Data Protection Declaration
November 2024
1. What this privacy policy is about
In this data protection declaration we inform you how and why we collect, process and use your personal data. This data protection declaration is based on the European General Data Protection Regulation – GDPR – which has established itself internationally as a yardstick for strong, effective data protection.
2. Who we are
The adress of our website is: https://www.hi-fish.com
Responsible for the website and its content:
Operating company: subversive green – Jost Responsibility: Jenny Jost
Address: Obergasse 21, 8400 Winterthur, Switzerland Contact: admin@hi-fish.com
3. Who is this data protection declaration for?
Our data processing primarily affects our customers, but also other people whose personal data we process. This data protection declaration applies in all of our business areas and regardless of which channel you use to contact us, e.g. in a branch, by telephone, in an online shop, on a website, in an app, via a social network, at an event etc. This data protection declaration is applicable to the processing of personal data that has already been collected as well as future ones. Additional data protection provisions may apply to certain offers and services (e.g. competitions), which apply in addition to this data protection declaration.
This data protection declaration is not applicable if another company is responsible for certain data processing. Another company can e.g. be responsible for a certain data processing, alone or together with us, when you visit our social media appearances (e.g. Facebook fan pages) or interact with social plug-ins integrated into our website (e.g. the Facebook “Like” button) if you interact with one visit the website of a third party linked by us, or if we give personal data to third parties such as Pass on authorities. In such cases, please consult the data protection declaration of the company concerned, which you can usually find on their website.
4. What personal data we collect and why we collect it
4.1. Comments
When visitors post comments on the website, we collect the data that is displayed in the comment form, as well as the visitor’s IP address and user agent string (this identifies the browser) to help detect spam.
An anonymized string (also called hash) can be created from your email address and given to the Gravatar service to check whether you are using it. The data protection declaration of the Gravatar service can be found here: https://automattic.com/privacy/. After your comment has been approved, your profile picture will be publicly visible in the context of your comment.
4.2. Media
If you are a registered user and upload photos to this website, you should avoid uploading photos with an EXIF GPS location. Visitors to this website could download photos stored on this website and extract their location information.
4.3.Contact forms
The personal data that you provide to us in the context of this contact request will only be used to answer your request or contact you and for the associated technical administration. The data will not be passed on to third parties.
You have the right to withdraw your consent with future effect at any time. In this case, your personal data will be deleted immediately.
Your personal data will also be deleted without your revocation if we have processed your request or you revoke the consent given here for storage. This also happens if the storage is not permitted for other legal reasons.
You can find out about the data stored about you at any time.
5. Cookies
If you write a comment on our website, this can be your consent to save your name, email address and website in cookies. This is a convenience feature so that if you post another comment, you won’t have to re-enter all this data. These cookies are stored for one year.
If you have an account and log in to this website, we will set a temporary cookie to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will set up some cookies to store your login information and viewing options. Registration cookies expire after two days and cookies for the display options after one year. If you select “Stay signed in” when registering, your registration will be held for two weeks. When you log out of your account, the registration cookies are deleted.
When you edit or publish an article, an additional cookie is saved in your browser. This cookie does not contain any personal data and only refers to the entry ID of the article that you have just edited. The cookie expires after one day.
6. Presence in social networks
We maintain online presences within social networks in order to communicate with the users active there or to offer information about us there.
We would like to point out that data of users outside the European Union can be processed. This can result in risks for the user, because e.g. enforcing users’ rights could be difficult. With regard to US providers who are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they are committed to complying with EU data protection standards.
Furthermore, the data of users within social networks are usually processed for market research and advertising purposes. For example, user profiles are created on the basis of user behavior and the resulting interests of users. The usage profiles can in turn be used to e.g. place advertisements inside and outside the networks that are believed to correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers in which the usage behavior and interests of the users are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information from the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively asserted by the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.
- Processed data types: inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
- Affected persons: users (e.g. website visitors, users of online services).
- Purposes of processing: contact inquiries and communication, tracking (e.g. interest / behavior-related
profiling, use of cookies), remarketing, range measurement (e.g. access statistics, recognition of returning
visitors). - Legal basis: legitimate interests (Art. 6 Para. 1 S. 1 lit. GDPR).
6.1. Services and service providers used:
- Instagram: social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy policy: http://instagram.com/about/legal/privacy
- Facebook: social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/about/privacy; Privacy Shield (guarantee of data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opposition option (opt-out): Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, data protection information for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
- LinkedIn: social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Data protection declaration: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (guarantee of data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opposition option (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- Pinterest: social network; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ,; Website: https://www.pinterest.com; Data protection declaration: https://about.pinterest.com/de/privacy-policy; Opposition option (opt-out): https://about.pinterest.com/de/privacy-policy.
