Privacy Policy iFixit GmbH (EU & UK)

How we collect your information

We collect your information when you complete our online forms, purchase our products online, and interact with our community. We may use cookies and similar technologies to support site functionality, understand how the site is used, and, where you consent, for analytics and marketing. We record customer support discussions where permitted by law and, when you use our Fixbot chat and voice features, we may store your conversations and, if you choose to use audio mode, the associated audio recordings and transcripts (where permitted by law). The information we collect may include name, address (if you place an order), email address, IP address, phone number, and other information you choose to provide.

What we do with it

We use your information to provide our services, process and ship orders, respond to customer support enquiries, and improve our website and services. We use Fixbot conversation content and audio (where permitted by law) to provide, secure, and improve our AI powered chat and voice assistance.

Who we share it with

We share personal data with service providers that help us run our business, such as hosting providers, payment service providers, shipping carriers, analytics providers, and large language model and voice processing service providers when you interact with our AI features, so they can process your messages, transcripts, and, where necessary, audio on our behalf.

'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

'Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

'Recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law will not be regarded as recipients; the processing of those data by those public authorities will be in compliance with the applicable data protection rules according to the purposes of the processing.

iFixit GmbH
Sigmaringerstr. 260
70597 Stuttgart
Deutschland
Telefon: +49 711 - 21724068-0
Telefax: +49 711 - 21724068-9
Email: Support Form
privacy@ifixit.com

For certain processing activities described in this privacy notice, we use iFixit Inc., 1330 Monterey St., San Luis Obispo, CA 93401, USA as a data processor on behalf of iFixit GmbH.

a. United Kingdom, UK GDPR, and UK transfers

This privacy notice also applies to processing of personal data that is subject to the UK GDPR for customers and users in the United Kingdom using the iFixit UK storefront. Where we transfer personal data from the United Kingdom to recipients outside the United Kingdom, we rely on appropriate safeguards such as an adequacy regulation, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, as applicable.

OBSECOM GmbH
Königstr. 40
70173 Stuttgart
Deutschland
Telefon: +49 711 - 4605025-40
Telefax: +49 711 - 4605025-49
E-Mail: datenschutz@obsecom.de
Website: https://www.obsecom.eu

We will inform you about the legal basis of each processing operation. We will also inform you if we intend to transfer personal data to recipients in countries outside the European Union (EU), the European Economic Area (EEA), or the United Kingdom (UK), and the safeguards we rely on for such transfers.

As a data subject you have the following rights:

• Pursuant to Art. 15 GDPR to request information about your personal data processed by us. You may also request information regarding the purposes of the processing the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period, the data source (where personal data is not collected from you), the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing; the existence of the right to request rectification or erasure of data concerning you, the right to restrict processing or to object to such processing, the right to lodge a complaint with a supervisory authority. Finally, you have a right to know whether personal data has been transferred to a third country or to an international organization, and, if so, the appropriate safeguards relating to this transfer;

• Pursuant to Art. 16 GDPR to demand the immediate rectification of inaccurate personal data and to have incomplete personal data which is stored by us completed;

• Pursuant to Art. 17 GDPR to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of a legal claim.

• Pursuant to Art. 18 GDPR to request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you; the processing is irregular, but you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defense of legal claims; you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether our legitimate grounds override your interests;

• Pursuant to Art. 20 GDPR to receive your personal data, which you have provided for us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller;

• Pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes and the legal basis for processing is our legitimate interests pursuant to Art. 6 (1)(f) GDPR;

• Pursuant to Art. 7 (3) GDPR to withdraw your consent given to us at any time. As a result, we are no longer allowed to continue to process the data that was based on this consent in the future;

• Pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. A list of contact details of the data protection officers and supervisory authorities can be found on this website: https://edpb.europa.eu/about-edpb/board/.... Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/

Note: If you are located in the United Kingdom, these same rights apply under the UK GDPR and the Data Protection Act 2018. Where this policy refers to “GDPR Articles,” you can read those references as the equivalent provisions of the UK GDPR for UK users.

If you wish to assert the data subject rights mentioned above, you can contact us or our data protection officer at any time using the contact details above.

Unless otherwise provided for in this privacy notice, personal data will be deleted, if this data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. We will erase personal data processed by us on your request in accordance with the conditions provided in Art. 17 GDPR. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR and the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, data must be kept for 6 years pursuant to Section 257 (1) Nos. 2 and 3 German Commercial Code (HGB) and Section 147 (1) Nos. 2, 3, 5 German Tax Code (AO); data must be kept for 10 years pursuant to Section 257 (1) Nos. 1 and 4 HGB and Section 147 (1) No. 1, 4, 4a AO.

Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our website. Cookies do no harm to your device, nor do they contain any viruses or other malicious software. A cookie stores information which is created in relation to the specific device. However, this does not mean that we become immediately aware of your identity. Cookies are mainly used to make the website more user-friendly, effective and secure.

We use session cookies to recognize that you have already visited individual pages of our website. These cookies also provide certain functionalities. Session cookies are deleted after you leave our website.

In addition, we also use temporary cookies, which are stored on your device for a specified period of time, to optimize user-friendliness and the statistical evaluation of the use of our website. If you visit our website again to use our services, these cookies will automatically recognize that you have already visited us before and what entries and settings you have made, so you do not have to enter them again.

Most browsers accept cookies automatically. However, if you do not wish to accept cookies, you can configure your browser to prevent cookies from being stored on your device or so that a message always appears before a new cookie is created. A general objection to the use of cookies for online marketing purposes can also be declared for many of the services, for example, at Your Online Choices or the opt-out page of the Network Advertising Initiative. However, if you disable cookies, you may not be able to use all the features of our website.

If you consent to nonessential cookies, some of the following cookies may be set:

Additionally, you may see cookies set by services we use. You can find more information on their cookies use pages and privacy policies:

By clicking the acceptance button, you consent to the processing and storage of your personal data for nonessential cookies as described in this privacy notice. Without your consent, we will not use nonessential cookies. You can withdraw your consent at any time.

In the United Kingdom, some cookies or similar technologies may be used without consent where permitted under UK law, for example where they are used solely for statistical purposes or to improve site functionality. Where we rely on these UK exemptions, we will still provide clear information and an easy way to object or opt out. In the UK, this means that some functionality and statistics cookies may be used on an opt out basis where permitted. All other nonessential cookies, including marketing cookies, are only used with your consent.

The legal basis is your consent pursuant to Article 6(1)(a) GDPR and, where applicable, the consent requirement for nonessential cookies under Article 5(3) of the ePrivacy Directive and its national implementations, and in the UK under PECR.

a. International transfers

Some of the service providers we use for cookies and similar technologies are located in countries outside the European Union and the European Economic Area, and may also process personal data outside the EU/EEA. Where applicable, personal data may also be transferred from the United Kingdom to recipients outside the UK.

Where we transfer personal data to recipients outside the European Union or the European Economic Area, we do so in accordance with Art. 44 et seq. GDPR. This means that, depending on the recipient country and the service provider, we rely on an adequacy decision (Art. 45 GDPR) or on appropriate safeguards such as the European Commission Standard Contractual Clauses (Art. 46 GDPR) and, where necessary, additional safeguards. Binding corporate rules (Art. 47 GDPR) may also be used where applicable.

Where we transfer personal data from the United Kingdom to recipients outside the United Kingdom, we rely on the transfer mechanisms permitted under the UK GDPR, such as adequacy regulations, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, as applicable.

b. Transfers to the United States and the EU U.S. Data Privacy Framework

For transfers to recipients in the United States, where a recipient is certified under the EU U.S. Data Privacy Framework, we base the transfer on the applicable adequacy decision (Art. 45 GDPR). Where a recipient is not certified, we use the European Commission Standard Contractual Clauses (Art. 46 GDPR) and, where necessary, additional safeguards.

For transfers to recipients in countries without an adequacy decision, there is a risk that the laws and practices of the recipient country may not provide a level of protection essentially equivalent to that in the EU or UK, and that you may have fewer enforceable rights or effective legal remedies.

For more information on how Google processes personal data, please refer to Google’s privacy and security materials and applicable terms.

For more info on how Google uses personal data, see their business safety & privacy and terms.

In order to make our website available, we use services provided by hosting companies, such as provision of web servers, disk space, database services, and security or maintenance services. Here we, and our hosting providers on our behalf, process personal data of website visitors based on our legitimate interests in providing efficient and secure access to our website in accordance with Art. 6 (1)(f) GDPR.

For hosting our website, we use services provided by iFixit (USA), 1330 Monterey St., San Luis Obispo, CA 93401, USA as our data processor. We entered into a data processing agreement with iFixit (USA) that includes the Standard Contractual Clauses as well as additional appropriate measures to comply with the requirements of the GDPR to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). A copy of the standard contractual clauses is available at https://eur-lex.europa.eu/eli/dec_impl/2...

By visiting our website or its individual pages, your device’s internet browser automatically sends information to the server of our website. This information is stored in so-called log files by us or our hosting provider.

