Home
This page is also available in: Čeština, Українська, Slovensky

Privacy Policy

Effective Date: November 6, 2025

I. Basic Information about the Controller

Data Controller: FixIt App s.r.o. Company ID: 23725681 Headquarters: Prague, Czech Republic Email: legal@fixit.app Phone: +420 702 140 894

Legal Basis: This Policy complies with:

  • Regulation (EU) 2016/679 (GDPR)
  • Act No. 110/2019 Coll., on Personal Data Processing
  • Act No. 127/2005 Coll., on Electronic Communications

Data Protection Officer: FixIt App s.r.o. is not required to appoint a Data Protection Officer pursuant to Article 37 GDPR.

Supervisory Authority: Office for Personal Data Protection Address: Pplk. Sochora 27, 170 00 Prague 7 Website: uoou.cz Email: posta@uoou.cz

II. Introduction

FixIt App s.r.o. ("FixIt", "we" or "our") respects your privacy and is committed to protecting your personal data. FixIt operates an online platform (marketplace) that connects tradespeople (service providers) with customers.

Important: FixIt is an intermediary - we are not a direct provider of trade services. We provide a technological platform to connect customers with tradespeople.

III. What Personal Data We Process

A. Data of Registered Users (Tradespeople)

Scope of data:

  • Identification data: name, surname, date of birth
  • Contact data: email, phone number, address
  • Business data: Company ID, VAT ID (for businesses), business authorization details
  • Profile photo
  • Service information, ratings, reviews
  • Transaction and payment data

Legal basis:

  • Article 6(1)(b) GDPR - contract performance
  • Article 6(1)(c) GDPR - legal obligations
  • Article 6(1)(f) GDPR - legitimate interest (service improvement)

B. Customer Data

Scope of data:

  • Identification data: name, surname
  • Contact data: email, phone number
  • Order and review data
  • Payment data (processed by payment gateway)

Legal basis:

  • Article 6(1)(b) GDPR - contract performance
  • Article 6(1)(a) GDPR - consent (marketing)

C. Website Visitor Data

Scope of data:

  • IP address (anonymized)
  • Browser and device information
  • Website analytics data (Umami Analytics - self-hosted solution)
  • URLs of visited pages, referrer

Legal basis:

  • Article 6(1)(f) GDPR - legitimate interest (security, analytics, service improvement)

D. Competition and Promo Campaign Participant Data

As part of competitions and promotional campaigns (e.g., "FixIt Points and Code Game") we process:

Scope of data:

  • Identification data: name, surname, nickname
  • Contact data: email, phone number, delivery address (for winners)
  • Participation data: competition account, points, referral codes
  • Technical data: IP address, access logs

Legal basis:

  • Article 6(1)(b) GDPR - contract performance (competition participation)
  • Article 6(1)(f) GDPR - legitimate interest (fraud prevention, winner publication)

Detailed information about personal data processing in competitions can be found in the separate document Competition Personal Data Processing Policy.

IV. Purposes of Personal Data Processing

We process your personal data for the following purposes:

  1. Platform operation - enabling connection between tradespeople and customers
  2. Contract fulfillment - processing orders, communication, account management
  3. Payment transactions - payment processing (via payment gateway)
  4. Legal obligations - tax documents, accounting, archiving
  5. Security - fraud prevention, platform protection
  6. Marketing - sending commercial communications (with consent only)
  7. Service improvement - traffic analysis, UX optimization

V. Processors and Data Transfers

A. Personal Data Processors

In accordance with Article 28 GDPR, we use the following processors:

1. Vercel Inc. Purpose: Web application hosting Location: USA (certified under EU-US Data Privacy Framework) Security: Data encrypted in transit and at rest, redundantly backed up Subprocessors: AWS, Microsoft Azure, Google Cloud Platform DPA: Available at vercel.com/legal/dpa

2. Supabase Inc. Purpose: Database services, data storage Location: EU (data centers in EU) Security: PostgreSQL database with encryption, regular backups DPA: Available at supabase.com/legal/dpa

3. Payment Gateway (to be specified before launch) Purpose: Card payment processing Security: PCI DSS certification

B. Transfer of Personal Data to Third Parties

Personal data of tradespeople are made available to customers when displaying profiles and accepting orders (name, contact, ratings).

Personal data of customers are transferred to tradespeople after accepting an order (name, contact, order address).

We do not transfer your data to third parties for marketing purposes without your consent.

VI. Personal Data Retention Period

| Data Category | Retention Period | |---------------|------------------| | Registration data | Duration of account + 3 years after deletion | | Business documents | 10 years (tax and accounting regulations) | | Marketing data | Until consent withdrawal | | Logs, security data | 12 months | | Analytics data (Umami) | 12 months |

VII. Your Rights as Data Subject

Under GDPR, you have the following rights:

A. Right of Access (Article 15 GDPR)

You have the right to obtain confirmation of whether we process your personal data and, if so, to access it.

B. Right to Rectification (Article 16 GDPR)

You have the right to request correction of inaccurate or completion of incomplete personal data.

C. Right to Erasure - "Right to be Forgotten" (Article 17 GDPR)

You have the right to request erasure of your personal data in cases specified by GDPR.

D. Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data.

E. Right to Data Portability (Article 20 GDPR)

You have the right to receive personal data you provided to us in a structured, commonly used and machine-readable format.

F. Right to Object (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data, particularly for direct marketing purposes.

G. Right to Withdraw Consent (Article 7(3) GDPR)

Where processing is based on consent, you have the right to withdraw that consent at any time.

H. Right to Lodge a Complaint

You have the right to lodge a complaint with the Office for Personal Data Protection.

How to exercise your rights: Contact us at legal@fixit.app. We will respond within 30 days.

VIII. Analytics and Visitor Tracking

A. Self-Hosted Analytics Solution (Umami)

To understand website usage and improve our services, we use our own analytics solution Umami:

Data collected:

  • Page views and visit duration
  • Traffic sources (referrer)
  • Device type and browser (anonymized)
  • Geographic location (country level only)

Privacy protection:

  • No cookies stored on your device
  • No personal data collected
  • No cross-site tracking
  • No data sharing with third parties
  • GDPR-compliant by design

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) - website optimization and security.

B. Data Storage

All analytics data is:

  • Stored on our servers in the EU
  • Aggregated and anonymized
  • Retained for 12 months
  • Accessible only to authorized personnel

Consent not required: Thanks to Umami Analytics' privacy-first approach, we do not need your consent for analytical cookies because we do not store any cookies or collect personal data.

IX. Personal Data Security

We have implemented technical and organizational measures:

  • Encryption: SSL/TLS certificates, data encryption at rest
  • Access rights: Limited access for authorized persons only
  • Backups: Regular automatic data backups
  • Monitoring: Security threat monitoring
  • Training: Employees are trained on personal data protection

X. Changes to This Policy

We may update this Policy. We will inform you of significant changes via email or platform notification.

XI. Contact

For data protection inquiries:

Office for Personal Data Protection:

Last updated: November 6, 2025

Home