Fanatic Design Ltd (Fanatic) is registered with the Information Commissioner’s Office, as a company that handles data in its day-to-day business operations.
Data Protection Officer: Ian Collis-Smith
Fanatic is authorised by clients, on a case-by-case basis, to receive data for a specified use for marketing, or IT / website development. Fanatic will never use any data it receives for any other purpose, and will remove any copy of the data on completion of the specified project lifecycle, in line with this policy.
1.0 Employees and Contractors
All Fanatic employees and contractors are bound by the terms and conditions of their employment to never share any data received or held on behalf of a client other than with specified third party suppliers and only ever for the sole purpose of fulfilling the project brief. Fanatic keeps a record of all contractor and employee contracts for as long as necessary after any employment has ended.
All staff are trained in the Fanatic data policy and the importance of adhering to General Data Protection Regulations (GDPR).
1.1 Email @fanaticdesign.co.uk
The Fanatic email domain is the primary communication medium between staff, clients and suppliers. It is accepted by the client within the Fanatic general Terms and Conditions of Business that when a client sends data via email, it is not a secure transfer mechanism.
Emails to the Fanatic domain, and any attachments thereon, will be kept for up to 36 months and subsequently be deleted after such time.
1.2 Internal Local Data Storage
Fanatic uses an internal shared hard drive for file storage within the studio. This is an industry standard device with in built security such as password protected access to the drive. It is shared only with employees and contractors.
Client data is stored on this drive in formats such as CSV and XLS.
All client data stored is logged in the Fanatic client data log, and Fanatic has a process for removing any stored data on completion of the project.
Data is required to be transferred to web developer workstation local hard drives, where a development and testing environment is used during the development life cycle of a project. Development and testing environments are required for the development and ongoing support of a project. Where possible dummy data will be used on development and testing environments, but client data will be used where required, and removed on completion of a project.
1.3 External storage: Hosting
Fanatic manages a number of servers for the purpose of client website hosting within a specialist data centre which has supplied a copy of their data protection policy conforming to GDPR. The servers are subject to industry standard, low risk data security protection. Fanatic can provide specific requirements for a higher level of data security subject to a written request and an agreed SLA. All website software measures required to be taken to protect malicious attempts to obtain any data stored on Fanatic managed server space will be specified and agreed with Fanatic as part of the development specifications and agreed SLA.
1.4 Job Applications
By applying for an advertised role at Fanatic an applicant agrees for their supplied data to be stored in line with this data policy within an email inbox, and on any conforming third party recruitment platform as long as necessary.
1.5 Administration and Accounting
Client names, work addresses, phone numbers and email addresses will be stored within the Fanatic Accounts department in hard copy, digital form, and on third party software platforms that conform to this policy. This data will be stored and kept for as long as necessary.
1.6 Data Breaches
Any breach of data as a result of malicious activity will be reported to the ICO and affected parties within 72 hours of discovery, and a record of this will be kept on file.
1.7 Removal and Access to Held Personal Data
Clients, suppliers, employees and job applicants may request to understand what data is being held by Fanatic, and to have that data deleted. Fanatic will on such a request show this data, and delete the data if not legally required to be held. Requests should be sent to firstname.lastname@example.org.
1.8 Client Data Protection Compliance
All clients will confirm, as part of our Standard Terms of Business, that all data they supply to Fanatic for use in marketing activity has been collected and kept in compliance with the GDPR.
1.9 Third Party Suppliers
All third party suppliers who handle client data, including; printers, cloud software platforms, marketing email providers, must supply a copy of their Data Protection Policy showing they conform to the GDPR.