Privacy Policy

1. Definitions.

1.1. The terms indicated below shall have the following meanings in this Privacy Policy:

  1. 1.1.1. Data Controller – FIXIT joint-stock company with its registered office in Kraków, ul. Nad Serafą 56A, 30-864 Kraków, entered into the National Court Register by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under KRS number: 0000302206, NIP: 6762236862, REGON: 356704082.
  2. 1.1.2. Personal Data – all information relating to an identified or identifiable natural person, identifiable directly or indirectly, in particular by reference to an identifier such as physical, physiological, genetic, mental, economic, cultural or social identity, including device IP address, location data, internet identifier and information collected via cookies or other similar technologies.
  3. 1.1.3. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  4. 1.1.4. Website – the website operated by the Data Controller under the domain https://fixit-service.com/, including subdomains: https://rma.fixit-service.com, https://logitech.fixit-service.com/, https://avery-dennison.fixit-service.com, https://pocketbook.fixit-service.com.
  5. 1.1.5. User – any natural person visiting the Website or using one or more services or functionalities described in this Privacy Policy.
  6. 1.1.6. Consumer – a User who is a consumer within the meaning of Article 221 of the Polish Civil Code (a natural person performing a legal act with an entrepreneur that is not directly related to their business or professional activity).
  7. 1.1.7. Cookies – small text files stored on the User’s end device (e.g. computer, tablet, smartphone), which can be read by the Website’s IT system as well as by IT systems of third parties whose services are used by the Data Controller (so-called first-party and third-party cookies). The Website uses “session cookies”, which are deleted when the browser is closed, and “persistent cookies”, which are stored for a specified period defined in cookie parameters.
  8. 1.1.8. Privacy Policy – this Privacy Policy together with the Cookies Policy.

2. Data Controller of Personal Data.

2.1. The Data Controller of Users’ Personal Data is FIXIT joint-stock company with its registered office in Kraków, ul. Nad Serafą 56A, 30-864 Kraków, entered into the National Court Register by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under KRS number: 0000302206, NIP: 6762236862, REGON: 356704082, as the owner and operator of the Website providing electronic services.

2.2. The User may contact the Data Controller:

  1. 2.2.1. by post – ul. Nad Serafą 56A, 30-864 Kraków,
  2. 2.2.2. by email – biuro@fixit.pl,
  3. 2.2.3. by phone – +48 12 25 44 034.

3. Data Protection Officer.

3.1. The Data Controller has appointed a Data Protection Officer.

3.2. The User may contact the Data Protection Officer:

  1. 3.2.1. by post – ul. Nad Serafą 56A, 30-864 Kraków,
  2. 3.2.2. by email – iod@fixit.pl.

4. Purposes and Legal Basis for Processing Personal Data.

4.1. Use of the Website:

4.1.1. Personal Data of all persons using the Website (including IP address or other identifiers and information collected via cookies or similar technologies), who are not registered Users (i.e. persons without an account on the Website), are processed by the Data Controller:

  1. 4.1.1.1. for the purpose of providing electronic services consisting in making available content collected on the Website and providing contact forms – the legal basis for processing is the necessity to perform a contract (Article 6(1)(b) GDPR);
  2. 4.1.1.2. for the purpose of handling requests for device diagnosis and repair submitted without registration on the Website – the legal basis for processing is the necessity to perform a contract (Article 6(1)(b) GDPR);
  3. 4.1.1.3. for the purpose of handling complaints regarding services – the legal basis for processing is the necessity to perform a contract (Article 6(1)(b) GDPR);
  4. 4.1.1.4. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR), consisting in conducting analyses of Users’ activity and preferences in order to improve functionalities and services;
  5. 4.1.1.5. for the purpose of establishing, pursuing or defending claims – the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR), consisting in the protection of its rights;
  6. 4.1.1.6. for marketing purposes of the Data Controller – the rules for processing Personal Data for marketing purposes are described in detail in section 4.5 below.

4.1.2. User activity on the Website, including Personal Data, is recorded in system logs. Information collected in logs is processed in connection with the provision of services. The Data Controller also processes this data for technical purposes, in particular data may be temporarily stored and processed to ensure security and proper functioning of IT systems, e.g. in connection with backups, system testing, detection of irregularities or protection against abuse and attacks.

