This policy explains how Studio Dynamics Limited collects, uses, stores and protects your personal data when you visit our website, enquire about our services, or work with us as a client. We've written it in plain English. If anything's unclear, get in touch using the contact details at the end.
1. The personal data we collect
Depending on how you interact with us, we may collect the following:
When you visit our website
- Standard technical information: IP address, browser type, device type, pages visited, referring website, time and date of visit. This is collected via cookies and analytics tools — see our Cookies Policy.
- Marketing identifiers via Google Analytics (anonymised) and the Meta Pixel (for advertising performance measurement).
When you enquire about our services
- Information you submit in our contact form: name, email address, phone number, company name, service of interest, and the content of your message.
- Information from Calendly when you book a discovery call: name, email, scheduled time, any answers to intake questions.
When you become a client
- Full business contact details (company name, address, billing email, phone, contact person).
- Information shared in onboarding, contracts, briefings and ongoing communications.
- Payment information processed through Stripe — we do not store full card details ourselves; Stripe does. We only receive transaction confirmations and last 4 digits.
- Records of contracts signed (including a digital signature, the IP address used to sign, and a timestamp).
- Files we share with you through your client portal (such as reports, onboarding documents, lead data exports and other working files). Files are stored on our servers and are accessible only to the assigned client when logged in to the portal. We keep a record of which files were uploaded, by whom, and when each file was downloaded.
When you subscribe to marketing communications
- Email address and any segmentation preferences via our email marketing platform (Moosend).
2. How we use your data
We use your personal data for the following purposes, each with a corresponding legal basis under UK GDPR:
- To respond to enquiries — legitimate interest in answering people who have contacted us about our services.
- To deliver our services — performance of a contract once you become a client.
- To process payments and invoices — performance of a contract, plus legal obligation under HMRC and accounting rules.
- To send marketing emails — your consent (we will never send marketing without your explicit opt-in, and you can unsubscribe at any time).
- To measure marketing performance — your consent for non-essential cookies (analytics and advertising trackers).
- To improve our services and website — legitimate interest in understanding how visitors use our site.
- To meet legal and regulatory requirements — legal obligation (e.g. tax records, anti-fraud).
3. Who we share your data with
We share your personal data only with the following categories of recipients, and only as needed:
- Hostinger — our website and application hosting provider.
- Stripe — payment processing.
- Google (Workspace, Analytics, Calendar) — email, calendar, and website analytics.
- Calendly — meeting scheduling and booking.
- Meta (Facebook) — advertising performance measurement via the Meta Pixel.
- Moosend — email marketing delivery.
- Zapier — workflow automation between our systems.
- Our accountants and professional advisers — where required for tax, legal, or compliance purposes.
- Regulatory authorities and law enforcement — only where legally required.
We do not sell your personal data to anyone. We do not share it with third parties for their own marketing purposes.
4. International transfers
Some of our service providers (notably Stripe, Google, Meta, Calendly, Moosend and Zapier) process data outside the UK and the European Economic Area (EEA), including in the United States. Where this happens, we rely on UK GDPR-compliant transfer mechanisms — typically Standard Contractual Clauses, the UK International Data Transfer Addendum, or an adequacy decision (such as the UK Extension to the EU–US Data Privacy Framework). These providers are obliged to protect your data to a standard equivalent to UK law.
5. How long we keep your data
We retain personal data only for as long as we need it:
- Enquiries that don't become clients: up to 2 years from your last contact, then deleted.
- Client records (contracts, invoices, communications): 6 years after the end of our working relationship, to meet HMRC and statutory accounting requirements.
- Files shared through the client portal: retained for the duration of our working relationship. Files may be deleted earlier on request, and are removed when no longer required.
- Marketing email subscribers: until you unsubscribe or request deletion.
- Website analytics data: as set by Google Analytics (currently up to 14 months).
6. Your rights under UK GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data ("right to be forgotten"), subject to legal retention requirements.
- Restriction — ask us to limit how we use your data.
- Portability — request your data in a portable, machine-readable format.
- Object — object to processing based on legitimate interests, including direct marketing.
- Withdraw consent — where we rely on your consent, you can withdraw it at any time.
To exercise any of these rights, email legal@studiodynamics.co.uk. We'll respond within one month.
If you're not happy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
7. Security
We take reasonable technical and organisational measures to protect personal data, including encrypted database connections, HTTPS across all of our websites and applications, restricted administrative access, and regular security updates of our hosting environment. No system is perfectly secure, but we treat your data with the same care we apply to our own.
8. Cookies and tracking
Our website uses cookies and similar technologies. Full detail of which cookies we use, why, and how to control them, is set out in our Cookies Policy.
9. Children
Our services are intended for businesses, not consumers, and certainly not children. We do not knowingly collect data from anyone under 18. If you believe a child has provided us with data, contact us and we will delete it.
10. Changes to this policy
We may update this policy from time to time to reflect changes in our practices or in the law. Any material changes will be reflected in the "Last updated" date at the top of this page. We recommend reviewing it occasionally.
11. Contact us
For any privacy-related questions or to exercise your rights: