Goofish Privacy Policy (Hong Kong SAR)
(Effective as of 20 June 2025)
1.About Goofish
1.1 This Privacy Policy applies to your use of services provided by GOOFISH Hong Kong LIMITED, and their affiliated companies (“Goofish”, “we”, “us”, “our”). These services (collectively, the “Goofish Services”) include the Goofish mobile application, as well as any new service forms emerging from technical developments, including but not limited to, mini-programmes. We attach great importance to the protection of users’ privacy and personal data. Under Hong Kong SAR data protection laws, Goofish is obligated to inform you about data processing. This Privacy Policy sets out how we may collect, use, disclose and otherwise process (“process”) your personal data when you access Goofish Services as a Hong Kong SAR user. The entity responsible for the handing of your personal data is GOOFISH Hong Kong LIMITED. If you are in regions other than Hong Kong SAR and access Goofish service, please refer to Goofish Privacy Policy.
Your region of residence is determined based on the region you actively select when you register or the region information displayed in your device’s system setting.
1.2 Goofish is an online consumer-to-consumer focused idle resources exchange community that provides various services to individual users, enabling users to post idle resources information online, communicate with other users and facilitate transactions. Under Hong Kong SAR data protection laws, Goofish can use your personal data necessary for a lawful purpose directly related to the function or activity you carry out or involved with, which are specified in Goofish User Agreement and this Privacy Policy. In case you do not provide these personal data, we will not be able to provide Services you require and fulfill our legal obligations required by applicable laws. If Goofish intends to use the personal data collected for a new purpose other than that for which it is collected, we will obtain your consent according with applicable laws.
1.3 Certain services on Goofish are offered by third-party suppliers. Prior to your use of such services, the third-party suppliers may require you to register as their members and obtain your consent under Hong Kong SAR data protection laws and their data protection regulations.
2.Collection of personal data
We may collect and receive your personal data in the following situations:
2.1 Personal data you actively provide
When you create an account, search or browse our apps, sell or purchase goods, contact us directly, or otherwise use the services, you may provide the following personal data:
●
mobile phone number*
●
email address*
●
avatar
●
nickname
●
location*(e.g. country/region you select when you register)
●
communication information* (e.g. chat messages, and images sent via chat functions).
●
payment methods data*
●
transaction data*
*mandatory personal data
If you do not provide mandatory personal data, you may not be able to create and register your account, and we may not be able to provide services you require, or communicate with you.
2.2 Personal data we collect automatically
We automatically collect certain information when you use Goofish Services, including technical information (such as Internet or other network activity information, and device information), details of transactions and communications over Goofish, details of buying and browsing activities on Goofish, and other types of information regarding how you use Goofish Services.
We also employ cookies and similar tracking technologies, which may collect personal data about you. For further information, please refer to Section 3 of this Privacy Policy.
2.3 Personal data we receive from other sources
2.3.1 We may collect personal data about you from third parties, such as through Apple ID and the Google platform, if you choose to register via a third-party account. Exactly what information we receive will depend on your privacy settings on the applicable third-party platform, but would typically include basic public profile information such as:
●
your email address;
●
your name, and/or nickname;
●
User ID from the third-party platform
You can determine the personal data that we can access when authorizing the connection with the single sign-on service.
2.3.2 We may also collect personal data about you from other e-commerce marketplaces, if you choose to sell goods on other e-commerce marketplaces through Goofish conveniently. Normally, the third-party marketplace may require you to authorize the disclosure of your relevant information (which may include your account information, avatar, nickname, and goods items) to us.
2.3.3 We will receive data from third-party payment service provider, of which is necessarily needed for enabling your payments for items, and withdrawing your money.
2.3.4 We will only collect personal data from third parties for the purposes stated in this Privacy Policy where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us.
3.Cookies and similar technologies
This section explains how we use cookies and similar technologies (we refer to them collectively as “Cookies”, or “Cookie”) to recognize you when you visit Goofish. It explains what these technologies are and why we use them, as well as your rights to control them.
3.1 Cookies are small text files collecting amounts of data that your browser receives and stores on the local drive of your computer or mobile device, which enable your device to be recognized when you visit a website or application. Goofish, particularly mobile application version, use other technologies that function in a similar way to cookies. For example, we use Software Developer Kits (“SDKs”), a collection of software development tools in one installable package, which allows third party developers to integrate with our mobile application for specific purposes (e.g., authentication).
3.2 We, and our partners or authorized third-providers make use of Cookies to provide you with a better, faster and safer user experience. Some Cookies are strictly necessary to make our Services work and to ensure data and IT security and prevent fraudulent activities. We refer to these as “operationally necessary Cookies”. Other cookies enable us to provide Service functionality, or to enhance user experience on our Services, for instance, we may provide users with personalized content and advertising in the future.
3.3 Operationally necessary Cookies are strictly necessary to enable to access and use of our Service, and you cannot disable them. Some Operationally necessary Cookies are integrated by third-parties as they are required to protect your transaction safety and fulfill their legal duties. You have the right to decide whether to accept, reject or customize optional Cookies through our Cookie Settingtool to be updated simultaneously. If you disable non-operationally necessary Cookies, you can still use our Services although your use of some features and access to some areas on our Services may be limited.
