GDPR Notice

1. Data Controller

GishFy acts as the data controller for personal data processed through our platform for account creation, wishlist sharing, notifications, and support.

2. Legal Bases for Processing

We process personal data under one or more of these legal bases:

• Contract: To provide and maintain your account and core product features.
• Consent: For optional communication preferences and selected features.
• Legitimate interests: To secure, improve, and analyze service reliability.
• Legal obligation: To comply with applicable law, regulation, or legal requests.

3. GDPR Rights

You may exercise the following rights, subject to legal limitations:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete information.
• Erasure: Request deletion of your personal data.
• Restriction: Ask us to limit processing in specific circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Revoke consent where processing depends on consent.

4. International Data Transfers

If data is transferred outside the EEA/UK/Switzerland, we apply appropriate safeguards, such as contractual protections and security controls, to protect personal data.

5. Retention

We retain personal data only for as long as necessary for service delivery, legal compliance, dispute resolution, and security. Retention periods depend on data type and purpose.

6. How to Submit a Request

To exercise GDPR rights, contact gdpr@gishfy.com. We may verify your identity before fulfilling requests and aim to respond within 30 days.

7. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe your data protection rights have been infringed.