The security discipline behind every dashboard, CRM, and ad account we touch.
Beyond our own website, Fanaar is frequently entrusted with access to a client's CRM, advertising accounts, and customer data in order to deliver commercial growth Services. This policy describes the standards we apply to that data, distinct from the personal data addressed in our Privacy Policy.
Applies to personal data Fanaar processes in the course of delivering Services to a client — for example, customer records in a CRM, advertising audience data, or analytics data — as well as Fanaar's own operational data. Specific data-handling instructions agreed in a Master Services Agreement or Statement of Work take precedence over this general policy in the event of a conflict.
Where Fanaar processes a client's customer data to deliver Services (for example, running a CRM or ad platform on the client's behalf), we act on the client's documented instructions, comparable to a "data processor" role under internationally recognised data protection frameworks. Where Fanaar collects data directly through our own website or enquiries, we act in a "data controller" capacity, as described in our Privacy Policy.
We request and retain only the data reasonably necessary to deliver the agreed Services, and do not repurpose a client's customer data for any use outside that client's engagement.
Should Fanaar become aware of a security incident affecting a client's data, we will notify the affected client without undue delay, consistent with international best practice of notification within 72 hours of becoming aware of a confirmed breach, and will take reasonable steps to investigate and remediate.
Upon termination of an engagement, Fanaar will return or delete client data in our possession within a reasonable period, save for data we are required to retain by law or under the record-retention terms of the relevant Master Services Agreement (including, where applicable, Financial Records retained for Performance Fee verification purposes).
As with our Privacy Policy, this Data Protection Policy is applied as a matter of Company standard ahead of comprehensive Pakistani data protection legislation, and will be updated as that legislation develops.
Data protection queries can be directed to fanaarlimited@gmail.com with the subject line "Data Protection".
Fanaar
Lahore, Punjab, Pakistan