Who we are
We are Studio 24, a user-focused digital design and technology agency. We are an independent UK Limited company, our company number is 3971500 and our registered address is Unit 16, Chesterton Mill, Frenchs Road, Cambridge, CB4 3NP. Simon R Jones, Managing Director, is our nominated Data Protection Officer. If you have any questions about this policy please contact us on [email protected]
What information do we collect from you?
We collect your name, telephone number and email address via our enquiry form. This data is only used to process your enquiry and is kept until your enquiry is completed. We store data on internal systems and use the third-party service Nutshell CRM to store prospective customer data. We collect this data under the “consent” lawful basis.
We collect your email address if you request to sign up to our newsletter. You can unsubscribe at any time using links provided at the bottom of all emails. We collect this data under the “consent” lawful basis.
Customers and Suppliers
We store personal data including name, telephone number and email address for all customer and supplier contacts with current contracts with Studio 24. You can request to remove contact details or change details at any time. We collect this data under the “contract” lawful basis.
We use Google Analytics to track and analyse web traffic in order for us to improve our website and provide us with essential marketing data (e.g. number of page views to our site in a month). Only anonymous data is stored and we take care to avoid any personal data being sent to Google Analytics. We collect this data under the “legitimate interest” lawful basis.
We store the user’s IP address and web browser user agent string as part of our standard website logs, these are kept for 30 days after which time they are deleted. We use these logs for IT security and to ensure the smooth running of our website. We collect this data under the “legitimate interest” lawful basis.
Third parties we share data with
Limited user data is shared with third parties as detailed below. No other user or customer data is shared with third parties.
Transfer of information outside of the European Union (EEA)
We use some hosted services that store data outside of the EU. For those that process personal data, for example, MailChimp and Nutshell, these all comply with the EU Privacy Shield framework.
How you can access and update your information
If you want to update or remove any personal data held by Studio 24, or if you have any other privacy concerns, please let us know. You can email us at [email protected]
If you wish to unsubscribe from Studio 24 marketing emails please follow the unsubscribe link at the bottom of all emails.
We take data security seriously and have the following procedures in place to help meet data security laws and best practices in our work:
- Cyber Essentials accredited
- Staff undergo DBS checks and sign confidentiality agreements to keep client data safe
- We use encrypted hard drives for storing client data locally, use 1Password (encrypted password manager) to store sensitive data, and use virus and malware scanners on all staff computers.
- We follow the OWASP top ten security issues and implement practices to mitigate these, for example, filter input, escape output to avoid XSS issues.
- We have regular staff training on data security issues and Privacy by Design
- We commit to highlighting and discussing privacy issues with our clients on projects we work on and advising the best way to meet data privacy best practises for your users, for example:
- Advice on the use of customer data in regards to current Data Protection best practise and law (e.g. we encourage our clients to collect as little data as possible, and where it is not necessary not to collect data at all. This is better for usability and data protection)
- Advice on the use of third-party tracking on a client site
- We commit to regularly reviewing our suppliers and data protection standards
All third-party hosted services we use are, wherever possible, hosted within the EU. Services hosted outside the EU are accredited to the EU Safe Harbour framework.
Rackspace Dedicated, Rackspace Cloud and Rackspace Email
Atlassian Bitbucket and JIRA