ZER Privacy Notice
This notice explains how registration, billing, security, support and workspace data may be processed.
Version 2026-07-11 · Terms · Privacy · DPA
- Data controller for ZER registration, billing, support and security data: SIA "FixLab", registration No. 40203523267, legal address Liepu aleja 38, Babīte, Babītes pag., Mārupes nov., LV-2101, Latvia.
- Registration data may include first name, last name, email, phone, company name, registration number, VAT/PVN number, address and bank account.
- Workspace data may include clients, devices, orders, inventory, sales, finance records, comments, files, employees, roles and event logs.
- For customer and employee data entered by a company, that company is usually the controller and ZER acts as processor. For registration, billing, support and security logs, ZER may act as controller.
- Purposes include account creation, CRM functionality, authentication, password recovery, billing, security, audit, support, abuse prevention and legal compliance.
- Technical cookies are used for secure sessions. Session cookies are HttpOnly and SameSite.
- Security logs such as IP address, user agent and login time may be stored to detect misuse and protect accounts.
- Files uploaded to comments are stored outside the public web folder. File size and MIME type are checked; antivirus scanning may be added later.
- Data is retained only as long as needed for service delivery, contract, security, accounting, legal obligations and reasonable backup windows.
- Controller contact: SIA "FixLab", fixlablv@gmail.com, +371 26982943. Questions and data-subject requests may be sent to this address.
- Legal bases are contract performance, compliance with accounting and legal obligations, legitimate interests in security, fraud prevention and service improvement, and consent only for optional product news. Consent can be withdrawn without affecting earlier processing.
- Recipients may include authorised FixLab support personnel, the hosting and backup provider, and the email delivery provider. Processors receive only the access needed for their task and are bound by confidentiality and data-processing terms. The current hosting provider and region must be identified before production launch.
- If data is transferred outside the EEA, FixLab uses an adequacy decision or appropriate safeguards such as the European Commission Standard Contractual Clauses and provides information on request.
- Account and workspace data is kept for the subscription term and normally deleted within 30 days after verified deletion. Encrypted backups expire within 30 days. Billing records are retained for the statutory accounting period; security logs are normally retained for 60 days unless needed for an incident or legal claim.
- Data subjects may request access, correction, erasure, restriction, portability and objection, and may complain to the Latvian Data State Inspectorate (Datu valsts inspekcija, www.dvi.gov.lv). Requests are answered within the statutory period after identity verification.
- Registration data marked as required is necessary to conclude and administer the service contract. Without it an account cannot be created. ZER does not use solely automated decision-making producing legal or similarly significant effects.
- Passwords are stored as salted one-way hashes. Session, access-control, tenant-isolation, encryption, backup and audit controls are used, but no online service can promise zero risk. Security incidents are assessed and notified as required by law.