Last Updated: 24th March 2022 (to include reference to the new business name of FANZO)
What this policy covers?
FANZO recognises the importance of personal privacy and security and has developed this privacy statement in order to demonstrate our company commitment to privacy. In order to comply with the new General Data Protection Regulation (EU) 2016/679 and the Privacy and Electronic Communications (EC Directive) Regulations, or any revision or iteration as applicable, the following policy has been designed to give you a clear understanding of how your data is used, shared and protected. It also highlights the tools that can be deployed to protect your privacy and the rights you have, and how you can contact FANZO. By visiting or making use of the FANZO website, apps, services or features the user agrees to the policy below. FANZO is a trading name of MatchPint Limited a company registered in England (Company Number: 07168721) with a registered address of 3A Westbourne Road, Islington, London, N7 8AR.
Scope of this policy
By using our site, in subscribing to our service, or filling in any online forms on our website, or other sites owned by FANZO you agree and accept that we process, store and use the personal data submitted in accordance with the policy below. You can review your rights in the “Your Rights” section.
FANZO may act as either the Data Controller or the Data Processor depending on how you interact with the website, apps or services. Where it exists as the Data Controller we ensure that any Data Processors that we use are fully compliant and only use the data as set forth in this agreement.
Information We Collect
We collect information about you when you provide it to us, when you use our products, or when other services provide it to us.
Account information: When you register for an account on FANZO, or from time to time if you provide it, you may enter your personal information including your name, email address gender, Facebook ID and date of birth.
Website visitors (Consumers): If you are one of our website, or other domains registered to FANZO, visitors, we may collect non-personally-identifying information such as the browser type you are using, the referring site and date and time of each visit. We collect information when you register on our site, sign up a pub, subscribe to our newsletter or fill out a form.
Automatically collected information: Upon usage or interaction with our services we may track certain information about you. This includes information about the product features you use, web pages you visit, your location to serve relevant content and frequency of platform usage. We use this information in aggregate form only for statistical purposes.
Pub Clients (Customers): Upon registration we might take payment through our payment partner “GoCardless for Xero by Directli” who set up a Direct Debit authorisation to take payment. We do not store or hold any of this information. You can revoke this access at any time by logging in to your Directli account. We may also request your bank account details and VAT number to make reimbursement.
We process information (either personally-identifiable or not) we collect, that has either been provided directly or in-directly by you or automatically collected for certain business legitimate interests which may include some or all of the following:
- Personalising your experience: your information and preferences helps us to serve you content relevant to your individual needs.
- Improving our website and products: we continually strive to improve our website offerings based on the information, usage and feedback from our users
- Improving customer service: your information helps us to more effectively respond to your customer service requests and support needs.
- Taking or making payment: if you are a pub client then we will use this information to make to and take payments from you.
- To provide you with notifications: we may send you push notifications on your tablet or device that we deem relevant to you. You can opt in or out of these communications at any time.
- To administer, process or run any contests, promotions, surveys or other site features that might be running at the time
- To send periodic emails: The email addresses you provide may be used to send you information about upcoming offers, promotions and other things we believe that may be of interest to you. You will receive an automated email when completing sign up where you can easily opt-out immediately of these communications, or it will be in the footer of all communication.
- Reporting to our clients: aggregated non-identifiable statistical information may be shared with our partners to gain insight into how our service is working or could further benefit them.
In all cases where we use legitimate interests to process your Personal Data we have conducted Legitimate Interest Assessments to ensure that your rights and privacy are held in the highest regard. We also commit to constantly re-evaluating our stances and decisions when it comes to Legitimate Interests and anything else in this policy.
Data Storage and Protection
We use a variety of technical and internal security measures to ensure the safety and security of your data at all times, including authentication protocols.
FANZO’s database is only accessible from the web server via an SSH connection, using registered SSH keys. The servers are secured and dedicated for FANZO’s sole use and our fully supervised. All of our passwords are hashed as soon as they are inputted and cannot be retrieved except by you. We cannot guarantee the security of your data if you let any un-authorised access to your computer, phone or browser. We may also provide links to third party websites and we are not in control of their privacy policies or control, so we recommend that you understand these respective privacy policies.
Staff training & internal security measures
All FANZO’s staff are trained and briefed on internal measures to protect security. These are constantly refreshed, and any new staff members are given full training. In addition, our offices are restricted access with key cards only to ensure to minimise the possibility of an internal data breach.
