01What we collect
fixbg.uk collects the information needed to operate the site, review trader applications, handle reader enquiries, document selected jobs, and manage complaints.
Reader subscriptions. Email address, source page (homepage capture or journal-launch capture), date of subscription. Nothing else.
Trader applications. Full name, business name, mobile, email, regions covered, English-ability rating, trade or speciality, optional website, what kind of work you want, signed agreement, optional notes. Plus your IP address and browser user-agent at the time of submission, for spam-defence purposes.
Reader enquiries. Your name, email, the project you want help with, the region, and which trader you wish to contact.
Project material. When a job is documented as a project journal entry, we may collect and publish photographs, descriptions, customer reviews, and trader responses related to that job, with consent.
Complaint records. When a complaint is filed, we collect the customer’s contact details, supporting documents (contracts, invoices, photographs, written communication) and the trader’s response.
Browsing the site. Standard server access logs (timestamp, IP, requested URL, referring URL, user-agent). No third-party analytics, no Google Analytics, no Meta pixel, no advertising trackers. The site sets no cookies of its own at present.
CLAUSE 01 · INVENTORY
02Where it lives
Reader subscriptions: MailerLite (EU data processor), single audience shared with sister site Shumen.UK, segmented by tag.
Trader applications, reader enquiries, complaint records: JSON files in a private directory on our hosting server (Evolonia, Bulgaria, EU). Not in the public web root. Read access restricted to Adrian Dane via SFTP.
Project journal entries: published on the public site as HTML; source files retained in version control on the editor’s own machine and on the host.
Server access logs: Evolonia’s standard nginx access logs, retained on the host for 30 days then rotated.
Email correspondence: Gmail (Adrian’s personal mailbox, Google as processor). Used because the volume is low; migration to a self-hosted mailbox is on the roadmap.
Payments: handled by Stripe (Stripe Payments Europe Ltd, EU-resident). We never see card details.
CLAUSE 02 · LOCATIONS
03Who has access
Adrian Dane (editor). Sole human with read access to the private application, enquiry and complaint directories, and the MailerLite admin.
MailerLite processes subscription emails on our behalf, under their data-processor terms. They do not use our subscriber list for any other purpose.
Stripe processes payments. They see card details, name and billing email; we do not. Stripe is PCI-DSS compliant and stores card data on its own infrastructure under EU data-protection rules.
Evolonia hosts the server. They have technical access to the disk in the same way any web host does.
Nobody else. We do not sell personal information. We do not share it with marketing partners, lead-generation aggregators, or any third party for commercial purposes.
CLAUSE 03 · ACCESS LIST
04How long we keep it
Reader subscriptions: until you unsubscribe. The unsubscribe link is in every email and works in one click.
Trader applications, accepted: retained while the listing is active, plus three years after the listing ends, in case a complaint arrives after removal. Then deleted.
Trader applications, rejected: retained for one year so we don’t accidentally re-vet the same applicant from scratch. Then deleted.
Reader enquiries: retained 12 months from submission, then deleted. The trader who received the enquiry retains whatever copy they made on their own systems.
Complaint records: retained for three years after the complaint is closed.
Project journal entries: public on the site indefinitely; if a customer or trader withdraws consent for an aspect (a photo, a name), we will edit or remove that aspect within 30 days.
Server access logs: 30 days on the host, then rotated.
Email correspondence: as long as is reasonable to handle the matter, then archived. Anything older than three years is deleted.
CLAUSE 04 · RETENTION
05Public publication of jobs
Where jobs are documented publicly on the project journal, we will aim to avoid publishing private details unnecessarily and may anonymise sensitive information where appropriate. Specifically:
5.1 We will normally publish the area or town, not the specific street address.
5.2 We will publish customer first names with consent, or initials where the customer prefers.
5.3 We will publish photographs of the work but avoid photographs that identify people incidentally.
5.4 Sums of money are published only with consent.
5.5 A customer or trader can withdraw consent for any aspect of a journal entry at any time. We will edit or remove the aspect within 30 days.
CLAUSE 05 · PROJECT JOURNAL
06Your rights
Right to access. Email editor@fixbg.uk from the address you gave us. We will send back everything we hold about you within 30 days, free of charge.
Right to deletion. Same email. We will delete everything we hold within 30 days, except records we are legally obliged to keep.
Right to correction. If the data we hold about you is wrong, tell us, we fix it.
Right to object. You can ask us to stop processing your data for any specific purpose. Reader subscription unsubscribe is the most common case and is one click.
Right to complain. If you think we have mishandled your data, you can complain to KZLD, the Bulgarian Commission for Personal Data Protection, at cpdp.bg. We would rather you wrote to us first so we can fix it without involving the regulator, but you have the right either way.
CLAUSE 06 · GDPR ARTICLES 15–22
07Cookies and trackers
fixbg.uk currently sets no cookies of its own. The site uses no third-party analytics, no advertising pixels, no remarketing, no fingerprinting.
External resources we load: Google Fonts (CSS + WOFF2 files for the typefaces; loads from fonts.googleapis.com and fonts.gstatic.com). Google sees the IP address that requests the font file. If you object to this, your browser can block these domains; the site will fall back to the next typeface in our CSS stack.
If we add cookies later (for example, to remember a logged-in trader-area session), this clause changes and we will make the change visible at the top of this page.
CLAUSE 07 · ZERO TRACKING
08A note on response headers
fixbg.uk is hosted on shared infrastructure with sister sites. The hosting provider sends a server-wide Content-Security-Policy header that whitelists origins used by other sites on the same account (for example a self-hosted analytics endpoint at gc.zgo.at, Wikimedia Commons for image embeds, and an email-list provider). fixbg.uk does not use any of those origins; you can verify this in the page source.
We send our own additional, stricter Content-Security-Policy header from .htaccess. Browsers honour the most restrictive of duplicate CSP headers, so what is allowed on fixbg.uk is the intersection of the two: own-origin only, plus Google Fonts. We are flagging the duplicate CSP because the broader (shared-host) header is visible to anyone reading response headers, and we would rather explain the discrepancy than pretend it does not exist.
CLAUSE 08 · SHARED-HOST CSP NOTE
08Changes to this statement
If we change this privacy statement, the date at the top of this page changes, and we keep a public dated record of every revision.
Material changes (new categories of data collected, new processors, new retention periods) will be announced on the homepage and emailed to anyone with a fixbg.uk subscription.
CLAUSE 08 · VERSIONING