1. General Information

Your privacy is extremely important to us, and we take our responsibility to safeguard your personal data very seriously. We are committed to ensuring that all personal data is processed in compliance with applicable privacy regulations, including the General Data Protection Regulation (GDPR).

This Privacy Policy outlines how Nixfix processes personal data through its brand UpSnatch Domains. It is applicable to any personal data collected or processed from users ("you") of the services, websites, and apps provided under the UpSnatch Domains brand.

By using our services, you acknowledge and agree to the processing of your personal data as described in this Privacy Policy.

If you have any questions, concerns, or require further clarification regarding this Privacy Policy, feel free to reach out to us via email at [email protected].

2. Data Controller

Nixfix, a company registered under BTW BE 0747.701.932 and headquartered in Belgium, acts as the data controller for personal data processed as part of UpSnatch Domains’ services. This means we are responsible for determining the purposes and means of processing your personal data.

While we do not process data on behalf of third parties, we work with select service providers to enable the delivery of our services:

• AWS: Provides secure data storage and infrastructure services, with data centers located in London and the US.
• Auth0: Manages user authentication and securely stores user attributes necessary for account management.
• Stripe: Handles secure payment processing, ensuring the confidentiality of financial transactions.

Each of these service providers operates under strict confidentiality agreements and is subject to the same data protection requirements under GDPR.

3. What Personal Data Do We Collect?

We collect personal data that you provide directly, as well as data generated automatically when you interact with our services. This includes, but is not limited to:

3.1. Data You Provide

• Identification and contact details, such as your name, email address, phone number, and postal address, when creating an account or subscribing to a service.
• Payment details, including billing address, payment method, and IBAN or other account identifiers, for processing transactions securely.
• Communication preferences, specifying how and where you prefer to receive updates or notifications from us.

3.2. Data Collected Automatically

• IP address, device type, and browser information collected during your interaction with our websites or applications.
• Usage data, such as session activity, the pages or features accessed, and interaction timestamps.
• Cookie-based information that enhances user experience and improves service delivery (see our Cookie Policy for details).

We strive to limit data collection to what is necessary for the proper delivery of our services, in line with the principles of data minimization.

4. Why Do We Process Your Data?

Your personal data is processed for several reasons, each tied to a specific legal basis under GDPR:

4.1. Performance of a Contract

When you use our services, we process your personal data to:

• Create and manage your account securely.
• Facilitate payment transactions and issue invoices.
• Deliver the services you have subscribed to or requested.

4.2. Legal Obligations

We process your personal data to comply with statutory obligations, such as financial reporting, tax filings, and responding to regulatory requirements.

4.3. Legitimate Interests

We also process your personal data for purposes aligned with our legitimate interests, such as:

• Improving our services by analyzing usage patterns and user feedback.
• Ensuring the security and integrity of our platforms and infrastructure.
• Sending you updates about service enhancements, offers, and events relevant to your subscriptions.
• Detecting and preventing fraud or misuse of our services.

5. Sharing of Data

Your personal data is not shared with third parties for their independent use. However, we may share your information with the following trusted partners:

• AWS: For secure storage and hosting services.
• Auth0: For authentication and identity management.
• Stripe: For processing payments securely and efficiently.

All service providers are contractually obligated to handle your data in compliance with GDPR and to implement stringent technical and organizational measures to ensure its security.

6. International Data Transfers

Where data is transferred to servers or locations outside the European Economic Area (EEA), such as the US, we ensure these transfers comply with GDPR requirements by implementing:

• Standard contractual clauses approved by the European Commission.
• Binding agreements that guarantee equivalent levels of protection as required within the EEA.

If you have concerns about data transfers, please contact us at [email protected].

7. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this policy or as required by law. After the retention period, your data will be securely deleted or anonymized.

For detailed retention periods, you can contact us at [email protected].

8. Protecting Your Data

We use robust technical and organizational measures to safeguard your personal data from unauthorized access, disclosure, or alteration. These measures include:

• Encryption of sensitive data during storage and transmission.
• Regular security audits and vulnerability assessments.
• Strict access controls for employees and service providers.

9. Your Rights

The right to data protection is a fundamental right in the European Union. Even when you share your personal data with companies, you should always be able to maintain control over it. At Nixfix, you can exercise your rights regarding access, rectification, and deletion of your personal data. Requests to exercise these rights can be directed to us via email at [email protected].

9.1. Right to Access

You have the right to access your personal data and obtain information about how it is processed, including:

• The purposes of processing.
• The categories of personal data processed.
• The recipients or categories of recipients who have access to your data.
• The retention period or the criteria used to determine it.
• The source of the data, if not directly provided by you.
• The existence of any automated decision-making, including profiling, and meaningful information about the logic involved, as well as the consequences of such processing.

9.2. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay. Simply contact us at [email protected] to submit your request.

9.3. Right to Erasure ("Right to Be Forgotten")

You have the right to request the deletion of your personal data in the following cases:

• Your personal data is no longer necessary for the purposes for which it was collected.
• You object to the processing (see below) and there are no overriding legitimate grounds.
• Your personal data has been processed unlawfully.
• We are required to delete your data to comply with a legal obligation.

Please note that certain legal or regulatory obligations may require us to retain some of your personal data.

9.4. Right to Restriction of Processing

In specific circumstances, you have the right to request a restriction on the processing of your personal data, such as when:

• You contest the accuracy of your personal data, allowing us time to verify its accuracy.
• The processing is unlawful, but you prefer restriction over deletion.
• We no longer need the data, but you require it for legal claims.
• You have objected to the processing, pending verification of our legitimate grounds for processing.

9.5. Right to Data Portability

You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another data controller where technically feasible.

9.6. Right to Object

You have the right to object to the processing of your personal data in the following situations:

• For direct marketing purposes, including profiling related to such marketing.
• When processing is based on our legitimate interests or those of a third party, unless we demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

9.7. Right to File a Complaint

If you believe your rights are not being upheld, you have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit) using the contact details below:

• Address: Rue de la Presse 35, 1000 Brussels, Belgium
• Phone: +32(0)2 274 48 00 or +32(0)2 274 48 35
• Email: [email protected]
• Website: https://www.gegevensbeschermingsautoriteit.be/

To exercise any of the above rights, please contact us via email at [email protected]. We will respond to your request within 30 days of receipt.

10. Updates to This Policy

This policy may be updated periodically to reflect changes in our services or regulatory requirements. The latest version will always be available on our website.

This policy was last updated on [Insert Date]. For archived versions, contact us at [email protected].