Introduction to Our Cookies Policy
Important notice: As of August 27th, 2023, Fixinc Consulting Partner Ltd (www.fixinc.io or any subdomain connected to this website) does not store cookies on our website user’s operating system (desktop, laptop, mobile, tablet or similar).
Welcome to the Cookies Policy of Fixinc Consulting Partners Limited ("Fixinc," "we," "us," or "our"). This policy is designed to provide you with clear and comprehensive information about how Fixinc tracks activity on our website and why we choose to not collect or store any personal information of our website users without your knowledge and commitment to do so.
Fixinc is committed to safeguarding your privacy and ensuring that your online experience with us is secure and transparent. We are proud to be one of (if not the only) supplier in our industry that does not require your personal information to provide you a premium service.
What Are Cookies and How Do They Work?
Cookies are small text files that are placed on your computer or device when you visit a website. They are widely used to enhance your browsing experience, improve website functionality, and provide valuable insights to website owners. Cookies collect data about your browsing behavour, preferences, and interactions with the website. This information is stored on your device and can be accessed by the website or other third-party services when you visit the site again in the future.
Cookies work in conjunction with your web browser, such as Google Chrome, Mozilla Firefox, Apple Safari, or Microsoft Edge. When you visit a website, the site's server sends a cookie to your browser, which then stores it on your device. The cookie contains a unique identifier that allows the website to recognise your device and remember certain information about your visit.
There are different types of cookies, each serving distinct purposes:
Session Cookies: These temporary cookies are stored on your device only during your browsing session. They are automatically deleted from your device once you close your browser. Session cookies help the website remember your actions during a single session, making it easier to navigate between pages.
Persistent Cookies: Persistent cookies remain on your device for a set period, even after you close your browser. They are used to remember your preferences and settings for future visits, enhancing your user experience.
First-Party Cookies: First-party cookies are set by the website you are visiting. They are used to gather information about your interactions with the website, such as your preferences and browsing history on that site.
Third-Party Cookies: Third-party cookies are set by domains other than the one you are visiting. They are often used for tracking and advertising purposes, allowing third-party services to collect data about your browsing behaviour across multiple websites.
Functional Cookies: These cookies enable the website to provide enhanced functionality and personalisation. They may remember your username, language preferences, or region selection, creating a more tailored experience.
Analytical Cookies: Analytical cookies help us understand how visitors interact with our website. They collect information about which pages are visited most frequently, how long visitors spend on each page, and any error messages they encounter. This data helps us optimise our website's performance and content.
Our Approach to Privacy and Website Analytics
At Fixinc Consulting Partners Limited, we prioritize the privacy and data protection of our website visitors. We are committed to providing a transparent and secure online experience. As part of this commitment, we want to assure you that we do not collect and store personal data from cookies on our website.
To track our website analytics, we utilize a privacy-focused tool called 'Fathom Analytics.' Fathom Analytics operates on the principle that aggregated data is just as valuable as data about individuals and is far more privacy-oriented. This means that we do not gather extensive personal information about your interactions with our site, and any data we collect cannot be linked to a specific individual or used to track someone across different websites.
Unlike traditional analytics methods that rely on cookies, Fathom Analytics uses a script to track website analytics without the need for cookies. This approach aligns with our dedication to safeguarding your privacy and complying with data protection regulations.
In accordance with Fathom Analytics' privacy statement, we want to provide you with insight into how your data is handled:
We have chosen to use Fathom Analytics for the purpose of understanding our website traffic in a privacy-conscious manner, allowing us to continuously enhance our website and business operations. Under the lawful basis of "Article 6(1)(f)" of the General Data Protection Regulation (GDPR), we consider it our legitimate interest to improve our website and business continually. Importantly, no personal data is stored over time through this process.
Your privacy is of utmost importance to us, and we are committed to providing a safe and transparent digital environment. If you have any questions or concerns about our approach to data privacy, please feel free to reach out to us at email@example.com.
Understanding the applicable laws of personal data
Fixinc takes all applicable laws, regulations and best practice guidelines on how websites use and interact with personal data extremely seriously. There are many well known and adopted compliance regulations in place (like GDPR), and others that are yet to showcase their full repercussions on offending websites (like Schrems II). But we are focused on ensuring trust and integrity by choosing simply to not track any data. Below lists the three major compliance regulations we believe all websites should commit to.
