Data Protection & Privacy Policy

 1. PURPOSE

The purpose of this Data Protection and Privacy Policy is to establish the principles and practices for the protection of personal and sensitive data collected and processed by Fishfinger Creative Agency. Ensuring compliance with data protection laws and regulations, this Policy outlines our commitment to safeguarding the privacy and confidentiality of individuals' data.

 

2. SCOPE 

This Data Protection Policy applies to all employees, contractors, vendors, and authorised users who handle or have access to personal and sensitive data within Fishfinger Creative Agency. It covers all data collected from customers, employees, partners, and other stakeholders. The policy is designed to ensure that all personal and sensitive data is processed, stored, and managed in compliance with relevant data protection laws and regulations.

 

3. POLICY STATEMENTS 

 

Data Protection Principles

  • Lawful Processing of Sensitive Data: Fishfinger Creative Agency will only collect, process, and use personal and sensitive data when there is a lawful basis for doing so. This may include situations such as obtaining consent, fulfilling contractual and legal obligations, pursuing legitimate business interests, or protecting vital interests. We ensure adherence to all relevant data protection laws, including the General Data Protection Regulation (GDPR).
  • Transparency: Individuals will be informed about the purpose, use, and processing of their data at the time of collection or as soon as practicable thereafter. This includes providing information on the duration of data retention, how the data will be used, and whether it will be shared with other entities.
  • Data Minimisation: Fishfinger Creative Agency will collect the minimum amount of data necessary for the specified purpose it is intended for. Fishfinger Creative Agency will ensure the data is retained only for as long as is required
  • Data Accuracy: Reasonable efforts will be made to ensure the accuracy of data, and individuals have the right to request correction of inaccuracies.
  • Security: Appropriate security measures, including encryption, access controls, and data breach response plans will be implemented to protect data from unauthorised access, disclosure, alteration, or destruction.

 

Data Collection and Consent

  • Consent: Wherever required by law, Fishfinger Creative Agency will obtain clear and unambiguous consent from individuals before collecting or processing their personal data
  • Email Marketing and List Building: Fishfinger Creative Agency ensures that all email list-building and email marketing strategies are fully compliant with the General Data Protection Regulation (GDPR).

 

Data Subject Rights

  • Access and Rectification: Data subjects have the right to access their personal data and request corrections, updates, or deletions.
  • Objection and Restriction: Data subjects have the right to object to the processing of their data and request restriction under certain circumstances
  • Withdrawal of Consent: Data subjects have the right to withdraw their consent at any time if the processing of their is based on consent.

 

Data Breach Response

  • Notification: Fishfinger Creative Agency will promptly investigate and report data breaches to the appropriate regulatory authorities and affected individuals, as required by law.
  • Mitigation: Immediate steps will be taken to mitigate the impact of data breaches, prevent recurrence, and address vulnerabilities.

 

Training and Awareness

  • Training: Employees, contractors, and authorised users will receive regular training and awareness programs on data protection and privacy, to ensure compliance and awareness of data protection principles.

 

4. RESPONSIBILITIES

Employees and users are responsible for adhering to this Policy. This includes understanding and implementing the data protection principles outlined, in addition to reporting any data protection concerns or breaches.

 

5. COMPLIANCE AND CONSEQUENCES 

Non-compliance with this Data Protection and Privacy Policy may result in disciplinary actions in accordance with Fishfinger Creative Agency's policies and procedures. Violations may also lead to legal and regulatory penalties.

 

6. POLICY REVIEW 

This Data Protection and Privacy Policy will be reviewed annually. Updates or changes to the Policy will be communicated to all relevant personnel.

 

Reviewed by: Amy Barnes on 13/05/2025.

Fishfinger

Please resize your browser or rotate your phone

Let us know more about your project!

Okay, we’re all set.
Now give us them details!

Thanks for the enquiry!

A member of our team will get back to you as soon as possible.