Privacy Policy
Effective August 5, 2020
TL;DR
This summary provides a short explanation of the policy and is not legally binding.
We firmly believe in our customers' right to privacy, and we respect that right by adhering to the concept of Fair Information Practices.
iFixit is based in the United States.
How we collect your information
We collect your information when you complete our online forms, purchase our products online, and interact with our community. We track that information using cookies. We record all of the discussions we have with you on the phone. The information we collect includes name, address (if you place an order), email address, IP address, phone number, and location (if you add it to your profile).
What we do with it
We use your information to send you the products you have ordered from us online. We use your data in big data projects to help us understand trends in the marketplace. We store your information with our cloud service provider in the U.S. We use cookies to monitor your behavior on our website.
Who we share it with
We share your details with selected business partners which may include:
- the cloud service providers that help us store your information and send you email
- Google and Facebook to give us insight into how people are using our site and understand how to improve our visibility
- payment service providers that process your payment information on our behalf
- shipping carriers and software companies that help us ship your order
- lawyers representing us in the event of a legal claim
- lawful requests by public authorities, including to meet national security, regulatory or law enforcement requirements
ALL THE DETAILS
How We Handle Your Information
Cookies
Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our website. Cookies cause no damage to your device and do not contain viruses or other malware. The cookie stores information which is created in connection with the specific device you are using. However, this does not mean that we immediately become aware of your identity. Cookies are mainly used to make our website more user-friendly, effective and secure.
We use session cookies to recognize that you have already visited individual pages of our website. These cookies also provide certain functionalities. Session cookies are deleted after you leave our website.
In addition, we also use temporary cookies, which are stored on your device for a specified period of time, to optimize user-friendliness and the statistical evaluation of the use of our website. If you visit our website again to use our services, these cookies will automatically recognize that you have already visited us before and what entries and settings you have made, so you do not have to enter them again.
Most browsers accept cookies automatically. However, if you do not wish to accept cookies, you can configure your browser to prevent cookies from being stored on your device or so that a message always appears before a new cookie is created. A general objection to the use of cookies for online marketing purposes can also be declared for many of the services, for example, at Your Online Choices or the opt-out page of the Network Advertising Initiative. However, if you disable cookies, you may not be able to use all the features of our website.
Hosting
In order to make our website available to you, we use the services of hosting companies, such as the provision of web servers, storage space, database services, security services and maintenance services.
Access to Data and Log Files
When you visit our website or its individual pages, your device’s browser automatically sends information to our website server. This information is stored in log files by us or by our hosting provider.
The following information is stored:
- The IP address of the requesting computer,
- The date and time of access,
- The name and URL of the requested file,
- The website from which our site was accessed (referrer URL),
- The browser being used and, if applicable, the type of operating system your computer uses and the name of your access provider.
This data is processed for the following purposes:
- The provision of our website, including all of its features and contents
- To ensure a smooth connection to our website
- To ensure the comfortable use of our website
- To ensure system security and stability
- For anonymized statistical evaluation of user access
- To optimize our website
- For forwarding to law enforcement authorities in the event of unlawful interference or an attack on our systems
- For additional administrative purposes.
Contact Form
If you use the contact form, you will be asked to provide your name and email address so we can contact you personally. Additional information can be provided voluntarily. All personal data collected in connection with the contact form will be deleted after responding to your request, unless it is necessary to store this data for the documentation of other processes (for example, for the subsequent conclusion of a contract).
Newsletter
If you would like to receive our newsletter, we need to have your name and email address. Your email address will be used and stored for this purpose until you withdraw your consent or unsubscribe from the newsletter. You can unsubscribe at any time by using the link at the end of each newsletter or by contacting us.
We send our newsletters with a web beacon. A web beacon is a miniature graphic embedded in the newsletter’s HTML format which enables us to analyze reader behavior. In this context, we store whether and at what time a newsletter was opened by you and which of the links contained in the newsletter were accessed by you. We use this data to create statistical evaluations of the success or failure of a marketing campaign in order to optimize newsletter distribution and to better match the content of future newsletters to your interests. The collected data will not be transferred to third parties and will be deleted after the statistical evaluation.
