This Privacy Policy explains how Fabrixa B.V. (trading as “Fabrixa”, “we”, “us”) collects and uses personal data in connection with our website, platform, and services for business customers (“Customers”). This Policy is intended for business-to-business use, but it also covers personal data relating to Customer personnel and End Customers (e.g., shipping details) where applicable.

• Registered office: Markerkant 13 10, 1314 AN Almere, The Netherlands
• KvK: 74188445  ·  VAT: NL826071491B01
• Privacy contact: privacy@fabrixa.com

1. Roles under GDPR (controller / processor)

1.1 Fabrixa as Controller (account & website data)

Fabrixa acts as a data controller for:

• Customer account administration (user profiles, login details)
• Billing and finance contacts
• Website analytics and security logs
• Support communications
• Sales/marketing communications (where permitted)

1.2 Fabrixa as Processor (fulfilment data)

Where Customers provide End Customer personal data for fulfilment (e.g., name/address, email/phone for carriers), Fabrixa typically acts as a data processor (or sub-processor) on Customer’s behalf. In that case, processing is governed by a separate Data Processing Addendum (“DPA”) and Customer’s instructions.

2. Personal data we collect

Depending on your use of the Services, we may collect:

2.1 Account and contact data

Name, business email, phone, job title, company name, address, login credentials (hashed), user permissions.

2.2 Billing and transaction data

Billing address, VAT number, invoices, payment status, wallet/prepaid events. We do not store full card details if a payment provider is used.

2.3 Support and communications

Support tickets, emails, chat logs, attachments you send to us.

2.4 Technical data

IP address, device/browser info, event logs, timestamps, API usage logs, error logs, security logs.

2.5 End Customer fulfilment data (received from Customer)

Recipient name, delivery address, country, postal code, and where needed by carriers: phone/email.

2.6 Content / design data

Artwork files or references may contain personal data if you include it; avoid submitting sensitive data in designs.

3. Purposes & legal bases (controller processing)

We process personal data as controller for:

Purpose	Legal basis (Art. 6 GDPR)
Create and manage accounts, deliver services, provide support, billing and payments	Contract performance — Art. 6(1)(b)
Improve services, maintain security, prevent fraud/abuse, analytics, internal reporting, business continuity	Legitimate interest — Art. 6(1)(f)
Accounting/tax requirements, compliance requests, lawful disclosures	Legal obligation — Art. 6(1)(c)
Marketing cookies, certain marketing communications	Consent — Art. 6(1)(a)

4. End-Customer data (processor processing)

When we process End Customer data on Customer’s behalf for fulfilment:

• We process only as necessary to produce, package, ship and support the order.
• We act on Customer’s documented instructions.
• We do not sell End Customer data.
• We retain End Customer data only as long as needed for fulfilment, support, disputes, and legal requirements (see retention).

5. Sharing of personal data

We may share personal data with:

Recipient	Purpose	Location
Hosting / cloud infrastructure (Hetzner Online GmbH)	Web hosting	Germany (EU)
Email & productivity provider	Communications	EU data centres
DeepL SE	Site translation engine	Germany (EU)
Fabric & print partners	Production & dispatch	Portugal & Spain (EU)
Shipping carriers (DHL, GLS, etc.)	Order delivery	EU + destination country
Professional advisors & authorities	Legal, audit, regulatory compliance	EU

We require appropriate contractual safeguards and confidentiality for all providers. A current list of sub-processors is available on request via privacy@fabrixa.com.

6. International transfers

If personal data is transferred outside the EEA/UK, we use appropriate safeguards such as:

• Adequacy decisions, or
• Standard Contractual Clauses (SCCs) plus supplemental measures where required.

7. Data retention

We retain personal data only as long as necessary for the purposes described:

Data	Retention
Account & support data	Duration of relationship + 1 year
Billing / financial records	7 years (Dutch tax law)
Technical logs	Typically 30 days, longer if needed for security investigations
End Customer fulfilment data	Per DPA / Customer instructions + retention needed for shipping disputes/claims and legal compliance

8. Security

We implement reasonable technical and organisational measures to protect data, including:

• Access controls and least privilege
• Encryption in transit (TLS)
• Logging and monitoring
• Secure credential handling

No method is 100% secure; Customers must also secure their systems and API credentials. If we ever experience a breach affecting your data, we will notify you and the supervisory authority within 72 hours as required under GDPR Article 33.

9. Your rights (controller data)

Individuals may have rights under applicable laws (GDPR), including access, rectification, deletion, restriction, objection, and data portability:

• For Customer account users: contact privacy@fabrixa.com.
• For End Customers: please contact the merchant/platform you purchased from (the Customer). Fabrixa typically acts as processor and will assist the Customer as required by the DPA.

10. Cookies and tracking

We may use cookies and similar technologies for:

• Essential site functionality and security
• Analytics and performance

Full details — including which cookies are set, by whom, for how long, and how to manage them — are in our Cookie Policy.

11. Changes to this policy

We may update this Policy by publishing a new version and changing the “Last updated” date. Continued use of the Services after changes become effective constitutes acceptance where permitted by law.

12. Contact

RELATED POLICIES

Terms of Service · Cookie Policy · Imprint · Shipping Policy · Returns & Claims · Acceptable Content & IP · API Terms

QUESTIONS?

Need help understanding any of this? Talk to us or check the pricing and FAQs.