SUUM.Studio Privacy Policy

1. Introduction

SUUM.Studio is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you interact with our website, services, and business operations.

This policy is governed by Scots Law and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Information We Collect and Why

We collect and process the following types of personal data:

Website Visitors

Analytics Data: We use Google Analytics to monitor website traffic and visitor behaviour patterns. This data is anonymised and does not identify individuals.

Cookies: For website functionality, performance tracking, and user experience improvement. For more details, see our Cookie Policy.

Clients and Business Contacts

Names, contact details, and company information: Used for client communications, contract management, and project fulfilment.

Payment details: Required for invoicing and processing payments.

Marketing preferences: If you opt-in, we use this to send promotional materials and industry updates.

Job Applicants and Freelancers

CVs, portfolios, and application details: Used to assess candidates for employment or freelance opportunities.

Right-to-work and ID verification: To comply with employment and contracting laws.

Customer Queries and Support

Contact details and correspondence history: Used to respond to enquiries, complaints, or service requests.

3. Lawful Basis for Processing Data

We only process personal data where we have a lawful basis under UK GDPR, including:

Consent: Where you provide explicit permission (e.g., signing up for newsletters).

Contractual necessity: When processing is required to fulfil a service agreement.

Legitimate interests: Where processing is necessary for business operations and does not override your rights.

Legal compliance: Where we are legally required to retain or share information.

4. How We Share Data

We do not sell or trade personal data. However, we may share information with:

Third-party service providers (e.g., payment processors, cloud storage providers) who support our operations. We ensure they comply with data protection laws.

Legal authorities if required by law, such as in fraud investigations or compliance audits.

5. Data Security

We implement appropriate technical and organisational measures to protect your data from unauthorised access, loss, or misuse. These include:

Secure servers and encryption.

Access controls and data minimisation practices.

Regular cybersecurity assessments.

6. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected:

Client and financial records: 6 years (for tax and contractual purposes).

Recruitment data: 12 months, unless an employment or freelance agreement is made.

Website analytics: 26 months (Google Analytics standard retention period).

Marketing data: Until you withdraw consent or opt out.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Access: Request a copy of your data.

Rectification: Correct inaccurate or incomplete data.

Erasure: Request deletion of your data in certain circumstances.

Restriction: Limit processing of your data.

Objection: Withdraw consent or object to data processing.

Data portability: Request data transfer to another service provider.

To exercise these rights, contact us at [email protected]

8. Cookies and Tracking Technologies

We use cookies for:

Essential website functionality (e.g., login, security features).

Performance tracking (e.g., Google Analytics, anonymous visitor tracking).

Marketing and advertising (where consent is given).

For more details on managing cookies, see our Cookie Policy.

9. Cookie Policy

What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help improve your user experience by remembering preferences, enabling website features, and tracking usage analytics.

Types of Cookies We Use

Essential Cookies: Necessary for core website functionality (e.g., login, security, and accessibility features).

Performance Cookies: Help us understand how users interact with our website by collecting anonymised data (e.g., Google Analytics).

Functional Cookies: Store user preferences (e.g., language, font size) to enhance user experience.

Marketing Cookies: Used to personalise advertising and marketing content (only applied with user consent).

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

Delete cookies stored on your device.

Block certain types of cookies.

Receive alerts before cookies are placed.

For more details on managing cookies, visit the Information Commissioner’s Office (ICO) website: www.ico.org.uk

10. Links to Third-Party Websites

Our website may contain links to external sites. We are not responsible for the privacy practices of these sites and recommend reviewing their privacy policies separately.

11. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page, and where significant, we will notify users via email or website notices.

12. How to Contact Us and Complaints

For privacy-related queries, contact us at [email protected].

If you have concerns about how we process your data, you can lodge a complaint with the Information Commissioner’s Office (ICO):

ICO Contact Details:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: www.ico.org.uk

Document updated 2025