The following information is stored:

• IP address of the requesting computer;
• Date and time of access;
• Name and URL of the requested file;
• Website from which our site was accessed (Referrer-URL);
• The browser used and your computer’s operating system;
• Status codes and the transferred amount of data;
• Name of your access providers.

This data will be used for the following purposes:

• The provision of our website, including all of its features and contents;
• To ensure a smooth connection to our website;
• To ensure a more user-friendly experience on our website;
• To ensure system security and stability;
• For anonymized statistical evaluation of website access;
• To optimize our website;
• For disclosure to law enforcement authorities in the event of unlawful interference / attacks on our systems;
• For further administrative purposes.

This data will be deleted at the latest after 6 months, except it is needed for other purposes, for example for the establishment, exercise or defense of legal claims.

The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest relates to the data collection purposes mentioned above.

If you contact us using the contact details published on our website (for example, by email) and in this context provide us with personal data, we will use this data to process your request on the basis of Art. 6 (1)(b) GDPR, if your request is related to the performance of a contract or is required to perform pre-contractual action. In all other cases, processing is based on your consent in accordance with Art. 6 (1)(a) GDPR and / or our legitimate interest in the effective processing of requests addressed to us pursuant to Art. 6 (1)(f) GDPR. All personal data collected by us when you established contact with us will be deleted after completion of your request unless such data are still required for other purposes (for example performance of a contract or defense against legal claims risen against us) or need to remain stored with us for other reasons (for example to comply with statutory retention periods).

If you are a customer and we have received your email address in connection with the sale of goods or services, we may use your email address for direct marketing purposes for similar goods or services offered by us. This is only applicable if you have not objected and we clearly and unequivocally have advised you of the possibility of objection at the time of collecting the email address, and every time we use it for direct marketing purposes thereafter. For email direct marketing, we process your email address, your name, your company affiliation if you are interacting on behalf of a company, and the type of goods or services you purchase from us. The legal basis of processing is our legitimate interest in direct marketing according to Art. 6 (1)(f) GDPR. We will store the personal data until you object to the processing.

We use services provided by iFixit (USA), 1330 Monterey St., San Luis Obispo, CA 93401, USA as our data processor for our email direct marketing. We entered into a data processing agreement with iFixit (USA) that includes the Standard Contractual Clauses as well as additional appropriate measures to comply with the requirements of the GDPR and the jurisdiction of the European Court of Justice to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). A copy of the standard contractual clauses is available at https://eur-lex.europa.eu/eli/dec_impl/2...

If you would like to receive our newsletter we require your email address, name. The data processing for the purpose of sending the newsletter takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent by means of the so-called double-opt-in procedure. The email address will be used and stored for this purpose until you withdraw your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example by using the link at the bottom of each newsletter. You can also send your withdrawal/unsubscribe request at any time to the email address given under Clause II.

We embed a so-called counting pixel into our newsletters. A counting pixel is a miniature graphic embedded in the HTML format of the newsletter to allow us an analysis of the reader's reading behavior. In this context, we gather information on whether, and at what time, a newsletter was opened by you and which of the links contained in the newsletter were accessed by you. We use this data to generate statistical evaluations of the success or failure of a marketing campaign to optimize the distribution of our newsletters and to better tailor the content of future newsletters to your interests. The collected data will not be passed on to third parties and will be deleted after the statistical evaluation.

We only use newsletter tracking where you have consented, and you can withdraw consent by unsubscribing. You can also block images in your email client to prevent the pixel from loading.

We use services provided by iFixit (USA), 1330 Monterey St., San Luis Obispo, CA 93401, USA as our data processor to provide you with our newsletter. We entered into a data processing agreement with iFixit (USA) that includes the Standard Contractual Clauses as well as additional appropriate measures to comply with the requirements of the GDPR to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). A copy of the standard contractual clauses is available a https://eur-lex.europa.eu/eli/dec_impl/2...

We are using user accounts for the iFixit community to facilitate simplified access for users to the services offered by us. Using the iFixit community to access our services is voluntary. You can place orders through our web store as a guest without using the functionality provided by the integration of the iFixit community.

If you activate that feature by clicking the link, you are being forwarded to the website of the iFixit community at de.ifixit.com. The iFixit community will collect your IP address, the time and date when you registered or logged in to our services, and any further data collected by the iFixit community as the case may be related to the connection with our services. The iFixit community will also record your use of our services in your user account with the iFixit community. The iFixit community will transfer to us the email address used to register with the iFixit community, your first and last name, your profile picture and the unique identifier assigned to you by the iFixit community.

