LEGAL
Privacy Policy
May 19, 2025
May 19, 2025
1. Who we are
Sans Design Studio Limited (company no. 16405118)
Registered office: Elthorne Gate, 64 High Street, Pinner, HA5 5QA, England
Email for all privacy queries: hello@sansdesign.studio
We have no separate Data Protection Officer.
2. Personal data we collect
Context | Data items |
|---|---|
Website contact form | first name, last name, email, phone (optional), business name, service requested, free-text project details, newsletter opt-in |
Newsletter sign-up (Loops) | |
Client relationship | client name, business name, business address, product name, business email, billing address, invoices, payment IDs (Stripe) |
Video meetings | video, audio and chat recordings when meetings are recorded |
Research studies | recordings, survey answers, demographic details (only with explicit consent) |
Prospects (sourced from LinkedIn, Ubersuggest, Clay) | name, role, business email, business name |
We do not collect special-category data, children’s data or XR sensor datasets.
3. How we collect data
Direct input: website forms, Google Forms, email, Google Meet recordings (with notice).
Third-party sources: public business directories (LinkedIn, Ubersuggest, Clay).
Automated logs: standard server logs from Framer-hosted site (IP address, browser, time).
We do not use analytics or marketing cookies.
4. Why we process data and the lawful basis
Purpose | Lawful basis (UK GDPR) |
|---|---|
Assess and reply to contact-form enquiries | Contract (Article 6 (1)(b)) |
Deliver design services, manage projects, provide support | Contract |
Invoice, take payments, meet tax obligations | Legal obligation (Article 6 (1)(c)) |
Keep client and prospect records, improve workflows, protect business | Legitimate interest (Article 6 (1)(f)) |
Send newsletters and marketing updates | Consent (Article 6 (1)(a)); unsubscribe any time |
Run user-research sessions | Consent |
You are not obliged to provide personal data, but we cannot enter contracts without basic contact and billing details.
5. Who we share data with (processors)
We use these service providers under written data-processing agreements:
Framer – website CMS/hosting
GoDaddy – domain management
Google Workspace – email, documents, cloud storage
Figma – design collaboration
Stripe – payments and invoicing
DocuSign – contract e-signing
Notion – project management
Fusion 360, KeyShot – design files (no personal data beyond filenames)
We never sell personal data.
6. International transfers
Some providers host data outside the UK/EEA. When they do, we rely on:
UK adequacy regulations or
the International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs).
We keep copies of the relevant safeguards.
7. Retention periods
Record | Retention |
|---|---|
Prospects’ contact details | 10 years from last contact |
Client project archives | 10 years after project completion |
Financial records (invoices, payments) | 6 years (HMRC requirement) |
Newsletter mailing list | until you unsubscribe |
Research recordings | 2 years or until study end, whichever is earlier |
We then delete or anonymise the data.
8. Your rights
You can:
Access the personal data we hold.
Correct inaccurate data.
Erase data (“right to be forgotten”).
Restrict or object to processing.
Port data to another provider.
Withdraw consent at any time (for newsletters, research).
Complain to the UK Information Commissioner’s Office (ICO).
9. How to exercise your rights
Email hello@sansdesign.studio with your request.
We will respond within one calendar month.
To complain, contact the ICO (ico.org.uk).
10. Security measures
We apply:
access control and MFA on all SaaS accounts,
encryption in transit (TLS) and at rest (provider defaults),
least-privilege file permissions,
yearly security reviews.
11. Cookies
This site sets no analytics, advertising or third-party cookies.
If we add cookies later, we will show a consent banner and update this notice.
12. Automated decision-making
We make no decisions based solely on automated processing that have legal or similarly significant effects.
13. Changes to this notice
We review this privacy notice at least once a year and when we change how we handle personal data.
We will post the new version with a new effective date and, where material, notify clients by email.
1. Who we are
Sans Design Studio Limited (company no. 16405118)
Registered office: Elthorne Gate, 64 High Street, Pinner, HA5 5QA, England
Email for all privacy queries: hello@sansdesign.studio
We have no separate Data Protection Officer.
2. Personal data we collect
Context | Data items |
|---|---|
Website contact form | first name, last name, email, phone (optional), business name, service requested, free-text project details, newsletter opt-in |
Newsletter sign-up (Loops) | |
Client relationship | client name, business name, business address, product name, business email, billing address, invoices, payment IDs (Stripe) |
Video meetings | video, audio and chat recordings when meetings are recorded |
Research studies | recordings, survey answers, demographic details (only with explicit consent) |
Prospects (sourced from LinkedIn, Ubersuggest, Clay) | name, role, business email, business name |
We do not collect special-category data, children’s data or XR sensor datasets.
3. How we collect data
Direct input: website forms, Google Forms, email, Google Meet recordings (with notice).
Third-party sources: public business directories (LinkedIn, Ubersuggest, Clay).
Automated logs: standard server logs from Framer-hosted site (IP address, browser, time).
We do not use analytics or marketing cookies.
4. Why we process data and the lawful basis
Purpose | Lawful basis (UK GDPR) |
|---|---|
Assess and reply to contact-form enquiries | Contract (Article 6 (1)(b)) |
Deliver design services, manage projects, provide support | Contract |
Invoice, take payments, meet tax obligations | Legal obligation (Article 6 (1)(c)) |
Keep client and prospect records, improve workflows, protect business | Legitimate interest (Article 6 (1)(f)) |
Send newsletters and marketing updates | Consent (Article 6 (1)(a)); unsubscribe any time |
Run user-research sessions | Consent |
You are not obliged to provide personal data, but we cannot enter contracts without basic contact and billing details.
5. Who we share data with (processors)
We use these service providers under written data-processing agreements:
Framer – website CMS/hosting
GoDaddy – domain management
Google Workspace – email, documents, cloud storage
Figma – design collaboration
Stripe – payments and invoicing
DocuSign – contract e-signing
Notion – project management
Fusion 360, KeyShot – design files (no personal data beyond filenames)
We never sell personal data.
6. International transfers
Some providers host data outside the UK/EEA. When they do, we rely on:
UK adequacy regulations or
the International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs).
We keep copies of the relevant safeguards.
7. Retention periods
Record | Retention |
|---|---|
Prospects’ contact details | 10 years from last contact |
Client project archives | 10 years after project completion |
Financial records (invoices, payments) | 6 years (HMRC requirement) |
Newsletter mailing list | until you unsubscribe |
Research recordings | 2 years or until study end, whichever is earlier |
We then delete or anonymise the data.
8. Your rights
You can:
Access the personal data we hold.
Correct inaccurate data.
Erase data (“right to be forgotten”).
Restrict or object to processing.
Port data to another provider.
Withdraw consent at any time (for newsletters, research).
Complain to the UK Information Commissioner’s Office (ICO).
9. How to exercise your rights
Email hello@sansdesign.studio with your request.
We will respond within one calendar month.
To complain, contact the ICO (ico.org.uk).
10. Security measures
We apply:
access control and MFA on all SaaS accounts,
encryption in transit (TLS) and at rest (provider defaults),
least-privilege file permissions,
yearly security reviews.
11. Cookies
This site sets no analytics, advertising or third-party cookies.
If we add cookies later, we will show a consent banner and update this notice.
12. Automated decision-making
We make no decisions based solely on automated processing that have legal or similarly significant effects.
13. Changes to this notice
We review this privacy notice at least once a year and when we change how we handle personal data.
We will post the new version with a new effective date and, where material, notify clients by email.