FixrOS
  • Home
    • The platform
    • Dashboard
    • App
    • Ecosystem portals
    • Claims
    • Marketplace
    • Accounting
  • How it works
    • Communities & Properties
    • Property Managers
    • Vendors
    • Corporates & SOCIMIs
    • Insurers & Brokers
    • Loss Adjusters
  • Blog
ES | EN
Client login Request demo
FixrOS
Home
Product
Dashboard App
Ecosystem portals
Claims Marketplace Accounting
How it works
Who is it for?
Communities & Properties Property Managers Vendors Corporates & SOCIMIs Insurers & Brokers Loss Adjusters
Blog
ES | EN
Client login Request demo

We use first-party and third-party cookies to improve your browsing experience, analyse traffic and show you relevant content. You can accept all, reject optional ones or customise your choice. Read more in our Cookie Policy.

← Legal Center

Terms and Conditions

In force from: 1 June 2026

These Terms and Conditions govern the use of the entire FixrOS platform: the mobile app (iOS and Android), the property managers' dashboard, the Claims Portal, the Provider Portal and the Marketplace. They are common to all services; each section indicates which user profile it applies to.

FieldDetail
OwnerFixrOS, S.L. — Tax ID (CIF) B88755780
Registered officeCalle Núñez de Balboa, 120, 28006 Madrid (Spain)
Registration detailsCommercial Registry of Madrid, sheet M-886883, entry 1st, IRUS 1000474064159
Contactsoporte@fixros.com · legal@fixros.com · privacidad@fixros.com

1. Purpose and acceptance

FixrOS is a platform that helps manage homeowners' associations and connect their members with property managers, providers and loss adjusters. By registering and ticking the acceptance box, you declare that you have read and accepted these Terms, the Legal Notice and the Privacy Policy.

In these Terms, "Client" means the property manager or the self-managed community that contracts the service; "User" means any natural person who uses the platform (neighbour, president, concierge, provider, loss adjuster or Marketplace user).

2. Who can use FixrOS

The minimum age to use FixrOS is 14 years (Art. 7 LOPDGDD). The use of the Provider Portal, the offering of services in the Marketplace and the contracting of plans are reserved for adults with sufficient legal capacity.

3. Your account

You can create your account with email and password or via "Continue with Google". You are responsible for the confidentiality of your password; we recommend enabling biometric unlocking. If you detect unauthorised access, write to us at soporte@fixros.com and change your password. You join your community by invitation or by means of a community code.

PART A — App and community users

4. What you can do

  • View and pay your invoices.
  • Report incidents relating to the community and to your dwelling.
  • Record the details of your home insurance policy and process claims with your insurer.
  • Book common facilities.
  • Communicate via the chat with your property manager, president, concierge, provider, other neighbours and, where applicable, the assigned loss adjuster.
  • Receive notices, take part in remote meetings and consult the noticeboard and documents.
  • Search for and contract providers through the Marketplace.

5. Use of the chat

The chat works on a principle of privacy by default: towards other neighbours you are identified by your dwelling (e.g. "3rdB"), not by your name. Only your property manager sees your real identity, as it is necessary for their management; the president and the concierge see you identified by your dwelling, like the rest of the neighbours.

Rules of use: treat others with respect; do not impersonate other people or publish third parties' data without permission; do not use the chat for spam, advertising or unlawful content. The chat with the concierge respects their working hours and their right to digital disconnection. Your real identity is only revealed if you decide to identify yourself, if you voluntarily share your contact details or if a judicial authority requires it.

FixrOS stores messages securely for as long as your account remains active, in accordance with the Chat Policy; it does not routinely read their content, does not sell it and does not use it for advertising or to train AI.

6. App permissions

The app may request permissions for camera, photos, notifications, biometrics, location (for tracking the provider during a service, the loss adjuster's check-in and meter readings) and microphone (the loss adjuster's voice notes). All permissions are optional and revocable from your device settings. The app does not perform background location tracking. In the Android version, location and microphone permissions are not requested, so the features that require them are currently available only in the iOS version. Biometric access is voluntary and verification takes place entirely on your device.

PART B — Content and moderation (Digital Services Act)

7. Content you publish

The content you publish (texts, photos, files, ratings) remains yours; you grant us a limited licence to host and display it on the platform for as long as you keep it published. In the Marketplace, that licence includes its public display and indexing by search engines.