3.4 For further information about the categories of Cookies we use, and how you can control Cookies, please see our Cookie Policy (Transaction version)and Cookie Settings.
4. Details and Purposes of processing
4.1 How Goofish collect and use your personal data is determined by your activities and the functions you activated on Goofish. To undertake commercial transactions via Goofish, a function targeting Hong Kong users, you need to authenticate your identity by providing your mobile phone number and verification code. Goofish may process your personal data for the following purposes.
User Activity/Function | Personal Data Processed |
● Enabling you to register on Goofish and protect your account | ● User profile data, such as nickname, avatar, country of residence, and other accounting setting. ● External account data, shared by Google/Apple when registering Goofish or interacting with Goofish via an external service, such as your Google/Apple/Taobao user name, email address, and/or other profile information. ● Identity verification data, such as mobile phone number, and verification code. |
● Enabling you to browse and search content, including improving user experience (e.g. displaying content based on your individual habits) | ● Device data, such as device type, unique device identification numbers or other identifiers. ● User usage data, such as activity and App interactions information that we capture using Cookies and similar technologies, including browsing records, clicks, likes and comments, search keywords, filtering conditions. |
● Enabling you to post information and interact with other users on Goofish | ● Uploaded content data, such as order information obtained through Taobao e-commerce platform, and other information actively provided by users for purpose of posting content, including idle resources information and events information. ● Goofish interaction data, such as comment, like, share other users’ content, information actively provided by users for purpose of establishing, managing, or joining Fishponds, including interaction among Fishpond members, and message content sent through Goofish chatting tools, including text, picture, and address information sent by users. ● Location data, such as the authorized GPS location information, events location information or residence information you actively provide. |
● Enabling you using Goofish AI Agent to post idle resources information, auto-reply and etc. | ● Uploaded content data, such as commodity picture, commodity information, price uploaded by user via Goofish AI Agent. ● Communication data, message data occurred among Goofish members via Goofish chat tools. |
● Enabling your payments for items and withdraw your money | ● Payment methods data, such as bank card number, card bank identity number, billing address, cardholder's name, issuer of card. Data will be collected and received by the third-party payment service provider directly and actively provided by you for for enabling Goofish to fulfill your financial service needs. Goofish does not collect these data. ● Transaction data, such as unique ID assigned for purpose of identifying a transaction and the order, transaction time, and goods information data (including price, currency, and quantity). |
● Enabling Goofish to secure your transaction, and enforce compliance duty required by contracts and applicable laws | ● Payment methods data, such as bank card number, card bank identity number, billing address, cardholder's name, issuer of card. ● Transaction data, such as unique ID assigned for purpose of identifying a transaction and the order, transaction time, and goods information data (including price, currency, and quantity). ● Shipping data, such as the name of the recipient, shipping address, phone number. ● Device Data, such as device type, device brand, unique device identification numbers or other identifiers, the IP address of the device, and etc. |
● Helping you correspond and interact with Goofish for resolving purchse-related disputes between members, submitting inquiries, complaints and seeking service support | ● Communication data, such as contact information, inquiries content you submit through Help Center or any other feedback channels, message data occurred among Goofish members via Goofish chat tools. ● User profile data, including user name, residence, email address. |
● Enabling you to manage your Setting | ● User profile data, including nickname, avatar, gender, and personal status/signature, selected region. ● User preference data, including notification preference, language choice, privacy preference. ● User usage data, such as click, and impression. |
● User profiling and knowing Goofish trends, including identifying usage trends and analyzing functionalities performance on an aggregated, specific group(s), and individual bases | ● Device data, such as device type, unique device identification numbers or other identifiers. ● User usage data, such as activity and App interactions information that we capture using Cookies and similar technologies, including browsing records, clicks, likes and comments, search keywords, filtering conditions. ● Account data, such as mobile phone number, IP, device information when registering. ● External account data, such as third-party account ID. |
● Complying with legal and regulatory obligations to which we are subject and to protect our legal rights, including content mitigation, money laundering, and etc. | ● Uploaded content, such as commodity ID, price, picture, region, and address information. ● User profile data, such as user ID, nickname, avatar, gender, birthday, profile, status. ● Communication data, such as content creation/revision time. ● Account data, such as mobile phone number, IP, device information when registering. ● External account data, such as third-party account ID. |
4.2 We may use your personal data in direct marketing in the future. However, we will not use your personal data for such purpose unless we have received your consent.
You may in future withdraw your consent to the use and provision of your personal data for direct marketing. If you wish to withdraw your consent, please send a request to us using the contact details set out at “Section 13 Contact us above”. We will, without charge, ensure that you are not included in future direct marketing activities.
