Privacy Policy

Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. Fusion Animation Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25th May 2018.

1. Introduction and Identity of the Data Controller

Fusion Animation Ltd ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

We act as the data controller in respect of the personal data we process about you, unless we notify you otherwise. Our contact details are:

Fusion Animation Ltd 

Highgate Studios, 53-79 Highgate Road, Unit 410, London, England, NW5 1TL 

Registered in England and Wales, Company No. 07174654 

Data Protection Contact: fiona.day@fusionanimation.co.uk +44 (0) 207 127 6935

If you have any questions about this policy or about how we handle your personal data, please contact us at the address above.

2. Scope of This Policy

This policy applies to all personal data processed by Fusion Animation Ltd in connection with:

  • Our clients, prospects, and their representatives
  • Visitors to our website and digital platforms
  • Employees, contractors, and job applicants (see also our separate Employee Privacy Notice)
  • Suppliers and business partners
  • Any other individuals whose personal data we receive in the course of our business activities

This policy should be read alongside any supplementary privacy notices or fair processing notices we provide at the point of data collection.

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data, depending on your relationship with us:

3.1 Data You Provide to Us

  • Identity data: name, job title, company name
  • Contact data: email address, telephone number, postal address
  • Financial data: payment information, billing address, VAT number
  • Communications data: the content of emails, enquiries, and other correspondence with us
  • Account credentials: usernames and passwords for any client portals or online services we provide

3.2 Data We Collect Automatically

  • Technical data: IP address, browser type and version, device identifiers, operating system
  • Usage data: pages viewed, links clicked, time spent on site, referral source
  • Cookie data: as described in our Cookie Policy

3.3 Data We Receive from Third Parties

  • Business contact information from commercially available databases or professional networks (e.g. LinkedIn)
  • Information from clients where you are named as a point of contact
  • Credit or fraud-prevention data from reference agencies, where applicable

3.4 Special Category Data

We do not intentionally collect or process special category personal data (such as health, ethnicity, religion, or biometric data) unless strictly necessary and only with your explicit consent or another lawful basis under Article 9 UK GDPR. If such data is inadvertently shared with us, we will delete or return it promptly.

4. Purposes of Processing and Lawful Basis

We will only process your personal data where we have a lawful basis for doing so. The list below sets out our main processing activities and their lawful basis.

  • Responding to enquiries and providing our animation services: Performance of a contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f))
  • Managing client accounts and projects: Performance of a contract (Art. 6(1)(b))
  • Processing payments and managing invoices: Performance of a contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c))
  • Marketing our services to existing and prospective clients: Legitimate interests (Art. 6(1)(f)); or Consent (Art. 6(1)(a)) where required by PECR
  • Operating and improving our website and digital platforms: Legitimate interests (Art. 6(1)(f))
  • Complying with legal and regulatory obligations: Legal obligation (Art. 6(1)(c))
  • Defending or pursuing legal claims: Legitimate interests (Art. 6(1)(f)); Legal obligation (Art. 6(1)(c))
  • Recruitment and onboarding of staff: Performance of a contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c))
  • Fraud prevention and security: Legitimate interests (Art. 6(1)(f)); Legal obligation (Art. 6(1)(c))

Legitimate Interests: Where we rely on legitimate interests as our lawful basis, we have carried out a balancing test to ensure our interests are not outweighed by your rights and interests. You may request a copy of our legitimate interests assessment by contacting us.

5. Disclosure of Personal Data to Third Parties

We do not sell your personal data. We may share your data with third parties only in the following circumstances:

5.1 Service Providers and Data Processors

We engage trusted third-party service providers who process personal data on our behalf under written agreements containing appropriate data protection clauses, including:

  • IT infrastructure, hosting, and cloud storage providers
  • Project management and collaboration software providers
  • Accounting, payroll, and financial management platforms
  • Email and communication service providers
  • Marketing and CRM platforms

These processors are only permitted to process your data in accordance with our documented instructions and applicable law.

5.2 Professional Advisers

We may share data with solicitors, accountants, insurers, and other professional advisers where necessary for the provision of their services.

5.3 Legal and Regulatory Bodies

We may disclose data to courts, regulators (including the Information Commissioner's Office), law enforcement agencies, or other public authorities where required or permitted by law.

5.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of all or part of our business, personal data may be transferred to the relevant third party. We will notify you in advance where required.

6. International Transfers of Personal Data

We operate primarily within the United Kingdom. Where we transfer personal data to countries or territories outside the UK ("restricted transfers"), we ensure that such transfers are subject to appropriate safeguards in accordance with UK GDPR Chapter V, which may include:

  • Transfer to countries with an adequacy decision granted by the UK Secretary of State under section 17A of the DPA 2018
  • Use of the International Data Transfer Agreement (IDTA) issued by the ICO, or the Addendum to the EU Standard Contractual Clauses
  • Other approved transfer mechanisms, including binding corporate rules where applicable

You may request further information about the safeguards applicable to any international transfers by contacting us.

7. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, taking into account our legal obligations, contractual requirements, and any relevant limitation periods for bringing legal claims. Our general retention periods are as follows:

  • Client contracts and project records: 7 years from the end of the contract (for tax and legal purposes)
  • Financial and invoicing records: 7 years from the end of the relevant financial year (HMRC requirement)
  • Marketing contact data: Until unsubscription or 3 years from last meaningful contact, whichever is sooner
  • Website usage and analytics data: Up to 26 months (or as set out in our Cookie Policy)
  • Job application records (unsuccessful candidates): 6 months from the end of the recruitment process
  • Employee records: 7 years from the end of employment
  • CCTV footage (if applicable): 30 days, unless required for an investigation

Upon expiry of the applicable retention period, data will be securely deleted or anonymised in accordance with our Data Retention and Disposal Policy.

