Firefish Guide
Video Guides
Firefish Protocol
FAQs
Bitcoin: The Ultimate CollateralCareers
MediaLegalDeutschItalianoEspañolČeskyMagyar繁體中文PRIVACY STATEMENT FOR APPLICATION USERS
This privacy policy describes how Firefish collects, processes, and protects your personal data when you browse our website www.firefish.io (the “Website”), or when you use our Firefish application (the “Application”), or when we provide you with our other services (the “Services”).
In this privacy policy, "Firefish," "we," "our," and "us" each means Firefish Europe s.r.o., having the seat at Na Troskách 22, Banská Bystrica 974 01, Slovakia, ID number (IČO): 55 912 974, registered by the District Court Banská Bystrica, Section: Sro, File No.: 47958/S (individually as “Firefish Europe”) and Firefish Peer Servicing s.r.o. having the seat at Na Troskách 22, Banská Bystrica 974 01, Slovakia, ID number (IČO): 56 481 748, registered by the District Court Banská Bystrica, Section: Sro, File No.: 50102/S (individually as “FSP”). Firefish Europe and FSP act as joint controllers of your personal data, unless otherwise stated in this privacy policy.
Please note that the content of this privacy policy might be updated from time to time. This version of the privacy policy is effective as of 8. 8. 2025. You can always find an up-to-date version of this privacy policy on our Website.
This privacy policy applies only to the processing of personal data by us. This privacy policy does not address the processing methods and privacy practices of other third parties for which we are not responsible. Please also note that we do not process personal data of individuals under the age of 18.
The following information can be found in this privacy policy:
- Whose data will be processed?
- Why do we process your personal data, which data do we process and on which legal basis?
- With whom may we share your personal data?
- Do we transfer your personal data to third countries?
- How long do we process your personal data?
- Are you subject to automated decision making or profiling?
- Which measures do we use to protect your personal data?
- What are your rights?
- How can you contact us?
1. Whose data will be processed?
We process personal data of the following categories of data subjects:
- visitors of our Website,
- lenders, borrowers and other customers (e.g. Invest Pro users), who use the Application dedicated to bitcoin-backed loans or other Services,
(“you” or “your”).
2. Why do we process your personal data, which data do we process and on which legal basis?
Our primary purposes for processing your data are to (i) enable you to use the Application with all of its benefits, (ii) enable you to benefit from our services and establish a business relationship with you, (iii) fulfil our legal obligations arising from your use of the Application and the provision of our Services, (iv) promote our services and provide you with relevant marketing offers, (v) provide you with the best possible experience when browsing our Website, (vi) develop and improve the Application and other Services.
Please note that we will only process your data obtained directly from you in a limited and secure manner, where we have a legitimate reason and legal basis for doing so, and in accordance with applicable data protection legislation.
Purpose | Detailed purpose description | Scope of processed data | Applicable legal basis |
Account registration | If you want to use the Application or other Services, you have to create a user account. | We process your name, surname, e-mail address and your username. | Art. 6 (1) (b) of GDPR for the performance of a contract or to take steps prior to conclusion of a contract |
Verification of your identity for KYC and AML purposes | In order to benefit from the main functionality of the Application, i.e. bitcoin-backed loans, or to access other Services such as the Invest Pro model we need to establish and verify your identity as part of our KYC process (Know-Your-Customer) in compliance with the applicable anti-money laundering legislation. | We process your name, surname, date of birth, age, contact address, residency address, birth registration number, place of birth, sex, nationality, details included in your ID, passport or other document used for identification, including the photo of this document, your photo or video with your image, and other data required by the applicable AML laws, including financial details, information whether you are politically exposed person or whether you are on sanction lists or law enforcement watchlists, etc. | Art. 6 (1) (c) of GDPR for compliance with a legal obligation to which we are subject |
Preparation of peer-to-peer or instant loan agreement | To enable you to benefit from the bitcoin-backed loans provided through the Application, you enter into a peer-to-peer or instant loan agreement either as a lender or as a borrower. The process of agreement preparation and conclusion may be directed through the Application or can be run differently. | We process your name, surname, residency address, contact details (phone number, e-mail address), bank or other payment details (e.g., name of the bank, bank account number, DLT address), amount of the loan, information about terms of loan payment, information about your position in the peer-to-peer or instant contractual relationship, details about your bitcoin resources. | Art. 6 (1) (b) of GDPR for the performance of a contract or to take steps prior to conclusion of a contract
Art. 6 (1) (c) of GDPR for compliance with a legal obligation to which we are subject |
