Effective date: June 10, 2019
Fishyleaks and Our Fish are initiatives of Funding Fish, a registered charity in England and Wales, charity no 1163785,
Our Fish, (“us”, “we”, or “our”) operates the https://www.fishyleaks.eu/ and https://report.fishyleaks.eu/ websites (the “Service”) – the first is to provide information about Fishyleaks, the second hosts the confidential and/or anonymous messaging system.
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.
- Service Service is the https://fishyleaks.eu/ and https://report.fishyleaks.eu/ websites, operated by Our Fish
- Personal Data Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
- Usage Data Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- Cookies Cookies are small pieces of data stored on your device (computer or mobile device).
- Data Processors (or Service Providers) Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.We may use the services of various Service Providers in order to process your data more effectively.
- Data Subject (or User)Data Subject is any living individual who is using our Service and is the subject of Personal Data.
Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you, unless you choose to remain anonymous
Types of Data Collected
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
- Email address
If you wish to send an anonymous report to the Service we will not collect your email address. We also advise that for maximum security, you should use the Tor Browser Bundle https://www.torproject.org/download/. If you choose to not use Tor, your anonymity cannot be ensured.
To further improve your security, we recommend follow the instructions below:
1) In case you want to remain anonymous, do not send any personal data (such as your name or the type of relationship you have with the organisation you are reporting on or any information that, if intercepted, could be used to track you down).
2) Please do not send any data from a computer or network provided by your employer, client or organisation that could trace your activities. Making your report via such a network could jeopardize your anonymity.
We do not collect information on browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.
Tracking & Cookies Data
Use of Data
Our Fish uses the data provided by users confidentially and or anonymously to investigate reports of illegal or unethical activities within EU fisheries.
We do not collect data for any other purpose.
Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)
Our Fish may process your Personal Data because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it’s not overridden by your rights
- To comply with the law
Retention of Data
Any data collected during submissions made to the Service expire automatically within 18.
Any data collected on the Service, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
The Service is hosted in Europe (Ireland for https://fishyleaks.eu/ and Netherlands for https://report.fishyleaks.eu/). If you choose to provide information to us, please note that we transfer the data, including Personal Data, to Ireland, where the Our Fish website is hosted, and process it there.
Disclosure of Data
Disclosure for Law Enforcement
Under certain circumstances, Our Fish may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). We try to minimize any collection of data outside the content of the reports submitted to the Service in order to be able to comply with the law and minimize any risk for our sources.
If you have reported to Fishyleaks anonymously, we do not possess your Personal Data. If you have reported confidentially, by sharing your Personal Data, then Our Fish may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Our Fish
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Security of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Your Data Protection Rights Under General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Our Fish aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
- The right to access, update or to delete the information we have about you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Data.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where Our Fish relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
The Service uses a third party Service Provider – GlobaLeaks – to provide the reporting service at https://report.fishyleaks.eu/ on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data, only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Links to Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
- By email: email@example.com