The iFixit community is provided by iFixit (USA), 1330 Monterey Street, San Luis Obispo, California 93401, USA. If you choose to use the iFixit community feature, you will be redirected to the iFixit (USA) website and your personal data will be processed in the United States. For more information on how iFixit (USA) handles your personal data, please see their privacy policy at: Privacy Policy. Personal data is processed based on your consent pursuant to Art. 6 (1)(a) GDPR to use the iFixit community.

Without your consent to use the iFixit community feature, you cannot create or use an iFixit community based account for our services. You can still place orders through our web store as a guest.

The collected personal data will be used for the purposes of providing our services as well as contacting you in order to provide you with information about our offers and the services you registered for. Your user account with us and the personal data stored in connection with the user account will be used in particular to improve your shopping experience with us and to enable you to access your order history and to write user reviews and to leave ratings on the products offered in our web store. When logged in to your user account you can view your personal data and make changes to this data. We will not pass your personal data to third parties unless it is necessary for the fulfilment of contractual obligations in accordance with Art. 6 (1)(b) GDPR or for the pursuit of any claims to which we are entitled, or unless there is a legal obligation to do so in accordance with Art. 6 (1)(c) GDPR. Your data will be stored until you delete the user account or instruct us to delete your data. Insofar as we are obliged to retain your personal data on the basis of statutory retention periods, in particular tax and commercial law, the processing of your personal data will be restricted until the expiration of the relevant retention periods and then subsequently deleted.

If you register on our website or use the user account, we will store your IP address and the time of usage. Processing is done based on our legitimate interests pursuant to Art. 6 (1)(f) GDPR in order to provide our services. Data is also processed in your interest to protect you from misuse and other unauthorized use of your data. The IP addresses will be anonymized or deleted after 7 days at the latest.

a. International transfers

Where we transfer personal data to recipients outside the European Union or the European Economic Area, we do so in accordance with Art. 44 et seq. GDPR. This means that, depending on the recipient country and the service provider, we rely on an adequacy decision (Art. 45 GDPR) or on appropriate safeguards such as the European Commission Standard Contractual Clauses (Art. 46 GDPR) and, where necessary, additional safeguards. Binding corporate rules (Art. 47 GDPR) may also be used where applicable.

Where we transfer personal data from the United Kingdom to recipients outside the United Kingdom, we rely on the transfer mechanisms permitted under the UK GDPR, such as adequacy regulations, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, as applicable.

b. Transfers to the United States

For transfers to recipients in the United States, where a recipient is certified under the EU U.S. Data Privacy Framework, we base the transfer on the applicable adequacy decision (Art. 45 GDPR). Where a recipient is not certified, we use the European Commission Standard Contractual Clauses (Art. 46 GDPR) and, where necessary, additional safeguards.

For transfers to recipients in countries without an adequacy decision, there is a risk that the laws and practices of the recipient country may not provide a level of protection essentially equivalent to that in the EU or UK, and that you may have fewer enforceable rights or effective legal remedies.

If you leave reviews or ratings on the products offered in our web store, we will store your user account for the iFixit community, the time and date and the content of your review or rating and your IP address. The purpose of storing this information is

• to enable users of our services or users of the iFixit community to contact you regarding your reviews or ratings,
• to connect your reviews or ratings with your user account and use these reviews or ratings for the purposes of the iFixit community, and
• to forward any complaints about your reviews or ratings to you and, if necessary, ask you to comment.

It is not possible to leave a review or rating on our web store without a user account for the iFixit community. The user account provided will be stored and published with the review.

The legal basis for the processing of personal data to provide you with the functionality to leave ratings and reviews and to connect your user account for the iFixit community with these reviews and ratings is your consent in accordance with Art. 6 (1)(a) GDPR and our legitimate interest under Art. 6 (1)(f) GDPR. Our legitimate interest in requesting and storing the user account for the iFixit community and your IP address is based on security considerations, for example, in case someone posts unlawful content (for example, defamatory comments). In this case, we ourselves could be prosecuted for the comment or post and therefore have a legitimate interest in storing the publisher's IP address. We will pass the personal data collected on to law enforcement authorities in cases of criminal investigations. Beyond that, we will make other disclosures to third parties.

The reviews and ratings you leave in our store will be connected internally with your user account for the iFixit community so you can review your usage history.

