Studio 24 Privacy Policy

We respect your privacy and aim to minimise data collection on our website. This policy explains how we process user data and how we meet the EU General Data Protection Regulations (GDPR).

Last updated 22/05/2018 

Who we are

We are Studio 24, a user-focused digital design and technology agency. We are an independent UK Limited company, our company number is 3971500 and our registered address is 50 St Stephen's Place, Cambridge CB3 0JE. Simon R Jones, Managing Director, is our nominated Data Protection Officer. If you have any questions about this policy please contact us on privacy@studio24.net

What information do we collect from you?

Enquiries

We collect your name, telephone number and email address via our enquiry form. This data is only used to process your enquiry and is kept until your enquiry is completed. We store data on internal systems and use the third-party service Nutshell CRM to store prospective customer data. We collect this data under the “consent” lawful basis.

Newsletter

We collect your email address if you request to sign up to our newsletter. You can unsubscribe at any time using links provided at the bottom of all emails. We collect this data under the “consent” lawful basis.

Customers and Suppliers

We store personal data including name, telephone number and email address for all customer and supplier contacts with current contracts with Studio 24. You can request to remove contact details or change details at any time. We collect this data under the “contract” lawful basis.

Analytics

We use Google Analytics to track and analyse web traffic in order for us to improve our website and provide us with essential marketing data (e.g. number of page views to our site in a month). Only anonymous data is stored and we take care to avoid any personal data being sent to Google Analytics. We collect this data under the "legitimate interest" lawful basis.

Website logs

We store the user's IP address and web browser user agent string as part of our standard website logs, these are kept for 30 days after which time they are deleted. We use these logs for IT security and to ensure the smooth running of our website. We collect this data under the "legitimate interest" lawful basis.

Third parties we share data with

Limited user data is shared with third parties as detailed below. No other user or customer data is shared with third parties.

Google Analytics

We use Google Analytics for analysing website traffic to improve our site. Only anonymous data is stored in Google Analytics. See Google Analytics privacy policy

MailChimp

We use MailChimp to send marketing emails to users who have opted in. The email address of all subscribers is stored in MailChimp’s systems. See MailChimp's privacy policy 

Nutshell

We use Nutshell CRM to store customer data. This data is stored in the US using services that are certified to the EU Privacy Shield framework. See Nutshell's privacy policy and Nutshell's GDPR page.

Transfer of information outside of the European Union (EEA)

We use some hosted services that store data outside of the EU. For those that process personal data, for example, MailChimp and Nutshell, these all comply with the EU Privacy Shield framework.

How you can access and update your information

If you want to update or remove any personal data held by Studio 24, or if you have any other privacy concerns, please let us know. You can email us at privacy@studio24.net

If you wish to unsubscribe from Studio 24 marketing emails please follow the unsubscribe link at the bottom of all emails.

Data security

We take data security seriously and have the following procedures in place to help meet data security laws and best practices in our work:

Hosted services

All third-party hosted services we use are, wherever possible, hosted within the EU. Services hosted outside the EU are accredited to the EU Safe Harbour framework.

Rackspace Dedicated, Rackspace Cloud and Rackspace Email

Rackspace hosting services are hosted within the EU (London, UK). Rackspace are accredited to ISO / IEC 27001, ISO 9001 and the PCI Data Security Standard. Rackspace Email is hosted within the US. Rackspace is accredited to to the EU Safe Harbour framework. See Rackspace's privacy policy and GDPR statement.

AWS Cloud

AWS hosting services are hosted within the EU (London, UK, and Ireland), AWS is accredited to to the EU Safe Harbour framework. See the AWS privacy policy and GDPR statement.

Azure Cloud

Microsoft Azure Cloud services are hosted within the EU. See Microsoft Azure privacy policy and GDPR statement.

Atlassian Bitbucket and JIRA

We use Atlassian Bitbucket as a code repository and JIRA for task management. Atlassian is accredited to to the EU Safe Harbour framework. See Atlassian's privacy policy and statement on privacy at Atlassian.

Latest blog posts

Studio 24’s practical approach to GDPR

This guide is a short, practical approach to GDPR and what this means to Data Privacy and your business online.

How does GDPR apply to email marketing?

Under GDPR sending marketing emails is considered processing personal data, you need to make sure you have consent from your users to send marketing emails.