Job Applications
See our Employee Privacy Notice.
Comments and Contributions
If you leave comments or other contributions on our website, your email and IP address will be stored. You can provide further information voluntarily. The purpose of storing your email address is to contact you regarding your comment or contribution, to forward any complaints you may have and, if necessary, to ask you to comment. You will not be able to use the comments function without entering your email address. The email address you provide will be saved but will not be published along with your comment.
Our legitimate interest in retrieving and storing your email address is for security reasons, for example, in the event that someone leaves illegal content (for example, insults) in comments and contributions. In this case, we ourselves could be prosecuted for the comment or contribution and therefore, we have a legitimate interest in storing your IP address. This collected personal data will only be passed on to the prosecution authorities in cases of criminal investigations. Personal information will not be transferred to any other third parties.
Community and Registration
You can register on our website by entering your name and email address. Registration is voluntary and is based on your voluntary consent. The transmission of any other personal data is determined by the input form used for the registration. The collected personal data is used for the purposes of offering our services as well as to contact you in order to provide you with information regarding our services and your registration. You can view your personal data and make changes to this data via your personal user access. Your data will be stored until you delete your user account or instruct us to delete your data. If we are obliged to store your personal data due to legal, commercial and tax-related retention periods, the processing of your personal data will be restricted accordingly until the expiry of the retention periods and this data will then be deleted.
When you register on our website or use your user account, we store your IP address and the time of your use of our website. Storage of your data is in your interest in order to protect you from misuse and other unauthorized use. Your data will not be transferred to third parties, unless necessary to fulfill contractual obligations, for the pursuit of any claims to which we are entitled, or if there is a legal obligation. IP addresses are anonymized.
Contract Data
When you place an order, we process your personal data in order to perform our contractual obligations. This data includes:
- Your name, address and contact data, any alternate delivery addresses or invoice addresses or alternate recipients and, if necessary, your date of birth;
- Contract data, such as the subject matter and duration of the contract and customer category;
- Payment data, such as bank details, credit card data, and payment history.
The data will only be transferred to third parties to the extent necessary in order to implement pre-contractual measures and to fulfill contractual obligations, such as to banks, payment service providers, and credit card companies for processing payment, and to shipping providers for shipping goods.
Creditworthiness and Scoring
We perform a credit assessment (automated decision-making) of customers to check creditworthiness and minimize payment defaults. This is done if purchase order, money order, credit card or direct debit is selected as the payment method. For this purpose, the customer’s name, address, IP, and partial credit card will be transmitted to: Signifyd, Inc., 2540 N. First Street, Suite 300, San Jose, CA 95131. The credit assessment involves the use of probability values (score values), whose calculation includes address data. The calculation of these scoring values is based on a scientifically recognized mathematical-statistical procedure. Additional information on how Signifyd handles your personal data can be found in the Signifyd Privacy Policy. In case of insufficient creditworthiness, purchase order, money order, credit card or direct debit will not be accepted as a payment method. If you do not agree to the data transfer, please use another method of payment.
Payment Services
PayPal acts as an online payment service provider and trustee and offers buyer and seller protection services. When paying via PayPal, credit card via PayPal, direct debit via PayPal or, if offered, purchase on account via PayPal, your name, email address, purchased products, invoice amount, as well as your invoice and delivery address will be transferred to PayPal as part of payment processing. When using the following payment methods: credit card via PayPal, direct debit via PayPal or, if offered, purchase on account via PayPal, PayPal may conduct a credit check in order to check your creditworthiness and to minimize payment defaults before deciding to approve the payment process. The credit assessment involves the use of probability values (score values), whose calculation includes address data. The calculation of these scoring values is based on a scientifically recognized mathematical-statistical procedure. In case of insufficient creditworthiness PayPal can refuse the chosen payment method.