Provision and loan, loan administration and loan repayment | We process your personal data to manage and facilitate the process of receipt of the financial resources from the loan and loan repayment as well as to execute the process of BTC collateral locking and releasing. | We process your name, surname, residency address, e-mail address, bank or other payment details (including information from bank statements), details from peer-to-peer or instant contact, details concerning the conditions of loan provision and loan payment, details about your bitcoin resources and possibly other necessary data. | Art. 6 (1) (b) of GDPR for the performance of a contract or to take steps prior to conclusion of a contract
Art. 6 (1) (c) of GDPR for compliance with a legal obligation to which we are subject |
Use of Application and further technical development of the Application | The Application provides several functionalities and enables us to communicate with you regarding the bitcoin-backed loans and other related matters. We also wish to further develop the Application and provide you with the best possible user experience, thus from time to time we run the technical tests and allow you to use the new features. | We process your account data, content of our communication with you, technical details of your device, your IP address, your behaviour when using the Application. | Art. 6 (1) (b) of GDPR for the performance of a contract or to take steps prior to conclusion of a contract
Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to solve potential issues related to the use of Application and to further develop functionalities of the Application |
Maintaining security of our services, Application and Website | We process your data to protect the security and integrity of our services, Application, and Website. This includes activities like detecting and preventing fraud, unauthorized access, and other harmful activities. We monitor system activity, verify user identities, and ensure our services are safe and reliable for everyone. Your information helps us quickly identify potential security threats and take action to protect your data and our systems. | We can process login information (username and password), IP address and device information (e.g., device type, operating system, browser type), access logs and activity logs (e.g., time and date of access, pages viewed, actions taken), location data (where relevant to security monitoring, e.g., detecting suspicious access patterns), authentication data, communication metadata (e.g., information about emails or messages sent as part of our services), identifiers and security tokens and fraud detection signals. | Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to maintain security of our services, Application, Website and users
Art. 6 (1) (b) of GDPR for the performance of a contract or to take steps prior to conclusion of a contract |
Provision of other related Services | When you wish to take advantage of our other Services available through our Website or otherwise, which are provided on the basis of the Terms of Service or a separate agreement, we will need to process your personal data in order to be able to provide those Services to you. | We process your data as necessary to enter into a contract and to provide you with the requested Service. Regardless of the type of Service, we process your identification and contact details, your bank or other payment details, content of our contract and information about the Services provided. | Art. 6 (1) (b) of GDPR for the performance of a contract or to take steps prior to conclusion of a contract |
Customer relationship management | When you decide to use the Application and our Services, throughout the duration of our cooperation, we need to communicate with you to respond to your queries, to prepare your peer-to-peer or instant agreement or its amendment, to adjust our terms and conditions, to discuss details of our cooperation and your use of the Application, etc. | We process your name, surname, your contact details, information about your account, data concerning your activity in the Application, technical details of your device, your IP address, content of our communication, content of our contract (terms and conditions) and your peer-to-peer, instant or other agreement. | Art. 6 (1) (b) of GDPR for the performance of a contract or to take steps prior to conclusion of a contract |
Maintaining database of customers | We keep a database of the existing users of the Application or other Services for our internal administration purposes, as well as for our business development. | We process your name, surname, contact details (e.g. e-mail address), your account details. | Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to maintain database of our customers |
Marketing and promotion | We want to promote our Services and develop our business. Therefore we provide you with some electronic marketing communication containing information about us and Services we offer.
If we wish to contact you with marketing communications unrelated to our Services, we will only do so with your prior consent. | We process your name, surname, email address. | Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to provide you with direct marketing communication
Art. 6 (1) (a) of GDPR to provide you with other marketing communication based on your consent |
Visiting our Website | When you look for certain information about us and our Services, or if you decide to contact us, or when you browse our Website, we will process your personal data via cookies as mentioned in our Cookie Policy.
