Privacy

Privacy Policy

Appendix 5 – Privacy Policy

Last updated: 22 June 2023

1.            ABOUT THIS PRIVACY POLICY

1.1          Definitions


Customer
: The legal entity that has entered into an agreement with Fished to purchase the Fished products or services.

End User: A physical person connected to the Customer as an employee or by other means, and which has been given authorization to use the Fished Platform, a Product or otherwise be in contact with Fished on behalf of the Customer.

Fished: Fished AS with business registration no. 924 507 748, and registered office address at Dronningens gate 2A, 4610 Kristiansand S, Norway.

Fished Platform: Fished’s front-end system, Fished™, at Fished.com is a web based Platform that enables the End Users to log in to the Account and access any licenses connected to the Account.

GDPR: Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (this regulation is referred to as GDPR which is an abbreviation of the General Data Protection Regulation)

SaaS: Software-as-a-Service is a software distribution model in which a third-party provider such as the Supplier hosts software applications such as the Products and makes the Products available to customers such as the Customer with its End Users over the Internet. Instead of a one-time-transaction the Customer subscribes to the Product and pays the Supplier a recurring fee called the License.

Personal data: Any information relating to an identified or identifiable natural persons, see GDPR article 4 (1).

Products: The standard software products developed by Fished, which Fished supplies separately or jointly to the Customer, pursuant to the agreed upon terms in the Agreement with the Customer. The Products may be standalone applications or features that may be licensed (subscribed to) separately or as packages. A detailed description of each Product with prices and license period may be found on the Fished website(s), see Fished.com.

User Account: The End User is provided with an account. A User Account is necessary to access the Products. The Account will be accessible through a set of credentials, consisting of a username and password combination for authorization.

 

1.2          Introduction

Our Products are sold as SaaS, and it is up to the Customer how the Products are used. If the Customer chooses to store or otherwise process personal data through one of our Products, this will be accessible for Fished and our sub-suppliers. Except for the purposes as described in this Privacy Policy, our Products have no purpose or aim to process personal data and Fished has limited to no control or insight in how the Customer uses our Products.

In the event Fished should offer a specific Product at a later time, which processes personal data in another way than described in this Privacy Policy, a separate Privacy Policy will be created and made available for all potential End Users for such Product.

Fished is committed to your privacy and want your personal data to be private and secure.

1.3          Overview

In this Privacy Policy, Fished explains:

  • What personal data Fished collects and how
  • The purpose of collecting your personal data
  • Disclosure of data to third parties
  • Our security measures when processing your personal data
  • Your rights as a data subject

Fished is a Norwegian company. Fished adheres to relevant Norwegian privacy law and meet the requirements of applicable laws and regulations within the EU/EEA. Fished will ensure that your privacy rights and our processing of your personal data is held to the highest standard. Fished offers Products with additional services according to requirements in the GDPR.

1.4          The User Account and Fished

Fished may process personal data related to physical persons that may be identified by using a User Account. This Privacy Policy is relevant to you if you are a data subject that may be identified by the username used to log-in to the User Account.

Fished may process personal data related to the End Users that a Customer chooses to connect to the Fished Platform. This Privacy Policy is relevant to you if you are an End User of the Fished Platform with User Account access.

For the purposes described in this Privacy Policy, Fished is the controller, which collects and processes data as described herein. It is important for Fished that you read this Privacy Policy thoroughly. We want you to be aware of your rights so you can help Fished improve our policies. If you do not accept this Privacy Policy, you will not be able to access or use the Fished Platform or any other Products as they rely on the use of the Fished Platform.

1.5          Contact Information 

If you have any requests concerning your personal data or any queries with regards to this Privacy Policy, please contact Fished by reaching out to our Data Protection Officer at: info@fished.com.

2.            WHAT PERSONAL DATA WE COLLECT AND HOW

Fished collects different types of personal data about End Users. It is up to the Customer which End Users Fished collects personal data about. As far as Fished is concerned, it is freely optional to be an End User of the Fished Platform.

The personal data Fished collects can be divided into three groups:

  1. Minimum personal data needed to register a User Account (these can be generic, non-personal data if the Customer chooses):
    • Your first name and surname
    • Email address
    • Username
    • Password
    • Place of work/employer
    • Telephone number
    • Language
  2. Personal data which may be generated while you use the Fished Platform or a different Product:
  • Information about your mobile device:
    1. IP-address
    2. Hardware Manufacturer
    3. Operating system
  • Application usage statistics
  1. Personal data concerning yourself that you might choose to provide Fished with through the User Account or by other means whilst using the Fished Products and services, for example:
  • Nationality
  • Gender
  • Occupation or position
  • Other details you actively choose to provide through the Fished Platform or your contact with Fished directly

Fished does not process special categories personal data (sensitive personal data) and have no use for such data. Therefore, Fished requests that you do not share such data about yourself or others through the Fished Platform. Such data would for instance be religious beliefs, political opinions, physical or mental health, labor union membership, ethnic background, sexual history or sexual orientation.

