Privacy Policy – FixhDesk
Pursuant to Art. 13 of EU Regulation 2016/679 (GDPR)
Last updated: 6 April 2026
1 Data Controller
NETWORK GENERATION di Daniel Enache
Via della Stazione 10, 00041 Albano Laziale (RM) – Italy
VAT No.: IT14082541005 | REA RM-1495059
Email: support@fixh.it
2 Categories of Data Processed
Personal data processed by FixhDesk is divided into several categories, collected exclusively for the stated purposes and processed in compliance with applicable regulations:
| Data Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Account Data | First name, last name, email, password | Account creation and management, authentication and personalisation of experience | Performance of a contract |
| Payment Data | Card number, IBAN, billing address | Payment processing and management, electronic invoice issuance | Compliance with legal obligations |
| Usage Data | Access logs, usage statistics, preferences and behaviour | Analysis, improvement and personalisation of services, cybersecurity | Legitimate interest |
| Technical Data | IP address, browser data, device information, metadata | Ensuring security, preventing fraud and optimising service delivery | Legitimate interest and legal obligations |
3 Hosting and Data Transfers
Cloud Provider
FixhDesk software is hosted by OVH SAS (France), with servers located in Gravelines and Strasbourg.
Certifications and Standards
The provider holds ISO 27001, PCI-DSS and HDS certifications, ensuring high standards of security and data management.
Encryption
- Data in transit: protected via TLS 1.3
- Data at rest: encrypted with AES-256, with key management via OVH KMS.
Backups
Daily backups, retained for 7 days, encrypted and replicated across secondary datacentres to ensure recovery in the event of an incident.
Extra-EEA Transfers
Data is not transferred outside the EU/EEA. Should this become necessary in the future, all measures required by applicable law will be adopted.
4 Data Recipients
Personal data may be shared with third parties for the following purposes:
Sub-processors and Technology Partners
- OVHcloud (hosting and infrastructure)
- Stripe and PayPal (payment processing)
Consultants
Tax, legal and security consultants, solely for technical support and compliance with legal obligations.
Legal Obligations
Data may be disclosed to third parties where required by law, for the protection of rights or for public safety, in compliance with regulatory obligations or for investigative purposes.
All third parties are bound by contractual agreements to ensure compliance with data protection regulations.
5 Data Retention Period and Methods
Personal data is retained in compliance with applicable regulations, as follows:
| Data Type | Retention Period |
|---|---|
| Active accounts | Until revocation or deletion by the user |
| Payment Data | Up to 10 years from service termination, for fiscal and accounting obligations |
| Security logs | Up to 12 months from recording, for security and audit purposes |
| Backups | Up to 7 days from creation, to ensure recovery in the event of an incident |
6 User Rights
As a data subject, the user has the following rights:
- Right of Access: obtain confirmation of whether personal data exists and receive a copy.
- Right of Rectification: correct inaccurate or incomplete data.
- Right to Erasure (“Right to be Forgotten”): request deletion of data, subject to legal obligations.
- Right to Restriction of Processing: limit processing where the accuracy of data is contested.
- Right to Object: object to processing on legitimate grounds, including profiling for direct marketing.
- Right to Data Portability: receive data in a structured, machine-readable format.
- Withdrawal of Consent: for purposes based on consent, withdrawable at any time without affecting the lawfulness of prior processing.
To exercise your rights, send a written request to: support@fixh.it.
7 Data Security Measures
To ensure a high level of data protection, FixhDesk implements the following technical and organisational measures:
- Two-Factor Authentication (2FA): optional, for an additional layer of security.
- Access Control: role-based access control system (RBAC) to restrict access to authorised personnel only.
- Continuous Monitoring: 24/7 monitoring systems to detect intrusions or anomalies.
- Audits and Reviews: quarterly audits and periodic review of protective measures.
- Staff Training: personnel are continuously updated on cybersecurity matters.
8 Cookies and Similar Technologies
The website uses cookies and similar technologies to improve user experience, analyse traffic and deliver personalised content. The main categories are:
| Cookie Type | Purpose | Duration | Management |
|---|---|---|---|
| Strictly Necessary | Core site functionality, such as authentication and security | Session | Mandatory |
| Performance | Anonymous traffic analysis and site improvement | 30 Days | Manageable |
| Marketing | Personalised advertising and user profiling | 12 Months | Manageable |
9 Children’s Data
The service is intended for an adult audience. We do not knowingly collect data from children under 16 years of age. If you are under 16, do not provide your personal data without the consent of a parent or guardian. In the event of accidental collection, we will delete the data upon request from the parent or guardian, unless otherwise required by law.
10 Changes to this Policy
FixhDesk reserves the right to amend this policy at any time, ensuring users are notified via:
- Email notification with at least 30 days’ notice for material changes.
- Publication of the updated version on the website at: fixhdesk.com/privacy.
11 Contact and Data Protection Officer (DPO)
For questions, information requests or to exercise your rights, contact:
Interim Data Protection Officer:
Daniel Enache
Email: support@fixh.it
Tel: +39 35164 35164
This policy is designed to ensure comprehensive protection for both users and the Provider, in compliance with the GDPR and Italian data protection regulations.