4.3 Where necessary, we may transmit your personal data to Goofish-affiliated companies in connection with the purposes set out herein. Regarding third-party service providers, except for purpose of providing service, Goofish may also transmit data for complying certain legal and contractual requirements, particularly transaction security. These recipients are contractually obliged to take appropriate security measures with regard to the personal data they receive, and limit their use of such data to the purposes necessary to fulfil their contractual obligations.
5. Disclosure or sharing of personal data
We may disclose, transfer, communicate or otherwise share your personal data to the following parties:
5.1 Goofish-affiliated companies, including our subsidiaries, affiliates and related corporation, who may use it for purposes described in Section 4.
5.2 Third-party service providers, who may use it for purposes such as:
●
providing cloud computing or other hosting service providersto provide cloud storage services;
●
providing artificial intelligence (“AI”) technology support. Goofish AI Agent, automatically generating idle resources information content, price setting and communicating with other users, is based on the large language model technology provided by Azure OpenAI (clickhereto readData, privacy, and security for Azure OpenAI Service);
●
providing transaction function, the third-party service provider we work with is Antom Services (clickhereto read its Privacy Policy).
5.3 An actual or potential buyer and/or successor (its agents and advisers included) in connection with any actual or proposed purchase, merger or acquisition of any part of our business.
5.4 Our professional advisors, law enforcement agencies, and Government or regulatory authorities, for purposes such as legal proceedings, or as authorized or required under applicable laws, who may use it for purposes relating to criminal investigations into any alleged or suspected illegal activity.
5.5 Any other person, with your consent to the disclosure or as authorized under applicable laws.
6. Data Retention
6.1 We retain your personal data for as long as necessary for the provision of Goofish Services, or for other legal or business purposes (e.g., complying with our legal obligations, or resolving disputes), in accordance with applicable laws.
6.2 The specific data retention periods are determined mainly based on the following criteria (where applicable):
●
to fulfil the purpose of the services we provide to you, and to maintain the corresponding records in order to respond to your possible inquiries or complaints;
●
to ensure the safety and quality of the services we provide to you;
●
your consent on a longer retention period;
●
other special agreements or legal and regulatory requirements regarding retention periods.
6.3 We will delete your personal data in accordance with our data retention and deletion policy. In cases where we are legally obliged or permitted to keep your personal data longer, we may restrict the processing of your data instead of deleting it (e.g., by restricting access to it, anonymization), as far as legally permissible or required.
7. Your rights as a data subject
As a resident of Hong Kong SAR, you have the following rights, which you can exercise at any time by contacting us using the contact details provided under Section 13. Contact us above:
●
You have the right to request a copy of your personal data held by us, unless we are exempted from complying with a data access request.
●
You have the right to request for us to make necessary corrections in respect of any personal data that you consider inaccurate after we have fulfilled a data access request from you. We may refuse a data correction request if we believe the personal data is accurate, an expression of opinion or the proposed correction is inaccurate.
●
We reserve the right to charge a reasonable fee to process any personal data access or correction request.
8. Minors
Minors are rejected from creating Goofish Services (including Goofish) accounts, as we do not intend to provide Goofish Services to users who are under 18 years old. If a minor has provided us with his or her personal data without parental or guardian’s consent, the parent or guardian shall contact us to remove such information.
9. Security measures
We implement appropriate organizational and technical measures to protect your personal data. For instance, we limit access to your personal data to Goofish’ employees, agents, contractors and other third parties who require such access to carry out their duties and contractual obligations. We implement both physical access restrictions for our data centers and logical access controls for data and systems access. In addition, we implement appropriate technical measures to prevent unauthorized access, use, disclosure, modification, disposal or similar risks to the data we hold, and to maintain data accuracy, among other things. We will notify you and the regulatory authorities in accordance with the timescales and scope required by applicable data protection law, in the event of a data breach.
10. International transfer of personal data
10.1 Your personal data may be transferred to recipients located outside where you reside. We primarily store your personal data in the United States and Singapore. Also, we may process your personal data in China and enable access from China to your personal data. The categories of our recipients are as following:
●
Goofish-affiliated companies, who receive the transferred data to provide services such as software, tools, systems, content mitigation, safety measures, customer service, and technical and operational support;
●
Third-party service providers, whoreceive the transferred data to fulfil their contractual obligations and legal duties, such as cloud computing or other hosting service providers, artificial intelligence technology support, and payment service provider.
10.2 We only transfer your personal data outside where you reside where there are appropriate measures put in place in accordance with applicable laws.
11. Language
To the extent permitted by applicable law, if there is any conflict between the English version and another language version of this Privacy Policy, the English version shall prevail.
12. Privacy Policy Updates
12.1 We may update this Privacy Policy from time to time in response to changing legal, technical or business developments.
12.2 When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make and as required by applicable laws. You may receive notifications concerning our major changes to this Privacy Policy timely through various channels, for example, via our apps. We recommend you check back frequently to see any updates or changes. Please check the date displayed at the top of the Privacy Policy to see when it was last updated.
13.Contact us
For any questions, comments regarding this Privacy Policy, or requests to exercise your data subject rights under the laws of your jurisdiction, you may contact our Data Protection Officer via privacy@igoofish.com.