3.            PURPOSE

Fished collects and processes personal data for the following purposes:

  • To manage the agreement between Fished and the Customer and the agreement with you as the End User
  • To communicate with the Customer of Fished including the Customer’s End Users, by answering service requests or providing any necessary and agreed upon assistance for the Products or Fished Platform.
  • To ensure the technical functionality of the Fished Platform with connecting Accounts and Products for each End User to fulfil the agreement with the Customer or the End User.
  • To be able to control and monitor the Fished Platform user base and prevent fraudulent activity or similar.

4.            LEGAL BASIS FOR PROCESSING 

Fished processes personal data in order to make it possible to enter into and to fulfill the agreement with the Customer. As Fished and the Customer are two separate controllers, Fished’s legal basis for processing personal data is through the agreement between Fished and the Customer that includes this EULA and Privacy Policy (these two documents are presented to you as the agreement between Fished and you as the End User). It is the Customer’s choice which End Users are connected to the Fished Platform through authorization and access via the Account.

In the event the Customer decides to use a generic business email address and not a personal email address related to an identifiable natural person, then the processing of personal data on the Fished Platform will be limited accordingly. Using a generic email address rather than a personal one, will not limit the Customer’s user experience of the Fished Platform.

To prevent fraudulent activity in or in relation to the Fished Platform, Fished’s legal basis for processing is Fished’s legitimate interest. This legitimate interest is Fished’s desire in keeping the Fished Platform secure and keeping the integrity and confidentiality of the underlying software behind the Fished Platform, the data related to the Fished Platform and the Products, whether personal data or data otherwise considered commercially sensitive.

Furthermore, Fished may process your personal data when Fished is legally obliged to do so, or if it is necessary to establish, exercise or defend a legal claim.

Fished will also ask you as the End User to have read and accepted this Privacy Policy as well as the End User License Agreement from Fished (these two documents are the agreement between the End User and Fished). You will on the Fished Platform be presented with a link to this Privacy Policy as well as End User License Agreement in order to make sure each End User has been informed about how and why Fished processes personal data.

5.            DISCLOSURE OF DATA TO THIRD PARTIES

Except in the instances described below, Fished does not disclose collected personal data to third parties.

Fished may disclose user base demographics and similar non-personal data to third parties. Such aggregated data does not identify any individuals and will not be linked to any personal data.

Your personal data is not transferred out of the EU/EEA by Fished or our subcontractors unless you contact a sub-supplier outside the EU for support.

The personal data as well as any other data processed through any use of the Platform is stored in Microsoft Azure on servers within EU/EEA.

The supplier HubSpot provides standard CRM services for Fished, and Fished has limited the use of such services to “GDPR settings” and only for contact information the individual has provided consent to store.

6.            STORAGE AND PERSONAL DATA DELETION  

Upon your request or otherwise when the personal data Fished has collected is no longer necessary for the purposes described above, for instance in the event the End User’s authorization to use the Fished Platform is removed by Customer or by another authorized End User, the personal data concerning you will be erased unless Fished must store such data longer due to local legal obligations.

The personal data connected to your User Account will be deleted once the Customer Agreement between Fished and the Customer has expired or is terminated.

7.            YOUR RIGHTS

This Privacy Policy is adherent to Norwegian law and falls under Norwegian jurisdiction. As such, you are entitled to certain rights. Please refer to the contact details provided in the first section (see section 1.5) if you wish to make use of or need assistance regarding the rights listed below.

Terminate the agreement with Fished: If you wish to terminate the agreement with Fished or to terminate your right to use the Products or to terminate your account needed to access the Products, Fished will delete your account access and related personal data (unless Fished must store such data longer due to local legal obligations) without undue delay after receiving an e-mail from you with such written request.

Consent: To the extent Fished’s processing of your personal data relies on your consent, you may withdraw said consent at any time. If you wish to withdraw your consent, Fished will stop any processing activities related to such consent and delete your related personal data without undue delay. The withdrawal of consent does not affect the legality of Fished’s processing of your personal data based on the consent before it was withdrawn.

Access: You can at any time request access to the personal data relating to you. You can also request information about how Fished collects personal data at any time.

Erasure and rectification: You can at any time request that Fished erases or rectifies any of the personal data relating to you that Fished has collected.

Objections: You may likewise request a restriction of the processing of your personal data or object to the processing of your personal data, but this may affect your user experience in the Fished Platform or the Products. For Fished’s processing activities that are based on legitimate interests as legal basis, you may object to such processing on ground relating to your particular situation, by contacting Fished with using the email stated in section 1.5.

Data Portability: In the event Fished’s collection and processing of your personal data is based on automatic means and Fished’s legal basis is your consent or an agreement with you, you may request that the personal data concerning you and which you have provided Fished with, be transmitted to you or to another data controller.

Complaints: You have the right to lodge complaints with the Norwegian Data Protection Authority (Datatilsynet).

8.            COOKIES

A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information back from the browser. It is possible to switch off cookies by adjusting your browser settings. Turning cookies off may result in a loss of functionality when using our website.

We use cookies for the following purposes:

  • For technical purposes and ensure the full functionality of the web site we register whether the user is logged into our system or not.

For more information about our use of third-party cookies, please visit: