ADFIXER
Privacy policy

How we handle your data.

Amvisible LTD is committed to protecting the privacy, confidentiality, and security of personal data in compliance with GDPR and applicable national data protection laws.

Last updated · 05.10.2025

Data controller details

  • Name: Amvisible LTD
  • Address: Sofia, Bulgaria, Seslavtsi, No 13 Kiril i Metodii Street
  • Email: office@amvisible.com
  • Phone: +359879818180

1. Introduction

Amvisible LTD (hereinafter also "ADFIXER", "we", or "data controller". ADFIXER has not appointed a Data Protection Officer, as it is not legally required to do so.) is committed to protecting the privacy, confidentiality, and security of personal data in compliance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

This Privacy Policy explains in a transparent manner:

  • what categories of personal data we collect
  • the purposes and legal bases for processing
  • how long we retain data
  • to whom we may disclose it
  • how we secure it, and
  • what rights data subjects have in relation to their personal data

We view data protection as an integral part of our corporate responsibility. ADFIXER continuously implements organizational, contractual, and technical safeguards to ensure that personal data is processed lawfully, fairly and transparently, and only for clearly defined purposes.

2. Personal data collected

ADFIXER contracts exclusively with entrepreneurs, primarily legal entities. However, in certain cases, natural persons acting as sole traders or independent professionals may also enter into contractual relations with ADFIXER.

Accordingly, the scope of personal data collected directly by ADFIXER is limited but may include the following categories:

  • Identification data: names of legal representatives of a company; in case of a natural person as contracting party, full name, date of birth (if required by law), and professional title.
  • Contact details: business address, email address, phone number, billing address.
  • Technical data: IP addresses, device identifiers, log data related to access to our services and website.
  • Financial data: payment instrument information, invoicing details, VAT number, bank account information (where applicable).
  • Contract-related data: data contained in the contractual documentation, correspondence, and any additional information necessary to establish, execute, and terminate contractual relationships.

ADFIXER does not intentionally collect or process sensitive categories of personal data under Article 9 GDPR (such as health, biometric, or religious data). Should such data be inadvertently provided by a customer, it will be securely deleted unless its processing is legally required.

3. Purposes for which personal data is collected and processed

We collect and process personal data only for specific, explicit, and legitimate purposes and do not further process it in a manner incompatible with those purposes, in line with Article 5(1)(b) GDPR. The purposes include:

  • Provision of services: to register and maintain user profiles, manage subscriptions, deliver paid services, and ensure access to the functionalities of our website and platform.
  • Authentication and account management: to verify customer identity during login, to enable secure access, and to respond to password reset or account recovery requests.
  • Payment processing: to process payment details in order to collect remuneration for services rendered and comply with financial and accounting obligations.
  • Contractual administration: to record the names of legal representatives of corporate clients in order to confirm representative authority, ensure the validity of contracts, and maintain a reliable human point of contact.
  • Legal enforcement: to use identifying and contact information, where necessary, for pursuing or defending legal claims, including sending formal notices, initiating proceedings, or complying with lawful requests from authorities.
  • Technical operation and security: to process IP addresses and technical logs to deliver website functionalities, maintain uninterrupted service, and ensure the integrity and security of our information technology systems.

Personal data is also processed by our trusted service providers, including Amazon Web Services (AWS) for hosting and Google Tag Manager for analytics and marketing script management. We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals, unless explicitly stated and based on valid legal grounds.

4. Legal bases for processing

We process personal data only where a valid legal basis under Article 6 GDPR applies. The main legal bases on which ADFIXER relies are:

Performance of a contract (Art. 6(1)(b) GDPR)

Processing of personal data is necessary for entering into, performing, and managing contractual relationships with our customers. This includes establishing accounts, verifying identity, delivering services, processing payments, and providing customer support.

Compliance with legal obligations (Art. 6(1)(c) GDPR)

We process personal data where required to comply with statutory duties, such as tax and accounting obligations, anti-money laundering (AML) requirements, and legal record-keeping obligations.

Legitimate interests (Art. 6(1)(f) GDPR)

We process personal data where it is necessary for the purposes of our legitimate interests, provided that such interests are not overridden by the rights and freedoms of the data subjects. This includes ensuring system security, enforcing our legal rights, and uniquely identifying contractual partners for dispute resolution.

Consent (Art. 6(1)(a) GDPR)

For certain processing activities that are not strictly necessary for service provision, we rely on the explicit consent of the data subject, particularly for cookies and similar technologies that are not essential for the technical operation of our website. Consent can be withdrawn at any time without adverse consequences.

5. Data retention

We retain personal data only for as long as it is necessary for the purposes for which it was collected, in compliance with the principles of storage limitation under Article 5(1)(e) GDPR, or as long as required by statutory retention periods.

  • Account and registration data:retained for the duration of the customer's registration and contractual relationship. Upon account deletion, such data will be deleted or anonymized unless statutory obligations require further retention.
  • Contractual and billing data: retained for up to ten (10) years to comply with Bulgarian accounting, tax, and commercial law requirements.
  • Technical data (e.g., IP addresses, access logs): retained for up to seven (7) days by Amazon Web Services (AWS) for system security and operational purposes, after which it is automatically deleted.
  • Correspondence and communication records: retained for the period necessary to manage customer inquiries and dispute resolution, but not longer than three (3) years after the last contact.
  • Marketing and consent-based data: retained until the customer withdraws consent or objects to processing, after which it will be promptly deleted.

6. Data security

We implement appropriate technical and organizational measures (TOMs) in accordance with Article 32 GDPR to ensure the confidentiality, integrity, availability, and resilience of personal data.

Technical measures

Pseudonymisation, encryption using state-of-the-art technologies, secure data transmission (TLS/SSL), multi-factor authentication, access logging, and regular penetration testing.

