GDPR Data & Information Policy

GDPR Data & Information Policy for StorageBox Marketing (t/as Fusion Cloud Media Ltd)

We are extremely transparent about how we hold and use data.
The information we hold is:
Client Information
• Information enabling us to run their marketing campaign. Including names, phone numbers, email addresses, business address (or home address if working from home)
• Website logins (where supplied)
• Social media logins (where supplied)
• Advertising account logins (where supplied)
• Analytics logins (where supplied)
All information is retained digitally only.
Elements may also kept inside People Per Hour (if a freelancing project) our CRM system, Freeagent (our accounting software) and on larger projects, some details may be retained on Asana & Trello (Project management tools) – their data processing terms and conditions are available on their websites.
Leads and Contacts
If you request a PPC / Digital Marketing review or audit from us or enquire about using our services, we will retain some or all of the following data:
• Name
• Business address
• Email address
• Phone number (if provided)
• Declared business information, including target turnover
• Google ads ID number
This information is collected through:
• Our website:
o People per hour
o Appointment or PPC audit forms

Lead information may shared between staff members responsible for marketing
and accounting.

Data Consent
We always make clear on email capture forms that the data we collect will be
used for follow up marketing.
On all forms, we make it clear that consent can be withdrawn at any time by
contacting us.
The basis for processing client data is Contract. The basis for processing
lead/contact data is Consent and/or Legitimate Interest.
Data and Privacy Notice
We store the data you submit to us in our email marketing software and on
occasions, we may send you relevant information and training to help you with
your marketing where appropriate to do so.
You can remove your consent to receive this information at any time by mailing us to
If you would like to be ‘forgotten’ and have your data erased, we can do this on request within 7 working days.

Data Policy
StorageBox Marketing (t/as Fusion Cloud Media) only collects and stores
information from clients necessary for us to carry out the marketing work that
we are required to carry out. This information is available to the team working on the campaign and other authorised staff who might need it for the purposes of accounting, administration or helping with the marketing work.
We also collect and store information from contacts and leads in order to provide relevant marketing training, advice, and sales recommendations and to
enable us to remarket using cookies.

Online Security
• To minimise risk in the event of loss computer hardware containing customer
information, we store all documents on a cloud based system.
• We utilise 2 step verification on systems where available including Google Ads – this requires verification each and every time someone logs in from a new location or IP address.
• If there are any leavers who have had access to logins and such information,
they will be terminated quickly and any passwords will be immediately changed.

Breach Notification
A data breach can be something which leads to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
If any staff at StorageBox Marketing (t/as Fusion Cloud Media) are aware of a potential breach they are required to flag immediately. Following notification of a breach, we will:
• Assess the impact of the breach
• Notify the relevant parties immediately
• Investigate the cause of the breach
• Rectify any security vulnerabilities or processes to minimise the chance of this happening again

Right of Access
If an individual requests access to their personal data, this request is to be
immediately passed to the Data Protection Officer (Kerry Archer) who will:
• Confirm the data being processed
• Provide full access to their data stored in our various softwares, via email. We will respond to all such requests within 30 days of request.

Data Disposal
Individuals have the right to be forgotten and can request that their data is
erased. We will erase all records held for that individual/company including:

• CRM records (via Keap Platform)
• Client & Marketing documents
• Asana & Trello project systems
• Any other Cloud retained documents pertaining to the Client

Information Security Policy
Every staff member is required to adhere to this policy and to abide by our data guidelines:

• Personal data must not be stored on personal devices
• Passwords must be changed as requested.
• No data should be collected and retained other than what is necessary to carry out the work that has been requested of us
• Any requests for access to data, requests to be forgotten, reports of a breach, or any other matter relating to management of or access to personal data should be immediately passed to

Use of Cookies
Refer to our separate individual cookies document on our website.