Privacy policy – Fixh IT
1. Data Controller
NETWORK GENERATION di Daniel Enache
Via della Stazione 10, 00041 Albano Laziale (RM)
P.IVA 14082541005 | REA RM-1495059
Email: support@fixh.it
2. Type of Data Processed
The personal data processed by Fixh IT are divided into different categories, collected exclusively for the indicated purposes and processed in compliance with the current regulations:
| Data Category | Examples | Purposes | Legal Basis |
|---|---|---|---|
| Account Data | Name, surname, email, password | Creation and management of the account, authentication and personalization of the experience | Execution of a contract |
| Payment Data | Card number, IBAN, billing address | Management and processing of payments, issuance of electronic invoices | Compliance with legal obligations |
| Usage Data | Access logs, usage statistics, preferences and behaviors | Analysis, improvement and personalization of services, cybersecurity | Legitimate interest |
| Technical Data | IP address, browser data, device information, metadata | Ensure security, prevent fraud and optimize service enjoyment | Legitimate interest and legal obligations |
3. Hosting and Data Transfers
-
Cloud Provider:
The Fixh IT Software is hosted by OVH SAS (France), with servers located in Gravelines and Strasbourg.
-
Certifications and Standards:
The provider is certified ISO 27001, PCI-DSS and HDS, guaranteeing high standards of security and data management.
-
Encryption:
- Data in transit: protected by TLS 1.3
- Data at rest: encrypted with AES-256, with key management via OVH KMS.
-
Backup:
Daily backups, kept for 7 days, encrypted and replicated to secondary datacenters to ensure recovery in case of incidents.
-
Extra-EU Transfers:
Data is not transferred outside the EU/EEA. In case of future necessity, all measures provided for by the regulations will be adopted.
4. Data Recipients
Personal data may be communicated to third parties for the following purposes
-
Subcontractors and Technology Partners:
- OVHcloud (hosting and infrastructure)
- Stripe and PayPal (payment processing)
-
Consultants:
Tax, legal and security consultants, exclusively for technical support and compliance with legal obligations.
-
Legal Obligations:
Data may be disclosed to third parties in case of legal obligation, for the protection of rights or for public safety in compliance with regulatory obligations or for investigative purposes.
All third parties are bound by contractual agreements to ensure compliance with data protection regulations.
5. Data Retention Methods and Duration
Personal data is retained in compliance with current regulations, according to the following methods:
| Data Type | Retention Period |
|---|---|
| Active accounts | Until revoked or deleted by the user |
| Payment Data | Up to 10 years from the termination of the service, for tax and accounting obligations |
| Security logs | Up to 12 months from registration, for security and audit purposes |
| Backup | Up to 7 days from creation, to ensure restoration in case of incidents |
6. User Rights
The user, as the data subject, has the following rights
- Right of Access: receive confirmation of the existence of personal data and obtain a copy of the same.
- Right of Rectification: correct inaccurate or incomplete data.
- Right to Deletion ("Right to be Forgotten"): request the deletion of data, except for legal obligations.
- Right to Restrict Processing: limit processing in the presence of disputes regarding the accuracy of the data.
- Right to Object: object to the processing of data for legitimate reasons, including profiling for direct marketing.
- Right to Data Portability: obtain data in a structured, machine-readable format.
- Withdrawal of Consent: for purposes based on consent, withdrawable at any time without affecting the lawfulness of processing based on the consent before its withdrawal.
To exercise your rights, send a written request to: support@fixh.it.
7. Data Security Measures
To ensure a high level of data protection, Fixh IT adopts the following technical and organizational measures:
- Two-Factor Authentication (2FA): optional for an additional level of security.
- Access Control: role-based access control (RBAC) system to limit access only to authorized personnel.
- Continuous Monitoring: 24/7 monitoring systems to detect intrusions or anomalies.
- Audits and Verifications: quarterly audits and periodic review of protection measures.
- Staff Training: personnel is constantly updated on cybersecurity matters.
8. Cookies and Similar Technologies
The site uses cookies and similar technologies to improve user experience, analyze traffic and offer personalized content. The main categories are:
| Cookie Type | Purpose | Duration | Management |
|---|---|---|---|
| Strictly necessary | Basic site functionalities, such as authentication and security | Session | Mandatory |
| Performance | Anonymous traffic analysis and site improvement | 30 Days | Management |
| Marketing | Personalized advertising and user profiling | 12 Months | Management |
9. Minors' Data
The service is intended for an adult audience. We do not knowingly collect data from minors under 16 years old. If you are under 16, do not provide your personal data without the consent of a parent or guardian. In case of accidental collection, we will proceed to delete the data at the request of the parent or guardian unless otherwise provided by law.
10. Changes to the Policy
Fixh IT reserves the right to modify this policy at any time, ensuring communication to users by:
- Sending a notification email with at least 30 days' notice for substantial changes.
- Publishing the updated version on the website, at: www.fixh.it/privacy.
11. Contacts and Data Protection Officer (DPO)
For questions, requests for information or to exercise your rights, contact:
Interim Data Protection Officer:
Daniel Enache
Email: support@fixh.it
Tel: +39 35164 35164