Privacy Policy
Fish Circus (“we”, “our”, “us”, or “Fish Circus”) respects the privacy of its users and is fully committed to protecting their personal data and using it in accordance with data privacy laws. This Privacy Policy describes how we collect, use, and process any personal data that we collect from you—or you provide to us—in connection with your use of our website (www.fishcircus.com) or our mobile apps and our print-on-demand services (collectively, “Services”). By accessing or using our Services, you signify your understanding of the terms set out in this Privacy Policy.
We do not knowingly collect, maintain, disclose, or sell personal information about users under the age of sixteen (16). If you are under the age of 16, please do not use our Services. If you are under the age of 16 and have used our Services, please contact us at the email address below so that we may delete your personal information.
If you use our Services only for your personal use, you are to be considered as the “User” and for the purpose of the General Data Protection Regulation (“GDPR”) and the UK General Data Protection Regulation (as defined by the UK Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments, etc) (EU Exit) Regulations 2019), we are the data controller.
Note that while our Services may contain links to other websites or services, we are not responsible for each respective website’s or service’s privacy practices and encourage you to be aware of this when you leave our Services and carefully read the privacy statements of each and every website and service you visit. This Privacy Policy does not apply to third-party websites and services. If you wish to contact FishCircus regarding your personal data or this Privacy Policy, please contact us using our contact form.
1. Information we collect
1.1. Information collected about Users and Merchants and how we use it
Where you are a User and it is necessary to fulfill our contract with you for the purposes of providing, maintaining, or improving our products and Services (including, to the extent permitted by applicable law, any matters in our legitimate interests with respect to the Services), we will confirm your identity, contact you, provide customer support (including via chat, in the comment section of our blog, or other platforms, where you may reach us), operate your account with us and invoice you. For the aforementioned purposes, we collect information that may contain the following personal data:
- Name;
- Company name;
- Shipping information;
- Email address and phone number;
Payment and billing information (payment method details, first and last digits of your payment card);
Information, including images and data, which may appear on government-issued identity documents; - Order handling information
We may request some of the personal data indicated above in furtherance of our legal obligations and legitimate interest in ensuring that users and end customers are not the target of trade, financial, and economic sanctions, and do not appear on a sanctions-related list, including lists maintained by the U.S. Department of Treasury’s Office of Foreign Assets Control (“OFAC”), the U.S. Department of State, the U.S. Department of Commerce, the European Union, or Her Majesty’s Treasury of the United Kingdom.
If you have given your consent when registering your account when subscribing to our newsletter or blog (future plans), or sharing your email address or other personal data with us to receive any other information (for example, our list of sub-processors), we will process your email address to send you the informative and/or promotional materials, to which you have subscribed to, for example, newsletters, advertisements of our Services and other information about our Services that you have requested. At any point in time, you can unsubscribe from receiving the above-mentioned information in our email footers and through your notification settings. For Merchants, we will not use the contact details of your customers to directly market or advertise our Services to them.
We obtain the location information you provide in your profile or your IP address. We use and store information about your location to provide features and to improve and customize the Services, for example, for FishCircus’s internal analytics and performance monitoring; localization, regional requirements, and policies for the Services; for local content, search results, and recommendations; for delivery and mapping services; and (using non-precise location information) marketing.
When you interact with our customer support through email or chat features which may be offered via third-party software, we may monitor or record the conversation to ensure the quality of our customer support. If you have a store account, we will retain the recording for as long as you have an account. If you do not have an account, we will delete the recording within 12 months or retain it if it is needed to protect our legal interests or resolve disputes between you and us.
By using cookies and similar technology on our website, we may collect data such as information on your device, your preferences and information filled in while visiting our website, your interaction with the website, and other information used for analytical, marketing, and targeting activities (including unique visits, returning visits, length of the session, actions carried out in the webpage).
As it is in our legitimate interests to ensure our network security, and give you access to and improve our Services, we also collect the following technical usage data:
- How and when you access your account;
- Information about the device and browser you use;
- IP address and device data.
1.2. Information collected about our Merchant’s Customers
Where we act on a Merchant’s behalf to fulfill an order with regard to the Merchant’s customer (i.e. an end user of our Services), we are a data processor and we collect information relating to the Merchant’s customer, such as personal data relating to the end user of our Services, any personal data in the printing content (where applicable), personal data revealed during the use of any FishCircus services, including name, email address, phone number, shipping address, and other information about the Merchant’s customers.
If you are a customer of the Merchant (an end user of our Services), the Merchant is the data controller with regard to your personal data and should provide you the information on how your personal data is collected and processed when using our Services. Please read the Merchant’s privacy policy for further information. The Merchant is your contact for any questions you have about how it handles your personal data.
2. Sharing personal data with third parties
In order for FishCircus to provide you with our Services, we work with third parties who perform services on our behalf and with whom we share personal data to support our Services (“Service Providers”).
