Privacy Policy

Introduction

We take the protection of your data seriously and are committed to protecting the information you provide to us. This privacy policy explains what data we collect, how we use it, and what rights you have.

Data Controller: StickFix e.U., Hyrtlgasse 6/5, 1160 Vienna, Austria. Email: stickfix1140@gmail.com

What data do we collect?

  • Non-personal data: technical information such as browser type, operating system, and aggregated usage information.
  • Personal data: information you voluntarily provide, e.g., name, email address, phone number, or address when contacting us or placing an order.

How do we collect data?

  • When using our website (technical data such as IP address, browser type, access time).
  • When you contact us directly (email, phone, contact form).
  • When placing an order or repair request.

Why do we collect this data?

  • To provide and improve our services.
  • To respond to your inquiries and orders.
  • To comply with legal obligations.
  • To ensure the security of our website.

Legal Basis

The processing of your data is based on the following legal grounds of the GDPR:

  • Art. 6 para. 1 lit. a: Consent (e.g., integration of Google Maps, analytics tools)
  • Art. 6 para. 1 lit. b: Contract performance (e.g., orders, repair requests, contact inquiries)
  • Art. 6 para. 1 lit. f: Legitimate interest (e.g., website security, abuse prevention)

Contact Form

When you use our contact form, the following data is processed: name, email address, message, and your IP address. The IP address is stored for abuse prevention (rate limiting). The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures) and lit. f (legitimate interest in spam protection). The data is stored in our database and deleted after your inquiry has been handled, unless statutory retention obligations apply.

Cookies and Analytics

Our website uses technically necessary cookies for basic functionality (e.g., admin login session). For web analytics, we use Plausible Analytics, a privacy-friendly service by Plausible Insights OU (Estonia). Plausible does not use cookies, does not store personal data, and is fully GDPR compliant. No individual user profiles are created.

Google Maps is only loaded on the contact page when you actively click "Load map." Without this interaction, no data is transmitted to Google. The legal basis is Art. 6 para. 1 lit. a GDPR (consent through active action).

Payment Processing (Stripe)

For payment processing in the online shop, we use Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. When placing an order, you are redirected to Stripe's secure payment page. Stripe processes payment data (credit card number, expiration date, CVC) as well as name and email address. We do not receive any credit card data ourselves. The legal basis is Art. 6 para. 1 lit. b GDPR (contract performance). Stripe's privacy policy: https://stripe.com/at/privacy

Hosting (Vercel)

Our website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. Vercel automatically processes technical data (IP address, browser type, access time) in server log files when our website is accessed. The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in secure website operation). Data transfer to the USA is based on the EU-US Data Privacy Framework. Privacy policy: https://vercel.com/legal/privacy-policy

Database (Neon)

We use Neon Tech Inc. as a database provider for storing contact inquiries, product data, and orders. The servers are located in the EU (Frankfurt am Main). The legal basis is Art. 6 para. 1 lit. b and f GDPR.

Disclosure of Data to Third Parties

We only share your personal data when necessary for contract performance (e.g., shipping providers, payment providers) or when legally required. The following processors are used:

  • Vercel Inc. (Hosting, USA, EU-US DPF)
  • Stripe Payments Europe Ltd. (Payment processing, Ireland)
  • Neon Tech Inc. (Database, EU/Frankfurt)
  • Plausible Insights OU (Web analytics, Estonia, no personal data)
  • Google LLC (Google Maps, only after active click, USA, EU-US DPF)

Storage and Deletion

Your data is only stored for as long as necessary for the fulfillment of the contractual purpose or compliance with statutory retention periods. The statutory retention period in Austria is generally 7 years (Section 132 BAO (Federal Fiscal Code)).

Your Rights (GDPR Art. 15-21)

You have the right to:

  • Access to your stored data
  • Rectification of inaccurate data
  • Erasure of your data
  • Restriction of processing
  • Data portability
  • Object to processing

To exercise your rights, contact us at stickfix1140@gmail.com.

Right to Complain

You have the right to file a complaint with the Austrian Data Protection Authority: Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at, www.dsb.gv.at

Contact

StickFix e.U., Hyrtlgasse 6/5, 1160 Vienna, Austria

Email: stickfix1140@gmail.com