Structa Studio Privacy Policy

Last updated: [Insert date]

This Privacy Policy explains how Structa Studio ("Structa", "we", "us", "our") collects, uses, stores, and shares personal data when you:

• visit our website;

• submit an enquiry, contact request, or project brief;

• request a discovery call, proposal, or quote;

• communicate with us by email, phone, social media, website forms, or meetings;

• engage us as a client, supplier, collaborator, or referral contact; or

• otherwise interact with our business.

This draft is written for a UK-based, B2B-first visualisation studio and is intended as a practical starting point.

1. Who we are

Structa Studio is the controller of the personal data covered by this Privacy Policy.

Business name: Structa Studio
General email: contact@structastudio.com
Direct email: casper@structastudio.com
Project enquiries: projects@structastudio.com
Website: [Insert website URL]
Registered address / correspondence address: [Insert address if you wish to publish one]

If you have any questions about this Privacy Policy or about how your data is handled, you can contact us using the details above.

2. What this policy covers

This Privacy Policy applies to personal data relating to:

• website visitors;

• prospective clients;

• client contacts;

• suppliers and service providers;

• collaborators, partners, and referral contacts; and

• individuals who contact Structa for any other reason.

It does not apply to third-party websites, services, or platforms that may be linked from our website.

3. The personal data we collect

Depending on how you interact with Structa, we may collect and use the following categories of personal data.

3.1 Contact and enquiry data

• full name;

• business email address;

• phone number, if provided;

• company, studio, or organisation name;

• job title or role, if provided;

• enquiry type;

• enquiry details, project brief, or supporting notes; and

• records of correspondence and communications.

3.2 Project and commercial data

• project requirements and scope information;

• floor plans, dimensions, sketches, kit lists, references, and other project materials you send to us;

• proposal, quote, scope, and project history;

• meeting notes and call notes;

• approvals, feedback, and revision history;

• contract and billing contacts; and

• transaction, invoice, and payment administration records.

3.3 Website and technical usage data

• IP address;

• browser type and version;

• device information;

• operating system;

• pages viewed and navigation behaviour;

• referral source;

• date and time of access; and

• cookie or similar technology data, where applicable.

3.4 Marketing and relationship data

• whether you have asked to receive updates from us;

• your marketing preferences;

• records of opt-outs or objections; and

• notes relating to previous enquiries, referrals, or business development interactions.

3.5 Supplier and collaborator data

• contact names and business contact details;

• company details;

• service or engagement history; and

• accounting or payment administration details.

4. Where we get personal data from

We may collect personal data:

• directly from you;

• through our website forms;

• from emails, messages, calls, video calls, meetings, or social channels;

• from files, plans, briefs, and project materials you send to us;

• from publicly available professional sources such as company websites, directories, or social profiles;

• from referrals or introductions made by third parties; and

• through standard website analytics and cookie technologies, where used.

5. How we use personal data

We may use personal data for the following purposes:

• to respond to enquiries and contact requests;

• to assess whether and how we can support a project;

• to arrange meetings, discovery calls, or project discussions;

• to prepare proposals, quotations, scopes, and project communications;

• to provide services and manage projects;

• to communicate with clients, suppliers, and collaborators;

• to maintain business records and administration;

• to issue invoices and manage payments;

• to improve our website, services, and operations;

• to protect our legal rights and business interests;

• to detect misuse, fraud, or security issues;

• to comply with legal, regulatory, tax, accounting, or insurance obligations; and

• where lawful, to send business-related updates, marketing, or service information.

6. Lawful bases we rely on

Under UK data protection law, we must have a lawful basis for using personal data.

Depending on the context, we may rely on one or more of the following lawful bases.

6.1 Contract / steps before entering into a contract

Where you contact us about a project, request a proposal, or become a client, we may process your personal data because it is necessary to take steps at your request before entering into a contract, or to perform a contract with you.

6.2 Legitimate interests

We may process personal data where it is reasonably necessary for our legitimate business interests, including:

• responding to enquiries;

• managing client, supplier, and collaborator relationships;

• running and improving our services;

• keeping business records;

• preventing misuse or protecting the business from legal or operational risk; and

• carrying out proportionate B2B business development.

Where we rely on legitimate interests, we consider the impact on individuals and do not use the data in a way that overrides their rights and interests.

6.3 Legal obligation

We may process personal data where necessary to comply with legal obligations, including tax, accounting, fraud prevention, record-keeping, and legal compliance obligations.

6.4 Consent

Where required, we will rely on your consent, for example for certain marketing activity or certain cookies and similar technologies. Where consent is used, you can withdraw it at any time.

7. Special category data

Structa does not intend to collect special category personal data through its standard website forms or enquiry processes.