8. Security of Personal Data

We implement appropriate technical and organisational measures to protect personal data against accidental loss, destruction, alteration, unauthorised disclosure, or access. These measures are informed by recognised good practice frameworks, including guidance from the ICO and principles aligned with ISO/IEC 27001 (Information Security Management), and include:

  • Encryption of personal data in transit and at rest
  • Role-based access controls and the principle of least privilege
  • Multi-factor authentication for access to systems containing personal data
  • Regular staff training on data protection and information security
  • Periodic security assessments and vulnerability testing
  • Documented procedures for detecting, reporting, and investigating personal data breaches
  • Vendor due diligence processes for third-party processors

Where we have provided you with access credentials to any portal or system, you are responsible for keeping those credentials confidential and for notifying us promptly if you believe they have been compromised.

9. Personal Data Breaches

We maintain internal procedures for identifying, logging, and responding to personal data breaches in accordance with Articles 33 and 34 of the UK GDPR. Where a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the ICO within 72 hours of becoming aware of it. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify those affected without undue delay.

10. Your Rights Under UK GDPR

Subject to certain exemptions, you have the following rights in relation to your personal data:

  • Right of access: To request a copy of the personal data we hold about you (Subject Access Request)
  • Right to rectification: To request correction of inaccurate or incomplete personal data
  • Right to erasure: To request deletion of your personal data where it is no longer necessary, or where you withdraw consent and there is no other lawful basis
  • Right to restriction: To request that we restrict processing of your personal data in certain circumstances
  • Right to data portability: To receive your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract and is carried out by automated means
  • Right to object: To object to processing based on legitimate interests, including direct marketing (which you may exercise at any time without giving reasons in respect of direct marketing)
  • Rights re automated decisions: Not to be subject to decisions made solely by automated processing, including profiling, which produce significant legal or similarly significant effects
  • Right to withdraw consent: To withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing

To exercise any of these rights, please submit a written request to info@fusionanimation.co.uk. We will respond within one calendar month of receipt. We may ask you to verify your identity before processing your request. We will not charge a fee for reasonable requests.

If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone: 0303 123 1113  |  Website: www.ico.org.uk

11. Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyse website traffic, and deliver relevant content. Full details of the cookies we use, their purposes, and how to manage your preferences are set out in our separate Cookie Policy, available on our website.

We will obtain your consent before placing any non-essential cookies on your device, in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR) as amended.

12. Direct Marketing

Where we process your personal data for direct marketing purposes, we rely on either your prior consent or, in the case of business-to-business communications with existing clients or relevant prospects, our legitimate interests.

You have an absolute right to opt out of direct marketing communications at any time. To do so, please:

  • Click the unsubscribe link in any marketing email
  • Email us at privacy@fusionanimation.co.uk
  • Write to us at our registered address

We will process your request promptly and in any event within 10 working days.

13. Children's Personal Data

Our services are directed at business clients and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without appropriate parental consent, we will take steps to delete it promptly.

14. Third-Party Links and Platforms

Our website and communications may contain links to third-party websites, platforms, and services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before providing any personal data. This policy applies solely to personal data collected by Fusion Animation Ltd.

15. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, applicable law, or regulatory guidance. We will notify you of material changes by posting a revised policy on our website with an updated effective date and, where required, by direct notification. We encourage you to review this policy periodically.

Previous versions of this policy are available upon request.

16. Accountability and Governance

Fusion Animation Ltd is committed to demonstrating accountability in all of its data protection practices. Consistent with the principles underpinning frameworks such as ISO/IEC 27701 (Privacy Information Management) and ICO accountability guidance, we maintain the following internal measures:

  • A maintained Record of Processing Activities (ROPA) as required by Article 30 UK GDPR
  • Written contracts incorporating data protection clauses with all processors
  • A documented Data Protection Impact Assessment (DPIA) process for high-risk processing
  • Periodic review of this policy and supporting documentation
  • Staff awareness training on data protection responsibilities
  • A designated privacy contact responsible for data protection queries and compliance

We have assessed whether appointment of a Data Protection Officer (DPO) is required under Article 37 UK GDPR and will appoint one if and when this becomes a legal requirement, or earlier at our discretion.

17. Contacting Us

If you have any questions, concerns, or complaints about this policy or our data processing activities, please contact us:

Fusion Animation Ltd 

Highgate Studios, 53-79 Highgate Road, Unit 410, London, England, NW5 1TL 

Data Protection Contact: fiona.day@fusionanimation.co.uk +44 (0) 207 127 6935

Trusted by some of the world's leading pharmaceutical, biotech and medical communications teams - including AstraZeneca, Pfizer, Sanofi, Takeda, Lundbeck and Samsung Biologics.

AstraZeneca Logo
Calcium Healthcare Marketing Logo
ExcerptaMedica Logo
LabGenius Logo
Lundbeck Logo
Pfizer Logo
Samsung Biologics Logo
Sanofi Logo
Takeda Logo
Unilever Logo

“We were really happy with the work and our collaboration with you. You really have a good team - all your different skills enabled the different projects to swiftly move forward with high satisfaction on our side. Thanks again!”

International Project Manager, OM Pharma

“The video is very high quality and we are very impressed... we are really happy with the animation, great work!”

Global Brand Manager, Unilever

“Thanks, it all looks great! Thanks to everyone on the team for your hard work.”

Senior Publishing Manager, Springer Nature

“The video looks really great!!! We really love it. We shared the video internally and there were many great comments. Thank you so much.”

Specialist, CDO Business Team, Samsung Biologics

BOOK 20-MIN CALL