WHO ARE WE?
Studio 43 c/o Octangle Ltd is a private limited company that operates within the
private industry sector within the UK to provide, install and maintain 3D prints and
Studio 43 has a commitment to comply with the General Data Protection Regulation
(GDPR) (EU) 2016/679 in the acquisition, processing and disposal of your personal
data. This policy notice describes what that data is likely to be and outlines our
commitment to process it, store it, access it and dispose of it in such a way that your
personal data is protected at every stage of the operation. In certain circumstances,
it will outline how we share this information and with whom.
WHO ARE YOU?
You are either a customer, a supplier or a member of staff of Studio 43. In this case
you will have provided or will provide certain personal data to us.
Alternatively, if you are merely a visitor to our website or our premises, this policy
notice informs you what data is captured and how.
HOW DO WE GET YOUR INFORMATION?
Most of the personal information we process is provided to us directly by you for one
of the following reasons:
● You are a customer or client of ours;
● You are a supplier or subcontractor to us;
● You have made a complaint or enquiry to us;
● You have made a complaint about us to a regulatory body;
● You have made an information request to us;
● You wish to attend, or have attended, an event;
● You subscribe to our e-newsletter and updates;
● You have applied for a job or secondment with us; or
● You are representing your organisation, which falls into one of the categories
We also receive personal information indirectly, in the following scenarios:
● We have contacted an organisation about a complaint you have made and it
gives us your personal information in its response.
● A complainant refers to you in their complaint correspondence.
● Whistleblowers include information about you in their reporting to us.
● From other regulators or law enforcement bodies.
● An employee of ours gives your contact details as an emergency contact or a
If it is not disproportionate or prejudicial, we will contact you to let you know we are
processing your personal information.
FOR WHAT DO WE USE YOUR INFORMATION?
This privacy notice tells you what to expect when Studio 43 collects personal
information. It applies to information we collect about:
● visitors to our websites;
● survey on our blog;
● complainants and other individuals in relation to a data protection or
● freedom of information complaint or enquiry;
● people who use our services, e.g. who subscribe to our newsletter or request
● a publication or enquire about our services;
● visitors to our premises;
● people who notify under the Data Protection Act; and
● job applicants and our current and former employees.
Studio 43 engages with a third-party service provider, to whom we may pass your
personal information or to whom you may be expected to provide your personal
information, your information will be handled by that third-party service provider as if
it were being handled by Studio 43. This may include but not be limited to external
training organisations, external auditing organisations, external certification
organisations, external personnel benefits advisers and statutory authorities i.e.
VISITORS TO OUR WEBSITES
When you browse this website, you do so anonymously, unless you have previously
indicated that you wish Studio 43 to remember your personal information or login
and password. We use a third-party service, Google Analytics, to collect standard
Internet log information and details of visitor behaviour patterns. We do this to find
out things such as the number of visitors to the various parts of the site. This
information is only processed in a way which does not identify anyone. We do not
make, and do not allow Google to make any attempt to find out the identities of those
visiting our website. If we do want to collect personally identifiable information
through our website, we will be up front about this. We will make it clear when we
collect personal information and will explain what we intend to do with it.
PEOPLE WHO TELEPHONE US
For customers who call Studio 43’s service centre to use the customer support
service or service desk, we will collect and handle that information for as long as is
necessary to ensure the support has been given effectively. If the caller is a
registered customer, the data will be handled in accordance with our policy on
handling customer data.
Under the Data Protection Act 2018 and the General Data Protection Regulation
(GDPR) (EU) 2016/679, you have rights as an individual which you can exercise in
relation to the information we hold about you.
The GDPR provides the following rights for individuals:
● The right to be informed
● The right of access
● The right to rectification
● The right to erasure
● The right to restrict processing
● The right to data portability
● The right to object
● Rights in relation to automated decision making and profiling.
You can read more about these rights here:
COMPLAINTS OR QUERIES
Studio 43 tries to meet the highest standards when collecting and using personal
information. For this reason, we take any complaints we receive about this very
seriously. We encourage people to bring it to our attention if they think that our
collection or use of information is unfair, misleading or inappropriate. We would also
welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide
exhaustive detail of all aspects of Studio 43’s collection and use of personal
information. However, we are happy to provide any additional information or
explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal
information, you can contact the Information Commissioner’s Office in their capacity
as the statutory body that oversees data protection law –
ACCESS TO PERSONAL INFORMATION
Studio 43 tries to be as open as it can be in terms of giving people access to their
personal information. Individuals can find out if we hold any personal information by
making a ‘subject access request’ under the Act or the Regulation.
YOUR RIGHT OF ACCESS
You have the right to find out if an organisation is using or storing your personal
data. This is called the right of access. You exercise this right by asking for a copy of
the data, which is commonly known as making a ‘subject access request’.