Information you have provided to us during the use of our Services, including technical usage data, is shared for business purposes in our legitimate interests with third parties who provide hosting and server co-location services as well as data and cyber security services.
Information you have provided to us during the use of our Services may be shared with third-party manufacturing services whom we engage to provide our Services to you.
Your email address and other contact details you have provided to us and your messages to our customer service are shared for business purposes in our legitimate interests with communication, email distribution, and content delivery services as well as customer support system providers.
Information regarding your purchases and payments is shared with billing and payment processing services, fraud detection and prevention services, accounting and financial advisors, and advisors so that we can provide our Services to you.
Information regarding your use of our website and other information received from cookies and similar technology is shared with web analytics, session recording, and online marketing services. If we provide marketing to you, information on your account, purchases, and preferences can be shared with marketing services.
Insofar as reasonably necessary to defend our legal rights, we may share your personal data with our legal advisors.
We will only share personal data with Service Providers that have undertaken to comply with obligations set out in applicable data protection laws. We may share your personal data with our affiliates (companies within our corporate family), in our legitimate interests for business purposes.
In certain circumstances, we are required to share information with third parties to comply with legal requirements or requests, as well as to protect our, or a third party’s, lawful interests. We will also disclose your information to third parties in and outside your country only to the extent allowed by applicable law, including:
- to a prospective purchaser or purchaser that acquires all or substantially all of us or our business;
to a third party in the event that we sell or buy any business or undergo a merger, in which case we may disclose your information to the prospective buyer of such business; and - to a third party if we sell, buy, merge, or partner with other companies or businesses, undergo a reorganization, bankruptcy, or liquidation; or otherwise undertake a business transaction or sell some or all of our assets. In such transactions, your information may be among the transferred assets.
3. Retention periods
We may retain your personal data for as long as you have a FishCircus account or any of the abovementioned legal bases for personal data processing still exists. For example, if you unsubscribe from our marketing, newsletter, or blog emails, we will stop the processing of personal data for such purposes. If you have used our Services without creating a FishCircus account, we will keep your personal data as long as necessary to comply with our legal obligation to retain information relating to the provision of services, for example, for tax purposes.
After terminating your relationship with us by deleting your FishCircus account or otherwise ceasing to use our Services, we may continue to store copies of your (and in regard to Merchants, your customers’ personal data) as necessary to comply with our legal obligations, to resolve disputes between you and us (or you and your customers), to prevent fraud and abuse, to enforce our agreements, and/or to protect our legitimate interests (to the extent that we are permitted by the applicable law to continue to store copies to protect our legitimate interests).
4. Data subject’s rights
If you are a User or Merchant located in the European Economic Area or the United Kingdom, in accordance with European Union and United Kingdom data protection regulations, you have certain rights with respect to your personal data. You have the right to request access to your personal data; in certain circumstances to correct, amend, delete, or restrict the use of your personal data by logging into your FishCircus account or by reaching us using the contact information provided below. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we are not required to process your data to meet a contractual or other legal requirement). These rights may be limited, for example, if fulfilling your request would reveal personal data about another person, or if you ask us to delete information that we are required by law to retain, are permitted by law to retain, or have compelling legitimate interests in retaining (to the extent that applicable law permits us to retain such information based on our legitimate interests).
Furthermore, if you believe that we have unlawfully processed your personal data, you have the right to submit a complaint to the contact information provided below, or to your respective data protection supervisory authority. If you are a customer of a Merchant (an end user of our Services), please direct your concern to the relevant Merchant in the first instance.
5. Information security
We seek to use reasonable organizational, technical, and administrative measures to protect the confidentiality, integrity, and availability of personal data. We encourage you to take care of the personal data in your possession that you process online and set strong passwords for your FishCircus account, limit access to your computer and browser by signing out after you have finished your session, and avoid providing us with any sensitive information.
6. International transfers of data
All the information you provide may be transferred or accessed by our parent company in the United States our affiliate companies and subsidiaries in other countries, such as Latvia, Poland, Spain, and the UK, and our Service Providers (as described above) for the provision of our Services as described in this Privacy Policy. When we transfer your information globally, we take necessary measures to ensure appropriate protection of your information, including, as applicable, entering into the European Commission’s Model clauses for the transfer of personal data to third countries (i.e., the standard contractual clauses) and any equivalent clauses issued by the relevant competent authority of the UK.
7. Privacy Policy addendum for California residents
Under the California Consumer Privacy Act (“CCPA”), California residents are afforded certain rights about the Personal Information (as such capitalized term is defined under the CCPA) we have collected about them, which we have described in more detail below.
