Data Protection Declaration

April 2020

1. What this privacy policy is about

In this data protection declaration we inform you how and why we collect, process and use your personal data. This data protection declaration is based on the European General Data Protection Regulation – GDPR – which has established itself internationally as a yardstick for strong, effective data protection.

2. Who we are

The adress of our website is: https://www.hi-fish.com
Responsible for the website and its content:
Operating company: subversive green – Jost Responsibility: Jenny Jost
Address: Obergasse 21, 8400 Winterthur, Switzerland Contact: admin@hi-fish.com

3. Who is this data protection declaration for?

Our data processing primarily affects our customers, but also other people whose personal data we process. This data protection declaration applies in all of our business areas and regardless of which channel you use to contact us, e.g. in a branch, by telephone, in an online shop, on a website, in an app, via a social network, at an event etc. This data protection declaration is applicable to the processing of personal data that has already been collected as well as future ones. Additional data protection provisions may apply to certain offers and services (e.g. competitions), which apply in addition to this data protection declaration.
This data protection declaration is not applicable if another company is responsible for certain data processing. Another company can e.g. be responsible for a certain data processing, alone or together with us, when you visit our social media appearances (e.g. Facebook fan pages) or interact with social plug-ins integrated into our website (e.g. the Facebook “Like” button) if you interact with one visit the website of a third party linked by us, or if we give personal data to third parties such as Pass on authorities. In such cases, please consult the data protection declaration of the company concerned, which you can usually find on their website.

4. What personal data we collect and why we collect it

4.1. Comments

When visitors post comments on the website, we collect the data that is displayed in the comment form, as well as the visitor’s IP address and user agent string (this identifies the browser) to help detect spam.
An anonymized string (also called hash) can be created from your email address and given to the Gravatar service to check whether you are using it. The data protection declaration of the Gravatar service can be found here: https://automattic.com/privacy/. After your comment has been approved, your profile picture will be publicly visible in the context of your comment.

4.2. Media

If you are a registered user and upload photos to this website, you should avoid uploading photos with an EXIF GPS location. Visitors to this website could download photos stored on this website and extract their location information.

4.3.Contact forms

The personal data that you provide to us in the context of this contact request will only be used to answer your request or contact you and for the associated technical administration. The data will not be passed on to third parties.
You have the right to withdraw your consent with future effect at any time. In this case, your personal data will be deleted immediately.
Your personal data will also be deleted without your revocation if we have processed your request or you revoke the consent given here for storage. This also happens if the storage is not permitted for other legal reasons.
You can find out about the data stored about you at any time.

5. Cookies

If you write a comment on our website, this can be your consent to save your name, email address and website in cookies. This is a convenience feature so that if you post another comment, you won’t have to re-enter all this data. These cookies are stored for one year.
If you have an account and log in to this website, we will set a temporary cookie to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will set up some cookies to store your login information and viewing options. Registration cookies expire after two days and cookies for the display options after one year. If you select “Stay signed in” when registering, your registration will be held for two weeks. When you log out of your account, the registration cookies are deleted.
When you edit or publish an article, an additional cookie is saved in your browser. This cookie does not contain any personal data and only refers to the entry ID of the article that you have just edited. The cookie expires after one day.

6. Presence in social networks

We maintain online presences within social networks in order to communicate with the users active there or to offer information about us there.
We would like to point out that data of users outside the European Union can be processed. This can result in risks for the user, because e.g. enforcing users’ rights could be difficult. With regard to US providers who are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they are committed to complying with EU data protection standards.
Furthermore, the data of users within social networks are usually processed for market research and advertising purposes. For example, user profiles are created on the basis of user behavior and the resulting interests of users. The usage profiles can in turn be used to e.g. place advertisements inside and outside the networks that are believed to correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers in which the usage behavior and interests of the users are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information from the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively asserted by the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need help, you can contact us.

• Processed data types: inventory data (e.g. names, addresses), contact details (e.g. email, telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
• Affected persons: users (e.g. website visitors, users of online services).
• Purposes of processing: contact inquiries and communication, tracking (e.g. interest / behavior-related
  profiling, use of cookies), remarketing, range measurement (e.g. access statistics, recognition of returning
  visitors).
• Legal basis: legitimate interests (Art. 6 Para. 1 S. 1 lit. GDPR).

6.1. Services and service providers used:

• Instagram: social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy policy: http://instagram.com/about/legal/privacy
• Facebook: social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/about/privacy; Privacy Shield (guarantee of data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opposition option (opt-out): Settings for advertisements: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, data protection information for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
• LinkedIn: social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Data protection declaration: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (guarantee of data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opposition option (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Pinterest: social network; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ,; Website: https://www.pinterest.com; Data protection declaration: https://about.pinterest.com/de/privacy-policy; Opposition option (opt-out): https://about.pinterest.com/de/privacy-policy.
• Twitter: social network; Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Data protection declaration: https://twitter.com/de/privacy, (settings) https://twitter.com/personalization; Privacy Shield (guarantee of data protection level when processing data in the USA): https://www.privacyshield.gov/participant?Id=a2zt0000000TORzAAO&status=Active.
• YouTube: social network; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (guaranteeing data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opposition option (opt-out): https://adssettings.google.com/authenticated.

7. Embedded content from other websites

Posts on this website may contain embedded content (e.g. videos, pictures, posts, etc.). Embedded content from other websites behaves exactly as if the visitor had visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking services, and record your interaction with this embedded content, including your interaction with the embedded content if you have an account and are logged in to this website.

8. Google Analytics

Google Analytics is not used on this website.

9. Who we share your data with

All data provided to us by you will not be shared with third parties. This does not apply to data in connection with payment transactions that run through Swiss Postfinance. This data is stored by the software provider customweb GmbH, Winterthur in the data cloud of Amazon Web Services EMEA SARL, Luxembourg (subsidiary of Amazon Web Services Inc., USA) on their server in Ireland and by the firewall of Cloudflare Inc ., USA checked. Your data abroad is no longer subject to Swiss data protection law and banking secrecy.

10. How long we store your data

If you write a comment, it is saved indefinitely, including metadata. In this way, we can automatically recognize and release follow-up comments instead of holding them in a moderation queue.
For users who register on our website, we also store the personal information that they provide in their user profiles. All users can view, change or delete their personal information at any time (the user name cannot be changed). Administrators of the website can also view and change this information.

11. What rights you have to your data

If you have an account on this website or have written comments, you can request an export of your personal data from us, including all data that you have given us. In addition, you can request the deletion of all personal data that we have stored about you. This does not include the data that we have to keep due to administrative, legal or security-related needs.

12. Where we send your data to

Visitor comments could be examined by an automated spam detection service.

13. Legal information

You are free to lodge a complaint with a competent supervisory authority against the way your personal data is processed if you believe that the data processing violates applicable law. The responsible supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (EDÖB).

14. Changes to this data protection declaration

This data protection declaration can be adjusted over time, especially if we change our data processing or if new legal regulations become applicable. We actively inform people whose contact details are registered with us about such changes in the event of significant changes, if this is possible without excessive effort. In general, the data protection declaration in the current version at the start of the relevant processing applies to data processing.