If you do not agree with the data transmission, or if you believe that your creditworthiness is not suitable for the chosen method of payment, please use another method of payment. Additional information on how PayPal handles your personal information can be found in PayPal’s Privacy Statement.
Facebook Pixel
We use the “Facebook Pixel” on our website. The use of this technology enables Facebook to assign visitors to our website to specific groups (for example, visitors to our website according to the areas of interest we have sent to Facebook - the “custom audiences”) for the display of specific advertisements and to thus be able to recognize these groups. This ensures that these users are only shown advertisements that match their interests and that inconveniences caused by inappropriate advertising are avoided. By using the Facebook Pixel, we can also monitor the effectiveness of our Facebook advertisements for statistical purposes and track whether and how a user has used our services after clicking on an advertisement.
Additional information about the Facebook Pixel and how it works can be found here. Detailed information on how Facebook processes the data it collects and general information about Facebook advertisements can be found in Facebook’s Data Policy. In your Facebook account under the heading “Settings,” you can object to the collection of your data via the Facebook Pixel and its use for displaying specific advertisements. Information on these settings can be found here (login necessary).
Google Services
Information on how Google handles your personal data can be found in Google’s Privacy Policy. You can learn how Google uses data for advertising purposes, find information about setting options and find out how to object to the use of your data for advertising purposes on these Google pages: How Google uses information from sites or apps that use our services, Advertising, Ads and data, and Ad settings.
This website uses Google Analytics from Google. Google Analytics uses cookies. Google collects data about user visits to our website. This data is used to ensure that our website is designed and continuously optimized to meet the needs of our users, to measure the success of marketing measures, and to create statistical evaluations. Pseudonymized user profiles are created and cookies are used as a part of this process. The information generated by the cookie about your use of this website, such as the browser type/version, the operating system used, the referrer URL (the previously visited page), the host name of the accessing computer (IP address) and the time of the server request are transferred to a Google server.
This website uses the “demographic features” function as part of Google Analytics. This function allows us to generate reports that contain information about the age, gender and interests of our site visitors. This data comes from Google’s interest-based advertising and from visitor data from third-party providers.
This website uses Google Analytics Remarketing from Google. Google Analytics Remarketing is used to present advertisements to visitors that refer to the content of previously visited websites. Google uses cookies to recognize visitors who visit websites in the Google advertising network. This service collects your IP address, which of our web pages you have visited and, if applicable, other data Google needs for the provision of analytics remarketing.
This website uses Google AdWords from Google and the conversion tracking function in Google AdWords. Google conversion tracking is used to track and evaluate your clicks on ads, purchases, subscriptions, and other actions on our website. Cookies are used to analyze and evaluate this data. This service collects your IP address, which of our web pages you have visited and, if applicable, other data Google needs for the provision of conversion tracking. The IP address transmitted by your browser will under no circumstances be merged with other Google data. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf or Google. You can prevent the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use all the features of this website.
This website uses Google AdSense to display advertisements on our website. Google AdSense uses cookies and web beacons to recognize and analyze your visit to the site. Web beacons are small invisible graphics that analyze information, such as clicks on advertisements and website traffic. This service collects your IP address, which of our web pages you have visited and, if applicable, other data Google needs for the provision of the advertisements.
This website uses external fonts from Google, web fonts, to display fonts. In order to do this, your browser loads the required web font into the browser cache when you access the web page. If your browser does not support this function, your computer will use a standard font to display the website. This service collects your IP address, which of our web pages you have visited and, if applicable, other data Google needs for the provision of the web fonts.
This site is protected by reCAPTCHA and the Google Privacy Policy and Google Terms of Service apply.
Collected information may be transferred to third parties if this is required by law or if third parties process this data on our behalf or on behalf of Google. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that allocation is not possible.
