Who We Are
Artess Studio Ltd ("Artess", "we", "us", "our") is the controller of personal data collected through our website at artess.co.uk and through our client engagements.
Company number: [to be completed]. Registered office: [to be completed]. ICO registration number: [to be completed].
If you have any question about this notice, contact us at contact@artess.co.uk.
Scope of this Notice
This Privacy Policy explains how we handle personal data when you visit our website, submit an enquiry form, request a quotation, sign up to our newsletter, or commission us to deliver visualisation services. It does not cover personal data we may handle on behalf of clients in their capacity as the controller - in that case, our Data Processing Agreement applies.
Personal Data We Collect
We collect and process the following categories of personal data:
- Identity & contact data
- name, company, role, email address, business postal address.
- Project data
- the brief, drawings, photographs and any other materials you supply or that are produced during the engagement. These may incidentally contain personal data.
- Financial data
- billing address, invoice history, bank details for outbound payments. We do not store full card numbers - payments are processed via regulated third-party providers.
- Communications data
- the content and metadata of emails, messages, calls and meetings between you and us.
- Technical data
- IP address, browser type and version, device information, time zone, operating system, and the pages of our site you visit.
- Usage data
- how you interact with our site (pages viewed, links clicked, time on page) collected via privacy-respecting analytics.
- Marketing preferences
- your subscription status and engagement with our communications.
We do not knowingly collect special category data (such as data about health, ethnicity or political opinions). Please do not send us such data unless we specifically ask for it and explain the lawful basis.
How We Collect It
- Directly from you: when you fill in our contact form, email us, sign a contract, or upload Source Materials.
- From your interactions with our site: via cookies and similar technologies (see Section xii).
- From third parties: e.g. introductions from architects or developers, public sources such as Companies House, or LinkedIn for due-diligence checks on prospective clients.
Purposes & Lawful Bases
Under the UK GDPR, we must have a lawful basis for each use of personal data. Our purposes and bases are:
| Purpose | Personal data used | Lawful basis |
|---|---|---|
| Responding to enquiries & preparing quotations | Identity, contact, project, communications | Contract / pre-contract steps; legitimate interests |
| Delivering commissioned services | Identity, contact, project, communications, financial | Contract |
| Invoicing & payment processing | Identity, contact, financial | Contract; legal obligation (tax records) |
| Keeping accounting & tax records | Identity, financial | Legal obligation |
| Marketing to existing clients | Identity, contact, marketing preferences | Legitimate interests (soft opt-in under PECR) |
| Marketing to prospects | Identity, contact, marketing preferences | Consent |
| Site analytics & performance | Technical, usage | Consent (where required); legitimate interests for strictly necessary measurement |
| Securing our systems & preventing fraud | Technical, usage, communications | Legitimate interests |
| Establishing or defending legal claims | All categories as relevant | Legitimate interests; legal obligation |
"Legitimate interests" means that we have considered the impact on you and concluded that processing is necessary, balanced and proportionate. You can ask us for a copy of the balancing test at any time.
Marketing Communications
We will only send you direct marketing emails where (a) you have given us your consent, or (b) you are an existing client and we are marketing similar services to those you previously engaged us for, in line with the "soft opt-in" rule under the Privacy and Electronic Communications Regulations (PECR).
Every marketing email contains a one-click unsubscribe link. You can also unsubscribe at any time by emailing contact@artess.co.uk. Unsubscribing from marketing does not stop service-related emails (e.g. invoice reminders).
Sharing & Recipients
We share personal data only with the following categories of recipient, and only to the extent necessary:
- Service providers acting as our processors - cloud hosting, file transfer, email delivery, analytics, accounting software, payment processors. They are bound by written contracts compliant with Article 28 UK GDPR.
- Professional advisers - accountants, lawyers, insurers, where confidentiality is owed.
- Public authorities - where required by law (HMRC, courts, regulators, ICO).
