Privacy Policy

Table of Contents 

  1. Subject matter of the Privacy Policy
  2. For the Data Processing Controller [and Data Protection Officer]
    • Contact details
  3. Collecting and storing personal data and how and why we use such data
    • Log files
    • Cookies
    • Analytics tools
  4. Subcontracted data processing
  5. Third party website links
  6. Data security
  7. Data subjects’ rights
  8. Changes to the Privacy Policy


  1. Subject matter of the Privacy Policy

Welcome to our website! In accordance with Articles 13 and 14 of the EU General Data Protection Regulation No. 679/2016 (hereinafter “GDPR”), this Privacy Policy is intended to inform you of the data processing procedures and the protection of your personal data related to our website, its content and our services.

“Personal data” means all information related to an identified or identifiable individual. An “identifiable” individual is one who can be directly or indirectly identified.

  1. For the Data Processing Controller [and Data Protection Officer]


  • Data controller

The personal data processing controller is:

Fish and Chips S.àr.l.

34a rue Philippe II, L-2340 Luxembourg

Trade register and number: B151334

VAT number: LU23758241

Business licence number and trade: Activités des agences de publicité, 73.110

Tél. : +352 27 47 87 88



  1. Collecting and storing personal data and how and why we use such data

3.1. Log-Files

Each time you open our website, the browser you are using on your end device will automatically send data to our website's server for storage in server log files. Such data consist in information related to an identified or identifiable individual. The following information is stored in that way:

  • your end device's IP address,
  • date and time of the website call (request to the host provider's server),
  • name and URL of the file called,
  • URL of the website from which you called our website,
  • type and version of the browser used,
  • operating system used and the name of your access provider.

The purpose of such data processing is to ensure that our website can be properly opened and displayed on your end device. The information will also be used to optimise our website and ensure the security and stability of our systems.

The legal basis for the processing is GDPR Art. 6 (1) (f). We have a legitimate interest in providing you with a website adapted to your browser and end device. You have the right to object to supplying such information but your failure to do so may prevent you from using our website in whole or in part.

The processed information will be stored only as long as necessary for the intended purpose or for the statutory retention period.

The recipient of the information is the Server Host working in the framework of a data processing agreement.

3.2. Cookies

We use cookies on our website. Cookies are text files that are automatically created by your browser and stored on your end device when you visit our website.

Cookies can be used to store your input and settings on a website so that you do not have to indicate or enter the same information every time you visit a website. Cookies contain a “Cookie ID” which allows us to identify the end device on which the cookie was stored.

  • Types of Cookies

We use the following types of cookies on our website:

Session cookies, which make you and/or your end device identifiable while you are visiting our website. Session cookies are automatically deleted each time to leave our website.

Temporary cookies, which are stored on your end device for a specified period and make you and/or your end device identifiable. Such cookies are used to make the website as user-friendly as possible. The next time you visit our website to make use of our services, the system will automatically recognise that you have visited us previously and will remember your prior input and settings so that you will not have to enter them again.

On our website, we use the following cookies:

Name of cookie


Expiry date





The purpose of such processing is to make our website more convenient for you to use by allowing you to store your settings.

The legal basis for the processing is GDPR Art. 6 (1) (f). We have a legitimate interest in providing you with a website that stores your personal settings to make it easier for you to use our website.

  • Cookies settings

Most browsers accept cookies automatically but you can restrict or wholly disable our use of cookies in your browser settings. If you disable cookies completely you might not be able to use all the features of our website. You can also instruct the system to delete cookies automatically when you close the browser window.

For more information about how to delete cookies and/or change cookie settings in the most common browsers, check out the following links:

Google Chrome:
Mozilla Firefox:
Apple Safari:
Microsoft Internet Explorer:



In addition, we use cookies to record statistics on the use of our website and analyse them in order to optimise our goods and services (see section 3.3). When you return to our website, cookies let us recognise automatically that your IP address has already been on our website before. Third-party cookies may also be set by the service providers we use. We will inform you separately of our use of cookies associated with the individual services.

3.3. Analytics tools

 - Google Analytics

We use Google Analytics, a web analytics service from Google Inc. ( (hereinafter “Google”). In that context, pseudonymised user profiles are created and cookies are used (see section 3.2.). The information generated by cookies concerning your use of our website is transferred to one of Google's servers in the USA for storage.

You can prevent the installation of cookies by choosing the appropriate setting in your browser software (see our explanations in section 3.2).

You can download and install a browser add-on to prevent Google from recording information generated by cookies concerning your use of our website (

For more information about data protection related to Google Analytics, see the Google Analytics support page (

The integration of Google services sometimes allows Google to collect and process information (including personal data). We cannot control which information is collected and processed by Google itself. On that subject, please see the Google Privacy Policy ( For tips on Google privacy settings, see

             - Use of Google Web Fonts 

We use external Google Fonts on our website.

Google Web Fonts are integrated through an interface to Google services. Integration of the Web Fonts sometimes allows Google to collect and process information (including personal data). We ourselves do not collect any data in connection with providing Google Fonts.