8. Notification of illegal content

For the purposes of Regulation (EU) 2022/2065 (Digital Services Act / DSA), FixrOS provides a data hosting service and, in the Marketplace, operates an online platform; by virtue of its status as a micro-enterprise it is exempt from the reinforced obligations of online platforms.

Any person may notify presumably illegal content by means of the "Report" button —available on each chat message and on each piece of public content in the Marketplace— or by writing to legal@fixros.com, stating the reasons, the location of the content and their contact details. FixrOS acknowledges receipt within 48 working hours and communicates a reasoned decision within a maximum of 15 calendar days.

Reports from a community's chat are reviewed first by the property manager and escalated to FixrOS where appropriate; Marketplace content is moderated directly by FixrOS. When FixrOS removes content, restricts its visibility or suspends an account, it will communicate to the affected user the reasons and the available means of redress. FixrOS may warn, remove content, suspend or close accounts in the event of serious non-compliance, and will report to the authorities any suspicion of a crime that threatens the life or safety of persons.

PART C — Providers, loss adjusters and Marketplace

9. If you are a service provider

The Provider Portal allows you to manage your profile, your services, your bookings and your payments.

  • You must provide truthful data and the professional documentation requested of you (identity, NIF/CIF, civil liability insurance, registration in the IAE, professional association membership or certifications). Your profile is published only after that documentation has been verified.
  • Your profile in the Marketplace is public and indexable; you may request its removal at any time.
  • The contractual relationship for the provision of the service is between you and the customer. FixrOS facilitates the contact, the communication and the payment.
  • Payments are channelled through Stripe, an authorised payment service provider, in accordance with clause 12. In order to receive payments you must complete registration with Stripe, which may require your bank details and proof of your identity. FixrOS does not store your bank details. FixrOS applies an intermediation commission for each service, which is deducted from the amount you receive; its conditions in force are communicated to you during the registration process and are available in the Provider Portal.
  • After each service, the customer may publish a truthful rating and you may respond to it.

10. If you are a loss adjuster

You must provide truthful data about your professional qualifications. On arriving at the property you will perform a check-in that records your location once in order to evidence your presence (you are expressly informed at that moment). The file —report, photos, notes and messages— is accessible to the customer and to the recipient insurance company. You are subject to a strict duty of confidentiality regarding the data in the file.

11. If you use the Marketplace to contract services

The Marketplace connects those seeking a service with verified providers. FixrOS acts as an intermediary: it facilitates the search, the booking, the communication and the payment, and charges a commission to the provider; it is not a party to the service contract nor is it liable for its execution or outcome.

  • Before confirming a booking you are informed of the total price.
  • Payment is managed through Stripe in accordance with clause 12: the amount is authorised when the booking is requested, charged when the provider accepts it, automatically released if the provider does not accept it within the established period, and refunded if the accepted booking does not end up taking place.
  • If you act as a consumer, you have a 14 calendar-day right of withdrawal; if you request that the service begin earlier and it is fully performed, this right is lost once performed (Art. 103 TRLGDCU). You will be informed of this before confirming.
  • If you contract on behalf of a homeowners' association as a manager or representative, you act within the framework of your professional or representative activity: the rights reserved for consumers, including withdrawal, do not apply to you (Art. 3 TRLGDCU).

Complaints about the service are addressed to the provider; those relating to the operation of the platform or to payment, to soporte@fixros.com.

12. Usage fees and payment for services

Free registration. Registration and access to the Platform for Users are free of charge. You only pay for the services actually contracted through the Platform and, in the case of professional Clients, for the plans and services described in Part D.

Payment service provider. FixrOS is neither a payment institution nor an electronic money institution and does not store complete card data or banking credentials. The processing of payments, the custody of the User's credit or debit card information and the payout to professionals are the responsibility of Stripe (Stripe Payments Europe, Ltd. and any of its affiliates, hereinafter "Stripe"), an authorised payment service provider. Users who use the payment functions of the Platform declare that they accept Stripe's terms of service (available at stripe.com/legal/ssa) and, in the case of professionals who receive payments through the Platform, the Stripe connected account agreement (available at stripe.com/legal/connect-account), in order to be able to use the Platform correctly.

