Privacy Policy
Introduction
Stitch Studio Limited is committed to respecting, protecting and safeguarding the privacy of its clients, prospective clients, consultants, website users, suppliers and employees. This privacy policy sets out details of what information Stitch Studio Limited collects, and how Stitch Studio Limited processes and uses personal data which we collect in accordance with the General Data Protection Regulations 2018 (GDPR). This policy also sets out how Stitch Studio Limited protects any information that you provide when you use this website.
For further information with regards our personal data policies and procedures, or if you have a complaint about the way we collect and use your data, please contact us via email to admin@stitch-studio.co.uk or in writing to Stitch Studio Limited, Suite 6, Fusion House, 28 Rochester Place, London NW1 9DF. You also have the right to complain to the Information Commissioner’s Office (ICO) which is the UK authority for data protection issues (www.ico.org.uk).
Collecting personal data
Stitch Studio Limited’s main objective is to ensure that an individual’s personal data is always processed lawfully, fairly and transparently. Specifically, we aim to ensure that we –
comply with our contractual obligations
comply with the law
provide protection of vital interests
carry out tasks in the public interest
use the data collected for the legitimate interest of running our business
collect your personal data for a specific purpose with your explicit consent
ensure that your personal data can only be used for that specific purpose.
We acknowledge that you have the right to withdraw your consent to use your personal data at any time, and we will immediately react upon any request to do so.
Data we collect about you
Personal data means any information capable of identifying an individual. This does not include anonymised data. The business-to-business personal data we collect about you helps us to understand your needs and provide you with a better service. In general, we may process the following types of personal data about you –
Identity Data such as your first name, last name, username, title and date of birth.
Contact Data such as your work place address, email address and telephone numbers.
Financial Data such as your business bank account.
Transactional Data such as details about payments made between us and other details of purchases made by you.
Technical Data may include internet addresses, browser plug-in types and versions, time zone setting and location, operating systems and platforms, and other technology on the devices you use to access our website.
Website Usage Data may include information about how you use our website, products and services.
Marketing Contact Preference Data may include your preferences in receiving marketing from us and your communication preferences.
It is very important that the information we hold about you is accurate and up to date. If your business-related personal information changes please contact us using the contact details above.
In circumstances where sensitive data has been provided for recruitment, this may come under the umbrella of diversity information. This may include your maiden name, ethnic background, gender, disability, age, sexual orientation and religion or other similar beliefs. We will normally only use this information on an anonymised basis to monitor our compliance with our Equal Opportunities Policy.
This information is termed ‘sensitive’ personal information and slightly stricter data protection rules will apply. We therefore need to obtain your explicit consent before we can use it. This means that you have to explicitly and clearly tell us that you agree to us collecting and using this information. Should you wish to withdraw your consent please contact us using the contact details above.
Please note that you are not obliged to consent to opt-in to this and you have the right to withdraw your consent at any time.
How do we use your personal data?
What we do with your personal data is normally referred to as ‘processing’ which essentially covers collecting, recording, storing, using, altering, erasing, etc. We may process your personal details for a variety of reasons, and we will always seek to be transparent about how your personal data will be used. On occasion, we may need to forward your personal data to third parties, but we will only do this with your express permission.
Otherwise, it is likely that we will only process your personal data where we have a lawful basis to do so such as –
To allow us to undertake our services in accordance with our business objectives and contractual agreements pursuant to achievement of those objectives;
For accounting, tax and regulatory purposes;
To send personal invitations to seminars, local interest meetings, corporate events, etc;
For submission to external third parties (such as HMRC) in connection with the execution of our legal duties;
To ensure we maintain a quality level of service in accordance with our ISO9001 accreditation, and to facilitate service feedback initiatives;
For staffing and recruitment exercises.
All third parties to whom we transfer your data are expressly required to respect the security of your personal data and to treat it in accordance with the law. Such third parties are only permitted to process your personal data for specified purposes and in accordance with our instructions.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right:
To receive a copy of the personal data we hold about you by means of a Subject Access Request (SAR) and to check that we are lawfully processing it.
To have any incomplete or inaccurate data we hold about you corrected, although we may need to verify the accuracy of the new data you provide to us.
To ask us to delete or remove personal data where there is no good reason for us continuing to process it or where you have successfully exercised your right to object to processing or where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the law.
To object to processing on the grounds that you feel it impacts on your fundamental rights and freedoms. You also have the right to object in circumstances where we are processing your personal data for direct marketing purposes.
To request restriction of processing of your personal data, and to suspend the processing of your personal data in certain scenarios.
To request the transfer to you or to a third party of personal automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
To withdraw consent at any time where we are relying on consent to process your personal data although, if you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us. It is our intention to respond to all legitimate requests within one calendar month although it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request altogether in these circumstances.
In the event that we need to request specific information from you to help us confirm your identity and ensure your right to access your personal data, or to exercise any of your other rights, you can be assured that this is simply a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. You may also be contacted if we require further information in relation to your request.
How long do we keep your personal data?
We will keep your personal data no longer than is reasonably necessary. However, this may vary according to the type of information. For example, financial or accounting records will usually be erased six years after final legitimate use in accordance with HMRC recommendations. For information in respect of individual projects, data may be kept according to our legitimate business interests and our insurer’s requirements.
If variations to these principles are necessary, we would inform individuals accordingly and we would provide details of the reasons for the variations.
In circumstances where we wish to use your personal data for research or statistical purposes, we may anonymise your data so that it can no longer be associated with you in which case we may use this information indefinitely without further notice to you.
Data security
Appropriate security measures have been put in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. It is our policy to limit access to your personal data to those of our employees, agents, contractors and others who have a legitimate business need to know such data. They will only be able to process your personal data on our instructions, and they are bound by a strict duty of confidentiality.
Comprehensive procedures to deal with any suspected personal data breach have been put in place, and we will notify you and any applicable regulator of a breach if we are legally required to do so.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Changes to this Privacy Policy
This Privacy Policy is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right, at all times, to update, modify or amend this Policy. We suggest that you review this Privacy Policy from time to time to ensure you are aware of any changes we may have made. However, we will not significantly change how we use information you have already given to us without your prior agreement. Any changes will be made available on our website www.stitchstudio.co.uk.