If you use our application form or other means of communications to apply for a job, you will need to provide your name, contact information and further application documents so that we can review your application and contact you. We process your personal data for the purpose of carrying out the application procedure and deciding whether to establish an employment relationship. The legal basis is Art. 6 (1)(b) GDPR (steps prior to entering into a contract). If we ask to keep your application on file for future openings, or if you voluntarily provide special categories of personal data, we will ask for your consent under Art. 6 (1)(a) GDPR and, where applicable, Art. 9 (2)(a) GDPR. You can withdraw such consent at any time with effect for the future.Typically, the following data are being processed for our application procedures:

• your cover letter for the application;
• your personal data: name, address, email address, telephone number, mobile phone number, date of birth;
• your curriculum vitae: present workplace, prior workplaces, employer, professional training, number of years of professional experience, continuing education hitherto, outstanding knowledge, hobbies;
• documents such as certificates of educational institutions and/or prior workplaces, certificates of completed continuing education.

Based on our legitimate interest under Art. 6 (1)(f) GDPR to defend against legal claims arising against us, all personal data collected in connection with the application procedure will furthermore remain stored. If you decide on your own behalf to withdraw your application from the application procedure, we will delete your application documents. Your name and your contact data as well as the time and date when you filed and/or withdrew your application and the related correspondence will remain stored. If not required anymore for other purposes (for example subsequent employment or legal procedures), this data will be deleted 6 months after completion of the application procedure.

We use a cloud-based HR management software which is hosted by a provider of such systems to manage our application procedures. Any personal data is processed by the cloud provider on our behalf as our data processor based on a data processing agreement. The legal basis is our legitimate interest in the efficient management and control of our HR processes in accordance with Art. 6 (1)(f) GDPR.

In connection with and for the purpose of required for the fulfilment of pre-contractual measures and contractual obligations initiated through our web store, which are carried out at the request of the data subject, we process personal data required for the fulfilment of a contract with the data subject. These include:

• data of the contracting party, such as name, address and contact details. If applicable, alternate delivery or billing address of recipients;
• if necessary, the date of birth;
• contractual documentation including subject matter, duration or customer category;
• payment data such as bank details, credit card details, and payment history.

The legal basis for data processing is Art. 6 (1)(b) GDPR.

We also use a cloud-based enterprise resource planning system which is hosted by a provider of such systems to handle our business processes and manage our inventories. Any personal data is processed by the cloud provider on our behalf based on a data processing agreement. The legal basis is our legitimate interest in the efficient management and control of our business processes in accordance with Art. 6 (1)(f) GDPR.

The data will be disclosed to third parties only to the extent necessary to fulfill pre-contractual and contractual obligations, e.g. banks, payment providers and credit card companies for processing the payment, shipping service providers for the shipment of goods.

Our online shop uses the Shopify e-commerce platform. Shopify is provided by Shopify Inc, 150 Elgin Street, Suite 800, Ottawa, ON, K2P 1L4, Canada. The controller for the processing of personal data in the EU is Shopify International Ltd, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 Xn32, Ireland (hereinafter 'Shopify'). Your contractual data and other data you enter in our online shop is processed by Shopify as a data processor on our behalf and is being transferred to Shopify Inc. in Canada. The EU Commission has decided that Canada ensures an adequate level of protection. The adequacy decision for Canada can be retrieved at https://eur-lex.europa.eu/legal-content/.... According to Art. 45 GDPR, due to this decision a transfer of personal data to Canada does not require any specific authorization.

In addition, we use external plugins to enhance the usability of our shop. The plugin providers process personal data of the shop users as data processors on our behalf based on our legitimate interests in accordance with Art. 6 (1)(f) GDPR. Our legitimate interest is to provide a user-friendly online shop.

When you choose to use Shopify Pay for payment, we will transfer your name, email address, mobile phone number, credit card and billing address, delivery address and the shipping method you selected on the checkout page, as well as related information about your order of goods and services you have purchased from us, to Shopify Pay in order to process the payment. The legal basis for the processing is Art. 6 (1)(b) GDPR.

This website uses Help Scout. Help Scout is provided by Help Scout, 100 City Hall Plaza, 5th Floor, Boston, MA 02108, USA (hereinafter “Help Scout”). Help Scout is a customer support ticketing system. We use it to receive, organize, and respond to customer support enquiries (for example, by email). When you use Help Scout, the following personal data is processed by Help Scout as a data processor on our behalf to provide the service:

• Name
• Email address
• IP address of the requesting computer
• Other information you provide in your support enquiry
• Previous support correspondence

Personal data processed in Help Scout may be stored or processed on servers in third countries outside the EU or the EEA. The legal basis for this processing is Art. 6 (1)(b) GDPR where your request relates to a contract or precontractual measures, and Art. 6 (1)(f) GDPR for our legitimate interest in providing efficient customer support and handling enquiries. Where Help Scout processes personal data in third countries, the transfer is carried out subject to appropriate safeguards, such as the EU Standard Contractual Clauses, in accordance with Art. 46 GDPR

We use services provided by iFixit (USA), 1330 Monterey St., San Luis Obispo, CA 93401, USA as our data processor.