Organizational measures

Data minimization, strict role-based access controls, regular staff training on data protection, clearly defined responsibilities, and procedures for incident management.

We maintain a data breach response plan, ensuring that in the unlikely event of a personal data breach, we notify the competent supervisory authority and affected individuals in accordance with Articles 33 to 34 GDPR.

7. Data sharing and disclosure

We share personal data with third parties only where this is necessary for the performance of a contract, to comply with legal obligations, or to safeguard our legitimate interests, always ensuring that adequate safeguards are in place.

Typical categories of recipients include:

  • Service providers / processors: hosting providers, payment service providers, IT maintenance providers, and marketing/analytics partners, who process data strictly on our instructions under Article 28 GDPR.
  • Professional advisers: accountants, auditors, and legal advisors, bound by professional secrecy.
  • Public authorities and regulators: where disclosure is required by law, court order, or regulatory request.

All processors engaged by ADFIXER are subject to written agreements that impose obligations equivalent to those required by GDPR, including confidentiality, security, and limited purpose processing.

8. International data transfers

A transfer of personal data to countries outside the European Union (EU) or the European Economic Area (EEA) is carried out only under the conditions set out in Chapter V GDPR.

Transfers are permitted where:

  • The European Commission has adopted an adequacy decision confirming that the third country ensures an adequate level of protection;
  • The recipient has adopted Binding Corporate Rules (BCRs) approved by a competent supervisory authority;
  • We and the recipient have entered into the European Commission's Standard Contractual Clauses (SCCs), supplemented by technical and organizational safeguards; or
  • The transfer falls under another derogation under Article 49 GDPR.

Where transfers are made to providers in the United States, we rely on SCCs combined with supplementary measures to ensure a level of protection essentially equivalent to that within the EU/EEA.

9. Use of cookies

Our website uses cookies and similar technologies to provide essential functionality, improve user experience, and analyze how our services are used.

Categories of cookies

  • Strictly necessary (essential) cookies: Required for the proper functioning of our website and cannot be disabled. Use is based on our legitimate interest under Article 6(1)(f) GDPR.
  • Functional and performance cookies: Help us improve the performance and usability of our website by remembering your preferences and analyzing site usage.
  • Analytics and marketing cookies: Placed only with your prior consent (Article 6(1)(a) GDPR). They allow us and our partners (e.g., Google Analytics, Google Tag Manager, Microsoft Clarity) to measure website traffic and monitor user actions. Consent can be withdrawn at any time.

Cookies used on our website

  • __stripe_mid · Fraud prevention and detection · 1 year · Technically necessary
  • __stripe_sid · Fraud prevention and detection (session) · 30 minutes · Technically necessary
  • _ga · Distinguishes unique users for analytics · 2 years · Technically necessary
  • _ga_* · Persists session state for analytics · 2 years · Technically necessary
  • _gid · Distinguishes users for analytics · 24 hours · Technically necessary
  • _gat · Throttles request rate for analytics · 1 minute · Technically necessary
  • _clck · Persists Clarity user ID for session replay · 1 year · Technically necessary
  • _clsk · Connects multiple page views in a session · 1 day · Technically necessary
  • CLID · Clarity identification cookie · 1 year · Technically necessary
  • ANONCHK · Checks if cookies are enabled · 10 minutes · Technically necessary
  • MR · Indicates if MUID is refreshed · 7 days · Technically necessary
  • MUID · Identifies unique web browsers · 1 year · Technically necessary
  • SM · Synchronizes MUID across domains · Session · Technically necessary
  • rewardful.referral · Stores affiliate referral information · Varies · Technically necessary

Third-party services and integrations

We use third-party services to operate our website and provide our services, including analytics and marketing tools (Google Analytics, Google Ads, Facebook Pixel, LinkedIn Ads), social media platforms, newsletter services (Mailchimp), internal organization tools (Google Drive, Slack, Atlassian tools), and Microsoft Clarity for heatmaps and session replay. Each service may process personal data either as a processor on our behalf or as an independent controller under their own privacy policies.

Where personal data is transferred outside the EU/EEA, such transfers are secured using Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or adequacy decisions of the European Commission.

10. Data subjects' rights

If we process your personal data, you have the following rights under the General Data Protection Regulation (GDPR):

Right of access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you is being processed and, where that is the case, access to such data including information about purposes, recipients, retention periods, and your rights.

Right to rectification (Art. 16 GDPR)

You have the right to request without undue delay the correction of inaccurate personal data concerning you and the completion of incomplete data.

Right to erasure (Art. 17 GDPR, "right to be forgotten")

You may request the deletion of your personal data where one of the grounds provided by GDPR applies, unless processing is required to comply with legal obligations or for the establishment, exercise, or defense of legal claims.

Right to restriction of processing (Art. 18 GDPR)

You may request the restriction of processing where you contest the accuracy of the data, processing is unlawful and you oppose erasure, we no longer need the data but you require it for legal claims, or you have objected to processing pending verification.

Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller, where technically feasible.

Right to object (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data carried out on the basis of legitimate interests. You also have the absolute right to object to processing for direct marketing purposes.

Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority. In Bulgaria, the competent authority is the Commission for Personal Data Protection (CPDP).

Right to withdraw consent (Art. 7(3) GDPR)

Where processing is based on your consent, you have the right to withdraw it at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

You may exercise your rights by contacting us at office@amvisible.com or by postal mail at: Amvisible LTD, 13 Kiril I Metodii Street, Seslavtsi, Sofia, Bulgaria. We will respond within one month, in accordance with Article 12 GDPR.

11. Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The updated version will always be available on our website. Where changes materially affect your rights, we will provide additional notice via email or account notification.

This Privacy Policy was last updated on 05.10.2025.