Who can contract. The following may contract professional services through the Platform: (i) owners, tenants and residents, for services in their own dwelling, who will have the status of consumers when they act for a purpose unrelated to their professional activity; and (ii) property managers and homeowners' associations, for services intended for the community, who act within the framework of their professional or representative activity and do not have the status of consumers.

Moment of payment. The customer of the service only pays for each service requested through the Platform, making such payment at the moment of requesting the booking: at that moment the amount is authorised on their means of payment. The effective charge takes place when the Professional accepts the booking. If the Professional does not accept it within the established period, the authorisation is automatically released and no charge is made. If the accepted booking does not end up taking place, the amount is refunded in accordance with clause 11.

Payment to the Professional. The Professional receives the amount of the service once it has been performed and validated in accordance with the Platform's flow. The payout is made, after deduction of FixrOS's commission, into the Professional's payment account managed by Stripe or, failing that, by bank transfer. In order to be able to receive payments, the Professional must provide their bank details and complete registration with the payment provider; it may be necessary to request proof of identity in order to comply with the payment provider's terms of use and with fraud and money laundering prevention regulations.

Price setting. The price of each service is set by the Professional. Depending on the type of service, the Professional may set a price in euros per hour —which will be multiplied by the duration of the service to calculate the total—, a fixed price per service, a price by quote following an assessment, a periodic maintenance contract or a bundle of sessions. It is solely the responsibility of the Professional to set the amount they actually wish to receive for the provision of the service, and any error in stating the price will be the sole responsibility of the Professional. The Professional may modify the price of their services through the section provided in their portal; however, the modifications will not have effect on services that had been booked or contracted beforehand.

Final prices. All prices indicated on the Platform include the applicable taxes and are expressed in euros (€). Before confirming any booking or contracting, the customer of the service is shown the total price to be paid.

FixrOS commission. For the use of the Platform and the intermediation, communication and payment services, FixrOS applies a commission on each contracted service, which will be shown itemised or included in the total amount to be paid by the customer and which is deducted from the amount received by the Professional. The commission conditions in force are communicated to the Professional during the registration process and are available in the Provider Portal. For more information: soporte@fixros.com.

Services arising from incidents. The provisions of this clause apply equally to professional services contracted as a result of an incident managed on the Platform, including quotes approved by the property manager on behalf of the community.

PART D — Professional Clients (property managers and communities)

13. The service

FixrOS is a SaaS community management platform that includes, among other features: registration and management of communities, census, invoices and fees, SEPA mandates, incidents, noticeboard, notifications, meetings (in-person and remote), document management, messaging, import assistant and AI Inbox, Claims Portal, access to the Marketplace and optional bank reconciliation (Open Banking).

The Client may also contract, from the dashboard itself, optional paid services ("Premium Services"), such as holding remote or hybrid meetings (with a fee per meeting according to the contracted tier), the design and development of websites (one-off payment) or access to the AI-assisted accounting portal (periodic subscription), as well as any others that FixrOS may add to the catalogue from time to time.

FixrOS is a technological platform: it is neither a payment institution nor an electronic money institution. The processing of payments is the responsibility of an authorised payment service provider and, in the optional bank reconciliation, of an authorised account information service provider.

14. Registration and obligations of the Client

  • The Client must provide truthful data and have sufficient legal capacity. The self-managed community is registered by its president or a person authorised by the meeting.
  • When registering Users' data, the Client declares that it has informed them and has a sufficient legal basis, and assumes the status of Data Controller over that data (see Section 17 and Annex I).
  • The Client must use the platform in accordance with the law, keep the data up to date, immediately notify any security breach and keep its professional civil liability insurance in force.
  • If it activates the AI Inbox, it must inform the affected email senders and review the AI-generated responses before sending them. In the Claims Portal, it determines the legal basis for the transfer of the file to the insurer.

15. Prices and invoicing

The use of the platform by professional Clients and certain optional services or modules are subject to economic consideration. The prices and plans applicable to each Client are those that FixrOS communicates during the contracting process or those set out in the commercial contract signed with each Client; they may be structured, among other criteria, by number of dwellings, by community or by service. The amounts are understood to be without prejudice to the legally applicable taxes.

The Premium Services are contracted from the dashboard and paid through Stripe, with the total price being shown before confirming the payment. Those configured as a periodic subscription renew automatically for successive periods until cancellation, which may be requested at any time with effect at the end of the current period. Those configured as a one-off payment are executed after confirmation of payment. Paid remote or hybrid meetings are contracted per meeting, in accordance with the tier selected before payment. The professional Client does not have the status of consumer, and therefore the right of withdrawal does not apply.

