Fantom Factory Ltd.
Fantom Factory is a trading name of Fantom Factory Limited a registered company in England and Wales, United Kingdom with company number 1118 3348 with registered offices situated at 53 Empire Avenue, Cwmgwrach, Neath, SA11 5SU, Wales and referred to below as "Fantom Factory", "us," "we," or "our".
1 - Introduction
- Fantom Factory Limited ("Fantom Factory") is a controller within the meaning of the Data Protection Act 2018 and the UK General Data Protection Regulation. Further details about us and how to contact us appear below.
- This notice describes how we collect, store, transfer and use personal data. It tells you about your privacy rights and how the law protects you.
- This Privacy Statement applies to personal data from you when you contact us and provide us with your personal data when you:
- visit our website at fantomfactory.com including websites published at its subdomains;
- make enquiries for our professional services for yourself or on behalf of your employer;
- apply to a job with us;
- you subscribe for training of one of our inline courses; and/or
- engage us to supply professional services.
- Except as set out below, we do not share, or sell, or disclose to a third party, any information collected.
- We have legal obligations to you to inform you of:
- the personal data which we collect from you;
- how we use it;
- the purposes for which we process your personal data;
- the legal basis for processing your personal data;
- who we share your personal data with;
- where we store and send your personal data, and protections;
- the periods for which we retain your personal data;
- your rights under the General Data Protection Regulation; and
- the right to lodge a complaint with a supervisory authority.
2 - How We Process Your Personal Data
- Personal data is information that identifies you, either directly or indirectly. This includes your contact details and any information about you that you provide us.
- When we process your personal data, we:
- do so lawfully, fairly and in a transparent manner;
- collect it for specified, explicit and legitimate purposes and do not further process it in a manner that is incompatible with those purposes;
- limit our collection to what is adequate and relevant to what is necessary in relation to the purposes for which they are processed;
- take reasonable steps to keep it accurate and up to date having regard to the purposes for which they are processed;
- keep it in a form where we can identify you for no longer than is necessary, for the purposes for which it is processed;
- process it in a manner that ensures appropriate security of the personal data, which includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. We use appropriate technical or organisational measures to do so.
3 - Personal Data Collected
- The types of personal data we collect from you when you visit our website or contact us is limited to the information you provide us.
- When you communicate with us or use our services the following data may be collected, depending on your activities:
|Name, email addresses, addresses, telephone numbers, instant messaging addresses, social media identifiers, nationality, photographs, marital status
|Employer, locations of workplace, contact addresses for work purposes, professional qualifications, job role / position / title, job description, photographs
|General Professional Details
|Professional qualifications; job role / position / title; job description; photographs; current and historical employment details and consultancies; duration of appointments
|Educational institutions and places of learning attended; courses attended, completed; academic and levels of achievement obtained
|User Account Data
|Login name, password recovery questions, password recovery answers, aliases, user preferences while using our services; languages spoken and/or written
|System Usage Data
|Type of device (handheld, desktop) used to access online services; pages visited including time and date of access, web browser signature, referrer URLs; data displayed or clicked, UI elements interacted with; search terms used; offers made to you; actions taken; storage usage
|Types of messages sent: alert, forgotten password messages, time and date of messages, message sender addresses, message recipient addresses, subject of message; content of messages
|Approximate geographical location of data subjects; physical location of data subjects; expected dates and times at physical locations
|Items purchased; subscriptions and licences purchased, including from third parties; duration of subscriptions and licences; amounts paid; items returned and/or refunded; amounts of refunds; bank account identifiers, debit and credit card numbers
|Courses completed, dates of training, dates of completion of courses, examination and testing results; accreditations awarded; [insert other forms of personal data collected as part of the certification which are not referred to above]
4 - Special Categories of Personal Data
- The special categories of personal data is personal data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
- We do not deliberately collect any special categories of personal data from you.
- We would prefer that you do not send it to us or make it known to us.
- Should we choose to do so, we may delete the entire communication and ask you to send it again absent the special categories of personal data. If for some reason we are not able to do so, we do not store it in any structured way and process it only:
- where we have your explicit consent;
- for employment purposes, such as for job applications;
- where the processing relates to personal data which you have made public; and
- where processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
5 - Not Providing Personal Data
- We need to know who we are communicating with. Should you choose not to provide us with your name, contact details or other details we may need, we will not be able to communicate with you.
- This means that if you:
- have something to ask us, we will not be able to respond to you;
- are enquiring about job roles we might have available, we will not be able to assess you for suitability;
- have a contract with us, we will not be able to perform the contract, and we may need to terminate it.
6 - Keeping Personal Data up to Date
- Please help us keep your personal data up to date and let us know when it changes.
- At any time, you may contact us in writing to request that we provide you with the personal data we hold about you.
7 - Children
- We do not sell products or provide services for purchase by children, nor do we market to children.
- If you are under 18, you may use our website only with consent and supervision of a parent or guardian.
- We collect data about all users of and visitors to these areas regardless of age, and we anticipate that some of those users and visitors will be children.
8 - Sources of Personal Data
- We primarily obtain personal data about you from you.
- We may also obtain information about you from publicly available sources, such as websites where you have made the information public, Companies House, background check agencies, our business partners, and business directories, tax authorities, and other third parties.
- We may also confirm information you provide to us directly using data from other sources. We also add to the information we hold about you, sometimes to remove the need for you to provide it to us and sometimes in order to be able to assess the quality of the services we supply you or you offer. The additional information we collect may be categorised as follows:
- information that confirms your identity;
- business information, including your business trading name and address, your company number (if incorporated), and your VAT number (if registered);
- information which confirms your contact information;
- reviews and feedback about your business on other websites through which you sell your services; and
- unsolicited complaints by our clientele.
9 - How We Use Your Personal Data
- We process your personal data for the following purposes, where we have a legal basis to do so:
- to provide our services to you;
- receive payment for our services;
- pay others for services they supplied to you;
- improve our services;
- assist others to deliver their services to you.
- Payment information: We use Transaction Data to process payments received from you.
10 - Marketing
- We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
- You are able to opt out of marketing and advertising at any time.
- We may use your Contact Details, Vocational Details, General Professional Details and Academic Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
- You will receive marketing communications from us if you have requested information from us or purchased products or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
- We will get your express opt-in consent before we share your personal data with any company for marketing purposes.
- Referrals and Affiliates: This is information given to us by you in your capacity as an affiliate of us or as a referral partner. It allows us to recognise visitors that you have referred to us, and to credit to you commission due for such referrals. It also includes information that allows us to transfer commission to you. The information is not used for any other purpose. We undertake to preserve the confidentiality of the information and of the terms of our relationship. We expect any affiliate or partner to agree to reciprocate this policy.
- Re-marketing: Re-marketing involves placing a ‘tracking technology’ such as a cookie, a web beacon (also known as an ‘action tag’ or a ‘single-pixel GIF’) to track which pages you visit and to serve you relevant adverts for our services when you visit some other website. The benefit of re-marketing technology is that we can provide you with more useful and relevant adverts, and not show you ones repeatedly that you may have already seen. We may use a third-party advertising service to provide us with re-marketing services from time to time. If you have consented to our use of such tracking technologies, you may see advertisements for our products and services on other websites. We do not provide your personal data to advertisers or to third-party re-marketing service providers. However, if you are already a member of a website whose affiliated business provides such services, that affiliated business may learn of your preferences in relation to your use of our website.
- You can ask us to stop sending you marketing messages at any time by emailing us or by following the opt-out links on any marketing message sent to you.
- Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
11 - Legal Basis Further Uses
- We use your personal data for the following reasons:
- You have given us your consent in writing for the purposes for which you provided your personal data;
- We need to take steps to form a contract with you and perform a contract with you;
- We need to comply with a legal obligation other than with you;
- We or someone else has a legitimate interest other than where your interests or fundamental rights and freedoms would be overridden.
- We believe we have legitimate interests to process your personal data to:
- improve our services;
- record-keeping for the proper and necessary administration of our business;
- responding to unsolicited communications from you to which we believe you would expect a response;
- insuring against or obtaining professional advice that is required to manage legal, business and/or organisational risk;
- protecting your interests where we believe we have a duty to do so;
- meet our legal and statutory obligations to you and others;
- prevent, detect and investigate fraud, corruption and misconduct by you and/or others;
- conduct and operate our business in the digital age in an online environment;
- understand the needs, requirements and preferences of potential customers, and those that use our services;
- conduct marketing activities, including sending email correspondence and video presentations;
- comply with health and safety obligations and monitor our performance against equal opportunities legislation; and
- ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
- We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
- Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
12 - Data Sharing
- We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
- We limit access to your personal information to those employees, agents, contractors and other third parties who need to know. They will only process your personal information on our instructions. They are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- We may have cause to share your personal information with our service providers, such as:
- telecommunications providers, including telephone, instant messaging, post and couriers;
- computer systems service providers, including IT security personnel.