Further information is available in Help Scout’s privacy and legal documentation at https://www.helpscout.com/company/legal/....

For certain customer support and feedback forms, we use Typeform S.L. (Carrer de Bac de Roda 163, 08018 Barcelona, Spain) as a data processor. When you submit information through one of these forms, we process the information you provide, such as your name, contact details, order number, and the content of your enquiry. Typeform may also process technical information needed to deliver the form, such as your IP address, browser information, and timestamps.

Typeform processes this information in accordance with the EU General Data Protection Regulation (GDPR) and its own Privacy Policy. iFixit retains control of the data and uses it only to respond to your inquiry or provide customer support.

The legal basis for this processing is Art. 6 (1)(b) GDPR where your request relates to a contract or pre-contractual measures, and Art. 6 (1)(f) GDPR for our legitimate interest in providing efficient customer support and handling enquiries.

Fixbot is our AI powered chat and voice assistant. When you use Fixbot (for example, asking questions in chat or using Fixbot voice mode), we process:

• Your messages and instructions (the content you submit)
• Technical information about your device and connection (such as IP address, browser or app version, language, and timestamps)
• Audio and transcripts if you choose to use audio mode (recordings of your voice and automatically generated transcripts)

We use this information to:

• Provide the Fixbot service (for example, answering questions, suggesting guides or products, and troubleshooting issues)
• Operate, secure, and monitor Fixbot and related systems
• Improve Fixbot and other iFixit services, including training and evaluating our models and the third party models we use, where permitted by law

Service providers and transfers:

We may share Fixbot conversation content and transcripts, and where necessary audio, with service providers that supply large language model and voice processing services so they can process your messages, transcripts, and where necessary audio on our behalf. For example, these may include providers such as OpenAI, Anthropic, and Google, or similar providers we may use over time. These providers act as our data processors, are contractually required to protect your data, and may only process it on our instructions for the purposes described in this privacy notice. We contractually require our service providers not to use this content for their own independent purposes.

We contractually require our service providers to process Fixbot conversations, transcripts, and audio only on our instructions and not to use this content for their own independent purposes.

Fixbot data may be processed in countries outside the EU or the EEA. Where Fixbot data is transferred to a recipient in a third country without an adequacy decision, transfers are made subject to appropriate safeguards, such as the EU Standard Contractual Clauses, in accordance with Art. 46 GDPR.

Legal basis:

We process Fixbot chat data where necessary to perform a contract or to take steps at your request prior to entering into a contract (Art. 6 (1)(b) GDPR), for example, to respond to questions you submit and provide support. We also process Fixbot data on the basis of our legitimate interests (Art. 6 (1)(f) GDPR) in operating, securing, and improving Fixbot and understanding how it is used. Where required by law, we rely on your consent (Art. 6 (1)(a) GDPR) for storing voice recordings or using voice recordings for product improvement.

Audio mode and consent:

Audio mode is optional. In some jurisdictions, we may limit or disable storage of voice recordings to meet local legal requirements. Where required by law, we will request your consent before storing audio recordings or using audio recordings for product improvement. You can withdraw consent at any time with effect for the future by changing your settings (where available) or by contacting us.

Depending on your location and the Fixbot feature you use, we may limit or disable storage of voice recordings.

Retention:

We retain Fixbot conversations, transcripts, and recordings only for as long as necessary for the purposes described in this privacy notice, and then delete or deidentify them, unless we are required or permitted to keep them longer. In particular:

• If your Fixbot conversation results in a customer support request, we retain it with the related support record for as long as needed to provide support, maintain records of our communications, and meet legal, accounting, and dispute resolution requirements.
• If we use Fixbot data to operate, secure, troubleshoot, or improve Fixbot, we retain it only for as long as needed to complete those activities, and then delete or deidentify it where appropriate.
• If you use Fixbot voice mode, we retain audio recordings only for as long as needed to provide the voice feature and generate transcripts, unless you choose to include the audio as part of a support request.

When you share device diagnostics with us, for example through our mobile app or our battery health tools, we process information such as battery cycle count, capacity, charge state, temperature, and similar hardware data.