- YouTube: social network; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (guaranteeing data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opposition option (opt-out): https://adssettings.google.com/authenticated.
7. Embedded content from other websites
Posts on this website may contain embedded content (e.g. videos, pictures, posts, etc.). Embedded content from other websites behaves exactly as if the visitor had visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking services, and record your interaction with this embedded content, including your interaction with the embedded content if you have an account and are logged in to this website.
8.1. Use of Google Analytics
We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and advertising measures.
Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the security and confidentiality of the processed data.
During your visit to the website, the following data, among others, is transmitted to Google
– Pages viewed
– Orders including turnover and products ordered
– The achievement of ‘website goals’ (e.g. contact enquiries and newsletter registrations)
– Your behaviour on the pages (e.g. length of stay, clicks, scroll depth)
– Your approximate location (country and city)
– Your internet address (IP address)
– Technical information such as browser, internet provider, end device and screen resolution
– Source of origin of your visit (i.e. via which website or advertising medium you came to us)
– A randomly generated user ID
No personal data such as name, address or contact details are transmitted to Google Analytics.
This data is transferred to Google servers in the USA. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website.
The recorded data is stored together with the randomly generated user ID, which makes it possible to analyse pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.
If you do not agree to the collection of data, you can prevent this by installing the browser add-on once to deactivate Google Analytics or by rejecting cookies via our cookie settings dialogue.
8.2. Use of the meta pixel (Facebook pixel)
We place adverts on Facebook and Instagram. In this context, we have integrated the ‘meta pixel’ on our website.
The meta pixel enables us to
– Measure the success achieved by Facebook advertising campaigns.
– Re-target visitors to our website with adverts on Facebook and Instagram.
– Personalise the ads to the previously viewed pages or products.
The meta pixel is provided to us by Meta Platforms Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
During your visit to the website, the following data, among other things, is transmitted to Meta
– Pages or URLs accessed
– Orders including sales and products ordered
– The achievement of ‘website goals’ (e.g. contact enquiries and newsletter registrations)
– Your internet connection data (IP address)
– Technical information such as browser, end device and screen resolution
– A randomly generated user ID
– A randomly generated advertising click ID if you have reached our website via an advert
No personal data such as name, address or contact details are transmitted to Facebook.
This data may also be transferred to Meta servers in the USA.
Meta stores cookies in your web browser for a period of one year since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website. If you are logged in to Meta platforms such as Facebook/Instagram, Meta can also assign the visit to your Facebook/Instagram account.
If you do not agree to this collection, you can prevent it by installing a tracking blocker add-on in your browser or by rejecting cookies via our cookie settings dialogue.
9. Who we share your data with
All data provided to us by you will not be shared with third parties. This does not apply to data in connection with payment transactions that run through Swiss Postfinance. This data is stored by the software provider customweb GmbH, Winterthur in the data cloud of Amazon Web Services EMEA SARL, Luxembourg (subsidiary of Amazon Web Services Inc., USA) on their server in Ireland and by the firewall of Cloudflare Inc ., USA checked. Your data abroad is no longer subject to Swiss data protection law and banking secrecy.
10. How long we store your data
If you write a comment, it is saved indefinitely, including metadata. In this way, we can automatically recognize and release follow-up comments instead of holding them in a moderation queue.
For users who register on our website, we also store the personal information that they provide in their user profiles. All users can view, change or delete their personal information at any time (the user name cannot be changed). Administrators of the website can also view and change this information.
11. What rights you have to your data
If you have an account on this website or have written comments, you can request an export of your personal data from us, including all data that you have given us. In addition, you can request the deletion of all personal data that we have stored about you. This does not include the data that we have to keep due to administrative, legal or security-related needs.
12. Where we send your data to
Visitor comments could be examined by an automated spam detection service.
13. Legal information
You are free to lodge a complaint with a competent supervisory authority against the way your personal data is processed if you believe that the data processing violates applicable law. The responsible supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).
14. Changes to this data protection declaration
This data protection declaration can be adjusted over time, especially if we change our data processing or if new legal regulations become applicable. We actively inform people whose contact details are registered with us about such changes in the event of significant changes, if this is possible without excessive effort. In general, the data protection declaration in the current version at the start of the relevant processing applies to data processing.