Firefish Europe will be the data controller of your personal data processed for this purpose. | We process mostly technical data about your device which you use to access our Website (e.g. device type, operating system, screen resolution, your IP address), and information about the browser you use when you visit the Website (e.g. browser type and version, language preference), time spent on our Website, links visited, referring website, search engine, and other details. More information about processing of your data can be found in our Cookie Policy. | Art. 6 (1) (a) of GDPR based on your explicit consent
Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to ensure function of the Website (applicable only for technically necessary cookies) |
Dispute resolution, exercising and defending our legal claims | We may process your personal data for the purposes of solving legal disputes, claims complaints or other similar proceedings arising from or related to your use of the Application or other Services and your peer-to-peer or instant agreement, including loan provisioning itself. | We will process your personal data mainly your name, surname, your contact details (address, e-mail address), your account details, content of your peer-to-peer or instant agreement, information related to the contract between you and us, content of our communication, your requests, suggestions, complaints, any other personal data that may relate to the provision of Services and use of the Application, or is necessary to solve the dispute. | Art. (6) (1) (f) of GDPR for the purpose of our legitimate interest to handle disputes that may arise our cooperation
Art. 6 (1) (c) of GDPR for compliance with a legal obligation to which we are subject |
Fulfilment of our legal obligations | We are obliged to process your personal data to fulfil our various legal obligations (e.g., tax obligations, accounting obligations, data protection obligations, etc.). We may also be obliged to provide your personal data in case of inspection by public authorities, based on the requirements of regulatory authorities, when requested by them and for preventing, monitoring and proving fraud, combating money laundering and other criminal activities. Further, we may have to process your personal data to comply with a decision of respective public authority or with a judicial order. | The scope of personal data we process for this purpose depends on the requirements imposed on us by the public authorities and by applicable law. | It is our legal obligation to process your personal data within the meaning of art. 6 (1) (c) of GDPR. |
In cases where we process your personal data based on our legitimate interest according to art. 6 (1) (f) of GDPR, you are entitled to object to such processing according to art. 21 of GDPR. If you decide to object to the processing, please do so by contacting us through the contact information below.
If the processing of your personal data is a contractual requirement according to art. 6 (1) (b) of GDPR and you decide not to provide us with this personal data, such action may result in the impossibility of entering into a contractual relationship with you, or other complications related to the fulfilment of our contractual obligations.
Whenever we process your personal data based on your consent given to us in accordance with the art. 6 (1) (a) of GDPR, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If you wish to withdraw your consent to the processing of your personal data, please contact us via the contact information below.
If we are legally required to process personal data, you may have an obligation to provide us with that personal data. If you refuse to do so, it may have various legal consequences for you and for us, including adverse consequences (e.g., impossibility to perform relevant action, impossibility of further cooperation, etc.).
3. With whom may we share your personal data?
We take the protection of your personal data very seriously, and therefore we strive to limit the number of recipients as much as possible. We share your personal data with other recipients on a limited basis, primarily with our partners, payment processing providers, legal, accounting and auditing services providers, tax advisors, etc. In addition, the following entities will have access to your information:
- tedsig solutions s.r.o., Dukelskych hrdinu 567/52, Holesovice, 170 00 Praha 7, Czech Republic, for the purpose of handling the Distribution escrow forming part of our Services
- Firefish Labs s.r.o., Křižíkova 148/34, Karlín, 186 00 Praha 8, Czech Republic, for the purpose of provision of technology and other support services related to the operation of the Website and Application and to other Services provision
- UAB “iDenfy”, Baršausko street 59, 51423 Kaunas, Lithuania, for the purpose of support with KYC and AML processes.
We do not allow our partners to sell or use the personal data we share with them for any purpose other than providing services to us. Before we engage a partner, we verify that they are compliant with privacy laws. All of our partners are subject to contractual terms that require them to comply with applicable privacy laws. You should also be aware that our partners may use other contractors to support their business and provide certain services, which may also require the processing of your data.
Lastly, we may share your personal data if required to do so by law or decision of respective public authority or court order, for example with our suppliers or clients, tax authorities, social security agencies, law enforcement agencies or other governmental agencies.