We use this information to provide troubleshooting guidance, generate repair insights, and improve our diagnostic and Fixbot services.

The legal basis is Art. 6 (1)(b) GDPR where processing is necessary to provide the functionality you request, and Art. 6 (1)(f) GDPR for our legitimate interests in improving and securing our services. Where required, we will request consent (Art. 6 (1)(a) GDPR) before using this information for product improvement.

If you object to the transfer of your personal data to one of our payment providers, or if you believe that your credit rating is not suitable to use one of our payment providers, you can make an advance payment via bank transfer.

This website uses PayPal as a payment service. The provider is PayPal (Europe) S.à r.l. et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter 'PayPal'). PayPal acts as an online payment service provider and trustee offering buyers and sellers secure services for payments via PayPal, credit card via PayPal, direct debit via PayPal or, if offered, purchase on account. For processing the payment transaction, we will forward your name, email address, purchased products, invoice amount and billing and delivery address to PayPal. When using the payment methods credit card via PayPal, direct debit via PayPal or, if offered, purchase on account via PayPal, PayPal will make a decision as to whether your transaction request is accepted, and, if necessary, to minimize the default of payments, perform a check of your creditworthiness. Calculating the creditworthiness includes probability values (so-called score values) and address data. The calculation of this score is based on a scientifically recognized mathematical-statistical procedure. If the credit rating is insufficient, PayPal can reject the chosen method of payment. The legal basis of the processing is the establishment and performance of a contract of which the data subject is a contracting party under Art. 6 (1)(b) GDPR. If you object to the data transfer, or you believe that your credit rating is not suitable for the chosen method of payment, please use a different method of payment. For more information on how PayPal deals with your personal data, please refer to the privacy policy at: https://www.paypal.com/webapps/mpp/ua/pr....

Our website uses Klarna as a payment service. Provider is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter 'Klarna'). Klarna acts as an online payment service provider, trustee and credit reference agency. When making a payment via Klarna, we will forward your name, email address, date of birth, purchased products or services, invoice amount, invoice and delivery address, bank and credit card data, and, if applicable, your mobile phone number to Klarna. If you use the payment methods 'purchase on account' or 'payment by instalments', Klarna may check your credit rating in order to decide on the release of the payment transaction and to minimize payment defaults. In this context, your personal data may be shared with other credit reference agencies. In addition, score values are calculated for credit rating checks (so-called score values), which includes address data. The calculation of these score values is based on a scientifically recognized mathematical-statistical procedure. In the event of insufficient creditworthiness, Klarna may refuse the selected payment method.

The legal basis for the processing is Art. 6 (1)(b) GDPR. If you object to the data transfer or if you believe that your credit rating is not suitable for the selected payment method, please use a different payment method. For more information on how Klarna handles your personal data, please refer to the privacy policy at: https://cdn.klarna.com/1.0/shared/conten....

This website uses the so-called 'Meta Pixel'. Provider is Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Responsibility for the processing of personal data of data subjects in the EU is held by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (hereinafter 'Meta').

The use of the Meta Pixel-technology allows Facebook to recognize visitors of our website and to associate them to certain groups for the display of specific advertisements (for example, categories visitors to our website according to areas of interest which we have given to Meta, so-called 'Custom Audiences'). This ensures that the users are shown only interest-oriented ads thus avoiding annoyance by improper advertising. By using Meta Pixel, we can also track the effectiveness of our ads on Facebook and Instagram for statistical purposes and track whether and how users have used our offer after clicking on the advertisement. The use of the Meta Pixel helps us to promote our products and services in an appropriate manner without annoying users with inappropriate advertising.

For more information about the Meta Pixel and how it works, please refer to: https://www.facebook.com/business/help/6.... More information on how Meta processes the data obtained, and general details about Facebook advertisement is made available on the Meta data policy at: https://www.facebook.com/about/privacy/u.... In your personal Facebook account under the heading 'Settings', you also have the option to object to the collection of your personal data via the Meta Pixel and its use for the display of specific advertisements. More information about these settings are available at: https://www.facebook.com/settings?tab=ad... (login required).

The legal basis for the use of the Meta Pixel is your voluntarily given consent in accordance with Art. 6 (1)(a) GDPR. Where personal data is transferred to recipients in the United States, the transfer is based on the EU US Data Privacy Framework for certified recipients (Art. 45 GDPR) or the European Commission Standard Contractual Clauses (Art. 46 GDPR).

Provider of the services below is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter 'Google').