Invoicing is periodic and in advance, by electronic invoice and through the payment gateway. Price changes are notified at least 30 calendar days in advance. Non-payment leads to the suspension of the service following a prior demand and, where applicable, to the termination of the contract, with the interest and management costs provided for in Law 3/2004 on combating late payment.

16. Service level

FixrOS makes reasonable efforts to keep the platform available and operational, but does not guarantee uninterrupted availability. The service level applicable to each Client will be that agreed, where applicable, in the commercial contract.

PART E — Common provisions

17. Data protection

The processing of personal data is governed by the Privacy Policy. In the relationship with professional Clients, the Client is the Data Controller of the community's operational data and FixrOS is the Data Processor, under the terms of Annex I — Data Processing Agreement (DPA), which forms an inseparable part of these Terms. FixrOS is the Data Controller of user account, billing and Marketplace data, in accordance with the Privacy Policy. The Client guarantees that it has a legal basis to introduce third parties' data, that it has informed the data subjects (Art. 13 GDPR) and that it maintains its record of processing activities.

The named and up-to-date list of processors (sub-processors with respect to the Client) used by FixrOS to provide the Service is made available to the Client upon request, in accordance with art. 28 GDPR and clause 6 of Annex I.

18. Confidentiality

The parties will maintain the confidentiality of all commercial, technical or any other information accessed within the framework of the contractual relationship, during its term and the five (5) years following its termination. Users will respect the confidentiality of third parties' data accessed in the exercise of their role.

19. Intellectual property

The app, the web portals, their design, the software, the databases, the trademarks, the trade names and the logos of FixrOS are the property of FixrOS, S.L. and are protected by intellectual and industrial property regulations. The Client and the Users receive a limited, non-exclusive, non-transferable and revocable licence of use. The platform may not be copied, resold or decompiled. The Client retains ownership of the data and content it introduces.

20. Liability

FixrOS is not liable for the data introduced by the Client or by other users, for the decisions of the community or of the property manager, nor for the outcome of the services contracted with providers or loss adjusters. With respect to professional Clients, FixrOS's accumulated liability is limited to the greater of the following amounts: (i) the fees actually paid by the Client to FixrOS in the 12 months prior to the event giving rise to the claim, or (ii) five hundred euros (€500). In no event will FixrOS be liable for indirect damages or loss of profit. These limitations do not apply in the event of wilful misconduct or gross negligence, nor to liability under Art. 82 GDPR, nor to the inalienable rights of consumers (RDL 1/2007), nor to other mandatory legal obligations.

21. Term, account closure and termination

You may close your account at any time from Settings → Close account; closure is immediate and, after a 30-day grace period, your personal data is anonymised. Some data is retained for the mandatory legal periods (billing, files, bookings). The contract with professional Clients has an indefinite term with monthly renewal; the Client may terminate it with 30 days' notice and FixrOS immediately for non-payment or serious breach, with a 30-day period to export the data.

22. Assignment

The Client may not assign the rights and obligations of these Terms without the prior written consent of FixrOS. FixrOS may assign its contractual position to a company within its group or, in the context of a corporate reorganisation, to a third party, notifying the affected Clients.

23. Notifications, changes, applicable law and jurisdiction

Notifications will be sent by email to the addresses designated by the parties and, subsidiarily, through the platform itself. FixrOS may modify these Terms; substantial changes are notified at least 30 calendar days in advance. These Terms are governed by Spanish law. If you are a consumer, the courts of your place of residence are competent; if you act as a professional or Client, those of the city of Madrid. European online dispute resolution platform: ec.europa.eu/consumers/odr.

For…Write to us at…
General helpsoporte@fixros.com
Legal matterslegal@fixros.com
Data protectionprivacidad@fixros.com

Annex I — Data Processing Agreement (DPA)

Article 28 of Regulation (EU) 2016/679 (GDPR)

1. Parties and scope of application

1.1. Contracting parties

This Data Processing Agreement (hereinafter, "DPA") governs the relationship, regarding the protection of personal data, between:

(a) The professional Client —registered property manager or entity managing horizontal property— who has contracted the services of the FixrOS platform, acting as Data Controller (hereinafter, "the Controller" or "the Client"), and

(b) FixrOS, S.L., with registered office at Calle Núñez de Balboa, 120, 28006 Madrid (Spain), and privacy contact address privacidad@fixros.com, acting as Data Processor (hereinafter, "FixrOS" or "the Processor").

