Privacy Policy

How We Use Your Data

Who are we?
We are SOKA Studio Limited (Co. Reg. No. 11202420) and our registered address is at 9 Burton Road, Lincoln LN1 3JY. If you have any questions about this Policy, or about how we look after your data generally, please contact sophie@sokastudio.co.uk

Introduction
SOKA Studio Limited (‘we’ or ‘us’ etc), are ‘controllers’ of data. This means that, under the Data Protection Act 2018 (the Act) and the EU General Data Protection Regulation (GDPR), we may control and process your personal data. We take privacy very seriously. We are committed to keeping your data secure and processing it fairly and lawfully. We ask that you read this policy very carefully because it contains important information about how we process your personal data.

Personal Data We May Collect About You
We collect personal data directly from you via our websites or via other communications between us when you make enquiries with us, or when we provide services to you. The data we collect from you is limited to what we need to collect for these purposes and usually includes:

  • Your name, address and contact details (usually email address(es), postal address and phone number(s))
  • Your communication preferences
  • Your job title and role within your organisation
  • Details of your design or website project
  • Content that you provide us for your website, such as team and individual photographs and client/third party information
  • Client or third party information (usually limited to contact details) for marketing purposes, such as for instance use with Mailchimp or similar services

In addition, we may monitor your use of our website through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit, which pages you go to, traffic data, location data and the originating domain name of a user's internet service provider. This information helps us to build a profile of our users. Some (but not all) of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Please see further the section on Use of cookies below.

Personal Data We May Collect From Third Parties
Where third parties involved in your project collect personal information from you directly, such as website developers and designers, they may in turn provide us with the same information as part of our involvement with the same project.

How We Use Your Personal Data
We are required to have a legal basis for processing your personal information. These are most commonly:

  • to perform or take steps to enter into a contract with you for the purposes of providing you with design or website services
  • to comply with a legal obligation
  • where we have your explicit consent, freely given
  • where it is necessary for our legitimate interests and these are not overridden by your rights and interests, or the rights and interests of others

When you make an enquiry with us, we may use the personal information for the following reasons:

  • follow up your enquiry and provide further information
  • to add you to our marketing database, subject to your consent
  • to tailor our services, understand how you heard about us, improve our website and adapt our marketing channels

When you enter into a contract with us under which we agree to provide you with design or website series, we may use the personal information for the following additional reasons:

  • To perform the contract
  • To communicate with you about the project

We may use your information to tailor our marketing activity based on your interests and preferences, subject to your consent. We will not use your information to carry out any automated profiling that could have a legal effect on you.

Sharing Your Personal Information
We may share your personal information with:

  • Any sub-contractor working on our behalf providing coding, website building or hosting services (Ordinarily, the lawful basis for doing so is in order to perform a contract with you – GDPR Art.6(1)(b))
  • Third parties who provide services to us, such as our solicitors and professional advisors (Ordinarily, the lawful basis for doing so is our legitimate interests – GDPR Art. 6(1)(f))

Marketing and Opting Out
We will not contact you for the purposes of direct marketing unless you have asked us to do so. However, if you have asked us to do so and later your change your mind, you can opt-out at any time with no hassle. To do this, just let us know. See further Your rights below for details about how to contact us.

Keeping your Data Secure
We will use technical and organisational measures to safeguard your personal data, for example:

  • Access to our systems is controlled by password and username which are unique to the user;
  • We store your electronic personal data on secure servers backed up on the cloud;
  • We store your paper records in locked storage cabinets.

Non-sensitive details (your contact details and preferences for example) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Transferring Your Information Outside of Europe
We do not transfer your information outside of the European Economic Area, save as described below. We store and back-up your data using the Google Drive and cloud services provided by Team Knowhow. Google have represented their system as secure. For example, Google have the following statement on their website:
“We also offer European Model Contract Clauses to address EU data-transfer requirements for Google Cloud Platform and G Suite. We previously obtained Common Opinions from EU Data Protection Authorities confirming the alignment of our Model Contract Clauses with the Standard Contractual Clauses published by the European Commission.” Google uses data centres, which are located throughout the world. Accordingly, there is a possibility that your personal data will be transferred outside of the EEA while stored with Google Drive. For more information about how Apple keeps your data safe, please see their website at https://privacy.google.com/businesses/compliance/#?modal_active=none

Information About Other Individuals
If you give us information on behalf of someone else, you confirm that you have a lawful basis for doing so and that, where the information includes the personal data of third parties, such as your staff, clients or customers, you have in place appropriate technical and organisational measures to ensure that you are fully compliant with the Act and the GDPR.

How Long Do We Keep Your Data For?
As a general rule, we will not keep your data for any longer than is necessary to complete tasks or provide you with services. Generally, we keep your personal information for six years after the end of our involvement with your project. You also have the right to ask us to delete your data, which is set out below (sometimes known as ‘the right to be forgotten’.)

Cookies
A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. If you use our website, we may use cookies to:

  • Track your use of the site;
  • Recognise you whenever you visit this website (this speeds up your access to the site as you do not have to log on each time);
  • Obtain information about your preferences, online movements and use of the internet;
  • Carry out research and statistical analysis to help improve our content, products and services and to help us better understand our visitor/customer requirements and interests;
  • Make your online experience more efficient and enjoyable

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org

If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to the use of cookies. This includes cookies that are essential in order to enable you to move around the site and use its features and cookies that are not essential but gather information about your use of the site.

Your Rights
You have various rights under the Act and the GDPR, including the following rights:

  • Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
  • Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, providing you with services), or consent to market to you, you may withdraw your consent at any time.
  • Data Subject Access Requests (DSAR): Just so it's clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following: We may ask you to verify your identity, or ask for more information about your request; and where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.;
  • Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply.
  • Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
  • Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority, details of which can be found below.

To exercise any of your rights concerning your information, please send an email to the following address: sophie@sokastudio.co.uk Or write to us at the following postal address: SOKA Studio Ltd, 9 Burton Road, Lincoln LN1 3JY. We may ask you to provide us with proof or your identity. Please do not be offended; this may occur even if we know you. It is a requirement of the GDPR in some cases.

Review
This Policy was last reviewed on 12.12.2018. We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you access our website.

The Information Commissioner’s Office
More information about privacy laws can be found at www.ico.org.uk
Details of your local supervisory authority: The Information Commissioner’s Office. You can contact them
in the following ways:

  • Phone: 0303 123 1113
  • Email: casework@ico.org.uk
  • Live chat, via the ICO website
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF