember the shopper across visits, and may set a short-lived session cookie. Body measurements are stored against this identifier server-side at api.faslet.net. Although localStorage technically does not place a cookie, EDPB guidelines treat it equivalently for the purposes of Art. 5(3) ePrivacy.
Yes. Because Faslet writes a persistent identifier to the device and processes data that may be classified as relating to physical characteristics, you need either prior consent (Art. 6(1)(a) GDPR) or, if you consider the data special category, explicit consent (Art. 9(2)(a)). The safest pattern is to lazy-load the widget on click and present a short notice before processing any input.
Consent is the most defensible legal basis. Some merchants attempt to rely on legitimate interest, arguing that size recommendations reduce returns. This is defensible only for adult clothing in a B2C context, requires a documented balancing test, and excludes children's apparel and intimate clothing where the data is more sensitive. Model training on aggregated data may use legitimate interest.
No. Faslet B.V. hosts the core service on AWS eu-west-1 (Ireland). Some sub-processors (analytics, support) may be US-based, in which case the transfer is covered by SCCs in Faslet's DPA. Confirm the current sub-processor list with your account manager before signing.
Yes, especially if you sell intimate apparel, swimwear, children's clothing, or maternity wear. The combination of body measurement processing, persistent identifier storage, and use of machine learning meets several Art. 35(3) GDPR criteria. Even outside those verticals, a streamlined DPIA documenting the balancing of risks is good practice.
Sign the DPA, perform a DPIA, lazy-load the widget on visitor interaction, present a transparent first-use notice, document the lawful basis in your Record of Processing Activities, set explicit retention periods for body data, and offer an in-product way to delete saved measurements.
Other size recommendation tools include Fit Analytics (acquired by Snap, US-hosted), True Fit (US-hosted), and 3DLOOK (uses photo-based measurements with stronger biometric data implications). For minimum compliance overhead, EU-hosted Faslet remains a strong choice; for richer body modelling using photos, expect a heavier DPIA burden.
Add Faslet to your cookie policy with faslet_user_id (localStorage, persistent), describe the size finder, list the data points collected (height, weight, age, body shape), and specify the EU hosting location. In the privacy notice, identify Faslet B.V. as a data processor, link to its privacy statement, describe data subject rights including the right to deletion of measurement history, and specify the retention period.