LEGAL

(C) Data Policy.

These are FantasyLab’s guidelines for data processing.

The following terms and policies apply in full between FantasyLab and the customer throughout the agreement period:

  • A. Terms of use (Purchase).
  • B. Privacy policy (GDPR / Collection of Personal Data).
  • C. Data policy (GDPR / Data processing).
  • D. Confidentiality policy (NDA).
  • E. Quality policy (QA).

A, B, C, D, and E are five (5) attachments that are available at any time at https://fantasylab.io/

“FantasyLab Legal” constitutes the legal framework that facilitates dialogue, data collection, business, and collaboration.

For any inquiries, please contact us at support@fantasylab.io.

The Data processor and the data controller

The data processing guidelines document FantasyLab’s data processing routines and instructions.

Data processor: FantasyLab

Data controller: The customer.

Validity, duration, and termination

The data processor agreement enters into force automatically with the consent of FantasyLab’s terms of purchase.

The agreement is only effective as long as FantasyLab processes personal data on behalf of the data controller.

The Data processor will store copies of personal information in an end-to-end encrypted file storage platform created through the MEGA technology (mega.io).

If the agreement on the delivery of digital services is terminated by one of the parties, this agreement ends simultaneously.

Upon ending this agreement, the data processor must delete all personal data received from the data controller.

Routines and instructions for data security

Everyone in the company is required to verify themselves by:

  • Filling in their personal information.
  • Signing under a data processor agreement.
  • Signing under a non-disclosure agreement.
  • Handing over a copy of a legitimate ID.

Safety instructions:

  • Everyone on the team logs in via @fantasylab.io users.
  • 2FA authentication.
  • Limited access by position.

Direct access to the data controller’s systems must be given to the data processor only if strictly necessary and with notice of any risk.

Sharing of personal information with a third party

The data processor will share access with all its employees, subcontractors/contractors, and affiliated organizations as needed.

Access will only be granted after the data controller has given their consent by accepting the terms of use.

FantasyLab always has an overview of:

  • Accesses.
  • Actions.

Data processing systems

FantasyLab primarily uses the following data processing systems:

  • Mozilla Firefox.
  • Android / iOS.
  • Windows.
  • MEGA (End-to-end encrypted file storage platform).
  • Tripletex.
  • Stripe.
  • Slack.
  • Thunderbird.
  • Atlassian.

Established security measures

FantasyLab has organizational measures to achieve a level of security that is suitable to the risk:

  • Encryption.
  • Do not work via an open network.
  • Use of strong passwords and “pass-phrase.”
  • 2FA authentication for all logins (as far as possible).
  • The signing of data and confidentiality policies by everyone in the company.
  • Verification of everyone in the company.

Breach of policy

In the case of a security breach, the data processor must immediately notify the data controller with detailed information about the breach by email.

The data controller is responsible for sending notifications of violations of the privacy rules to the Norwegian Data Protection Authority.

In the case of a security breach, the data controller may request the data processor to stop further processing any information with immediate effect and no later than within 24 hours.

Messages

Notifications between the data processor and the data controller must be submitted in writing.

Email: support@fantasylab.io

Last updated: 27.01.22

Hourly rates