Privacy Notice

1. Data Controller and Contact Details

The controller of the User's personal data is: FjordAnglers [Tymon Jezionek, NIP: 5833564870, REGON: 544350813], registered in Poland. All questions regarding data protection, privacy, and requests related to the exercise of User rights may be directed to: [email protected].

2. Purposes and Legal Bases for Data Processing

FjordAnglers processes User data exclusively for strictly defined purposes: to perform contracts, fulfill legal obligations, and pursue legitimate business interests.

• Performance of the Agreement with the User: We process User data (first name, last name, email address, phone number, reservation history, and payment data) to enable the User to use the Platform, create a profile, and book fishing trips (Article 6(1)(b) GDPR).
• Fulfillment of Legal Obligations: We process business documents, payout history, and approximate location data (based on IP) for necessary tax and accounting settlements (Article 6(1)(c) GDPR).
• Legitimate Interests (Article 6(1)(f) GDPR): Service provision: managing profiles, photos, and fishing reports. Security and fraud prevention: monitoring IP addresses, change history, and online communication to prevent dishonest practices and protect Platform integrity. Platform improvement: analyzing notification preferences, usage statistics, and NPS ratings to optimize service operation.

No Profiling and Listing Ranking Principles (Omnibus Directive)

FjordAnglers does not make any decisions regarding Users based on automated processing of personal data. The Platform does not employ algorithmic profiling, behavioral tracking, or price personalization for individual Users.

The display order and positioning of Guide Listings in search results depends exclusively on:

• Objective criteria and search filters entered independently by the Customer (e.g., selected location, date, price range, fish species).
• A random factor ensuring equal exposure opportunities for all Guides meeting the search criteria.

3. Communication Monitoring and Call Recording

• Message analysis: FjordAnglers provides an internal messaging system to facilitate arrangements between Customer and Guide. The Platform does not use automated tools for mass content scanning. However, pursuant to the controller's legitimate interest (Article 6(1)(f) GDPR), authorized FjordAnglers personnel reserve the right to conduct random, manual review of message content. This action is intended solely for: preventing financial fraud, protecting the integrity of the booking system (detecting attempts to circumvent the Platform booking process before deposit payment), and gathering evidence in case of reported complaints or Terms violations.
• Call recording: Calls with FjordAnglers support may be recorded for training purposes, information verification, and service quality monitoring. Recordings are stored only for the time necessary to fulfill these purposes (typically no longer than 3 months) and are then permanently deleted.

4. Data Recipients and International Transfer

We share User personal data exclusively with two categories of trusted recipients:

• Data Processors: External companies, including payment operators (e.g., Stripe) and hosting and analytics service providers, which enable FjordAnglers to operate the service efficiently and securely.
• Other Users (Reservation Parties): We transfer necessary data between Customer and Guide to enable execution of the booked trip. First and last name may be visible at the inquiry stage, while full contact details (phone, email) are shared with both parties only after deposit payment.
• Transfer outside the European Economic Area (EEA): User data may be stored in the United States or other countries outside the EEA due to the global nature of our technology providers. In such cases, we apply Standard Contractual Clauses (SCCs) approved by the European Commission to ensure a level of data protection consistent with European standards.
• Data retention period: We retain User personal data for the duration of the active account on the Platform. After account deletion, data may be retained only for the time necessary to pursue or defend against claims and for the period required by tax and accounting regulations (typically 5 years).

5. User Rights Under GDPR

Under the EU General Data Protection Regulation (GDPR), every User has the right to:

• Access their personal data and receive a copy thereof.
• Rectification of incorrect or outdated information.
• Erasure of data ("right to be forgotten"), provided it does not conflict with our overriding legal obligations (e.g., retention of accounting documentation).
• Restriction of data processing.
• Object to data processing based on our legitimate interest (including objection to profiling for direct marketing purposes).
• Data portability — receiving their data in a structured format for transfer to another controller.
• Lodge a complaint with the local supervisory authority (in Poland, this is the President of the Personal Data Protection Office — PUODO).

6. Additional Information and Limitations

• Voluntary nature of data provision: Providing personal data is voluntary; however, it is necessary to create an account and use the Platform's booking services.
• Sensitive data: FjordAnglers does not knowingly collect sensitive data (concerning racial origin, religion, health status, or sexual orientation). We strongly request that Users do not share such information through our communication channels.
• Protection of minors: The Platform is intended exclusively for persons who are at least 18 years of age. If you become aware that a minor has shared their personal data with us, please contact us immediately for its deletion.

Data Protection Addendum (DPA)

This Addendum forms an integral part of the FjordAnglers Terms of Use and Privacy Policy. It is a binding agreement between FjordAnglers and the Guide who, as part of provided services, receives Customer personal data.

1. Definitions and Roles of Parties

• Customer Personal Data: Means the first name, last name, phone number, and email address provided by FjordAnglers to enable contact and reservation execution.
• Independent Data Controller: Pursuant to the EU GDPR, upon transfer of Customer data, the Guide becomes an independent data controller. This means that FjordAnglers and the Guide are not joint controllers — each party independently and on its own responsibility decides on the methods of securing and processing such data in its jurisdiction.

2. Guide Obligations

The Guide receiving Customer data from FjordAnglers unconditionally undertakes to:

• Purpose limitation: Use data exclusively for the purpose of executing the booked fishing trip. It is strictly prohibited to use this data for marketing purposes (e.g., adding to newsletters) without the Customer's prior, explicit, and documented consent.
• Platform non-circumvention: Prohibition of using Customer contact data to induce them to cancel the Platform reservation and enter into a direct agreement.
• Confidentiality: Prohibition of disclosing, selling, renting, or sharing Customer data with third parties without their consent.
• Legal compliance: Compliance with GDPR and local privacy protection laws.
• Data security: Implementing appropriate technical and organizational measures (e.g., screen locks, secure passwords) to protect data from unauthorized access. The Guide bears full responsibility for compliance with these principles by their employees and subcontractors.

3. Data Breach Notification

In the event of a personal data breach involving Customer data (e.g., device theft, email account hack), the Guide is obligated to inform FjordAnglers without undue delay, no later than 48 hours from discovery of the incident, at: [email protected].

4. Indemnification

If FjordAnglers is held legally or financially liable (including fines) due to improper or unlawful processing of Customer data by the Guide (including data leaks attributable to the Guide), the Guide undertakes to fully compensate FjordAnglers for all losses, legal costs, and damages incurred.

5. Data Deletion and Customer Rights

Customer data may be retained by the Guide only for the period necessary to complete the trip and fulfill local tax and accounting obligations. In the event of a data deletion request by the Customer (“right to be forgotten”), the Guide undertakes to cooperate promptly and permanently delete the data from their systems, unless mandatory legal provisions require further retention.