Our role
We act as a data controller for our own website visitors, enquiries and staff data, and as a data processor for personal data our clients ask us to handle inside their apps, portals and websites.
Data Processing Agreements
Every client engagement that involves processing personal data on your behalf is covered by a Data Processing Agreement (DPA). Contact hello@banny.co.uk for a copy.
Data subject rights
Individuals can request access, rectification, erasure, restriction, portability, or object to processing. We respond within one calendar month.
International transfers
Where personal data is transferred outside the UK/EEA, we rely on approved safeguards such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses.
Security
We apply appropriate technical and organisational measures — encryption in transit, access controls, backups, least-privilege permissions and vetted processors.
Breach notification
In the unlikely event of a personal data breach that affects our clients, we notify the affected client without undue delay and support the required ICO reporting.
Sub-processors
A current list of the sub-processors we rely on (hosting, email, database, analytics, payments) is available on request.
Contact
For any GDPR-related question, email hello@banny.co.uk.
This document is provided as a plain-English starting point. Please review with your solicitor before relying on it in a dispute.