HOW TO ACCESS YOUR DATA
You can make a subject access request to find out what data is held and how it is
used. You may make a subject access request before exercising your other
You can make a subject access request verbally or in writing. If you make your
request verbally, we recommend you follow it up in writing to provide a clear trail of
correspondence. It will also provide clear evidence of your actions.
To exercise your right of access, follow these steps:
● Identify where to send your request.
● Think about what personal data you want to access.
● Make your request directly to the organisation.
● State clearly what you want.
● You might not want all the personal data that the organisation holds about you. It
may respond more quickly if you explain this and identify the specific data you
● When making a subject access request, include the following information:
● Your name and contact details.
● Any information used by the organisation to identify or distinguish you from
other people with the same name (account numbers etc).
● Any details or relevant dates that will help it identify what you want.
● For example, you may want to ask for:
● your personnel file
● emails between ‘person A’ and ‘person B’ (say from 1 June 2018 to 1
● CCTV camera data situated at ‘location E’ on, say, 23 May 2017 from
11am to 5pm records detailing the transfer of your data to a third party.
● Keep a copy of your request.
● Keep any proof of postage or delivery.
● When to re-submit a request
You can ask an organisation for access more than once. However, it may be able to
refuse access if your request is, as the law says, ‘manifestly unfounded or
If you are thinking of re-submitting a request, you should think about whether:
● it is likely that your data has changed since your last request
● enough time has passed for it to be reasonable to request an update on
● how your data is being used, or
● the organisation has changed its activities or processes recently.
WHAT TO DO IF YOU DISAGREE WITH THE OUTCOME OR REMAIN
If you are unhappy with how the organisation has handled your request, you should
first make a complaint to it.
Having done so, if you remain dissatisfied you can make a complaint to the ICO.
You can also seek to enforce your rights through the courts. If you decide to do this,
we strongly advise that you seek independent legal advice first.
WHAT ORGANISATIONS SHOULD DO
If an organisation reasonably needs more information to help it find your data or
identify you, it has to ask you for the information it needs. It can then wait until it has
all the necessary information before dealing with your request.
When it responds to your request, the organisation should provide you with a copy of
your data. It may do this electronically. If you need your data in another format, you
must ask if this is possible.
You are also entitled to be told the following things:
● What it is using your data for.
● Who it is sharing your data with.
● How long it will store your data, and how it made this decision.
● Information on your rights to challenge the accuracy of your data, to have it
deleted, or to object to its use.
● Your right to complain to the ICO.
● Information on where your data came from.
● Whether your data is used for profiling or automated decision making and how it
is doing this.
If it has transferred your data to a third country or an international organisation and, if
so, what security measures it took.
WHEN CAN THE ORGANISATION SAY NO?
An organisation may refuse your subject access request if your data includes
information about another individual, except where:
● the other individual has agreed to the disclosure, or
● it is reasonable to provide you with this information without the other individual’s
In deciding this, the organisation will have to balance your right to access your data
against the other individual’s rights regarding their own information.
The organisation can also refuse your request if it is ‘manifestly unfounded or
In any case the organisation will need to tell you and justify its decision. It should
also let you know about your right to complain to the ICO, or through the courts.
HOW LONG SHOULD THE ORGANISATION TAKE?
An organisation has one month to respond to your request. In certain circumstances
it may need extra time to consider your request and can take up to an extra two
months. If it is going to do this, it should let you know within one month that it needs
more time and why. For more on this, see our guidance on Time Limits.
CAN THE ORGANISATION CHARGE A FEE FOR THIS?
A copy of your personal data should be provided free. An organisation may charge
for additional copies. It can only charge a fee if it thinks the request is ‘manifestly
unfounded or excessive’. If so, it may ask for a reasonable fee for administrative
costs associated with the request.
DISCLOSURE OF PERSONAL INFORMATION
In many circumstances we will not disclose personal data without consent. However,
when we investigate a complaint, for example, we will need to share personal
information with the organisation concerned and with other relevant bodies.
Further information is available in our Information Charter about the factors we shall
consider when deciding whether information should be disclosed.
You can also get further information on:
● agreements we have with other organisations for sharing information;
● circumstances where we can pass on personal data without consent for
example, to prevent and detect crime and to produce anonymized statistics;
● our instructions to staff on how to collect, use and delete personal data; and
● how we check that the information we hold is accurate and up to date.
● Links to other websites
CHILDREN’S ONLINE PRIVACY PROTECTION
Studio 43 does not knowingly collect personal information from persons who are
under 16 years of age. By agreeing to use our products or services, you represent
that you are 16 years or older.
LINKS FROM OUR WEBSITES
Some pages of our websites contain external links. You are advised to verify the
privacy practices of such other websites. We are not responsible for the manner of
use or misuse of information made available by you at such other websites. We
encourage you not to provide personal information, without assuring yourselves of
the privacy practices of other websites.
CHANGES TO THIS PRIVACY NOTICE
We keep our privacy notice under regular review.