1.2. Regulatory framework

This DPA complies with article 28 of Regulation (EU) 2016/679 (GDPR), with Organic Law 3/2018 (LOPDGDD) and other applicable regulations.

1.3. Acceptance and integration

This DPA is accepted electronically by the Client at the moment of registration on the FixrOS platform and forms an inseparable part of the Terms of Use of the Service. In the event of contradiction between this DPA and any other contractual documents regarding data protection, the provisions of this DPA will prevail.

1.4. Dual nature of FixrOS

The parties acknowledge that this DPA governs exclusively the relationship in which the Client acts as Controller and FixrOS as Processor. In parallel, FixrOS acts as an independent Data Controller with respect to the personal data that end users (owners, residents, presidents, concierges, providers, loss adjusters and other persons invited by the Client) voluntarily provide to it when registering in the mobile application or when using the Service through their own credentials, including, without limitation: account data, authentication credentials, biometrics, device identifiers, notification tokens, usage telemetry and communications generated within the application. The processing that FixrOS carries out as Controller is governed by its Privacy Policy and by the Terms of Use, not by this DPA.

2. Definitions

  • Personal Data: any information about an identified or identifiable natural person processed by FixrOS on behalf of the Client.
  • Processing: any operation carried out on Personal Data, in accordance with art. 4.2 GDPR.
  • Data Subject: the natural person to whom the Personal Data refers.
  • Sub-processor: any third party subcontracted by FixrOS to process Personal Data on behalf of the Client.
  • Security Breach: the security breach defined in art. 4.12 GDPR.
  • Special Categories: the data referred to in art. 9 GDPR.
  • Service: the FixrOS platform and all its modules, in the version in force from time to time.
  • Documented Instructions: those contained in this DPA, in the Terms of Use, in the configuration of the Service carried out by the Client and in any additional instructions that the Client communicates in writing.

3. Subject matter, nature, purpose and duration

3.1. Subject matter

The Client entrusts FixrOS with the Processing of the Personal Data necessary for the provision of the Service, under the terms of this DPA and of the Documented Instructions.

3.2. Nature and purpose

FixrOS will process the Personal Data solely to provide the Service to the Client, comprising collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, internal use, disclosure by transmission, alignment or combination, restriction, erasure and destruction.

3.3. Duration

This DPA will be in force for as long as FixrOS provides the Service to the Client and during the additional periods necessary to fulfil the return or erasure obligations of clause 13.

3.4. Categories of Data Subjects

Owners, tenants and residents; presidents and members of meetings; community employees (concierges, caretakers); providers and loss adjusters; the Client's employees and collaborators.

3.5. Categories of Data

Identifying and contact data; data relating to the dwelling; economic and financial data (including SEPA mandate and IBAN); data relating to meetings, votes, agreements and communications; data relating to incidents and breakdown reports; professional data; data on the use of the Service (logs, IP, device identifiers).

3.6. Special Categories

Incidentally and only when the Client activates the claims management module, health-related data may be processed. In such cases, FixrOS will apply reinforced measures and the Client will guarantee the existence of an enabling legal basis under art. 9.2 GDPR.

4. Obligations of the Client (Controller)

The Client, in its capacity as Data Controller, declares and warrants:

4.1. Lawfulness of Processing

To have a valid legal basis in accordance with art. 6 GDPR (and, where applicable, art. 9 GDPR for Special Categories) for all the Processing entrusted to FixrOS, as well as to process exclusively Personal Data that is lawfully obtained, accurate and up to date.

4.2. Information to Data Subjects

To inform the Data Subjects in accordance with arts. 13 and 14 GDPR, expressly mentioning FixrOS as Data Processor. FixrOS will provide the Client with the named list of processors (sub-processors with respect to the Client) upon request, so that the Client can fulfil that obligation.

4.3. Handling of rights

To handle the requests for the exercise of rights (access, rectification, erasure, restriction, objection, portability and not to be subject to automated decisions) directed by the Data Subjects, without prejudice to the assistance that FixrOS will provide in accordance with clause 5.6.