We integrate Google Fonts in pursuit of our legitimate interest and purpose of being able to display uniform fonts on your end device. The legal basis for the above-described processing is GDPR Art. 6 (1) (f). In addition, Google has a legitimate interest in using the collected (personal) information in order to improve its own services.

For more information, see and


The information related to the analytics tools is used to analyse your use of our website in order to draw up reports on the website activities and provide other services related to use of our website to achieve a needs-based organisation of our website.

The above-mentioned tracking measures are used on our website on the basis of GDPR Article 6 (1) (f). The purpose of using tracking measures is to ensure a needs-based organisation and ongoing optimisation of our website in the pursuit of our legitimate interests. In addition, the tracking measures allow us to keep statistical records of the use of our website and to evaluate and optimise our goods’ and services’ offerings.

For more information on the specific purposes of data processing and data categories, see the privacy policies of the relevant analytics tools’ service providers.


  1. Subcontracted data processing

We work with the following web hosting and with analytics tools service providers:


These service providers work under data processing subcontracts that comply with the provisions of GDPR Article 28.

Personal information is not processed by us outside the EU.

The transmission and processing of personal data outside the EU by the service providers is performed in accordance with the rules of the GDPR on the basis of the adequate data protection measures described in the relevant third party privacy policies

  1. Third party website links

Our website may contain links to external third-party websites. Data processing on other websites is carried out under the responsibility of the relevant third party, and such processing is therefore beyond our control. For more information, please refer to the privacy policies of the relevant third-party websites.

  1. Data security

We protect our website and other systems by taking appropriate technical and organisational measures against the loss, destruction, access, modification or dissemination of your data by unauthorised persons. Despite such measures, complete protection against all risks is  not possible given the nature of the internet.

  1. Data subjects’ rights

Data subjects have certain rights subject to the conditions defined in the GDPR. Every data subject generally has the following rights:

  • Right of access by the data subject (GDPR Art. 15): you have the right to obtain information about the processing of your personal data and its main components.


  • Right to rectification (Art. 16 GDPR): you have the right to demand rectification of data concerning you and/or completion of incomplete data.


  • Right to object (GDPR Art. 21): insofar as your personal data is processed on the basis of legitimate interests within the meaning of GDPR Article 6 (1) (f), you have the right to object to such processing on grounds relating to your particular situation (without prejudice to our compelling legally protected interests) and/or to object to direct advertising. If you wish to exercise your right to object, you may send us an e-mail at the following address: ***[e-mail address]. We will keep a file in which the relevant information of the persons who have exercised their right to object will be processed in order to respect the data subject's wishes. The information in the opt-out list will be stored for ***[3 years] and then deleted.


  • Right to erasure (GDPR Art. 17): under certain conditions, you have the right to erasure of your personal data stored by us, e.g., in case the personal data are no longer necessary in relation to the purposes for which they were collected or if you have made a legitimate objection to the data processing. The right to erasure is not always applicable, especially not if the processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.


  • Right to restriction of processing (GDPR Art. 18 et seq.): you have the right to obtain the restriction of the processing of your personal data under certain conditions, in particular if you contest the accuracy of the data but you do not wish to obtain erasure of the data; the information is no longer needed by us but you need the information for the establishment, exercise or defence of legal claims, or you have made a legitimate objection to the data processing.


  • Right to data portability (GDPR Art. 20): in certain cases defined by law, you have the right to receive your personal data that you supplied to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller.


We further  inform you that the consent you may have given may be withdrawn at any time, in which case we will not be allowed to continue the data processing based on such consent in the future, without prejudice to the lawfulness of the processing that was performed on the basis of such consent prior to the time of withdrawal.

We reserve the right to obtain confirmation of your identity when you ask us for information and documents.

We encourage you to send us any requests or queries you may have concerning your rights to ***[e-mail address (of the Data Protection Officer if applicable)]. If you believe that the processing of your data is not compliant with the GDPR, you have the right to file a complaint with the competent data protection authority (cf.

  1. Changes to the Privacy Policy

It may be necessary to adapt this Privacy Policy in case of changes in our company procedures or amendments of the applicable laws. You will be informed of any such change in a timely manner. Please examine the currently applicable Privacy Policy when you visit our website.




On the website, the headings of the TOC can be linked with the corresponding sections in a user friendly manner.


Include only if applicable under the GDPR.


In principle, the cookies data should be stored and processed no longer than 13 months according to the French data protection authority.



FISH AND CHIPS : Analytics Tools must comply with the data protection laws. Some solutions are better than others (the French data protection authority recommends Matomo, for example). Please look into which service provider meets the necessary criteria.


According to various sources, the legality of using Google Web Fonts may be questioned because of Google's extensive processing and linkage of data. It is recommended to insert Google Web Fonts locally on the website. You can find out about that possibility online. The passage of text concerning data processing can be deleted in the case of local integration.