WHO ARE WE?
Studio 43 c/o Octangle Ltd is a private limited company that operates within the private industry sector within the UK to provide, install and maintain 3D prints and sculptures.
Studio 43 has a commitment to comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 in the acquisition, processing and disposal of your personal data. This policy notice describes what that data is likely to be and outlines our commitment to process it, store it, access it and dispose of it in such a way that your personal data is protected at every stage of the operation. In certain circumstances, it will outline how we share this information and with whom.
WHO ARE YOU?
You are either a customer, a supplier or a member of staff of Studio 43. In this case you will have provided or will provide certain personal data to us. Alternatively, if you are merely a visitor to our website or our premises, this policy notice informs you what data is captured and how.
HOW DO WE GET YOUR INFORMATION?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
● You are a customer or client of ours;
● You are a supplier or subcontractor to us;
● You have made a complaint or enquiry to us;
● You have made a complaint about us to a regulatory body;
● You have made an information request to us;
● You wish to attend, or have attended, an event;
● You subscribe to our e-newsletter and updates;
● You have applied for a job or secondment with us; or
● You are representing your organisation, which falls into one of the categories above.
We also receive personal information indirectly, in the following scenarios:
● We have contacted an organisation about a complaint you have made and it gives us your personal information in its response.
● A complainant refers to you in their complaint correspondence.
● Whistleblowers include information about you in their reporting to us.
● From other regulators or law enforcement bodies.
● An employee of ours gives your contact details as an emergency contact or a referee.
If it is not disproportionate or prejudicial, we will contact you to let you know we are processing your personal information.
FOR WHAT DO WE USE YOUR INFORMATION?
This privacy notice tells you what to expect when Studio 43 collects personal information. It applies to information we collect about:
● visitors to our websites;
● survey on our blog;
● complainants and other individuals in relation to a data protection or
● freedom of information complaint or enquiry;
● people who use our services, e.g. who subscribe to our newsletter or request
● a publication or enquire about our services;
● visitors to our premises;
● people who notify under the Data Protection Act; and
● job applicants and our current and former employees.
This privacy policy addresses information provided to Studio 43. In the event that Studio 43 engages with a third-party service provider, to whom we may pass your personal information or to whom you may be expected to provide your personal information, your information will be handled by that third-party service provider as if it were being handled by Studio 43. This may include but not be limited to external training organisations, external auditing organisations, external certification organisations, external personnel benefits advisers and statutory authorities i.e. HSE. Exceptions to this arrangement are specifically stated within this privacy policy.
VISITORS TO OUR WEBSITES
When you browse this website, you do so anonymously, unless you have previously indicated that you wish Studio 43 to remember your personal information or login and password. We use a third-party service, Google Analytics, to collect standard Internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
PEOPLE WHO TELEPHONE US
For customers who call Studio 43’s service centre to use the customer support service or service desk, we will collect and handle that information for as long as is necessary to ensure the support has been given effectively. If the caller is a registered customer, the data will be handled in accordance with our policy on handling customer data.
YOUR RIGHTS
Under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (EU) 2016/679, you have rights as an individual which you can exercise in relation to the information we hold about you.
The GDPR provides the following rights for individuals:
● The right to be informed
● The right of access
● The right to rectification
● The right to erasure
● The right to restrict processing
● The right to data portability
● The right to object
● Rights in relation to automated decision making and profiling.
You can read more about these rights here:
COMPLAINTS OR QUERIES
Studio 43 tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Studio 43’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below. If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body that oversees data protection law – www.ico.org.uk/concerns.
ACCESS TO PERSONAL INFORMATION
Studio 43 tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Act or the Regulation.
YOUR RIGHT OF ACCESS
You have the right to find out if an organisation is using or storing your personal data. This is called the right of access. You exercise this right by asking for a copy of the data, which is commonly known as making a ‘subject access request’.
HOW TO ACCESS YOUR DATA
You can make a subject access request to find out what data is held and how it is used. You may make a subject access request before exercising your other information rights. You can make a subject access request verbally or in writing. If you make your request verbally, we recommend you follow it up in writing to provide a clear trail of correspondence. It will also provide clear evidence of your actions. To exercise your right of access, follow these steps:
STEP 1
● Identify where to send your request.
● Think about what personal data you want to access.
STEP 2
● Make your request directly to the organisation.