4.2. Registration on the Website:

4.2.1. Persons who register on the Website are asked to provide data necessary to create and maintain an account. In order to facilitate service, the User may provide additional data, thereby consenting to its processing. Such data may be deleted at any time. Providing data marked as mandatory is required to create and maintain an account, and failure to provide such data will result in the inability to create an account. Providing other data is voluntary.

4.2.2. Personal Data is processed:

  1. 4.2.2.1. for the purpose of providing services related to maintaining and operating an account on the Website – the legal basis for processing is the necessity to perform a contract (Article 6(1)(b) GDPR), and with regard to optional data – consent (Article 6(1)(a) GDPR);
  2. 4.2.2.2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR), consisting in analyzing User activity and account usage, as well as preferences in order to improve functionalities;
  3. 4.2.2.3. for the purpose of establishing, pursuing or defending claims – the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR), consisting in the protection of its rights;
  4. 4.2.2.4. for marketing purposes of the Data Controller – the rules for processing Personal Data for marketing purposes are described in detail in section 4.5 below.

4.2.3. If the User provides any Personal Data of other persons on the Website (including their name, surname, address, phone number or email address), they may do so only if they do not violate applicable law and personal rights of those persons.

4.3. Request for Device Diagnosis and Repair:

4.3.1. Submitting a request for device diagnosis and repair by the User involves the processing of their Personal Data. Providing data marked as mandatory is required in order to accept and process the request, and failure to provide such data will result in the inability to process the request. Providing other data is optional.

4.3.2. Personal Data is processed:

  1. 4.3.2.1. for the purpose of fulfilling the submitted request – the legal basis for processing is the necessity to perform a contract (Article 6(1)(b) GDPR); with regard to optional data, the legal basis is the User’s consent (Article 6(1)(a) GDPR);
  2. 4.3.2.2. for the purpose of fulfilling legal obligations imposed on the Data Controller, in particular arising from tax and accounting regulations – the legal basis is a legal obligation (Article 6(1)(c) GDPR);
  3. 4.3.2.3. for analytical and statistical purposes – the legal basis is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR), consisting in analyzing User activity and improving functionalities;
  4. 4.3.2.4. for the purpose of establishing, pursuing or defending claims – the legal basis is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR), consisting in the protection of its rights;
  5. 4.3.2.5. for purposes related to satisfaction surveys, in particular by sending emails requesting feedback on the quality of services provided by the Data Controller – the legal basis is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR), consisting in maintaining high quality of services and User satisfaction.

4.4. Contact Forms:

4.4.1. The Data Controller provides the possibility to contact it using electronic contact forms. Use of the form requires providing Personal Data necessary to contact the User and respond to the inquiry. The User may also provide additional data to facilitate contact or handling of the inquiry. Providing data marked as mandatory is required to process the inquiry, and failure to provide such data will result in the inability to handle the inquiry. Providing other data is voluntary.

4.4.2. Personal Data is processed:

  1. 4.4.2.1. for the purpose of identifying the sender and handling their inquiry submitted via the contact form – the legal basis is the necessity to perform a service contract (Article 6(1)(b) GDPR);
  2. 4.4.2.2. for analytical and statistical purposes – the legal basis is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR), consisting in keeping statistics of inquiries in order to improve Website functionality.

4.5. Marketing:

4.5.1. The Data Controller processes Users’ Personal Data for the purpose of carrying out marketing activities, which may consist of:

  1. 4.5.1.1. displaying marketing content to the User that is not tailored to their preferences (contextual advertising) – the legal basis for processing is the legitimate interest of the Data Controller (Article 6(1)(f) GDPR);
  2. 4.5.1.2. displaying marketing content to the User corresponding to their interests (behavioural advertising) – in this case, the processing of Personal Data also includes profiling. The use of Personal Data collected through such technologies for marketing purposes is based on the legitimate interest of the Data Controller and only if the User has consented to the use of cookies. Consent to the use of cookies may be expressed through appropriate browser settings and may be withdrawn at any time, in particular by deleting cookies and disabling cookies in browser settings. The rules regarding the use of cookies are described in detail in section 5 below;
  3. 4.5.1.3. sending email notifications about interesting offers or content, which in some cases contain commercial information, as well as carrying out other forms of direct marketing of goods and services (sending commercial information by electronic means) – the legal basis for processing is the legitimate interest of the Data Controller consisting in sending marketing information within the scope of the consent given by the User (direct marketing). The User has the right to object to the processing of Personal Data for direct marketing purposes, including profiling. Data will be stored for this purpose for the duration of the Data Controller’s legitimate interest, unless the User objects to receiving marketing information.

