Privacy Policy

1. Information We Collect We may collect the following types of personal information: 1.1 Information you provide directly Name Email address Phone number Booking details Payment information (processed securely by our payment provider; we do not store card details) 1.2 Automatically collected information When you visit our website, we may automatically collect: IP address Browser type and device information Pages visited and time spent on the site Cookies and similar tracking technologies This helps us improve the website and your experience. 2. How We Use Your Information We use your personal information to: Process and confirm your booking Communicate with you about your visit or enquiry Improve our services and website Send studio updates or offers (only if you have opted in) Comply with legal obligations We do not sell or share your data with third parties for marketing. 3. Legal Basis for Processing Under the UK GDPR, we process your data on the following bases: Contract – to fulfil your booking or enquiry Consent – when you opt into marketing communications Legitimate interests – to improve our services and ensure the website works correctly Legal obligation – to maintain financial or business records 4. How We Store and Protect Your Information We take appropriate technical and organisational measures to keep your data secure. Your information is stored on password-protected systems and only accessible to staff who need it. Payment data is handled securely by our third-party payment processor (e.g., Stripe, PayPal). We do not store card details. 5. How Long We Keep Your Information We only keep your information for as long as necessary for the purposes outlined in this policy. For example: Booking records: up to 6 years (legal requirement) Enquiry emails: up to 12 months Marketing consents: until you unsubscribe You can request deletion of your data at any time (see Section 7). 6. Sharing Your Information We only share your data with trusted service providers when necessary, such as: Booking system or payment provider Email service provider Website hosting provider These third parties are required to keep your information secure and use it only for the purpose agreed. We do not share your information with advertisers or unrelated third parties. 7. Your Rights Under the UK GDPR, you have the right to: Access the personal information we hold about you Request corrections to inaccurate data Request deletion of your data Withdraw consent (e.g., marketing emails) Object to or restrict certain types of processing Request a copy of your data in a portable format To exercise these rights, please contact us (details below). 8. Cookies Our website may use cookies to improve performance, analyse traffic, and personalise your experience. You can manage or disable cookies in your browser settings. 9. Links to Other Websites Our website may contain links to external sites. We are not responsible for the privacy practices of those websites. 10. Contact Us If you have any questions about this Privacy Policy or would like to make a data request, please contact us: Painted Pot Abbots Langley, Hertfordshire Email: [insert email] Phone: [insert phone] 11. Changes to This Policy We may update this Privacy Policy from time to time. Any updates will be posted on this page with a new “last updated” date.