You can disable these services at any time by using your Google account’s ad preferences or opt out of having Google Analytics collect your information. You can prevent Google from using cookies to collect and process data regarding your use of this website by downloading and installing the browser plug-in available at this link. You can also prevent the use of cookies by selecting the appropriate settings in your browser. However, if you do this, you may not be able to use all of the features of this website.
Shipping Services
We use Shipstation to ship products you order from us. In order to facilitate delivery of your order, we provide to Shipstation data including but not limited to name, address, email address, mobile telephone number, and contents of package. Shipstation may use this date to enhance the delivery process for our customers and it may use notifications and geodata for that purpose, which may involve Shipstation sharing such details with limited third parties’ data processors, for the purpose of completing the requested services. You can read Shipstation’s Privacy Policy here.
FOR CALIFORNIA RESIDENTS
This Privacy Notice for California Residents supplements the information contained above and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.
This Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals (see iFixit’s California Employee Privacy Notice).
Where noted in this Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication ("B2B personal information") from some its requirements.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"). Personal information does not include:
- Publicly available information from government records
- Deidentified or aggregated consumer information
- Information excluded from the CCPA's scope
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
Category | Examples | Collected |
---|---|---|
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | Yes |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Yes |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | No |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | Yes |
G. Geolocation data. | Physical location or movements. | No |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | No |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | No |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
K. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No |
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or products and services you purchase.
- Indirectly from you. For example, from observing your actions on our website.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We share your personal information with the following categories of third parties:
- Service providers.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, iFixit has disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category D: Commercial information.
Category F: Internet or other similar network activity.
We disclose your personal information for a business purpose to the following categories of third parties:
- Service providers.
Sales of Personal Information
In the preceding twelve (12) months, iFixit has not sold any personal information.
We do not sell your personal information to any third parties.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we disclosed your personal information for a business purpose, a list of disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
We do not provide these access and data portability rights for B2B personal information.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We do not provide these deletion rights for B2B personal information.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us toll-free at 866-613-4948, or
- Completing this request form.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the website and update the notice's effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this notice, the ways in which iFixit collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under law, please do not hesitate to contact us at:
Phone: 866-613-4948
Request Form to exercise your rights
Support for questions
Email: privacy@ifixit.com
Postal Address: iFixit, Attn: Privacy Officer, 1330 Monterey St, San Luis Obispo, CA 93401
California Do Not Track Disclosure
California Business & Professions Code Section 22575(b) (as amended effective January 1, 2014) provides that California residents are entitled to know how a website operator responds to “Do Not Track” (DNT) browser settings. DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. We do not currently take actions to respond to DNT signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a DNT standard once one is created. For information about DNT, visit All About DNT.
FOR EUROPEAN UNION RESIDENTS
General Information
This Privacy Notice for EU Residents supplements the information contained above and applies solely to all visitors, users, and others who reside in the European Union. As the data controller, we have prepared this data protection declaration to inform you about the type, scope and purpose of the processing of personal data in connection with our website, in accordance with the provisions of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR). “Personal data”, “processing”, “controller”, and “recipient” have the same definitions set forth therein (Art. 4 GDPR).
Data Controller:
iFixit
1330 Monterey Street
San Luis Obispo, California 93401
Tel. +1 805-464-0573
Fax +1 805-456-0741
Email support@ifixit.com
Contact details of the company privacy officer:
Privacy Officer, iFixit
1330 Monterey Street
San Luis Obispo, California 93401
Tel. +1 805-464-0573
Fax +1 805-456-0741
Email privacy@ifixit.com
Legal Bases
We process personal data on the basis of at least one of the following legal bases:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 para. 1 sentence 1 lit. a GDPR);
- Performance of a contract with the data subject or for the implementation of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 sentence 1 lit. b GDPR);
- Compliance with a legal obligation to which we are subject (Art. 6 para. 1 S. 1 lit. c GDPR);
- Protection of our legitimate interests or those of a third party (Art. 6 para. 1 sentence 1 lit. f GDPR)
The following information refers to the legal basis of the individual processing steps contained in this data protection declaration.