- We only permit them to process your personal data for specified purposes and in accordance with our instructions, where we have a legitimate interest in doing so.
13 - Automated Decision Making
- Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
- We do not automate decision making in a way that affects your legal rights or any other basis.
14 - Data Storage
- We store personal data in the UK and France. Where we transfer personal data out of the UK, we do so on the followings bases:
|Basis for Transfer
- We will transfer the personal information we collect about you to these countries (in the sense that the system servers are located in the countries named above) in order to perform our contract with you. There is an Adequacy Decision by the European Commission in respect of the UK. This means that the country to which we transfer your data is deemed to provide an adequate level of protection for your personal information.
15 - Data Security
- We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. As stated above at paragraph 12 above, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
- We store all information that you provide to us on secure servers.
- We train employees regarding our data privacy policies and procedures, and permit authorised employees and staff to access information on a need to know basis, as required for their role. We use firewalls designed to protect against intruders, test for network vulnerabilities and use encryption for data at rest and data in transmission. However, no method of transmission over the internet or method of electronic storage is completely secure.
- Where you have a password which enables you to use our services, you are responsible for keeping this password complex, secure, and confidential.
16 - Retention Of Your Data
- We will only retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- By law we have to keep basic information about our customers (including your contact, identity, financial and transaction data) for six years after they cease being customers for tax purposes.
- We keep your personal data only for as long as required by us:
- to provide you with the services you have requested;
- to comply with other law, including for the period demanded by our tax authorities; and/or
- to support a claim or defence in court.
- In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. We will retain and securely destroy your personal information in accordance with applicable laws and regulations. Once you are no longer an employee, worker or contractor of the company we will retain and securely destroy your personal information in accordance with our data retention policy.
17 - Rights of Access, Correction, Erasure, and Restriction
- You have a series of rights under the UK General Data Protection Regulation.
- Under certain circumstances, you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and
- Request the transfer of your personal information to another party.
- If you would like to exercise any of these rights, please contact us using the details below. We will need to verify your identity before we are able to release any personal data to you. This is important to safeguard your information.
- Please be aware that we are not obliged by law to provide you with all personal data we hold about you, and that if we do provide you with information, the law allows us to charge for such provision if doing so incurs costs for us in some circumstances. After receiving your request, we will tell you when we expect to provide you with the information, and whether we require any fee for providing it to you.
- If you wish us to remove personal data about you from our website, you should contact us to make your request.
- We remind you that we are not obliged by law to delete your personal data or to stop processing it simply because you do not consent to us doing so. While having your consent is an important consideration as to whether to process it, if there is another legitimate basis on which we may process it, we may do so on that basis.
18 - Complaints
- If you are dissatisfied with the way we process your personal data, you have the right to complain to the Information Commissioner’s Office.
- The Information Commissioner may be contacted at:
- We would prefer to try and resolve any difficulties between us and make them right before you approach the ICO. Please consider contacting us in the first instance.
19 - Withdrawal of Consent
- Where you may have provided your consent for us to process your personal data and/or transfer your personal data for a specific purpose, you can withdraw it at any time.
- To withdraw your consent, please contact us using the details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. Please see above.
20 - Changes to this Privacy Statement
- We may need to change this Privacy Statement from time to time. You are able to identify when this Privacy Statement was changed by the date which appears at the bottom of it.
21 - About Us
- Fantom Factory Limited is a company formed in accordance with the laws of England and Wales with registered company number 1118 3348 with registered offices situated at 53 Empire Avenue, Cwmgwrach, Neath, SA11 5SU, Wales in the United Kingdom.
- Fantom Factory is responsible for the personal data we hold and use.
- We have appointed a data protection officer who is responsible for ensuring that our Privacy Statement is followed. If you have any questions about how we process your personal data, including any requests to exercise your legal rights, please contact our data protection officer at -------------------------