4.4. Impact Assessments and prior consultations

To carry out the Data Protection Impact Assessments (DPIA) and, where applicable, the prior consultations with the supervisory authority that are required in accordance with arts. 35 and 36 GDPR.

4.5. Instructions

To issue only lawful Instructions that comply with data protection regulations. FixrOS may refuse to execute Instructions that it considers contrary to the GDPR or to the LOPDGDD, communicating this to the Client with reasons.

4.6. Indemnity

The Client will hold FixrOS harmless against any third-party claim, administrative penalty or judicial decision arising from its breach of the obligations contained in this clause 4 or from the unlawful Processing of Personal Data prior to or outside the Service.

5. Obligations of FixrOS (Processor)

5.1. Processing in accordance with Instructions

FixrOS will process the Personal Data solely in accordance with the Client's Documented Instructions, unless required by EU or Member State law, informing the Client prior to the Processing, unless the applicable law prohibits it for important reasons of public interest.

5.2. Confidentiality

FixrOS will guarantee that the persons authorised to process Personal Data commit, in writing, to respect confidentiality.

5.3. Security

FixrOS will apply the appropriate technical and organisational measures provided for in Annex I.A of this DPA, in accordance with art. 32 GDPR.

5.4. Sub-processors

FixrOS may use Sub-processors for the provision of the Service, under the terms provided for in clause 6.

5.5. Notification of Security Breaches

FixrOS will notify the Client, without undue delay and in any event within a reasonable period that allows the Client to fulfil its obligation to notify the supervisory authority within the 72-hour period of art. 33 GDPR, of any Security Breach of which it becomes aware, providing at least the information of art. 33.3 GDPR insofar as it has it, without prejudice to progressive updates.

5.6. Assistance to the Controller

FixrOS will assist the Client, taking into account the nature of the Processing and by means of appropriate technical and organisational measures, insofar as reasonably possible, to:

  • Handle the requests for the exercise of the Data Subjects' rights (arts. 12 to 22 GDPR).
  • Comply with the obligations of security, notification of Security Breaches, Impact Assessments and prior consultations (arts. 32 to 36 GDPR).

Ordinary assistance is included in the price of the Service. Extraordinary assistance or assistance requiring specific developments may be invoiced at FixrOS's hourly rate, subject to prior communication and acceptance by the Client.

5.7. Record of Processing Activities of the Processor

FixrOS will maintain a record of the categories of Processing activities carried out on behalf of the Client, in accordance with art. 30.2 GDPR.

5.8. Data Protection Officer

When FixrOS appoints a Data Protection Officer, it will communicate their contact details to the Client and publish them in its Privacy Policy. Until then, communications regarding privacy will be directed to privacidad@fixros.com.

6. Sub-processors

6.1. General authorisation

The Client grants FixrOS general authorisation, in accordance with art. 28.2 GDPR, to use Sub-processors in the provision of the Service.

6.2. List of Sub-processors

FixrOS maintains a named and up-to-date list of the Sub-processors, indicating their name, location, purpose of the sub-processing and, where applicable, international transfer safeguards. This list is made available to the Client upon request directed to privacidad@fixros.com, and the Client is notified of any addition or replacement in accordance with clause 6.3. The categories of Sub-processors include, without limitation: hosting and infrastructure, payment gateway, real-time messaging and push notifications, email, videoconferencing, artificial intelligence services, mapping, technical monitoring and bank aggregation.

6.3. Notification of changes and right of objection

FixrOS will notify the Client of any addition or replacement of a Sub-processor at least thirty (30) calendar days before the effective incorporation date. The Client may object on reasoned grounds to the new Sub-processor within that period, by written communication to privacidad@fixros.com, provided that the objection is based on objective reasons linked to the protection of Personal Data.

Once the objection is received, FixrOS may: (i) propose a reasonable alternative solution; (ii) keep the original Sub-processor provided it is technically feasible; or (iii) if no alternative is feasible, the Client may terminate the Service provision contract without penalty, with effect from the date envisaged for the incorporation of the new Sub-processor.

6.4. Contractual regime of the Sub-processor

FixrOS will enter into a contract with each Sub-processor imposing on it, as a minimum, the same data protection obligations provided for in this DPA. When the Sub-processor fails to fulfil its obligations, FixrOS will be liable to the Client for the Sub-processor's performance, in accordance with art. 28.4 GDPR.

