Privacy Policy

Last updated: January 2025

At Mapletree Studio, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data in compliance with UK GDPR and Data Protection Act 2018.

1. Contact Information

Data Controller: Mapletree Studio

Contact Person: Jacob Haynes

Address: The Old Post Office, Victoria Street, Derby, Derbyshire DE1 1EQ

Email: [email protected]

Phone: 07862 123417

2. Information We Collect

2.1 Information You Provide

  • Contact Forms: Name, email address, phone number, location, project details, budget range, timeline preferences
  • Email Communications: Any information you include in emails to us
  • Phone Calls: Information discussed during consultation calls (with your consent)

2.2 Information Collected Automatically

  • Website Analytics: Pages visited, time on site, referral sources, device information (via Google Analytics)
  • Technical Data: IP address, browser type, operating system
  • Cookies: Essential cookies for website functionality and analytics cookies (see Cookie Policy below)

3. How We Use Your Information

3.1 Legal Basis for Processing

  • Legitimate Interest: Responding to enquiries, providing quotes, improving our services
  • Contract Performance: Delivering web design services you've contracted
  • Consent: Marketing communications (only if you opt-in)

3.2 Specific Uses

  • Responding to your enquiries and providing quotes
  • Delivering web design and development services
  • Processing payments and managing invoices
  • Sending project updates and communications
  • Improving our website and services
  • Sending marketing emails (only with explicit consent)

4. Information Sharing

We do not sell, trade, or rent your personal information. We may share information with:

  • Service Providers: Hosting providers (Netlify), email services (Formspree), analytics (Google Analytics)
  • Payment Processors: For invoicing and payment processing
  • Legal Requirements: If required by law or to protect our rights

All third-party services are carefully selected for GDPR compliance and appropriate data protection measures.

5. Data Security

We implement appropriate security measures to protect your information:

  • SSL encryption for all data transmission
  • Secure hosting with reputable providers
  • Regular security updates and monitoring
  • Limited access to personal data on a need-to-know basis
  • Regular data backups with encryption

6. Data Retention

  • Enquiry Data: 2 years after initial contact (for potential future projects)
  • Client Data: 7 years after project completion (for tax and legal requirements)
  • Marketing Data: Until you unsubscribe or withdraw consent
  • Analytics Data: 26 months (Google Analytics default)

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (with certain exceptions)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise any of these rights, contact us at [email protected]

8. Cookies Policy

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website.

8.2 Cookies We Use

  • Essential Cookies: Required for website functionality (no consent required)
  • Analytics Cookies: Google Analytics to understand website usage (anonymised data)
  • Performance Cookies: Help us improve website speed and user experience

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

9. International Data Transfers

Some of our service providers may process data outside the UK/EU:

  • Google Analytics: Data may be processed in the US (Google participates in EU-US adequacy frameworks)
  • Hosting Services: Data is primarily stored in EU/UK data centres

All international transfers are protected by appropriate safeguards including adequacy decisions and standard contractual clauses.

10. Children's Privacy

Our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal information from children under 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a prominent notice on our website. The "Last updated" date at the top indicates when the policy was last revised.

12. Complaints

If you have concerns about how we handle your personal data, please contact us first. If you're not satisfied with our response, you can lodge a complaint with:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Phone: 07862 123417

Post: Mapletree Studio, The Old Post Office, Victoria Street, Derby, Derbyshire DE1 1EQ

Back to Homepage