Privacy Policy

Effective Date: November 6, 2025

I. Basic Information about the Controller

Data Controller: FixIt App s.r.o. Company ID: 23725681 Headquarters: Prague, Czech Republic Email: legal@fixit.app Phone: +420 702 140 894

Legal Basis: This Policy complies with:

• Regulation (EU) 2016/679 (GDPR)
• Act No. 110/2019 Coll., on Personal Data Processing
• Act No. 127/2005 Coll., on Electronic Communications

Data Protection Officer: FixIt App s.r.o. is not required to appoint a Data Protection Officer pursuant to Article 37 GDPR.

Supervisory Authority: Office for Personal Data Protection Address: Pplk. Sochora 27, 170 00 Prague 7 Website: uoou.cz Email: posta@uoou.cz

II. Introduction

FixIt App s.r.o. ("FixIt", "we" or "our") respects your privacy and is committed to protecting your personal data. FixIt operates an online platform (marketplace) that connects tradespeople (service providers) with customers.

Important: FixIt is an intermediary - we are not a direct provider of trade services. We provide a technological platform to connect customers with tradespeople.

III. What Personal Data We Process

A. Data of Registered Users (Tradespeople)

Scope of data:

• Identification data: name, surname, date of birth
• Contact data: email, phone number, address
• Business data: Company ID, VAT ID (for businesses), business authorization details
• Profile photo
• Service information, ratings, reviews
• Transaction and payment data

Legal basis:

• Article 6(1)(b) GDPR - contract performance
• Article 6(1)(c) GDPR - legal obligations
• Article 6(1)(f) GDPR - legitimate interest (service improvement)

B. Customer Data

Scope of data:

• Identification data: name, surname
• Contact data: email, phone number
• Order and review data
• Payment data (processed by payment gateway)

Legal basis:

• Article 6(1)(b) GDPR - contract performance
• Article 6(1)(a) GDPR - consent (marketing)

C. Website Visitor Data

Scope of data:

• IP address
• Browser and device information
• Cookie data (after consent)
• Website analytics data (Google Analytics, if activated)

Legal basis:

• Article 6(1)(f) GDPR - legitimate interest (security, analytics)
• Article 6(1)(a) GDPR - consent (analytical cookies)

IV. Purposes of Personal Data Processing

We process your personal data for the following purposes:

1. Platform operation - enabling connection between tradespeople and customers
2. Contract fulfillment - processing orders, communication, account management
3. Payment transactions - payment processing (via payment gateway)
4. Legal obligations - tax documents, accounting, archiving
5. Security - fraud prevention, platform protection
6. Marketing - sending commercial communications (with consent only)
7. Service improvement - traffic analysis, UX optimization

V. Processors and Data Transfers

A. Personal Data Processors

In accordance with Article 28 GDPR, we use the following processors:

1. Vercel Inc. Purpose: Web application hosting Location: USA (certified under EU-US Data Privacy Framework) Security: Data encrypted in transit and at rest, redundantly backed up Subprocessors: AWS, Microsoft Azure, Google Cloud Platform DPA: Available at vercel.com/legal/dpa

2. Supabase Inc. Purpose: Database services, data storage Location: EU (data centers in EU) Security: PostgreSQL database with encryption, regular backups DPA: Available at supabase.com/legal/dpa

3. Payment Gateway (to be specified before launch) Purpose: Card payment processing Security: PCI DSS certification

B. Transfer of Personal Data to Third Parties

Personal data of tradespeople are made available to customers when displaying profiles and accepting orders (name, contact, ratings).

Personal data of customers are transferred to tradespeople after accepting an order (name, contact, order address).

We do not transfer your data to third parties for marketing purposes without your consent.

VI. Personal Data Retention Period

| Data Category | Retention Period | |---------------|------------------| | Registration data | Duration of account + 3 years after deletion | | Business documents | 10 years (tax and accounting regulations) | | Marketing data | Until consent withdrawal | | Logs, security data | 12 months | | Cookies | As configured - max. 24 months |

VII. Your Rights as Data Subject

Under GDPR, you have the following rights:

A. Right of Access (Article 15 GDPR)

You have the right to obtain confirmation of whether we process your personal data and, if so, to access it.

B. Right to Rectification (Article 16 GDPR)

You have the right to request correction of inaccurate or completion of incomplete personal data.

C. Right to Erasure - "Right to be Forgotten" (Article 17 GDPR)

You have the right to request erasure of your personal data in cases specified by GDPR.

D. Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data.

E. Right to Data Portability (Article 20 GDPR)

You have the right to receive personal data you provided to us in a structured, commonly used and machine-readable format.

F. Right to Object (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data, particularly for direct marketing purposes.

G. Right to Withdraw Consent (Article 7(3) GDPR)

Where processing is based on consent, you have the right to withdraw that consent at any time.

H. Right to Lodge a Complaint

You have the right to lodge a complaint with the Office for Personal Data Protection.

How to exercise your rights: Contact us at legal@fixit.app. We will respond within 30 days.

VIII. Cookies and Tracking Technologies

A. Types of Cookies

1. Necessary Cookies (without consent - legitimate interest)

• Platform functionality, login, security

2. Analytical Cookies (require consent)

• Google Analytics - traffic analysis
• Can be declined in cookie banner

3. Marketing Cookies (require consent)

• Currently not used

B. Cookie Management

Change settings: You can change cookie settings in the cookie banner on the website or in your browser settings.

Decline cookies: Declining analytical and marketing cookies does not affect platform functionality.

IX. Personal Data Security

We have implemented technical and organizational measures:

• Encryption: SSL/TLS certificates, data encryption at rest
• Access rights: Limited access for authorized persons only
• Backups: Regular automatic data backups
• Monitoring: Security threat monitoring
• Training: Employees are trained on personal data protection

X. Changes to This Policy

We may update this Policy. We will inform you of significant changes via email or platform notification.

XI. Contact

For data protection inquiries:

• Email: legal@fixit.app
• Email: info@fixit.app
• Phone: +420 702 140 894

Office for Personal Data Protection:

• Website: www.uoou.cz
• Email: posta@uoou.cz
• Phone: +420 234 665 111

Last updated: November 6, 2025