Introduction

San Stae is committed to protecting your privacy and ensuring that your personal data is handled securely and in compliance with the UK General Data Protection Regulation (UK GDPR). This Privacy Policy explains how we collect, use, and protect your personal data when you interact with us, including through our website, client services, and newsletter.

Data We Collect

We collect and process the following types of personal data: Clients & Enquiries, including name, email, phone number, project details, and correspondence; Suppliers & Business Contacts, including name, business details, contact information, and records of communication; Website Visitors, including IP addresses, browsing data, and cookies; and Newsletter Subscribers, including name and email address.

How We Use Your Data

We process personal data for the following purposes: to provide interior design services and manage client relationships, to communicate with suppliers and business contacts, to improve our website through analytics tracking, to send newsletters and updates (with your consent), and to comply with legal and regulatory obligations.

Legal Basis for Processing

We process your personal data based on the following lawful grounds: Contractual Necessity, when processing data to fulfil a contract (e.g., client projects, supplier agreements); Legitimate Interests, for business operations, client communication, and website analytics, where privacy rights are not overridden; and Consent, for sending newsletters and using non-essential cookies (you may withdraw consent at any time).

Data Sharing & Security

We do not sell or share your personal data with third parties unless required by law or necessary to provide our services. We use secure systems to store and manage personal data, with access limited to authorised personnel. Third-party service providers (e.g., EmailOctopus for newsletters) are carefully selected to comply with GDPR standards.

Cookies & Website Tracking

We use cookies for analytics tracking. Essential cookies are necessary for website functionality, while non-essential cookies require user consent. You can manage your cookie preferences via your browser settings.

Your Rights

Under the UK GDPR, you have the following rights:
Access, to request a copy of your personal data;
Correction, to request corrections to inaccurate data;
Erasure, to request deletion of your personal data where applicable;
Objection, to object to processing based on legitimate interests or direct marketing;
Data Portability, to request a transfer of your data to another service provider;
Withdraw Consent, to unsubscribe from our newsletter or opt-out of cookies.

To exercise these rights, please contact us at studio@sanstae.com.

Data Retention

We retain personal data only for as long as necessary to fulfil our business and legal obligations. Client and supplier data is reviewed periodically and deleted when no longer required.

Data Breaches

If a data breach occurs, we will assess the impact and, if necessary, report it to the Information Commissioner’s Office (ICO) within 72 hours. Affected individuals will be informed where required.

How to Protect Your Information

The following security procedures are in place to protect all data: All employees/freelancers sign a confidentiality clause within their contract. Access to customer account information is only accessible to those who need it to carry out the duties within their role. Our system uses log-in username and password controls. We use best practice security measures regarding any debit and credit card information.

Contact Us

If you have any questions about this Privacy Policy or your data rights, please contact us.

Updates to This Policy

We may update this Privacy Policy periodically. The latest version will always be available on our website.