Please do not send sensitive personal data unless it is genuinely necessary and you have a clear reason to do so. If special category data is provided unexpectedly, we will only process it where there is a valid legal basis and, where required, an additional condition for doing so.

8. Direct marketing

Structa may send business-related updates or marketing communications where this is lawful.

If we rely on consent for any marketing activity, you can withdraw that consent at any time.

If we rely on legitimate interests for B2B marketing, you have the right to object at any time. If you object to direct marketing, we will stop using your personal data for that purpose.

You can opt out of marketing by using any unsubscribe mechanism provided, replying to an email, or contacting us directly.

9. Cookies and similar technologies

Our website may use cookies and similar technologies for purposes such as:

• website performance;

• analytics and measurement;

• remembering preferences; and

• improving user experience.

Where the law requires consent for non-essential cookies or similar technologies, we will seek that consent separately.

If your website uses analytics, tracking pixels, cookies, tags, or similar technologies, you should also publish a dedicated Cookie Policy or cookie notice alongside this Privacy Policy.

10. Who we share personal data with

We do not sell personal data.

We may share personal data, where reasonably necessary, with:

• website hosting providers;

• email and communication providers;

• cloud storage or file-sharing providers;

• project management, CRM, automation, form, analytics, or workflow tools;

• accountants, payment processors, or professional advisers;

• insurers, legal advisers, or debt recovery providers where necessary;

• trusted suppliers or subcontractors working on a project, subject to appropriate confidentiality expectations; and

• courts, regulators, law enforcement, or public authorities where we are legally required to do so.

We only share the personal data that is reasonably necessary for the relevant purpose.

11. International transfers

Some of the services we use may store or process personal data outside the UK.

Where personal data is transferred outside the UK, we will take steps to ensure that an appropriate level of protection is in place, such as:

• reliance on an adequacy decision;

• use of approved contractual safeguards; or

• another lawful transfer mechanism.

12. Data retention

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, insurance, and record-keeping requirements.

Retention periods will vary depending on the type of data and the reason we hold it. By way of general guidance:

• general enquiries that do not lead to a project may be retained for a reasonable period in case of follow-up or future business discussion;

• client and project records may be retained for longer where needed for contract administration, commercial history, or legal record-keeping;

• invoice and payment records may be retained for as long as required by tax and accounting obligations; and

• marketing suppression records may be retained so we can respect opt-out requests.

When personal data is no longer needed, we will delete it, anonymise it, or securely archive it where appropriate.

13. Security

We take reasonable technical and organisational steps to protect personal data against unauthorised access, misuse, loss, alteration, or disclosure.

These measures may include access controls, password protection, secure software and platforms, appropriate file storage practices, and limiting access to those who need it.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

14. Your rights

Depending on the circumstances, you may have rights under UK data protection law, including the right to:

• be informed about how your personal data is used;

• request access to your personal data;

• request correction of inaccurate or incomplete personal data;

• request erasure of your personal data;

• request restriction of processing;

• object to processing, including direct marketing;

• request data portability in some cases; and

• withdraw consent where we rely on consent.

These rights are not absolute and may be subject to legal exceptions.

If you wish to exercise any of your rights, please contact us using the details in this Privacy Policy.

15. Complaints

If you have concerns about how Structa handles personal data, please contact us first and we will try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached.

16. Third-party links and services

Our website or communications may contain links to third-party websites, services, or platforms. We are not responsible for the privacy practices of those third parties, and you should review their privacy information separately.

17. Children

Structa's services and website are intended for business and professional use. They are not directed at children, and we do not knowingly collect personal data from children through our standard business processes.

18. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to the business, the website, the tools we use, or legal requirements.

Where appropriate, we will update the "Last updated" date at the top of this page. The latest published version will apply.

19. Contact us

If you have any questions about this Privacy Policy or want to exercise your rights, you can contact:

General enquiries: contact@structastudio.com
Direct contact: casper@structastudio.com
Project enquiries: projects@structastudio.com

Optional tailoring notes before publication

Before publishing this draft, you should tailor it to reflect:

• the exact legal entity name (for example, sole trader vs limited company);

• the actual website domain;

• the tools you actually use (for example Framer, analytics tools, form tools, CRM tools, email providers, file storage, automation platforms);

• whether you use cookies, analytics, tracking pixels, or similar technologies;

• whether you carry out marketing and, if so, on what basis;

• whether you process any consumer data as well as B2B data; and

• your actual retention periods or retention criteria.

Practical note

This Privacy Policy is designed to sit alongside, not replace, other documents you may publish, such as:

• Terms of Service;

• Website Terms of Use;

• Cookie Policy; and

• any internal data retention or security policies.