How long we keep information we collect about you depends on the type of account and information that we hold. We will only retain your personal information for as long as necessary to fulfil the reasons that we collected it for, including satisfying legal requirements, reporting purposes, and accounting requirements. We always consider the type of information that we hold, the amount collected, and how sensitive it may be. We will always minimise the risk from anyone using or sharing this information without your permission. After the time period is exceeded all data will either be securely deleted or some may be retained in non-personally identifiable aggregated form, in these instances we will be able to use this information without further notice to you.
- Consumers: As long as your account is active your account information will be retained. We may keep some of your data for 18 months after you de-activate your account (this is diferent to having your account deleted) in case you want to re-activate it in this period. We also may retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, support business operations, and to continue to develop and improve our Services.
- For marketing and communication purposes: Unless you have otherwise opted out, we may retain any of your information for marketing and updating communications for a period of 18 months after you deactivate your account. If you opt out of marketing communications your email address will be kept securely on file only for the purposes to ensure that you never receive communications from us again.
- Customers: We will hold your account information for as long as your account remains active. We may retain your information for up to 3 years from the financial year end in the year that you deactivate your account in order to comply with the HMRC’s recommended guidelines
If you delete, or request to have your account deleted, then your personal information (other than what is required to be kept by law) will be securely and irreversibly deleted, and your remaining information made anonymous and we will be able to use this information without further notice to you. Please note some information is required to be kept for legal and accounting reasons (see above).
Personal Information is a key component of our business and we do not rent, sell, trade, or otherwise transfer your personally identifiable information to anyone. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We will never pass on your information for marketing purposes, even to trusted third parties, without your explicit prior consent.
However, non-personally identifiable aggregate-level information may be provided to our clients or other parties for marketing, advertising, analysis, or other uses.
You have the right to request:
- Access to your personal data
- Electronic copies of your personal data
- Have your data corrected if it is incorrect or has changed
- Deletion or restriction in certain circumstances by applicable law
- Where we have asked for consent, you have the right to withdraw at any time.
Children’s Online Privacy Protection Act Compliance
We are fully compliant with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. To the best of our ability all of our website, products and services are all directed to people who are at least 18 years old or older.
Third Party Data Processors
We are affiliated with a variety of organisations (commercial and non-commercial), with some of them functioning as Data Processors. We may supply you with information on behalf of our clients, however these will always come directly from us unless you have directly consented to be shared with them. We may also make use of other business to undertake processing for us, such as for hosting or other service providers, and therefore have a requirement to share your date with them. However, this will always only be for the purposes laid out in our contract with them and will not be for marketing purposes unless it is coming directly form us. All of our Third Parties have committed to the new GDPR regulations and have legal contracts with us and only process any data they receive for us for specific reasons as laid out in the contract, although we are not in control of their Privacy Policies, but we remain the Data Controller under these circumstances.
Below you can find a list of our sub-processors and the reason for using them:
- Stripe, GoCardless (for collecting customer payments)
- Xero (for managing our accounting processes)
- Intercom (for customer service)
- Batch (for in-app messaging and notifications)
- Google Inc. (for anonymised analytics, for sending email)
- Dotdigital (for sending email and newsletters)
- Wootric (for collecting net promoter score)
- SurveyMonkey (for collectingcustomer feedback)
- Synalabs, DigitalOcean (for cloud infrastructure)
This website uses Google Analytics as a Data Processor for FANZO, a web analytics service provided by Google to track and evaluate web and app performance. Google Analytics uses the aforementioned cookies in order for FANZO to evaluate how users interact with our platforms. You can find out more about Google Analytics and its practices here.
We may use Google’s remarketing products in order to display you ads across the Google Display Network (GDN). This enables us to let Google deliver our ads on sites across the web which are relevant to your behaviour on our website. This is done by creating visitors lists based on stored cookies in your browser. This is produced and conducted by Google and is not linked to your personal information in relation to the ads served. You can opt out of Google's use of Google Ads across the Google by modifying you “Ads Preferences Manager” to not serve you relevant ads.
Alternatively, there are other ways of not receiving targeted advertising by either surfing the web anonymously (via private browsing) or by visiting the Network Advertising Initiative and opting-out of these types of adverts.
FANZO may change this policy periodically and will carefully monitor industry or government mandated changes and their impacts on this policy. We will always inform you of any amendments made to our policies.
Data Protection Registration Number: ZA788261 Data Protection Officer: Robert Stewart
For all other queries regarding this policy and your personal data, or to get in touch with the Data Protection Officer please get in touch with us at [email protected]
If you would like to remove all of your personally-identifiable information from our servers, please get in touch with the addresses above and FANZO will respond within 30 days
Your information is controlled by MatchPint Ltd t/a FANZO.