Privacy Policy

Fixflo Privacy Notice



Fixflo (a trading name of Tactile Limited, a company registered in England and Wales under company number 08111417) is committed to respecting your online privacy and recognises your need for appropriate protection and management of any personally identifiable information you share with us. Fixflo has established this online privacy notice (“Privacy Notice”) so that you can understand the care with which we intend to treat your Personal Information. Personal Information means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and a personal email address or other home contact information.

For the purposes of the Data Protection Act 2018, UK GDPR (as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) and the European General Data Protection Regulation (“GDPR”) that came into force on 25 May 2018, the data processor is Tactile Limited (company number 08111417) whose registered office is at International House, 24 Holborn Viaduct, London EC1A 2BN. The data protection officer is currently Katie Buxton (dpo@fixflo.com). The customer is the data controller.

Fixflo’s Article 27 Representative Office in the European Union is JMW (Ireland) 2021 Limited, Registered office: 6/7 Harcourt Terrace, Dublin 2, Dublin, Ireland. Email contact: dpo@jmw.co.uk

NB: SEE CORONAVIRUS ADDENDUM FOR FURTHER INFORMATION RELATED TO SPECIAL CATEGORY DATA COLLECTED IN RELATION TO THE CORONAVIRUS PANDEMIC

 

When do we collect your Personal Information?

Fixflo collects data relating to you and your use of the Site in order to provide Services and features that are responsive to your needs. Fixflo collects Personal Information in the following ways:

  • From when you register and communicate with us. We collect information from you when you register an account with us, request information, send us emails, or speak with us over the telephone.
  • From the Site. We may collect information from your mobile device when you provide your information to use via the Site.
  • From third parties. We may receive information about you from a business partner or client.
  • Automatically as you use our Site. Information collected automatically may include usage details, email address, IP address and information collected through cookies and other tracking technologies.

 

What Personal Information we collect

  1. Information you give us. We require customers who register to use the services (“Services ”) offered on our Site to give us contact information, such as their name, company name, address, phone number, and e-mail address, and (in the case of paying customers) financial qualification and billing information, such as billing name and address, credit card number, and the number of users within the organisation that will be using the Services. Customers of the Services may use the Site to host data and information that includes Personal Information (“Data”). Where you input Data into the Site that you have collected from your own contacts, you are responsible for obtaining any required consent of those data subjects under the GDPR and you warrant to us that you have fully complied with any applicable data protection legislation in relation to the information you give us. When a repair is reported through the Services, photos of the issues and other information will be requested. It is important that you ensure that any photos submitted do not include images of people.
  2. Information we collect about you. We may collect certain information about how you use the Services. This may include your IP address, geographical location, browser type, referral source and similar information. This information may be collected by a third-party website analytics service provider on our behalf and may be collected using cookies.
  3. Information we receive from other sources. This is information we receive about you if you use any of the Site we operate or the other Services we provide. We are working closely with third parties (including for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, and credit reference agencies).

 

Cookies

Some of our Site pages utilise cookies and other tracking technologies. A cookie is a small text file that may be used, for example, to collect information about Site activity. Some cookies and other technologies may serve to recall Personal Information previously indicated by a Web user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser, but please note that if you choose to erase or block your cookies, you will need to re-enter your original user ID and password to gain access to certain parts of the Site. Our use of cookies and other tracking technologies allows us to improve our Site and web experience.

We use a number of different cookies on our Site that are broadly grouped into the following categories:

  • Strictly necessary: These are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our Site, or make use of our billing services.
  • Analytics: We use analytics cookies to help us understand how users engage with our Site. This data is used to deliver customized content to customers whose behaviour indicates that they are interested in a particular subject area.
  • Retargeting: We collect and use profiling cookies which enable us to identify your device when you move between different websites and applications so that we can serve personalised advertising to you. For this purpose, we also use NextRoll, whose privacy policy can be found here. Should you wish to update your consent preferences for NextRoll’s personalised ads, please click here.
  • Email marketing campaigns published by our Site or Fixflo may contain tracking facilities within the actual email.

 

Web Analytics

The Fixflo website uses Mouseflow, a web analysis tool from Mouseflow Inc, Flaesketorvet 68, 1711 Copenhagen, Denmark, in order to record user behavior. In so doing, a record of mouse movements, mouse clicks, and keyboard interaction is generated. From this data, so-called heat maps are constructed and then evaluated to identify potential improvements for this website.

Data from all visits is stored using anonymized IP addresses. The cookie generated by Mouseflow is deleted after a period of 90 days. No personal data is collected by Mouseflow and no data is shared with third parties; the data is stored for a period of 6 months. Storage and processing of the collected data takes place within the EU.