We are both a “business” and a “service provider” under the CCPA, depending on how you interact with us. This section applies only to personal information we collect in our role as a business. Where we act on a Merchant’s behalf to fulfill an order with regard to the Merchant’s customer, we are a Service Provider under the CCPA. Please read the Merchant’s privacy policy for further information on how to exercise your rights under the CCPA. The Merchant is your contact for any questions you have about how it handles your Personal Information.
Rights under the CCPA
If you are a California resident, the processing of certain personal information about you may be subject to the CCPA. Where the CCPA applies, this section provides additional privacy disclosures and informs you of key additional rights as a California resident. We will never discriminate against you for exercising your rights, including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the CCPA.
Right to Know Request
Under the CCPA, California residents have a right to request information about our collection, use, and disclosure of your personal information over the prior twelve (12) months, and ask that we provide you free of charge with the following information:
- the categories of personal information about you that we collected;
- the categories of sources from which the personal information was collected;
- the purpose for collecting personal information about you;
- the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
- the specific pieces of personal information we collected about you.
Right to Delete Request
Under the CCPA, you also have a right to request that we delete personal information, subject to certain exceptions.
Right to Opt-Out of the Sale of Personal Information
You may request that we not sell your Personal Information. Please note, however, that CCPA defines “sale” very broadly, and includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California consumer’s Personal Information by the business to another business or third party for monetary or other valuable consideration.” We use services that help deliver interest-based ads to you and may transfer Personal Information to business partners for their use. Making Personal Information (such as online identifiers or browsing activity) available to these companies is considered a “sale” under the CCPA.
How to Exercise Your Rights
If you are a California resident to whom the CCPA applies, you may contact us to exercise your rights.
Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. We may need to collect information from you to verify your identity, such as your email address, government-issued ID, or date of birth. You may make a verifiable consumer request to access your personal information twice per twelve (12) month period. We aim to fulfill all verified requests within 45 days pursuant to the CCPA. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay.
You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof that you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.
8. Privacy Policy addendum for Virginia residents
Under the Virginia Consumer Data Protection Act (“VCDPA”), Virginia residents are afforded certain rights regarding the data we have collected about them. This notice describes how we collect, use, and share your Personal Data in our capacity as a “Controller” under the VCDPA, and the rights that you have with respect to your Personal Data, including sensitive personal data. For purposes of this section, “Personal Data” and “sensitive data” have the meanings given in the VCDPA and do not include information excluded from the VCDPA’s scope. In general, personal data is information reasonably linkable to an identifiable person.
The chart found in Section 1.3 of the Privacy Policy describes the categories of Personal Data that we collect about you. However, the type of Personal Data collected will depend upon how you interact with our Sites and the information you voluntarily provide us. Accordingly, we may not collect all of the information listed in the chart from you. In addition, we may collect and/or use additional types of information after providing notice to you and obtaining your consent to the extent such notice and consent is required by the VCDPA.
Your rights under VCDPA
Right to Access Information/Correct Inaccurate Personal Data. You have the right to request access to Personal Data collected about you and information regarding the purposes for which we collect it, and the third parties and service providers with whom we share it. Additionally, you have the right to correct inaccurate or incomplete Personal Data. You may submit such a request as described below.
Right to Deletion of Personal Data. You have the right to request in certain circumstances that we delete any Personal Data that we have collected directly from you. You may submit such a request as described below. We may have a reason under the law why we do not have to comply with your request, or why we may comply in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Right to Opt-Out of Sale of Personal Data to Third Parties. You have the right to opt out of any sale of your Personal Data by FishCircus to third parties. We do not sell Personal Data to third parties for their own direct marketing purposes.
Right to Portability. You have the right to request a copy of the Personal Data that you previously provided to us as a Controller in a portable format. Our collection, use, disclosure, and sale of Personal Data are described in our Privacy Policy.
Right to Opt-Out of Targeted Advertising. You have the right to opt out of Targeted Advertising based on your Personal Data obtained from your activities over time and across websites or applications.
Right to Opt-Out of Profiling. You have the right to opt out of having your Personal Data processed for the purpose of profiling in the furtherance of decisions that produce legal or similarly significant effects concerning you.
Right to Appeal. If we decline to take action on any request that you submit in connection with the rights described in the above sections, you may ask that we reconsider our response by submitting a message using our contact form so that you receive the decision. You must ask us to reconsider our decision within 45 days after we send you our decision.
How to Exercise Your Rights
If you are a Virginia resident to whom the VDCPA applies, you may contact us to exercise your rights.
Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. We may need to collect information from you to verify your identity, such as your email address, government-issued ID, or date of birth. We aim to fulfill all verified requests within 45 days pursuant to the VCDPA. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof that you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.
9. Privacy Policy changes
Any changes we make to this Privacy Policy in the future will be posted on this page. Therefore, we encourage you to check this page frequently from time to time.
10. Contact information
If you have any questions about your personal data or this Privacy Policy, or if you would like to file a complaint about how we process your personal data, please contact us by using our contact form.