● State clearly what you want.
● You might not want all the personal data that the organisation holds about you. It may respond more quickly if you explain this and identify the specific data you want.
● When making a subject access request, include the following information:
● Your name and contact details.
● Any information used by the organisation to identify or distinguish you from other people with the same name (account numbers etc).
● Any details or relevant dates that will help it identify what you want.
● For example, you may want to ask for:
● your personnel file
● emails between ‘person A’ and ‘person B’ (say from 1 June 2018 to 1 Sept 2018)
● CCTV camera data situated at ‘location E’ on, say, 23 May 2017 from 11am to 5pm records detailing the transfer of your data to a third party.
STEP 3
● Keep a copy of your request.
● Keep any proof of postage or delivery.
● When to re-submit a request
You can ask an organisation for access more than once. However, it may be able to refuse access if your request is, as the law says, ‘manifestly unfounded or excessive’.
If you are thinking of re-submitting a request, you should think about whether:
● it is likely that your data has changed since your last request
● enough time has passed for it to be reasonable to request an update on
● how your data is being used, or
● the organisation has changed its activities or processes recently.
WHAT TO DO IF YOU DISAGREE WITH THE OUTCOME OR REMAIN
DISSATISFIED
If you are unhappy with how the organisation has handled your request, you should first make a complaint to it. Having done so, if you remain dissatisfied you can make a complaint to the ICO. You can also seek to enforce your rights through the courts. If you decide to do this, we strongly advise that you seek independent legal advice first.
WHAT ORGANISATIONS SHOULD DO
If an organisation reasonably needs more information to help it find your data or identify you, it has to ask you for the information it needs. It can then wait until it has all the necessary information before dealing with your request. When it responds to your request, the organisation should provide you with a copy of your data. It may do this electronically. If you need your data in another format, you must ask if this is possible.
You are also entitled to be told the following things:
● What it is using your data for.
● Who it is sharing your data with.
● How long it will store your data, and how it made this decision.
● Information on your rights to challenge the accuracy of your data, to have it deleted, or to object to its use.
● Your right to complain to the ICO.
● Information on where your data came from.
● Whether your data is used for profiling or automated decision making and how so.
If it has transferred your data to a third country or an international organisation and, if so, what security measures it took.
WHEN CAN THE ORGANISATION SAY NO?
An organisation may refuse your subject access request if your data includes information about another individual, except where:
● the other individual has agreed to the disclosure, or
● it is reasonable to provide you with this information without the other individual’s consent.
In deciding this, the organisation will have to balance your right to access your data against the other individual’s rights regarding their own information. The organisation can also refuse your request if it is ‘manifestly unfounded or excessive’. In any case the organisation will need to tell you and justify its decision. It should also let you know about your right to complain to the ICO, or through the courts.
HOW LONG SHOULD THE ORGANISATION TAKE?
An organisation has one month to respond to your request. In certain circumstances it may need extra time to consider your request and can take up to an extra two months. If it is going to do this, it should let you know within one month that it needs more time and why. For more on this, see our guidance on Time Limits.
CAN THE ORGANISATION CHARGE A FEE FOR THIS?
A copy of your personal data should be provided free. An organisation may charge for additional copies. It can only charge a fee if it thinks the request is ‘manifestly unfounded or excessive’. If so, it may ask for a reasonable fee for administrative costs associated with the request.
DISCLOSURE OF PERSONAL INFORMATION
In many circumstances we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies. Further information is available in our Information Charter about the factors we shall consider when deciding whether information should be disclosed.
You can also get further information on:
● agreements we have with other organisations for sharing information;
● circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymized statistics;
● our instructions to staff on how to collect, use and delete personal data; and
● how we check that the information we hold is accurate and up to date.
● Links to other websites
CHILDREN’S ONLINE PRIVACY PROTECTION
Studio 43 does not knowingly collect personal information from persons who are under 16 years of age. By agreeing to use our products or services, you represent that you are 16 years or older.
LINKS FROM OUR WEBSITES
Some pages of our websites contain external links. You are advised to verify the privacy practices of such other websites. We are not responsible for the manner of use or misuse of information made available by you at such other websites. We encourage you not to provide personal information, without assuring yourselves of the privacy practices of other websites.
CHANGES TO THIS PRIVACY NOTICE
We keep our privacy notice under regular review.