Forwarding of Data to Recipients
We forward personal data to recipients (contractors or other third parties) only to the required extent and only under one of the following conditions:
- The data subject has consented to the transfer;
- The transfer is for the fulfillment of contractual obligations or pre-contractual measures on the initiative of the data subject;
- We are legally obliged to make the transfer;
- The transfer is made on the basis of our legitimate interests or those of a third party.
Third Countries
The transfer of personal data to a country or an international organization outside the European Union (EU) or the European Economic Area (EEA) is subject to legal or contractual permissions only in accordance with the conditions of Art. 44 ff. GDPR. This means, that for the country concerned, there is an adequacy resolution of the EU Commission according to Art. 45 GDPR, there are suitable guarantees for data protection according to Art. 46 GDPR or there are binding internal data protection regulations according to Art. 47 GDPR.
Rights of Data Subjects
As a data subject who resides in the EU, you have the following rights:
- According to Art. 15 GDPR, you can request information about your personal data processed by us. Furthermore, you can request information about the purposes of the processing, the categories of processed personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned period for which the personal data will be stored or the criteria for determining that period, the origin of your data, if this data was not collected from you, the existence of automated decision-making including profiling and, where appropriate, meaningful information on its details such as logic, scope and effects, the existence of a right to rectification or erasure of data concerning you, the right to restrict processing or to object to such processing, the right to lodge a complaint with a supervisory authority. Finally, you have a right to know whether personal data has been transferred to a third country or to an international organization and, if so, the appropriate safeguards relating to the transfer;
- According to Art. 16 GDPR, you can demand the immediate rectification of incorrect personal data or the completion of your personal data stored with us;
- According to Art. 17 GDPR, you can request the deletion of your personal data stored with us, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- According to Art. 18 GDPR, you can demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure of it and we no longer need the data, you need the data which is no longer needed by us for the establishment, exercise or defense of legal claims, or you have objected to the processing in accordance with Art. 21 GDPR, pending the verification of whether our legitimate grounds for data processing outweigh your interest;
- According to Art. 20 GDPR, you may request the transfer of your personal data that you have provided to us in a structured, commonly used and machine-readable format or transfer it to another data controller;
- According to Art. 21 GDPR, you may object to the processing of your personal data if there are grounds for doing so which relate to your particular situation or if you object to processing for direct marketing purposes and the legal basis for processing the personal data are legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR;
- According to art. 7 para. 3 GDPR, you can withdraw your consent to us at any time. As a result, we will no longer be permitted to continue processing the data that was based on this consent in the future;
- According to Art. 77 GDPR, you can lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of the place of your habitual residence, place of work or our registered office.
If you wish to assert the above-mentioned data subject rights, you can contact us or our privacy officer at any time using the contact details above.
Erasure and Restriction of Personal Data
Unless otherwise provided for in this data protection declaration for individual cases, personal data will be erased if this data is no longer necessary for the purposes for which it was collected or was in any other way processed and if there are no legal obligations that require us to keep it. We will also erase your personal data processed by us upon request, in accordance with Art. 17 GDPR, if the conditions described therein are met. If personal data is required for other legally permissible purposes, the data will not be erased, but its processing will be restricted in accordance with Art. 18 GDPR. In the event of a restriction, the data will not be processed for other purposes. This applies, for example, to personal data that we must keep for commercial or tax reasons.
Individual Processing Operations
Cookies. The data processed by cookies is required for the above-mentioned purposes in order to protect our legitimate interests which result from processing the data and the legitimate interests of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
Hosting. While using the services of hosting companies, we or our hosting providers process our website users’ personal data on the basis of our legitimate interests in providing efficient and secure access to our website in accordance with Art. 6 para. 1 lit. f GDPR.