5. Cookies.

5.1. The Website uses both first-party and third-party cookies, as some information about the User may be collected automatically. When using the Website, IT-related data regarding the visit (so-called server logs) are also collected automatically.

5.2. Cookies do not collect Personal Data or any confidential information from the User’s device. They are not used to determine the identity of the User.

5.3. During the first visit to the Website, information about the use of cookies is displayed along with a request for consent to their use. By clicking “Allow all” / “Allow selection”, the User consents to the use of cookies. The User may change cookie settings at any time via their browser, including deleting cookies. Disabling cookies may, however, result in difficulties in using the Website. The User may also use the incognito mode available in browsers – in such case cookies will be deleted when the browser is closed.

5.4. First-party cookies are used to ensure the proper functioning of the Website. In particular, they improve speed and security, as well as enhance available functionalities.

5.5. The Website cooperates with third parties that may use cookies or similar technologies. The use of third-party cookies by the Data Controller is based on its legitimate interest consisting in managing the Website, analyzing data and conducting marketing of its own products and services.

5.6. The Website uses cookies from the following third parties:

  1. 5.6.1. Cookiebot (https://www.cookiebot.com/en/privacy-policy/),
  2. 5.6.2. Google (https://business.safety.google/privacy/),
  3. 5.6.3. Microsoft (https://www.microsoft.com/en-us/privacy/privacystatement),
  4. 5.6.4. YouTube (https://business.safety.google/privacy/).

5.7. In addition to cookies, the Website may also collect data typically gathered by internet system administrators as part of server logs. Information in logs may include: IP address, date and time of visit, device serial numbers, IMEI numbers of devices equipped with wireless communication modules, information about the web browser and operating system, Internet provider, referring page and other data. Server logs are stored and retained on the server. They do not contain data allowing direct identification of the User. They are used solely as auxiliary material for Website administration, and access to them is granted only to persons authorized to administer the server.

6. Scope of Personal Data Processing.

6.1. The Data Controller processes the following User data:

6.1.1. for Consumers:

  1. 6.1.1.1. first name,
  2. 6.1.1.2. last name,
  3. 6.1.1.3. email address,
  4. 6.1.1.4. phone number,
  5. 6.1.1.5. country,
  6. 6.1.1.6. preferred language,
  7. 6.1.1.7. delivery address (street, building/apartment number, postal code, city, country),

6.1.2. for entrepreneurs:

  1. 6.1.2.1. company name,
  2. 6.1.2.2. email address,
  3. 6.1.2.3. phone number,
  4. 6.1.2.4. country,
  5. 6.1.2.5. preferred language,
  6. 6.1.2.6. tax identification number (NIP),
  7. 6.1.2.7. delivery address (street, building/apartment number, postal code, city, country).

6.2. Providing Personal Data by the User is voluntary, however failure to provide data indicated in:

  1. 6.2.1. sections 6.1.1.1–6.1.1.6 or 6.1.2.1–6.1.2.6 will result in the inability to provide services, including in particular services related to maintaining and operating a User account on the Website, as well as fulfilling other purposes for which the Data Controller collects User data;
  2. 6.2.2. sections 6.1.1.1–6.1.1.7 or 6.1.2.1–6.1.2.7 will result in the inability to provide services, including in particular services related to the execution of device diagnosis and repair requests;
  3. 6.2.3. sections 6.1.1.1–6.1.1.3 or 6.1.2.1–6.1.2.2 will result in the inability to provide services related to handling inquiries submitted via the contact form;
  4. 6.2.4. sections 6.1.1.1–6.1.1.3 or 6.1.2.1–6.1.2.2 will result in the inability to provide services related to sending commercial information.

6.3. Browsing the Website does not require providing Personal Data other than automatically collected connection parameters.

7. Data Retention Period.

7.1. The period for which Personal Data is processed by the Data Controller depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of service provision or order fulfillment, until consent is withdrawn or an effective objection to processing is raised in cases where the legal basis for processing is the legitimate interest of the Data Controller.