GDPR Compliance and Enforcement for Websites
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, designed to enhance the protection of individuals' personal data and privacy within the European Union (EU) and the European Economic Area (EEA). It also applies to businesses and websites outside the EU/EEA if they process the personal data of individuals located in these regions.
Under the GDPR, personal data refers to any information that can directly or indirectly identify an individual, including but not limited to names, email addresses, phone numbers, IP addresses, and online identifiers. As a consulting and professional services firm, Fixinc Consulting Partners Limited recognises the importance of GDPR compliance and is committed to ensuring that your personal data is handled in accordance with the regulation's principles.
Key Aspects of GDPR
1. Lawfulness, Fairness, and Transparency: Websites must process personal data lawfully, fairly, and transparently. This involves informing individuals about the purposes for which their data is collected and obtaining their consent where necessary.
2. Purpose Limitation: Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
3. Data Minimisation: Websites should collect and process only the personal data that is necessary for the stated purposes. Unnecessary or excessive data collection is discouraged.
4. Accuracy: Personal data must be accurate and, where necessary, kept up to date. Inaccurate data should be corrected or erased.
5. Storage Limitation: Personal data should be stored only for as long as necessary to fulfil the purposes for which it was collected. Data retention periods should be clearly defined.
6. Integrity and Confidentiality: Websites must implement appropriate security measures to protect personal data against unauthorised access, loss, or destruction.
7. Individual Rights: GDPR grants individuals several rights, including the right to access their data, rectify inaccuracies, erase data under certain conditions ("right to be forgotten"), and object to or restrict processing in specific situations.
Enforcement of GDPR for Websites
The enforcement of GDPR involves several mechanisms to ensure that websites and organisations comply with its provisions:
1. Supervisory Authorities: Each EU/EEA member state has an independent supervisory authority responsible for monitoring and enforcing GDPR compliance. These authorities can investigate complaints, issue fines, and provide guidance to organisations.
2. Fines and Penalties: Non-compliance with GDPR can result in significant fines, which can be as high as €20 million or 4% of the global annual turnover of the preceding financial year, whichever is higher.
3. Consent Requirements: Websites must obtain valid and informed consent from individuals before processing their personal data. Consent must be specific, freely given, and easily revocable.
4. Data Breach Notification: Websites must report certain types of personal data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach. Individuals affected by the breach may also need to be notified if there is a high risk to their rights and freedoms.
Summary of Schrems II Ruling
The Schrems II ruling refers to a landmark decision by the Court of Justice of the European Union (CJEU) on July 16, 2020, in the case of Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems (referred to as "Schrems II"). This ruling has significant implications for the transfer of personal data from the European Union (EU) and the European Economic Area (EEA) to countries outside the EU/EEA, particularly the United States.
The case originated from concerns about the adequacy of data protection in the United States, especially in relation to surveillance practices carried out by U.S. government agencies. Max Schrems, an Austrian privacy activist, challenged the transfer of his personal data from Facebook Ireland to servers located in the U.S. He argued that U.S. surveillance laws and practices did not provide sufficient safeguards for the protection of European citizens' personal data.
Key Points of the Schrems II Ruling
Invalidation of Privacy Shield: The CJEU invalidated the EU-U.S. Privacy Shield framework, which had previously allowed companies to transfer personal data from the EU/EEA to certified U.S. organisations. The court ruled that the Privacy Shield did not provide adequate protection against U.S. surveillance practices that could compromise the privacy of EU citizens.
Standard Contractual Clauses (SCCs): The CJEU confirmed the validity of Standard Contractual Clauses (SCCs) as a mechanism for transferring personal data to third countries. However, the court emphasised that both data exporters and importers must assess whether the legal framework of the recipient country ensures an adequate level of protection for the transferred data.
Assessment of Adequacy: Data exporters are required to conduct a case-by-case assessment, considering the specific circumstances of the data transfer and the laws of the recipient country. If the laws of the recipient country, including surveillance laws, could undermine the protection of personal data, supplementary measures must be implemented to ensure the data's protection.
Supplementary Measures: If SCCs alone are insufficient to provide adequate protection, data exporters must implement supplementary measures to ensure that the data transferred is adequately protected. These measures could include encryption, pseudonymisation, and technological solutions to prevent unauthorised access.
National Supervisory Authorities: National data protection authorities have the authority to suspend or prohibit data transfers if they determine that the data's protection cannot be guaranteed in the recipient country, even with supplementary measures.