- Successors - in the event of a sale, restructuring, or merger of Artess.
We do not sell personal data and do not share it with third parties for their own marketing.
International Transfers
Some of our service providers are located outside the UK. Where we transfer personal data outside the UK, we rely on one of the following safeguards:
- an "adequacy decision" in favour of the destination country;
- the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses with the UK Addendum;
- another mechanism approved under Article 46 UK GDPR.
You can request a copy of the transfer mechanism by emailing contact@artess.co.uk.
Retention Periods
We keep personal data only as long as necessary for the purposes for which it was collected:
- Enquiries that don't progress
- 12 months from the last contact, unless you ask us to delete sooner.
- Active client records
- for the duration of the engagement.
- Closed client records & contracts
- 6 years after the end of the engagement (limitation period under the Limitation Act 1980).
- Accounting & tax records
- 6 years from the end of the relevant accounting period (HMRC requirements).
- Marketing list data
- until you unsubscribe, then a suppression record is retained to ensure we do not contact you again.
- Site analytics
- 26 months maximum, then aggregated or deleted.
Security Measures
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration, including: encrypted transmission (TLS), encrypted storage at rest, access controls and least-privilege permissions, multi-factor authentication on all critical systems, regular backups, vendor due diligence, and staff training.
If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and inform affected individuals where the risk is high, in line with Articles 33–34 UK GDPR.
Your Data Protection Rights
Under the UK GDPR you have the following rights, free of charge except for manifestly unfounded or excessive requests:
- Right to be informed - about how your data is used (this notice).
- Right of access - to ask for a copy of the personal data we hold about you.
- Right to rectification - to have inaccurate or incomplete data corrected.
- Right to erasure - to ask us to delete your data in certain circumstances ("right to be forgotten").
- Right to restrict processing - to ask us to pause processing while a concern is investigated.
- Right to data portability - to receive your data in a structured, machine-readable format.
- Right to object - particularly to direct marketing and to processing based on legitimate interests.
- Rights regarding automated decision-making - see Section xiv.
- Right to withdraw consent - where we rely on consent, you can withdraw it at any time without affecting prior processing.
To exercise any of these rights, email contact@artess.co.uk. We will respond within one calendar month, extendable by two further months for complex requests, in which case we will notify you of the extension and the reasons. We may need to verify your identity before responding.
Cookies & Similar Technologies
Our website uses a small number of cookies and similar technologies. Where required by PECR and the UK GDPR, we ask for your consent before setting non-essential cookies via a cookie banner.
| Category | Examples | Consent required? |
|---|---|---|
| Strictly necessary | Session cookies, security tokens, your cookie-consent choice itself. | No |
| Performance / analytics | Aggregated, privacy-respecting analytics that measure visits and pages viewed. | Yes |
| Functional | Remembering your tweaks panel preferences. | Yes |
| Marketing / advertising | None at present. | Yes (if introduced) |
You can change or withdraw your cookie preferences at any time via the cookie settings link in the footer. You can also block or delete cookies through your browser settings, though this may affect site functionality.
Children's Privacy
Our services are aimed at architects, developers and design professionals. We do not knowingly collect personal data from children under 13. If you believe a child has supplied personal data to us, please contact contact@artess.co.uk and we will delete it.
Automated Decision-Making
We do not make decisions that have legal or similarly significant effects on individuals based solely on automated processing, including profiling, within the meaning of Article 22 UK GDPR.
Changes to this Notice
We may update this notice from time to time. The "Effective" date at the top of this page shows when it was last revised. Where the changes are material, we will notify clients by email and post a notice on our homepage for thirty days.
Complaints & the ICO
If you have a concern about how we handle your personal data, please contact us first at contact@artess.co.uk so we have the opportunity to resolve it.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
ico.org.uk
How to Contact Us
For any question about this notice or to exercise your rights, write to:
Artess Studio Ltd - Privacy
[Registered office address]
United Kingdom
contact@artess.co.uk