7. International transfers

7.1. Processing within the EEA

As a general rule, FixrOS will process the Personal Data within the European Economic Area (EEA).

7.2. Transfers outside the EEA

When a Sub-processor is established outside the EEA, FixrOS will guarantee that the transfer is covered by one of the mechanisms provided for in Chapter V of the GDPR: adequacy decisions (art. 45 GDPR), including the EU-US Data Privacy Framework; Standard Contractual Clauses (art. 46.2.c GDPR); or Binding Corporate Rules (art. 47 GDPR).

7.3. Transfer Impact Assessment (TIA)

In accordance with the CJEU judgment of 16 July 2020 (Schrems II) and Recommendations 01/2020 of the EDPB, FixrOS will carry out, where appropriate, a Transfer Impact Assessment, implementing, where applicable, supplementary technical, contractual and organisational measures.

8. Audit and right of inspection

8.1. Available information

FixrOS will make available to the Client all the information necessary to demonstrate compliance with the obligations of art. 28 GDPR, in accordance with art. 28.3.h GDPR.

8.2. Audits

The Client may audit compliance with this DPA by means of: (i) delivery of the audit reports or security certifications that FixrOS holds from time to time; (ii) documented response to reasonable security and data protection questionnaires; or (iii) on-site inspection at FixrOS's premises, subject to the conditions of clause 8.3.

8.3. Conditions of the on-site inspection

On-site inspections will require: (i) minimum notice of thirty (30) calendar days, except in the case of an evidenced security incident; (ii) being carried out during working hours and without interfering with FixrOS's operations; (iii) the signing of a confidentiality agreement by the auditor; (iv) a maximum frequency of once (1) per year, except for a justified reason linked to an incident; and (v) the Client assuming its own costs and, where applicable, the reasonable costs generated for FixrOS.

9. Security measures

The technical and organisational measures applied by FixrOS to guarantee a level of security appropriate to the risk, in accordance with art. 32 GDPR, are described in Annex I.A. Such measures may evolve over time, without the level of protection being lower than that provided for in the initial version accepted by the Client.

10. Liability

10.1. General regime

Each party will be liable in accordance with art. 82 GDPR for its own breach. FixrOS is liable for damage caused by the Processing only when it has breached obligations specifically imposed on the Processor by the GDPR or by the Client's lawful Documented Instructions.

10.2. Internal allocation and reimbursement

When one of the parties has paid compensation or a penalty for which liability corresponds, in whole or in part, to the other, it may claim reimbursement of the proportional share, in accordance with art. 82.5 GDPR.

10.3. Reciprocal indemnity

Each party will hold the other harmless against any penalty or claim arising from the breach of its own obligations under this DPA, including reasonable legal defence costs.

10.4. Limitation

Without prejudice to the mandatory obligations of the GDPR, the limitations of liability provided for in clause 20 of the Terms of Use will apply, to the extent compatible, to this DPA. In no event will liability be limited for wilful misconduct or gross negligence.

11. Automated decisions and artificial intelligence

The Service incorporates features based on artificial intelligence (incident classification, duplicate detection, FixrOS agent, drafting assistance). These features constitute assistance to the user and do not produce binding legal decisions or significant effects on the Data Subjects without human intervention, within the meaning of art. 22 GDPR. When the Client activates features that may involve significant profiling or automated decisions with legal effects, it must inform the Data Subjects, obtain the applicable legal basis and, where applicable, carry out the corresponding DPIA.

FixrOS does not use the Client's Personal Data to train artificial intelligence models accessible to third parties, unless the Client expressly and separately authorises it.

12. Confidentiality and isolation between Clients

FixrOS guarantees the logical isolation of the Personal Data processed on behalf of each Client, so that no Client has access to the data of another. The isolation and access control measures are described in Annex I.A.

13. Return or erasure at the end of the Service

13.1. Client's option

Once the provision of the Service has ended, FixrOS, at the Client's choice and upon express request made within thirty (30) calendar days of termination, will return the Personal Data in a structured, commonly used and machine-readable format (CSV, JSON or equivalent), or will proceed to its secure erasure.

13.2. Erasure period

Once that period has elapsed without a request from the Client, FixrOS will proceed to erase the Personal Data within a maximum period of ninety (90) calendar days, except for mandatory legal retention. Backup copies will be erased in accordance with the rotation cycles provided for in Annex I.A.

