PriceFox

GDPR Policy

Last Updated: May 17, 2025

1. Introduction

At PriceFox ("we", "us", "our"), based in Austria, we are committed to protecting and respecting your privacy and personal data in compliance with the EU General Data Protection Regulation (GDPR). This policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.

PriceFox is the data controller and is responsible for your personal data. If you have any questions about this policy or our privacy practices, please contact our Data Protection Officer at dpo@pricefox.app.

2. Legal Basis for Processing

We process your data under the following legal bases:

  • Contract: Processing necessary for the performance of a contract with you
  • Legitimate Interest: Processing necessary for our legitimate interests, such as improving our services
  • Legal Obligation: Processing necessary for compliance with a legal obligation
  • Consent: When you have given consent to the processing of your personal data

3. What Data We Collect

We collect the following types of information:

  • Identity Data: name, username, or similar identifier
  • Contact Data: email address, telephone numbers, address
  • Technical Data: internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system and platform
  • Usage Data: information about how you use our website and services
  • Profile Data: your preferences, feedback, and survey responses

4. How We Collect Data

We collect data through:

  • Direct interactions: When you create an account, subscribe to newsletters, or contact us
  • Automated technologies: As you interact with our website, we may automatically collect Technical Data using cookies and similar technologies
  • Third parties: We may receive personal data about you from third-party service providers such as Clerk (authentication) and Cloudflare (security and analytics)

5. Third-Party Services

We use the following third-party services to process your data:

  • Clerk: For authentication and user management. When you create an account, Clerk processes your login information and authentication details.
  • Cloudflare: For security, content delivery, and performance optimization. Cloudflare processes IP addresses and other technical data.

These third parties have their own privacy policies and may transfer data outside the EEA. We ensure appropriate safeguards are in place for such transfers in compliance with GDPR requirements.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and applicable legal requirements.

7. Your Rights

Under the GDPR, you have the following rights:

  • Access: You can request copies of your personal data.
  • Rectification: You can request that we correct inaccurate personal data.
  • Erasure: You can request that we delete your personal data in certain circumstances.
  • Restriction: You can request that we restrict the processing of your personal data.
  • Data Portability: You can request the transfer of your personal data to you or a third party.
  • Objection: You can object to the processing of your personal data.
  • Automated Processing: You have rights related to automated decision-making and profiling.

To exercise any of these rights, please contact us at dpo@pricefox.app. We will respond within one month.

8. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal data to employees, agents, contractors, and third parties who have a business need to know.

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. International Transfers

As an Austrian-based company operating within the EU, we adhere to European data protection laws. Some of our external third parties are based outside the European Economic Area (EEA), so their processing of your personal data may involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing safeguards such as:

  • Using specific contracts approved by the European Commission (Standard Contractual Clauses)
  • Ensuring countries have been deemed to provide adequate protection by the European Commission
  • Using providers that are certified under an approved certification mechanism such as EU-US Privacy Shield

10. Lodging a Complaint

You have the right to make a complaint at any time to the Austrian Data Protection Authority (Datenschutzbehörde), the supervisory authority for data protection issues in Austria.

Austrian Data Protection Authority (Datenschutzbehörde)

Barichgasse 40-42, 1030 Vienna

Email: dsb@dsb.gv.at

Website: www.dsb.gv.at

11. Changes to This Policy

We may update this policy from time to time. When we do, we will inform you by updating the "Last Updated" date at the top of this policy. In case of material changes, we will provide a more prominent notice, including email notifications of privacy policy changes.