PRIVACY POLICY

Version: 2026

1. INTRODUCTION

This Privacy Policy explains how Fishtank Consultancy, S.L. (Spain) and Fishtank Consultancy México, S.A. de C.V. (Mexico) (collectively referred to as “Fishtank”, “we”, “our”, or “us”) collect, use, and protect personal data obtained through the website www.fishtankconsultancy.com.

By using our Site or submitting personal information through online forms, you acknowledge that you have read and understood this Policy.

2. IDENTITY OF THE DATA CONTROLLERS

Depending on your location or interaction:

  • EU/EEA clients or visitors:
    Data Controller – Fishtank Consultancy, S.L. - B67253740
    Avinguda Diagonal 131, 08018 Barcelona, Spain
    Email: dataprivacy@fishtankconsultancy.com
    Applicable law: EU GDPR + Spanish LOPDGDD

  • LATAM clients or visitors:
    Data Controller – Fishtank Consultancy México, S.A. de C.V. - FCM221021M93
    Sócrates 141, Piso 2, Colonia Polanco II Sección, Alcaldía Miguel Hidalgo, 11530 Ciudad de México, Mexico
    Email: dataprivacy@fishtankconsultancy.com
    Applicable law: Mexican LFPDPPP

3. DATA WE COLLECT

We may collect the following types of information:

  • Contact details (name, email, company, phone number)

  • Professional or business information (role, organization, service interest)

  • Communication data exchanged via WhatsApp (phone number, message content, attachments, timestamps)

  • Support-related information submitted through WhatsApp and automatically captured in Zoho Desk (tickets, issue descriptions, logs, screenshots)

  • Technical data (browser type, IP address, device)

  • Information you voluntarily provide via contact forms, WhatsApp, Zoho Desk, Zoho Bookings, or social media

  • Interaction data when you visit or engage with our Facebook or LinkedIn pages (likes, comments, messages, public profile information, analytics insights)

4. HOW WE COLLECT DATA

Data may be collected through:

  • Website contact and inquiry forms

  • Meeting bookings via Zoho Bookings

  • Customer relationship management via Zoho CRM

  • Support interactions via WhatsApp connected to Zoho Desk

  • WhatsApp conversations via WhatsApp Business API

  • Engagement with our Facebook or LinkedIn accounts (messages, comments, analytics provided by Meta or LinkedIn)

  • Cookies and analytics tools (see Cookie Policy)

5. PURPOSE OF PROCESSING

We process your data for:

  • Responding to inquiries or service requests

  • Providing customer and technical support through WhatsApp and Zoho Desk

  • Managing client relationships and communication across channels including WhatsApp, Facebook, and LinkedIn

  • Monitoring and analysing engagement on our social media pages to understand audience interaction (via Meta Page Insights or LinkedIn Page Analytics)

  • Creating, updating, and tracking support tickets in Zoho Desk

  • Marketing and lead management (via Zoho CRM, WhatsApp, Facebook, and LinkedIn where appropriate)

  • Maintaining and improving website functionality

  • Legal and compliance obligations

We do not sell, rent, or lease personal data.

6. LEGAL BASIS FOR PROCESSING (EU USERS)

Processing is based on:

  • Your consent when submitting forms, subscribing to communications, or initiating a WhatsApp, Facebook, or LinkedIn interaction

  • Our legitimate interest in managing business and support relationships and improving service visibility

  • Performance of a contract or pre-contractual measures

  • Compliance with applicable legal obligations

7. DATA TRANSFERS AND INTERNATIONAL STORAGE

We use Zoho services for CRM, form submissions, booking management, and support ticketing (Zoho Desk). Data may be stored in EU and US data centers.

For WhatsApp, Facebook, and LinkedIn interactions, data is processed by Meta Platforms and LinkedIn Corporation, which may involve transfers to servers located outside the EU

When data is transferred outside the EU/EEA, we rely on:

  • Standard Contractual Clauses (SCCs),

  • Adequate safeguards as provided by Meta Platforms, LinkedIn, and Zoho Corporation, or

  • Other mechanisms permitted by GDPR.

Links to the respective privacy practices are available on Facebook, LinkedIn, and WhatsApp.

8. DATA RETENTION

Personal data is retained only as long as necessary for the purpose for which it was collected or as required by applicable law.
Support tickets and communication data stored in Zoho Desk or Zoho CRM are retained according to our internal support and CRM retention schedules unless a deletion request is received.

9. YOUR RIGHTS

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal data,

  • Withdraw consent at any time,

  • Request data portability (EU users),

  • Object to or limit processing,

  • File a complaint with your local Data Protection Authority.

Requests can be sent to: dataprivacy@fishtankconsultancy.com

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. This includes secure processing of WhatsApp communication via authorized WhatsApp Business API providers, secure ticket handling in Zoho Desk, and secure access controls for our Facebook and LinkedIn pages.

11. CHILDRENS’S DATA

We do not intentionally collect data from children under 14 years of age. If you believe that a child has provided us with personal data, please contact us immediately at dataprivacy@fishtankconsultancy.com, and we will delete such information promptly.

12. UPDATES TO THIS POLICY

We may update this Policy periodically. The updated version will be posted on our website with a revised “Version” date.

13. CONTACT US

If you have any questions or wish to exercise your data protection rights, please contact:

dataprivacy@fishtankconsultancy.com