Privacy Policy

Who we are

This Privacy Policy describes how PT4ME B.V., trading as Merchant Fix, collects, uses, and discloses personal data in connection with our website, our services, and our communications with you.

Throughout this policy, "we", "us", and "our" refer to PT4ME B.V. trading as Merchant Fix. "You" and "your" refer to the person whose personal data we are processing — typically a website visitor, a contact at a prospective or current client, or, in some cases, a Customer of one of our clients.

Two roles: controller and processor

2.1 When we are the data controller

We act as the data controller for personal data we collect directly from website visitors, prospects, business contacts of our clients, and the personal data of our own staff, suppliers, and contractors. As controller, we decide why and how that data is processed, and this Privacy Policy describes our practices.

2.2 When we are a data processor

When we provide services to a client — for example, running paid ads from their accounts, handling customer support enquiries, receiving returns, or facilitating payment processing — we typically process personal data of the client's Customers on behalf of the client. In those cases, the client is the data controller and we are the data processor. Our processing of that data is governed by a separate Data Processing Agreement with the client.

If you are a Customer of one of our clients (for example, you bought something from a webshop we run ads for), then you should direct privacy requests to the client first. We will, however, support our clients in responding to your requests as required by applicable law.

Personal data we collect

3.1 Information you give us

When you fill out our contact form, request information, or otherwise communicate with us, we collect:

• Identity and contact details — name, business email address, company name, role
• Business context — your products, target markets, current monthly ad spend, and any other information you choose to share
• Communications — the content of emails, messages, and call notes between you and our team

3.2 Information collected automatically

When you visit our website, we and our service providers automatically collect:

• Device and connection data — IP address, browser type and version, operating system, screen size, referrer URL
• Usage data — pages you visit, time on page, scroll depth, clicks, navigation patterns
• Cookie identifiers — see Section 7 for cookie details

3.3 Information from clients (as processor)

When delivering services to a client, we may receive personal data about the client's Customers, including names, contact details, order details, support tickets, return information, and payment information. This data is processed strictly under instruction from the client and under the Data Processing Agreement we have with them.

3.4 Information from third parties

We may receive limited information about you from third parties such as our advertising platforms (Meta, Google) showing aggregate campaign performance, our payment processors, fraud-prevention services, or publicly available business sources (e.g. company directories) when researching a prospect.

How we use your data

We use the personal data we collect for the following purposes:

1. To respond to your enquiries — sending the information or follow-up you requested through our contact form or email.
2. To deliver our services — performing the contract we have with you or your business, including account management, reporting, invoicing, and project communication.
3. To improve our website and services — analytics, A/B testing, and user research, on aggregated and where possible anonymised data.
4. For marketing — sending occasional updates about our services, case studies, or relevant industry news. You can opt out at any time using the unsubscribe link in our emails.
5. For online advertising — showing relevant ads on Meta, Google, and similar platforms, including retargeting visitors who did not convert.
6. For security and fraud prevention — detecting and preventing unauthorised access, abuse, scraping, and other malicious activity.
7. For legal and regulatory compliance — complying with tax, accounting, anti-money-laundering, sanctions, and other legal obligations, and responding to lawful requests from authorities.
8. For business operations — managing supplier relationships, audits, internal reporting, and corporate transactions.

Legal bases for processing

Under the GDPR and UK GDPR, we process your personal data on the following bases:

How we share your data

We do not sell your personal data. We share it only with the following categories of recipients, and only to the extent necessary:

• Service providers and sub-processors — including hosting, email, analytics, advertising, customer support, accounting, and IT providers, who process data on our instructions under written agreements.
• Our affiliates and group entities — where part of the service is delivered by an entity within our corporate group.
• Professional advisers — lawyers, accountants, auditors, and insurers under duties of confidentiality.
• Authorities and regulators — where required to comply with a legal obligation, court order, or lawful request from a competent authority.
• Counterparties in corporate transactions — in the context of a merger, acquisition, reorganisation, or sale of assets, subject to appropriate confidentiality.

Cookies & tracking

Our website uses cookies and similar technologies to function correctly, to understand how it is used, and to deliver relevant marketing. Cookies fall into the following categories:

• Strictly necessary — required for the site to function (security, session management, load balancing). Always active.
• Performance and analytics — help us understand how visitors use the site so we can improve it. Set only with your consent where required.
• Marketing and advertising — set by us and by advertising partners (such as Meta and Google) to deliver relevant ads, measure ad performance, and run retargeting. Set only with your consent where required.

You can manage your cookie preferences through our cookie banner where available, through your browser settings, or by using opt-out tools provided by individual advertising platforms.

Shopify & third parties

Our website is hosted on Shopify. As a result, certain information you submit through the website (including form submissions, IP address, and browsing data) is processed by Shopify in order to host and deliver the site. Shopify also uses some of this data to operate, secure, and improve its platform across all merchants.

Shopify's processing of personal data is described in the Shopify Consumer Privacy Policy. To exercise rights over data processed by Shopify on its own account, you can use the Shopify Privacy Portal.

Other third-party services we may use include providers of analytics, advertising, email delivery, payment processing, helpdesk software, and accounting. We work to keep our list of sub-processors current and available on request.

International transfers

Our operations are conducted from the Netherlands and other locations including Indonesia, where part of our operational team is based. Some of our service providers and our clients are located outside the European Economic Area, including in the United States, the United Kingdom, and China.

Where we transfer personal data outside the EEA or the UK to a country that has not received an adequacy decision, we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses or the equivalent UK International Data Transfer Agreement or Addendum, together with supplementary measures where appropriate. You can request a copy of the relevant transfer mechanism by emailing hello@merchant-fix.com.

How long we keep your data

We keep personal data only as long as we need it for the purposes for which it was collected, or longer if we are legally required to do so. In general:

Your rights

Depending on where you live and the basis on which we process your data, you have some or all of the following rights:

• Access — confirmation of whether we process your data and a copy of it.
• Rectification — correction of inaccurate or incomplete data.
• Erasure — deletion of your data where there is no overriding reason for us to keep it.
• Restriction — limiting how we process your data in certain situations.
• Portability — receiving certain data in a structured, machine-readable format.
• Objection — objecting to processing based on legitimate interests, including for direct marketing.
• Withdraw consent — withdrawing any consent you previously gave, without affecting prior processing.
• Complain — lodging a complaint with your local data protection authority.

To exercise any right, email hello@merchant-fix.com. We may need to verify your identity before responding. We will respond within the timeframes required by applicable law, normally within one month.

If you are a Customer of one of our clients and your request concerns data we process on the client's behalf, please contact the client directly; we will support them in responding to you.

Security

We use technical and organisational measures designed to protect personal data against accidental or unlawful loss, alteration, disclosure, or access. These measures include access controls, encryption in transit, secure development practices, and ongoing review. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

If we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority and, where required, the affected individuals in line with applicable law.

Children

Our services are intended for businesses and are not directed at children. We do not knowingly collect personal data from children under 16 years of age. If you believe a child has provided us with personal data, please contact us and we will take steps to delete it.

Changes and complaints

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable law. The "Last updated" date at the top of this page reflects the most recent revision. Where the changes are material, we will provide additional notice as required by law.

If you have a complaint about how we handle your personal data, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with your local data protection authority. In the Netherlands, that authority is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

Contact us

For any privacy question, request, or complaint, contact us at hello@merchant-fix.com or write to us at the address below.