7.2. The processing period may be extended where processing is necessary to establish, pursue or defend claims, and thereafter only to the extent required by law. After the processing period expires, the data is irreversibly deleted or anonymized.

8. Recipients of Personal Data.

8.1. In connection with the provision of services, the User’s Personal Data will be disclosed to external entities (hereinafter referred to as “Processors”), including in particular providers responsible for IT systems, entities such as banks and payment operators, accounting, legal, audit and consulting service providers, couriers (in connection with order fulfillment), marketing agencies (for marketing services), and entities affiliated with the Data Controller, including its business partners. If the User consents, their Personal Data may also be shared with other entities for their own purposes, including marketing purposes.

8.2. In agreements with Processors, the Data Controller ensures that they comply with the same data protection obligations as those imposed on the Data Controller under this Privacy Policy. These obligations include, in particular, providing sufficient guarantees to implement appropriate technical and organizational measures to ensure processing complies with GDPR requirements.

8.3. If a Processor fails to fulfill its data protection obligations, the Data Controller remains fully liable to the User for the performance of those obligations.

8.4. The Data Controller reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information based on an appropriate legal basis and in accordance with applicable law.

9. Transfer of Personal Data Outside the EEA.

9.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Data Controller transfers Personal Data outside the EEA only when necessary and with an adequate level of protection ensured, in particular through:

  1. 9.1.1. cooperation with entities processing Personal Data in countries for which a relevant adequacy decision has been issued by the European Commission;
  2. 9.1.2. the use of standard contractual clauses issued by the European Commission;
  3. 9.1.3. the use of binding corporate rules approved by the competent supervisory authority.

9.2. The Data Controller always informs about the intention to transfer Personal Data outside the EEA at the stage of data collection.

10. Profiling.

10.1. For the purpose of carrying out marketing activities, the Data Controller in some cases uses profiling. This means that through automated processing of data, the Data Controller evaluates selected factors relating to natural persons in order to analyze their behavior or predict future actions.

11. Security of Personal Data.

11.1. In order to ensure the integrity and confidentiality of data, the Data Controller has implemented procedures enabling access to Personal Data only to authorized persons and only to the extent necessary for the performance of their tasks.

11.2. When processing Users’ Personal Data, the Data Controller applies organizational and technical measures compliant with applicable legal provisions, including the use of SSL encryption to ensure that all operations on Personal Data are recorded and performed only by authorized persons.

11.3. The Data Controller also takes all necessary actions to ensure that its subcontractors and other cooperating entities provide guarantees of applying appropriate security measures whenever they process Personal Data on its behalf.

11.4. The Data Controller continuously conducts risk analysis and monitors the adequacy of applied data protection measures in relation to identified threats. If necessary, the Data Controller implements additional measures to enhance data security.

12. Rights Related to the Processing of Personal Data.

12.1. The User has the right to:

  1. 12.1.1. access their Personal Data – in accordance with Article 15 GDPR,
  2. 12.1.2. obtain a copy of their Personal Data – in accordance with Article 15 GDPR,
  3. 12.1.3. rectify their Personal Data – in accordance with Article 16 GDPR,
  4. 12.1.4. erase their Personal Data – in accordance with Article 17 GDPR,
  5. 12.1.5. request restriction of processing – in accordance with Article 18 GDPR,
  6. 12.1.6. object to the processing of their Personal Data – in accordance with Article 21 GDPR,
  7. 12.1.7. request data portability – in accordance with Article 20 GDPR,
  8. 12.1.8. withdraw consent at any time, without affecting the lawfulness of processing carried out before its withdrawal – in accordance with Article 7(3) GDPR.

12.2. In order to exercise the rights referred to in section 12.1 above, the User may contact the Data Controller by sending a message to one of the contact details indicated in section 3.2 of the Terms and Conditions.

12.3. If the User considers that their data is processed unlawfully, they have the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office, in accordance with Article 77 GDPR.

13. Changes to the Privacy Policy.

13.1. The Privacy Policy is subject to ongoing review and may be updated when necessary.

13.2. The Data Controller reserves the right to amend this Privacy Policy by publishing a new version on the Website.

13.3. If the User has objections to changes introduced to the Privacy Policy, they may request the deletion of their Personal Data. Continued use of the Website after publication of the updated Privacy Policy shall be deemed as acceptance of the updated terms regarding the collection, use and disclosure of Personal Data.

Contact us