4. Do we transfer your personal data to third countries?
We process your personal data mainly in the EU/EEA, however data related to use of our Website will be processed also outside the EU/EEA (for more details please see our Cookie Policy). Our partners are located mostly in the EU/EEA, but we also use partners from third countries. We strive to ensure that your personal data is transferred exclusively to countries that are considered to have an equivalent level of personal data protection in accordance with the relevant European Commission decision, or where the appropriate personal data protection measures are in place. Whenever necessary, we rely on standard contractual clauses for data transfers to third countries or require compliance with other additional guarantees and measures. Regardless of the country in which your personal data is processed, we take appropriate technical, security and organisational measures to ensure that the level of protection is the same as in the EU/EEA. If you have any concerns about the international transfer of your personal data and the relevant safeguards, you can contact us via email sent to the address mentioned above.
5. How long do we process your personal data?
We store your personal data as long as is necessary to fulfil the purpose mentioned in this privacy policy, for which the data were obtained (e.g. use of the Application and provision of bitcoin-backed loan), to pursue our legitimate interests and comply with applicable laws. This means that we will retain most of your personal data in our systems throughout the duration of your use of the Application and payment of the loan. However, if possible, we will erase certain of your data even before, once it is not needed for the original purpose. Please note that we may process some of your personal data for longer period of time, even after the termination of our contractual relationship, if e.g.: (i) the applicable law (e.g. tax, AML and accounting laws requires us to do so), (ii) if there is an ongoing legal proceeding, or (iii) in exceptional cases, if you have given us the permission to keep your personal data on record for a longer period of time. Please note that the above stated period may be prolonged in case of the request of the relevant public authority or of the court.
6. Are you subject to automated decision making or profiling?
Your personal data are not used for automated decision-making or for profiling.
7. Which measures do we use to protect your personal data?
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of your personal data. We maintain technical and organisational measures designed to protect your personal data within our organisation against relevant security threats, including against unauthorised access, destruction, loss, alteration, or misuse. Your data is accessible only to a limited number of our personnel who need access to perform their duties. In case you wish to learn more about our technical and organisational measures, please do not hesitate to contact us on the contact details mentioned below.
8. What are your rights?
You are entitled to exercise your rights as a data subject with respect to the processing of your personal data. Please see the table below for more details.
Your right | What does it mean? |
Right to access | You have the right to obtain the information whether your personal data are processed, and if yes, you can request a copy of your personal data we process, for which we may charge you with a fee. |
Right to rectification | It is important that we have the correct information, and we request you to notify us if any of your personal data is incorrect or if any of your personal data have been changed. We will rectify your personal data without undue delay upon your notification. |
Right to erasure (“right to be forgotten”) | If the processing of your personal data is no longer necessary or has been unlawfully processed, you withdraw your consent or object to the processing of your personal data, you may request us to erase your personal data. |
Right to restrict processing | From the moment when you (i) asked for rectification of your personal data, or (ii) objected to the processing, until we assess your request, you are entitled to request us to restrict the processing. You may also request us to restrict the processing of your personal data if the processing was unlawful, but you do not want us to delete your personal data, or if we do not need your data anymore for the original processing purposes, however the data are important for defending your legal claims. |
Right to object processing | If we process your personal data based on our legitimate interest or for direct marketing purposes, you may object to such processing.
We can process your personal data further if we can demonstrate the compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. |
Right to data portability | You may request us to provide you with the personal data that you provided to us for the processing based on the consent or for fulfilment of the contract. We should provide you with your personal data in a structured, commonly used and machine-readable format. You also have the right to request the transfer of these data directly to another data controller, if it is technically feasible. |
Right to withdraw your consent | When we process your personal data based on your consent, you have the right to withdraw such consent at any time. Please note that the withdrawal of your consent does not affect legality of the processing previously performed based on the originally granted valid consent. |
Rights related to automated decision making and profiling | You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. We do not use automated decision-making or profiling for the outlined purposes of data processing. However, if you have been subject to an automated decision and do not agree with the outcome, you can contact us using the details below and ask us to review the decision in a non-automated manner. |
9. How can you contact us?
If you have any questions or complaints about this privacy policy or processing of your personal data, please do not hesitate and contact us electronically via email to: [email protected].
If you are not satisfied with our response or if you believe that we are processing your data incorrectly or unlawfully, you can file a complaint with the competent supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic (the “Office”). Contact details of the Office are the following: address: Námestie 1. mája, 811 06 Bratislava, phone number: 02/323 132 14. More information can be found at www.dataprotection.gov.sk.