13.3. Certification

When the Client requests it in writing, FixrOS will issue a formal statement certifying the effective return or erasure of the Personal Data.

13.4. Mandatory retention

The Personal Data that must be retained by legal requirement will remain blocked, accessible only to attend to legal requirements, until the end of the legal retention period.

14. Modification of the DPA

FixrOS may modify this DPA when necessary to adapt it to regulatory changes, guidelines from supervisory authorities, EDPB decisions, judgments of the CJEU or of the Supreme Court or reasonable modifications of the Service. The modifications will be notified to the Client at least thirty (30) calendar days in advance. If the Client does not agree, it may terminate the contract without penalty before the entry into force date.

15. Notifications, applicable law and jurisdiction

All communication regarding privacy will be directed, in the case of FixrOS, to privacidad@fixros.com, and in the case of the Client, to the email address provided at registration. This DPA is governed by Spanish law and by the GDPR. Disputes will be submitted to the Courts and Tribunals of the city of Madrid, without prejudice to the right of the Data Subjects to resort to the competent supervisory authority or to the courts in accordance with the GDPR.

Annex I.A — Technical and organisational security measures (Art. 32 GDPR)

FixrOS applies, in a manner appropriate to the risk of the Processing and to the state of the art, the following technical and organisational measures, which may evolve in accordance with the maturity of the Service without being reduced below the initial level accepted by the Client:

I.A.1. Access control

  • Authentication by means of individual credentials with password storage encrypted using robust hash functions (bcrypt or equivalent).
  • Multi-factor authentication (MFA) available for personnel with access to production systems.
  • Role-based access control (RBAC) with the principle of least privilege.
  • Periodic review of permissions and revocation upon termination of the professional relationship.

I.A.2. Encryption

  • Encryption in transit by means of TLS 1.2 or higher for all communications.
  • Encryption at rest of credentials and sensitive data.
  • Management of cryptographic keys in accordance with good practices.

I.A.3. Isolation between Clients

  • Logical segregation of each Client's data by means of unique identifiers.
  • Row-level control mechanisms at database level (Row-Level Security) where appropriate.

I.A.4. Pseudonymisation and minimisation

  • Application of pseudonymisation in community messaging whenever operationally feasible.
  • Collection of Personal Data limited to those strictly necessary (privacy by design / privacy by default).

I.A.5. Audit logging

  • Logging of administrative actions and of accesses to sensitive data.
  • Retention of logs for a reasonable period, without prejudice to longer legal periods.
  • Protection of logs against unauthorised alteration.

I.A.6. Backups

  • Encrypted backups on a regular basis.
  • Storage of copies in a suitable location to reduce the risk of loss.

I.A.7. Secure development and vulnerability management

  • Code review and application of secure development good practices.
  • Periodic updating of dependencies and monitoring of known vulnerabilities.

I.A.8. Security incident management

  • Procedure for the detection, containment and communication of incidents.
  • Notification to the Client in accordance with clause 5.5 of the DPA.

I.A.9. Physical, personnel and provider security

  • Hosting of the infrastructure in professional data centres with their own physical and logical security measures.
  • Written confidentiality agreements with personnel having access to Personal Data.
  • Training and awareness of personnel in data protection and information security.

I.A.10. Data protection governance

  • Maintenance of the Processor's Record of Processing Activities (art. 30.2 GDPR).
  • Impact Assessments (DPIA) for higher-risk processing.
  • Periodic review of the suitability of the security measures.
  • Appointment of a Data Protection Officer where appropriate.

FixrOS, S.L. (brand FixrOS) · Tax ID B88755780 · Calle Núñez de Balboa 120, 28006 Madrid · legal@fixros.com · fixros.com
In force from: 1 June 2026

FixrOS

The operating system for property operations. Tickets, vendors and real-time operations.

Coming soon to App Store Coming soon to Google Play

Product

  • Property management software
  • Web Dashboard
  • Mobile App
  • For insurers
  • For loss adjusters
  • Who is it for?
  • How it works
  • Integrations
  • Security & compliance
  • Request a demo

Company

  • About us
  • Contact

Legal

  • Legal Notice
  • Privacy Policy
  • Terms and Conditions
  • Cookie Policy
Fixi has answered 174 questions · © 2026 FixrOS, S.L. · All rights reserved ·
Legal Notice · Privacy · Terms · Cookies ·