You may opt out of data collected on the website using Mouseflow by clicking here.

 

How we use the Personal Information we collect

We may use your Personal Information for purposes including, but not limited to, the following:

  • To deliver services, products, or transactions that you have requested;
  • To improve our Site, including upgrading security measures;
  • To send you promotional materials or communications regarding our content and services that we feel may be of interest to you;
  • To evaluate the products and services that we offer and develop new or improved products or services and to better understand Fixflo’s business environment;
  • For surveys, competitions, and polls;
  • To notify you about changes to our Service;
  • To provide technical support to you; and
  • To ensure network and information security.

 

Marketing opt-out

We do not use personal data submitted by individuals reporting repairs via our platform for marketing purposes.

You are entitled to opt-out of marketing communications at any time and free of charge by emailing dpo@fixflo.com with the subject “Stop Marketing” or by post addressed to Tactile Limited, Re: Stop Marketing at the company’s registered office.

 

What legal bases do we have for processing your Personal Information?

We will collect and process your Personal Information only when one of the following applies:

  • It is necessary for a legitimate interest (which is not overridden by your privacy interests), such as preventing fraud, improving our Site, to make suggestions to you about other Services or products available through our Site, and increasing the security of our Services;
  • You have expressly consented to the collection and processing for a specific purpose;
  • It is necessary to fulfil our contractual obligations; or
  • It is necessary to comply with a legal obligation.

Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time. If you wish to withdraw your consent, please contact us at dpo@fixflo.com.

 

Image Rights

Although photos that are uploaded by you remain your intellectual property, so that Fixflo can provide the Service to you, you hereby give us the right (an irrevocable worldwide royalty free licence) to host, store, modify, reproduce, communicate, publish and distribute those photos only to the extent permitted by this Privacy Notice. By uploading any photo you confirm that you have the right or necessary consent to send that photo to us and for us to use it in the ways outlined in this Privacy Notice. We have the right to limit the size and nature of any photos that are uploaded through the Service.

All information other than photos that you submit will become our intellectual property but can only be used to the extent permitted by this Privacy Notice.

 

Disclosure of your Personal Information

Fixflo will not sell, trade, or share your Personal Information, except in the circumstances describe below:

  • Any member of our group, which means any subsidiaries, ultimate holding company and its subsidiaries;
  • Business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you, which can include (but is not limited to) those suppliers listed below in Annex 1;
  • Analytics and search engine providers that assist us in the improvement and optimisation of our Site;
  • Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you;
  • Where we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or in order to enforce or apply our terms of use, or to protect the rights, property or safety of Fixflo, our customers, or others.
  • In the event that we sell or buy any business or assets, in which case we will disclose your Personal Information to the prospective seller or buyer of such business or assets.

 

Security of your Personal Information and international data transfers

In accordance with the applicable laws and regulations, we have taken adequate technical and organizational measures to safeguard the security of your personal information. We store the personal information that we process on a secure database that is protected by technical access controls. We periodically review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.

We restrict access to personal information to employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations. Please be advised that while we strive to protect your personally identifiable data, we make no guarantees or assurances about our ability to prevent any such loss, access, or misuse and are not responsible in the event that such loss or misuse occurs.

We may transfer your personal data outside the European Economic Area (EEA) in our performance of Services. Whenever we transfer your personal data out of the EEA, we ensure an appropriate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we will only transfer data to them under the scope of a data processing agreement which incorporates Standard Contractual Clauses approved by the European Commission, or Binding Corporate Rules which require them to provide similar protection to personal data shared between Europe and the US.

 

Data retention

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of a claim being made in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

 

What are your legal rights?

Under certain circumstances, you have rights under data protection laws in relation to your personal information. You have the right to:

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    • If you want us to establish the data's accuracy.
    • Where our use of the data is unlawful but you do not want us to erase it.
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format.
  • Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us at dpo@fixflo.com.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one calendar month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

Children’s Privacy

For paying customers, Fixflo is a business to business website and thus is not structured to attract children. For non-paying customers Fixflo is intended to be used either in the context of a business to business website or by owners or occupiers of properties who are over 18 years of age. Accordingly, we do not intend to collect Personal Information from anyone we know to be under 18 years of age.

 

Commitment

We are committed to complying with the GDPR. Protecting your privacy online is an evolving area, and the Site is constantly evolving to meet these demands. If you have any comments or questions regarding our Privacy Notice, please contact us at dpo@fixflo.com. While we cannot guarantee privacy perfection, we will address any issue to the best of our abilities as soon as possible. This privacy notice was last updated on 4 October 2021.