Impact and Considerations
The Schrems II ruling has far-reaching consequences for organisations engaged in cross-border data transfers. It underscores the importance of assessing the legal landscape of recipient countries and ensuring that personal data remains protected in line with EU data protection standards. Organizations are encouraged to work closely with legal experts and data protection authorities to ensure compliance with the ruling's requirements.
At Fixinc Consulting Partners Limited, we are committed to upholding data protection and privacy standards. Our data transfer practices align with the Schrems II ruling, and we continuously strive to ensure that the personal data we handle is transferred securely and in accordance with applicable regulations.
Overview of the California Privacy Rights Act (CPRA)
The California Privacy Rights Act (CPRA), also known as Proposition 24, is a comprehensive privacy law that amends and expands the California Consumer Privacy Act (CCPA). Approved by California voters in November 2020, the CPRA enhances the privacy rights of California residents and places additional obligations on businesses that collect and process personal data.
Key Features of the CPRA
Enhanced Consumer Rights: The CPRA introduces new rights for California residents and enhances existing ones. These include the right to correct inaccurate personal information, the right to restrict the use of sensitive personal data, and the right to know the length of time personal data will be retained.
Sensitive Personal Information: The CPRA introduces the concept of "sensitive personal information," which includes data such as Social Security numbers, driver's license numbers, biometric data, precise geolocation data, racial or ethnic origin, religious beliefs, and more. Consumers have the right to limit the use and disclosure of this sensitive data.
Opt-Out of Cross-Context Behavioural Advertising: Consumers have the right to opt-out of businesses using their personal information for cross-context behavioural advertising, which involves using data collected from different sources to target advertising.
Establishment of the California Privacy Protection Agency (CPPA): The CPRA establishes the CPPA as an independent regulatory agency responsible for enforcing and implementing privacy laws in California. The CPPA takes over some of the enforcement responsibilities previously handled by the California Attorney General.
Expanded Data Breach Notification Requirements: The CPRA introduces stricter requirements for data breach notifications, including the requirement for businesses to notify consumers about the use of their sensitive personal information in a data breach.
Contractual Obligations: The CPRA introduces requirements for businesses to include specific provisions in contracts with service providers to ensure compliance with privacy obligations.
Penalties for Minors' Data: The CPRA imposes additional penalties on businesses that collect and sell personal information of minors under the age of 16 without obtaining opt-in consent.
Increased Fines for Violations: The CPRA increases the fines that can be imposed on businesses for violations, especially those involving the data of minors.
Data Retention Limitations: Businesses are required to limit the retention of personal information to what is necessary for the disclosed purposes.
The CPRA becomes operative on January 1, 2023, and its provisions apply to personal information collected on or after January 1, 2022. This allows businesses time to prepare for compliance with the new requirements.
Implications for Businesses
The CPRA places additional compliance obligations on businesses that collect and process personal data from California residents. Businesses are advised to review their data processing practices, update privacy policies, implement mechanisms to address consumer rights, and ensure their data protection practices align with the CPRA's requirements.
As a responsible organization that believes in protecting personal data, Fixinc Consulting Partners Limited recognises the importance of complying with the CPRA and other data protection regulations. We are committed to safeguarding the privacy of California residents and ensuring that their data is handled in accordance with the law.
Changes to Our Cookies Policy
Our Process for Policy Updates
Continuous Review: We continuously monitor changes in data protection laws, industry best practices, and technological advancements to ensure that our Cookies Policy remains in line with the highest standards of data privacy.
Authoritative Documentation: Any changes we make to our Cookies Policy are documented and dated by an authorised member of Fixinc. This ensures that you can track when updates were implemented.
Expert Consultation: To ensure the accuracy and legality of our policy updates, we seek advice from relevant legal entities and experts who share our dedication to protecting personal data and fostering trust among our website users and clients.
Your Rights and Responsibilities
We encourage you to regularly review our Cookies Policy to stay informed about our data collection and usage practices. By staying informed, you can make informed decisions about how your data is used and exercise your rights effectively. We encourage you to continuously challenge the website and services you use to ensure your data - if any - is overseen by the very highest standards.
How to Stay Updated:
Any changes we make to our Cookies Policy will be reflected on our website with the updated date prominently displayed. We recommend checking back periodically to review any modifications. If you have any questions about the changes or our data practices, please feel free to contact us.
At Fixinc Consulting Partners Limited, your privacy and trust are paramount, and we are dedicated to maintaining the highest standards of data protection. Thank you for your continued support and trust in our commitment to safeguarding your personal data.