Access data and log files. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is based on the above-described purposes for data collection. Under no circumstances do we use the data we collect for the purpose of drawing conclusions about a person.
Contact form. In accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, data processing for the purpose of contacting us and responding to your request is based on your voluntary consent.
Newsletter. In accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, data processing for the purpose of sending the newsletter is based on your voluntary consent which is granted via the double opt-in procedure.
Job applications. We are not currently accepting nor storing applications from EU residents.
Comments and contributions. Your information will be stored on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR.
Community and Registration. iFixit USA and iFixit EUROPE use a shared system for the administration of community accounts in order to make it easier for users to access the shared website of the iFixit Community. The provider is www.ifixit.com; San Luis Obispo, CA 93401, United States. It is not possible to register with the iFixit Community without your data being transferred to the USA. However, you can order goods in the EU store as a guest without registering with the community. When you register with the iFixit Community, you will be redirected to the iFixit USA website. The data transfer to iFixit USA is based on the EU standard contractual clauses (Set II). Information about these guarantees is available here. iFixit EUROPE and iFixit USA are jointly responsible for processing personal data. iFixit EUROPE complies with all obligations regarding the exercise of the rights of data subjects. In accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, data is processed on the basis of our legitimate interest in the provision of the services on our website. In accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, registration is voluntary and is based on your voluntary consent. In accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, data is processed on the basis of our legitimate interest in the provision of the services on our website. Your data will not be transferred to third parties, unless it is necessary to fulfill contractual obligations in accordance with Art. 6 para. 1 lit. b GDPR or for the pursuit of any claims to which we are entitled or if there is a legal obligation according to art. 6 para. 1 lit. c GDPR.
Contract data. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
Automated decision-making (credit assessment). Based on Art. 6 para. 1 lit. b and lit. f GDPR, we perform a credit assessment of customers prior to the conclusion of the contract for the purpose and on the basis of our legitimate interest in checking creditworthiness and minimizing payment defaults.
Payment service provider: PayPal. The legal basis for processing is Art. 6 para. 1 lit. b GDPR. Additional information on how PayPal handles your personal information can be found in PayPal’s data protection declaration.
Statistics and analysis: Facebook Pixel. The provider is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for processing the personal data of persons in the EU. Facebook has joined the EU/US Privacy Shield Agreement, thereby committing itself to complying with European data protection standards and thus has fulfilled the EU requirements for legitimizing the transfer of personal data to the USA. Information on Facebook’s commitment can be found here. Detailed information on how Facebook processes the data it collects and general information about Facebook advertisements can be found in Facebook’s data protection declaration The legal basis for the use of the Facebook pixel is our legitimate interests and the legitimate interests of third parties in these purposes, in accordance with Art. 6 para. 1 lit. f GDPR.
Google services. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The legal basis for the use of the above Google services is our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Google has joined the EU/US Privacy Shield Agreement, thereby committing itself to complying with European data protection standards and thus has fulfilled the EU requirements for legitimizing the transfer of personal data to the USA. Information on Google’s commitment can be found here. Additional information on how Google handles your personal data can be found in Google’s data protection declaration.
Children’s Privacy
Our website is intended for use by individuals who are at least 18 years old, or who have parental/guardian consent or are emancipated minors. We do not knowingly collect personal information from children under the age of 13 or from EU residents under the age of 16 without parental/guardian consent. If you believe that a child has provided us with personal information without parental/guardian consent, please contact us. We also comply with other age restrictions and requirements in accordance with applicable local laws.
Exercising Rights Under Other Privacy Laws
If you would like to exercise a right under a different privacy law, please contact us.
Changes to this Privacy Policy
From time to time, we may change this privacy policy to accommodate new technologies, industry practices, regulatory requirements, or other business reasons. We will provide notice of substantive changes and, where legally required, will obtain your consent. We may provide notice via email, by posting a notification on our website, or by other means, consistent with applicable law.
Contact us
If you have any questions about this Privacy Policy, please contact us.