Our Privacy Policy
Introduction
This privacy notice provides you with details of how we collect and process your personal data through your use of our site www.rootsandwings.studio, including any information you may voluntarily provide us.
We are committed to protecting your privacy and take this responsibility very seriously. We therefore take care to safeguard it. This notice outlines what data we collect, how we may use it, how we protect your data and your rights, and how you can exercise those rights.
Roots and Wings Studio Limited (company registration no. 13621313) is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
We regularly check this notice to ensure we provide you with the most up-to-date information regarding our data processing activities. We strongly advise you to read this page from time to time to ensure you are happy with any changes that might be made.
This privacy notice was last updated on 20th September 2021.
Our contact details
Name: Roots + Wings Studio Limited
Address: 14 Walpole Place, Teddington, TW11 8PL
Website: www.rootsandwings.studio
E-mail: hello@rootsandwings.studio
What data do we collect about you?
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process certain types of personal data about you as follows:
Identity Data may include your first name, last name and title.
Contact Data may include your postal address, email address and telephone numbers.
Technical Data may include your internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Usage Data may include information about how you use our website, products and services.
Marketing and Communications Data may include your preferences in receiving marketing communications from us and your communication preferences.
We may also process Aggregated Data from your personal data but this data does not reveal your identity and as such in itself is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.
Sensitive Data
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
How do we collect your personal data?
We collect data about you through a variety of different methods including:
Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you:
subscribe to our services;
request resources or marketing be sent to you;
give us feedback.
Automated technologies or interactions: As you use our site, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies.
How do we use your personal data?
We will only use your personal data when legally permitted. The most common uses of your personal data are:
Where we need to perform a contract between us.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Where we are required to collect personal data by law, or under the terms of a contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email. You have the right to withdraw consent to marketing at any time by emailing us at hello@rootsandwings.org
Purposes for processing your personal data
Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please email us at hello@rootsandwings.studio for more information.
Purpose/Activity | Type of data | Lawful basis for processing |
---|---|---|
To respond to a project brief and carry out work a client has instructed us on. | (a) Identity (b) Contact |
Fulfilment of a contract |
To use data analytics to evaluate and improve our services and customer experience. | (a) Technical (b) Usage |
Necessary for our legitimate interests to enhance our offering to customers and inform our marketing strategy |
To register you as a subscriber and send you marketing communications. | (a) Identity (b) Contact (c) Marketing and Comms |
Consent |
Marketing communications
You will receive marketing communications from us if you have:
subscribed via the email sign-up form on our website www.rootsandwings.studio;
or contacted us and requested to receive marketing communications from us;
and you have not opted out of receiving that marketing.
We will never share your personal data with any third party for marketing purposes.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or OR by emailing us at hello@rootsandwings.studio at any time.
Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a contract or other transaction.
Use of Data Processors
We may use a third-party supplier to send marketing communications. For example, we use MailChimp to send some of our emails, and as such we transfer lists of email addresses to their system. You can find out more about the suppliers that we use by getting in touch with us on hello@rootsandwings.studio.
When do we disclose your personal data?
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above:
Service providers who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
International transfers
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
We endeavour to keep all personal data hosted within the EEA. If it is ever desirable to transfer your data outside of the EEA, as is the case with MailChimp, we look at this on a case-by-case basis to ensure that robust data-sharing agreements are in place. For example, MailChimp hosts its data in the US, and uses Standard Contractual Clauses. Such clauses have been declared by the European Commission to provide adequate protection for personal data, and as such we are happy to use it.
In cases where we transfer your data outside the EEA, we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information, for example, by entering into a contract that includes prescribed clauses about the use of data.
How do we keep your data secure?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your data protection rights
Under data protection law, you have rights including:
Your right of access You have the right to ask us for copies of your personal information.
Your right to rectification You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
You are not required to pay any charge for exercising your rights. If you make a request, we will respond within one month.
Please contact us at hello@rootsandwings.studio or 14 Walpole Place, Teddington, TW11 8PL if you wish to make a request.
How to complain
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
If you have any concerns about our use of your personal information, you can contact us on hello@rootandwings.studio or 14 Walpole Place, Teddington, TW11 8PL.
You can also complain to the ICO if you are unhappy with how we have used your data:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
ICO helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Cookies
We use performance cookies from Google Analytics and Squarespace to collect aggregated information about how users interact with our website. We collect information including which pages are visited, how many pages are visited, how long each session lasts and which links are clicked. This helps us improve our website and provide users with a better experience. For more information on how Google uses the data provided, please visit https://policies.google.com/technologies/partner-sites.
You can decline cookies when visiting this website through the pop-up banner. You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.