You have the right to lodge a complaint with the Information Commissioner’s Office in the UK on the basis that this is where Fixflo is established.

Fixflo reserves the right to change this Privacy Notice at any time and in the event of change we intend to take every reasonable step to ensure that these changes are brought to your attention by posting all changes prominently on the Site for a reasonable period of time. If in the event that we sell our business, customer information may be one of the transferred business assets. If this happens, your information will still be subject to this policy.

 

Further Information

Questions regarding this Statement or the practices of this Site should be directed to Fixflo by e-mailing such questions to dpo@fixflo.com with the subject “Privacy Statement Enquiry” or by post addressed to Tactile Limited, Re: Privacy Statement Enquiry at the company’s registered office from time to time. Details of the company’s registered office are available on the Site. Fixflo takes every effort to ensure that the information published on the Site is accurate. However, Fixflo cannot accept any liability for the accuracy or content. Visitors who rely on this information do so at their own risk. General information about data protection may be found at: Information Commissioner’s website.

 

Annex 1 – Third Party Recipients of Personal Information

We process some of your Personal Information using third party organisations. They are obligated to us to ensure that they process your data securely. We use the following organisations to process Personal Information for us:

  • Microsoft Corporation (web app services, data storage, internal user management, database backups)
  • Sendgrid Inc (queue and send emails to customers)
  • Twilio Inc (VoIP dialer and online caller app)
  • Mangopay SA (Online payment system)
  • Hubspot Inc (marketing tool)
  • Zoom Video Communications Inc (online screenshare and conference platform)
  • Chili Piper (booking and managing appointments)
  • GoCardless Ltd (Online payment and direct debit system)
  • Stripe Inc (Online payment system)
  • The Rocket Science Group LLC (Mailchimp) (email campaigns)
  • SurveyMonkey Inc and SurveyMonkey Europe (survey campaigns)
  • Salesloft Inc (sales engagement platform)
  • SFDC (CRM tool)
  • Elevio Pty Ltd (email and ticket support)
  • G-Suite Apps Google LLC (emails)
  • Adobe Systems Software Ireland Limited (e-signature services)
  • Productboard Inc (customer feedback services)
  • SiftRock (managing email replies)
  • NextRoll (retargeting cookies)
  • Talk desk (telephone system)
  • Plan hat (customer success platform)
  • Freshdesk (customer support tool)
  • HelloSign (online signature tool)
  • Referral Rock (online customer referral tool)

 

Coronavirus (COVID 19) Addendum

We may seek to collect and process personal data relating to health (“Special Category Data”) in response to the recent outbreak of Coronavirus which is above and beyond what would ordinarily be collected from you to ensure the safety and well-being of both you and those carrying out repairs and maintenance work.

Such information will be limited to what is proportionate and necessary, taking into account the latest guidance issued by the Government and health professionals, in order to manage and contain the virus.

The processing of Special Category Data is only permitted if specific further conditions are met. These conditions are that the processing of Special Category Data is necessary for reasons of public interest in the area of public health:

  • In order to respond to the new threat to public health posed by the Coronavirus (GDPR Article 9 (2) (i))
  • Carried out for health or social care purposes for preventive medicine (DPA 2018 Schedule 1, Part 1 (2)(2)(a)); and
  • Carried out by or under the responsibility of a health professional, or by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law, e.g. Governmental guidance published by the Ministry of Housing, Communications and Local Government (DPA 2018 Schedule 1, Part 1 (3)).

You are not required to provide us with this Special Category Data, but if you do not then we will not be able to process the repair report. By providing us with this information you are specifically consenting to the processing of it in accordance with this privacy policy.

Access to the Special Category Data will only be made available to the following user types and is made available for the following purposes:

(a) agents being individuals working for a property management company that manages the property occupied by the household in respect of which the Special Category Data is captured. This is to allow them to form a risk-based assessment of the urgency of a task (reactive or planned maintenance), the risk to a contractor entering a property and whether any mitigation of risk may be required.

(b) Contractors being individuals who have been asked to carry out a task (reactive or planned maintenance) in a property occupied by the household in respect of which the Special Category Data is captured. This is to allow them to form a risk based assessment of whether they wish to enter the property due to the risk of infection and, if so, what protective steps they may wish to take to mitigate the risk of infection.

The Special Category Data captured is only needed for so long as social distancing, quarantine or any equivalent measure is in place. As soon as is reasonably practicable and in any event within 21 days of Government advice that social distancing is no longer required in respect of Coronavirus the ability for users to request Special Category Data will be removed from the system.

As soon as is reasonably practicable and in any event within 60 days of Government advice that social distancing is no longer required in respect of Coronavirus the Special Category Data will be deleted.