Privacy Policy

---

DATA CONTROLLER

• Trawelt Consulting d.o.o.
• Vlaška 72c, 10 000 Zagreb
• PIN: 78257735485
• support@fishdishapp.com

We are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you use our Fish&Dish mobile application and associated services (collectively, the "Services").

We process your personal data in accordance with the applicable data protection laws, including the General Data Protection Regulation (EU Regulation 2016/679) ("GDPR") and relevant national laws.

The personal data we collect depends on your relationship with us and how you interact with our Services. Categories include:

• Identification Data: Full name, email address, profile photo (if uploaded)
• Login Data: Username, password (encrypted), login history
• Preferences & Settings: Language, app settings, dietary preferences
• Usage Metrics: App interactions, time spent, session data
• Device Information: IP address, device model, OS version, crash logs
• Location Data: Geographic location (to suggest local seafood options)
• User Content: Photos of seafood uploaded for identification, saved recipes

• Payment Data: Transaction amount, currency, subscription details

Note: Payment processing is handled securely by Google Pay or Apple Pay. Card details are processed by these third-party payment processors and never stored on our servers.

• Marketing Data: Email address, communication preferences, open/click rates

• Contact Data: Name, email address, message content

• Cookies & Tracking Technologies: For usage analytics, session tracking, error reporting

We do not intentionally collect sensitive personal data (e.g., health information, racial or ethnic origin, religious beliefs, or biometric data).

Your personal data may be processed for the following purposes:

Purpose & Legal Basis

• Providing core Services (seafood identification, recipe recommendations) -Contractual necessity
• Managing user account-Contractual necessity
• Processing and storing seafood images-Contractual necessity
• Location-based recommendations-Consent
• Sending service notifications-Legitimate interest
• Processing subscription payments-Contractual necessity / Legal obligation
• Customer support-Legitimate interest
• Sending newsletters and recipe recommendations-Consent
• Analyzing app usage & improvements-Legitimate interest
• Ensuring security and fraud prevention-Legitimate interest / Legal obligation

You have the following rights under applicable data protection laws:

• Right of access – Obtain a copy of your personal data
• Right to rectification – Request correction of inaccurate or incomplete data
• Right to erasure – Request deletion of your personal data (subject to conditions)
• Right to restrict processing – Limit how your data is processed in specific cases
• Right to object – Oppose data processing based on legitimate interests
• Right to data portability – Receive your data in a structured format for transfer
• Right to withdraw consent – Revoke consent at any time, without affecting past processing

To exercise your rights, please contact: support@fishdishapp.com

We aim to respond within 1 month. If requests are complex or numerous, this period may be extended by up to 2 additional months, and we will inform you accordingly.

Your data may be shared with third-party service providers acting as data processors, solely for the purpose of providing and improving our Services:

• Hosting providers (Amazon Web Services)
• Analytics tools (Google Analytics, AWS analytics tools)
• Payment processors (Google Pay, Apple Pay)
• Email & communication tools
• AI seafood identification service

All third parties are contractually bound to confidentiality and comply with GDPR standards. We do not sell or rent your data to any third parties.

We may also disclose your data:

• To comply with legal obligations
• In connection with mergers, acquisitions, or sales of assets

If we transfer data outside the European Economic Area (EEA), we ensure an adequate level of protection by:

• Relying on adequacy decisions
• Implementing Standard Contractual Clauses (SCCs) approved by the European Commission
• Ensuring certification under frameworks like the EU-U.S. Data Privacy Framework, where applicable

We retain personal data only as long as necessary for the purposes described, unless a longer retention period is required by law:

Data Category & Retention Period

• Account and profile data-For the duration of your account plus 2 years after last activity
• Seafood images-2 years after upload (to improve AI service)
• Newsletter subscription-Until user unsubscribes or revokes consent
• Contact form inquiries-12 months after last communication
• Payment and transaction records-7 years (legal/accounting compliance)
• Analytics and usage data-Anonymized after 24 months

We implement industry-standard technical and organizational measures to protect your data:

• Encryption of sensitive data in transit and at rest
• Access controls and role-based permissions
• Regular security audits and vulnerability testing
• Secure authentication methods

Despite our efforts, no transmission over the Internet can be guaranteed 100% secure. You use the Services at your own risk, and you are responsible for keeping login credentials confidential.

We may update this Privacy Policy to reflect changes in technology, law, or our practices. When we do, we will notify users via:

• App update notifications
• Email (where appropriate)
• Banner or pop-up in the app

We encourage you to review this Privacy Policy periodically.

Last updated: 22nd April, 2025