LEGAL DOCUMENT // GLOBAL

Privacy Policy

Last update: May 2026

01 / Compliance

Global standards: GDPR, UK GDPR, CCPA/CPRA & PIPEDA.

02 / No Sales

Personal data is never sold or shared for behavioral ads.

03 / Cookies

Only strictly necessary technical cookies are used.

01 // Controller Information

This Privacy Policy applies to the website and services operated under the domain fixlys.com.

Data Controller:

FIXLYS Karol Pasiuk
ul. gen. Stanisława Maczka 44
15-691 Białystok, Poland
Contact: contact@fixlys.com

The Controller determines the purposes and means of processing personal data in accordance with applicable data protection laws.

03 // Scope of Service

The website provides informational and contact-based services.

  • No user accounts are required.
  • No identity verification systems are used.

The Controller does not intentionally process sensitive categories of personal data.

04 // Types of Data Collected

4.1. Data provided voluntarily

Users may provide:

  • name (optional)
  • email address
  • phone number (optional)
  • message content

Providing data is voluntary but necessary to receive a response.

4.2. Technical data

When using the website, the following technical data may be processed:

  • IP address
  • browser and device information
  • timestamps and request metadata
  • security and error logs

This data is used strictly for security, infrastructure operation, and ensuring proper website functionality.

Cloudflare, as a network security and CDN provider, may process IP addresses and security-related traffic data as part of its services.

05 // Purpose of Processing

  • 5.1. Communication and service handling responding to user inquiries, handling contact requests Legal basis: GDPR Art. 6(1)(b) and 6(1)(f)
  • 5.2. Security and infrastructure protection preventing spam, abuse, and malicious activity; ensuring system stability and uptime; DDoS and traffic protection Legal basis: GDPR Art. 6(1)(f)
  • 5.3. Legal compliance and defense compliance with legal obligations; establishing, exercising, or defending legal claims Legal basis: GDPR Art. 6(1)(c) and 6(1)(f)

06 // Data Processors

Personal data may be processed by trusted third-party service providers:

  • Cloudflare, Inc. – CDN, DNS, security, DDoS protection, edge network infrastructure
  • Google LLC (Gmail) – email communication services
  • Resend, Inc. – transactional email delivery services

These providers process data solely as service providers under appropriate data protection agreements or equivalent legal safeguards.

07 // International Data Transfers

Personal data may be transferred outside the European Economic Area (EEA), including to the United States.

Safeguards include:

  • Standard Contractual Clauses (SCC) approved by the European Commission
  • EU–US Data Privacy Framework (where applicable)
  • encryption in transit (HTTPS / TLS)
  • strict access control and least-privilege security model

Where required, additional transfer impact assessments may be applied.

08 // Data Retention

Data is stored only for as long as necessary for the purposes described in this Policy:

  • contact form data: up to 12 months after the last communication
  • email correspondence: retained as long as necessary for operational communication and legal protection
  • technical and security logs: short-term retention depending on infrastructure provider configuration

Retention periods may vary depending on legal obligations or security requirements.

09 // User Rights

Users have the right to:

👁️ access their personal data
✏️ rectify inaccurate data
🗑️ request deletion of data
🛑 restrict processing
🛡️ object to processing
📦 request data portability (where applicable)

Users also have the right to lodge a complaint with a supervisory authority.

Requests: contact@fixlys.com

10 // Data Sales and Sharing

The Controller:

  • does not sell personal data
  • does not share personal data for cross-context behavioral advertising purposes
  • does not use personal data for marketing profiling

Under applicable US privacy laws (including CPRA), personal data is not “sold” or “shared” as defined by law.

11 // Cookies and Local Storage

The website uses only strictly necessary cookies required for:

  • security and fraud prevention
  • session integrity
  • load balancing
  • network protection and routing

These cookies are essential for the proper functioning of the website and cannot be disabled without affecting service availability.

Examples may include Cloudflare security cookies such as cf_clearance.

No cookies are used for advertising, analytics, or cross-site tracking.

12 // Security Measures

Appropriate technical and organizational measures are implemented, including:

  • HTTPS encryption for all communication
  • firewall and DDoS protection via Cloudflare
  • restricted system access controls
  • principle of least privilege
  • continuous monitoring for security threats
  • secure email transmission channels

Security measures are regularly reviewed and updated.

13 // Third-Party Services

Third-party providers operate under their own infrastructure policies but are contractually or legally bound to process data only for specified purposes.

The Controller does not control the internal operational policies of these providers.

14 // No Automated Decision-Making

The Controller does not use personal data for:

  • automated decision-making producing legal effects
  • automated profiling for marketing purposes
  • behavioral scoring or identity inference systems

15 // Changes to This Policy

This Privacy Policy may be updated due to:

  • changes in applicable law
  • changes in infrastructure or service providers
  • operational or security updates

The latest version is always available on this website.

16 // Contact

For any questions regarding this Privacy Policy or personal data:

contact@fixlys.com