Privacy

Effective Date: July 1st , 2025

PRIVACY POLICY

This Privacy Policy describes how your personal data is collected, used, disclosed, and protected when you access or make purchases from the F.C. Internazionale Milano Official Online Store, jointly managed by F.C. Internazionale Milano S.p.A. (“Inter”) and Fanatics Italy S.R.L. (“Fanatics”), each acting as an independent data controller pursuant to Article 26 of the GDPR.

1. Categories of Personal Data Collected

We process the following categories of personal data:

Identification data: name, title, gender, date of birth, and contact details (email address, phone number, shipping/billing address)
Account credentials: username and encrypted password (if account registration is available)
Transaction data: purchase details, payment confirmations, order history, refund information
Communication data: content of customer service interactions, complaints, inquiries, surveys or product reviews
Technical and device data: IP address, browser type, session time, cookie identifiers, browsing behavior, and preferences on our site
Marketing preferences: opt-ins and opt-outs for newsletters, email marketing, and personalized advertising

The legislation outlines specific protections for data related to criminal convictions and offences and/or special categories of data, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, and data concerning health, sex life or sexual orientation. These types of data can only be processed with the consent of the data subject. Generally, there is no expectation that data falling within these categories will be captured. However, over the course of interactions with the data subject, particularly in the context of procedures related to complaints or other contact after purchase, the data subject may communicate these forms of personal data. With regard to this point, particular attention is paid to capturing only the data and carrying out only the processing that is necessary to fulfil the requests of the data subject and only where relevant and necessary for the purposes outlined below.

2. Sources of Data

Your personal data may be collected directly or indirectly from the following sources:

You, when registering for an account, placing an order, or contacting customer support
Intermediaries acting on your behalf (e.g. gift recipients or shipping proxies)
Cookies and other tracking technologies deployed during your use of our website
Official partners, including Inter or its promotional affiliates, for fulfillment or marketing purposes
Publicly accessible sources or third-party data providers, where lawfully permitted

3. Purposes of Processing and Legal Basis

We process your data for specific, explicit, and legitimate purposes under one or more of the following legal bases:

a. Contractual necessity – to execute or manage a purchase or request:

Order confirmation, payment processing, product delivery
Customer service support, return handling, and dispute resolution

b. Compliance with legal obligations:

Issuance of invoices, accounting requirements, tax compliance
Responding to law enforcement or judicial authorities

c. Legitimate interests, balanced against your rights and freedoms:

Website optimization, fraud detection, IT security, and data analytics
Customer satisfaction monitoring and service improvement

d. Consent, where required:

Sending marketing communications, special offers, or newsletters
Processing data via cookies and similar technologies (see cookie policy)

You may withdraw your consent at any time without affecting the lawfulness of prior processing.

4. How We Process Your Data

Processing activities are carried out using both automated and manual systems, under secure conditions, by authorized personnel only. Data is handled in a way that ensures:

Confidentiality: data access is limited to personnel or third parties on a need-to-know basis
Integrity: data is protected from unauthorized modification
Availability: systems are safeguarded against accidental loss or destruction

We implement technical and organizational measures such as encryption, access controls, data minimization practices, and regular audits.

5. Data Retention

We retain your personal data only for as long as needed to fulfill the purposes for which it was collected, or longer where required by applicable laws. Specifically:

Transactional and tax records: up to 10 years
Marketing data: up to 18 months from your last active interaction or until consent is revoked
Customer service records: up to 12 months post-resolution
Payment verification data: retained securely for a maximum of 90 days

After expiry, data will be deleted or anonymized in accordance with our data retention and disposal policy.

6. Who May Access Your Data

Your data may be shared with:

Both Inter and Fanatics, in their roles as independent controllers, for their respective processing purposes
Third-party service providers (acting as processors), such as:

Fulfillment partners and courier services
Payment gateways and fraud prevention services
Cloud and IT service providers supporting platform operations

Regulatory, tax, or judicial authorities, where required by law
Affiliated companies or subsidiaries for internal administrative coordination

All third-party processors are bound by written agreements that comply with Article 28 GDPR.

7. International Data Transfers

Where your data is transferred outside the European Economic Area (EEA), we ensure adequate protection through mechanisms such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions from the European Commission (where applicable)
Supplementary measures, including pseudonymization or data access restrictions

A copy of relevant safeguards may be requested by contacting either data controller.

8. Cookie and Tracking Technologies

We use cookies and similar tools to personalize content, analyze traffic, and deliver tailored advertisements. For more information, including how to manage your preferences, please see our Cookie Policy.

9. Mandatory vs. Optional Data

Where data is necessary for contract performance or legal compliance, you will be informed clearly. Failure to provide such data may prevent completion of purchases or provision of services. Optional fields will be identified, and declining to provide them will not affect your access to the site.

10. Your Rights as a Data Subject

You may exercise the following rights under the GDPR:

Right of access – obtain information about processing and access your data
Right to rectification – request correction of inaccurate or outdated data
Right to erasure – request deletion of your data under certain conditions
Right to restrict processing – limit how your data is used in specific scenarios
Right to object – object to processing for direct marketing or certain legitimate interests
Right to data portability – receive your data in a machine-readable format
Right to withdraw consent – at any time where consent was the legal basis

To exercise any of these rights, please contact the relevant data controller (see Section 11). You also have the right to lodge a complaint with your local supervisory authority.

11. Data Controllers and Contact Details

The data controller for product sales and delivery processing, as well as marketing activities is Fanatics Italy S.R.L. with registered office in Via Magistretti 10, 10128, Milan.

Fanatics Italy S.R.L. is an independent controller of the data it processes. Any queries about this policy can be sent to epi-privacy@fanatics.com

F.C. Internazionale Milano S.p.A. is an independent controller of the data it processes, and will do so in accordance with its own privacy policy which can be found here: https://www.inter.it/en/privacypolicy

Each controller is independently responsible for its respective processing operations and provides separate channels for data subject inquiries.