The information and personal data collected by Google in connection with the provision of the respective services may be transferred to and processed by Google servers in the USA. Google is certified under the EU-US Data Privacy Framework (DPF). Therefore, we rely on the adequacy decision (Art. 45 GDPR) for these transfers. Alternatively, where the DPF does not apply, Google relies on Standard Contractual Clauses (SCCs). A copy of the EU Standard Contractual Clauses can be found at: https://eur-lex.europa.eu/eli/dec_impl/2...

For more information about how Google handles personal data, please refer to Google's Privacy Policy: https://policies.google.com/privacy?hl=e.... For information on the use of data for advertising purposes by Google, settings and your right to object please refer to: https://policies.google.com/technologies..., https://policies.google.com/technologies..., https://adssettings.google.com/authentic...

The legal basis for the use of the following services is your voluntarily given consent according to Art. 6 (1)(a) GDPR. Where personal data is transferred to recipients in the United States, the transfer is based on the EU US Data Privacy Framework for certified recipients (Art. 45 GDPR) or the European Commission Standard Contractual Clauses (Art. 46 GDPR).

Our website uses Google Analytics. Google Analytics uses cookies. Google Analytics collects information about the visits of website users and analyses their behavior. This data serves the purpose of developing a user-friendly website design, the continuous optimization of our services and offers, to measure the success of marketing activities and to create statistical analysis. In this context, pseudonymized user profiles are created and cookies are used. Google Analytics collects information such as browser type / version, operating system, referrer URL (the previously visited page), host name of the accessing computer (IP address) and time of server request. The information generated is transferred to the US and stored on servers owned by Google. The collected user data and event data will be deleted after 26 months. Information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. Under no circumstances will your IP address be merged with any other data that is kept by Google. The IP address will be anonymized so that assignment is impossible.

This website uses the feature 'demographics and interests' within the scope of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of our site visitors. This data comes from Google's interest-based advertising as well as visitor data from third-party providers. This data cannot be assigned to any specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as explained above.

Our website uses Google Analytics Remarketing. This service presents internet users advertisement related content of previously visited websites. Google uses cookies to recognize visitors who access web pages from the Google Advertising Network. This service collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for the provision of Analytics Remarketing. Your IP address will not be merged with other data provided by Google. The information gathered about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. You can prevent the local storage of cookies by configuring your browser software correspondingly. However, be advised that in this case you may not be able to use all the features of this website to the full extent possible. If you do not wish to use Google Remarketing, you can disable it by configuring your personal settings at: http://www.google.com/settings/ads.

Our website uses Google Ads and Google Ads with Conversion Tracking. Google Conversion Tracking is used to track and evaluate the clicks on ads, purchases, signups, phone calls, app downloads, and other actions on our website. In this context Google Ads collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for providing conversion tracking statistics. Under no circumstances will your IP address be merged with any other data that is kept by Google. This service also uses Cookies for analysis and evaluation purposes. You can prevent the storage of cookies by configuring your browser so that no cookies will be stored on your device. However, disabling cookies may mean that you may not be able to use all the features on our website. The information generated is transferred to the US and stored on servers owned by Google. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.

This website uses Google AdSense to integrate advertisements on our website. Google AdSense uses cookies and web beacons to recognize and analyze page visits. Web beacons are small invisible graphics that analyze information such as clicks on advertisements or website traffic. This service collects your IP address, which of our web pages you have visited and, where applicable, other data required by Google for the provision of the advertisements. The IP address transmitted by your browser as part of Google AdSense will never be merged with other Google data. The information generated about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of us or Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.

Our website uses Google Tag Manager in order to manage the website through a single tag management interface. Google Tag Manager only implements tags. This means no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain effective for all tracking tags as far as they are implemented with the Google Tag Manager.

Our website uses the Trusted Shops trust badge. Provider is Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (hereinafter 'Trusted Shops'). The Trustbadge displays the Trusted Shops seal of approval and our ratings. When the Trustbadge is loaded, personal data such as your IP address, date and time of the request, the volume of data transferred and the website are automatically stored and processed. This data will not be evaluated and is automatically deleted after 7 days of your visit at the latest. The legal basis for the use of the Trusted Shops Trustbadge is our legitimate interest in optimizing our marketing activities in accordance with Art. 6 (1)(f) GDPR. Further personal data will only be transferred to Trusted Shops (e.g. for requesting feedback) if you have given your consent, you decided to use Trusted Shops’ services after having completed an order or you have already registered for its use. In this case the contractual agreement between you and Trusted Shops applies. For further information on how Trusted Shops handles your personal data please refer to the Trusted Shops privacy notice at: https://www.trustedshops.co.uk/imprint/.