Privacy Policy

Effective date: 17 April 2026

Controller: Johannes Wegemann, trading as fritz.ie

Address: 6 Brandon Park, F93Y861 Saint Johnston, Republic of Ireland

This Privacy Policy explains how fritz.ie // The Arena processes personal data when you visit the website, submit a bid, use the checkout flow, interact with previews, report a slot, or otherwise contact us.

1. Who is responsible for your data?

The controller for the processing described in this Privacy Policy is:

Johannes Wegemann 6 Brandon Park F93Y861 Saint Johnston Republic of Ireland [email protected]

2. What data we process

Depending on how you use fritz.ie, we may process the following categories of data:

technical data such as IP address, request timestamps, browser/device signals, and server-side logs;
slot submission data such as target URL, display text, bid amount, preview metadata, preview image URL, preview title, preview description, and preview site name;
transaction-related data such as Stripe session identifiers, slot identifiers, payment status, amount paid, and associated order metadata;
reporting and abuse data such as slot report details, IP address connected to a report, report timing, and internal review notes;
communications data if you contact us by email, including legal, abuse, privacy, or support requests;
analytics data, but only after you have given the required consent through a cookie banner.

3. How we collect data

We collect personal data directly from you, automatically through your use of the site, and from service providers involved in processing transactions and security checks.

This may include data you enter into forms, data generated by your browser while using the site, information returned by our payment processor, and risk or security responses associated with submitted URLs.

4. Why we process your data and our legal bases

We process personal data for the following purposes and legal bases under the GDPR:

To perform a contract or take steps before entering into a contract, including validating bids, generating previews, activating slots, processing payments, applying lock periods, and operating the paid placement service.
To comply with legal obligations, including retaining records relevant to fraud prevention, tax, accounting, consumer law, regulatory requests, and legal claims.
For our legitimate interests, including operating and securing the platform, preventing abuse, handling reports, moderating content, detecting fraud, maintaining logs, and defending legal claims.
On the basis of consent, where legally required, including for analytics cookies or similar tracking technologies.

5. Payments and Stripe

Payments are processed by Stripe. When you use the checkout flow, relevant payment and transaction data will be processed by Stripe in accordance with Stripe’s own privacy and compliance framework.

We do not intentionally store full card details on our own systems. We may, however, receive and store transaction-related data such as Stripe session IDs, payment status, amounts, and purchase metadata necessary to operate the service and keep records.

6. URL screening, previews, and security checks

When you submit a target URL, the system may process that URL to generate preview data such as title, description, site name, and image, and may also carry out security or malware-related checks before allowing checkout or activation.

This processing is necessary to operate the service, reduce platform abuse, and protect users and the operator from unlawful, malicious, or fraudulent content.

7. Reporting function and abuse handling

If you use a reporting function or otherwise notify us about allegedly unlawful or abusive content, we may process the report itself, the affected slot, your IP address, the time of the report, and related internal review data.

We use this data to investigate reports, reduce abuse, rate-limit repeated reporting, preserve evidence, and take moderation or enforcement decisions where appropriate.

8. Analytics and cookies

The site is designed so that analytics remains disabled unless and until a user has provided the required consent through a cookie banner. If you do not consent, analytics tracking should remain off.

Once analytics is enabled after consent, we may process aggregated or pseudonymous usage data to understand traffic, performance, and site interaction. The exact analytics implementation and cookie details should also be described in a separate cookie banner or cookie notice when that goes live.

9. Who receives your data

We may share personal data with the following categories of recipients where necessary:

payment processors, including Stripe;
hosting, infrastructure, security, and technical service providers;
analytics providers, but only where you have given any legally required consent;
professional advisers such as lawyers, accountants, or insurers where necessary;
public authorities, regulators, courts, law enforcement, or complainants where disclosure is legally required or reasonably necessary to defend rights or respond to abuse.

10. International transfers

Some service providers may process personal data outside the European Economic Area. Where this happens, we will rely on appropriate safeguards required by applicable data protection law, such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms where relevant.

11. How long we keep data

We keep personal data only for as long as necessary for the purposes for which it was collected, including contractual performance, platform operation, abuse prevention, dispute resolution, accounting, and legal compliance.

Retention periods may vary depending on the type of data. For example, transaction records, moderation records, technical logs, and report-related data may be retained for longer where reasonably necessary to protect the service or comply with legal obligations.

12. Your rights under the GDPR

Subject to the conditions and limitations under applicable law, you may have the right to:

request access to your personal data;
request rectification of inaccurate or incomplete data;
request erasure of your personal data;
request restriction of processing;
object to processing based on legitimate interests;
request data portability where applicable;
withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

To exercise these rights, contact [email protected].

13. Complaints

If you believe that your personal data has been processed unlawfully, you may contact us first at [email protected]. You also have the right to lodge a complaint with the Data Protection Commission in Ireland or with the supervisory authority in your place of residence within the EU.

14. Children

The service is not intended for children. We do not knowingly offer the platform to persons under 18, and we do not knowingly collect personal data from children in connection with the paid slot service.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version published on this page will apply from its stated effective date.