Privacy Policy
This policy will help you understand what information our website; rootstudio.co.uk collects and how Root Studio uses it, and what choices you have. It explains how we comply with the GDPR (General Data Protection Regulation), the DPA (Data Protection Act) and the PECR (Privacy and Electronic Communications Regulations)
When we talk about “Root Studio,” “we,” “our,” or “us” in this policy, we are referring to Root Studio, The Terrace, Grantham Street, Lincoln, LN2 1BD (Root Studio is the trading name of Lydia Bradley, Tom Bradley and Lea Chapman).
This policy will explain areas of this website that may affect your privacy and personal details, how we process, collect, manage and store those details and how your rights under the GDPR, DPA & PECR are adhered to. Additionally it will explain the use of cookies or software, advertising or commercial sponsorship from third parties and the download of any documents, files or software made available to you (if any) on this website. Further explanations may be provided for specific pages or features of this website in order to help you understand how we, this website and its third parties (if any) interact with you and your computer / device in order to serve it to you. Our contact information is provided below if you have any questions.
Contact details
Post
Root Studio, The Terrace, Grantham Street, LINCOLN, Lincolnshire, LN2 1BD, GB
Telephone
01522 528246
Information we collect, use, and why
We collect or use the following information to provide services and goods, including delivery:
Names and contact details
Addresses
Website user information (including user journeys and cookie tracking)
Photographs or video recordings
We collect or use the following information for the operation of customer accounts and guarantees:
Names and contact details
Addresses
We collect or use the following information for service updates or marketing purposes:
Names and contact details
We collect or use the following information to comply with legal requirements:
Name
Contact information
We collect or use the following information for recruitment purposes:
Contact details (eg name, address, telephone number or personal email address)
Employment history (eg job application, employment references or secondary employment)
Education history (eg qualifications)
Lawful bases
Our lawful bases for collecting or using personal information to provide services and goods are:
Consent
Contract
Legitimate interest: we have a legitimate interest in collecting (minimal) personal information to provide services and goods to our clients. Without any personal information (such as name and contact details) we would not be able to contact our customers effectively and in a timely manner.
Our lawful bases for collecting or using personal information for service updates or marketing purposes are:
Consent
Legitimate interest: we have a legitimate interest in collecting (minimal) personal information to provide services updates to our clients. If we did not use this data then customers could miss important service update notifications.
Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees, legal requirements and recruitment purposes are:
Consent
Contract
Legal obligation
Information sources
People directly
Publicly available sources
How long we keep information
Where necessary content (which may contain personally identifiable and sensitive information) is retained indefinitely for the establishment, exercise or potential defence of legal claims should they arise.
Personally identifiable data stored within our accounts software is removed when a contact has not contacted us for a period of 6 months (in cases where the customer has only ever received an estimate or quote). When a customer and/or supplier has become active (i.e we have sent or been sent an invoice or bill) we retain personally identifiable information indefinitely for account auditing and the establishment, exercise or potential defence of legal claims should they arise. All personal details are collected, processed, managed and stored in accordance with the regulations named at the start of this policy.
Who we share information with
FreeAgent
We use online accounting software (FreeAgent Central Limited) to store personally identifiable customer and/or supplier details for the purposes of invoicing, estimating, bank reconciliation and contacting our customers.
Customer and/or supplier data stored in FreeAgent Central Limited is used for accounting purposes and all personal details are collected, processed, managed and stored in accordance with the regulations named at the start of this policy. FreeAgent Central Limited take data security very seriously and you can find out more about this here.
Please see here for more information about FreeAgent Central Limited's privacy policy and you can find out more about their GDPR relevant policies here.
Fathom Analytics
We want to process as little personal information as possible when you use our website. That's why we've chosen Fathom Analytics for our website analytics, which doesn't use cookies and complies with the GDPR, ePrivacy (including PECR), COPPA and CCPA. Using this privacy-friendly website analytics software, your IP address is only briefly processed, and we (running this website) have no way of identifying you. As per the CCPA, your personal information is de-identified. You can read more about this on Fathom Analytics' website.
The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is "Article 6(1)(f); where our legitimate interests are to improve our website and business continually." As per the explanation, no personal data is stored over time.
Cloudflare
Certain pages on our website contain contact forms to enable you to communicate with us quickly and efficiently. These forms are protected by Cloudflare Turnstile, which stops abuse and confirms visitors are real without the data privacy concerns or the awful user experience that CAPTCHAs can thrust on users. By collaborating with third parties (like device manufacturers), who already have the data that would help us validate a device, Cloudflare are able to abstract portions of the validation process, and confirm data without actually collecting, touching, or storing user data.
Users contacting us through this website do so at their own discretion and provide any personal details at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
Google Workspace & Apple iCloud
We do not store email addresses for use in our marketing and we do not operate an email mailing list program to email our customers. We do store personally identifiable information about you when you email us.
We use Google Workspace for company email communications. Personally identifiable information may be stored within Google Workspace for use in auto-completing users email addresses when composing an email. We only ever store customers personal details within Google Workspace's contacts application after customers have contacted us directly. You can find out more about Googles privacy policy here.
We may also store personally identifiable information within Apple’s iCloud contacts application. We use iCloud to synchronise customer data between our business computers and our mobile devices. You can find out more about Apple’s iCloud privacy policy here.
Email content (which may contain personally identifiable and sensitive information) is retained indefinitely for the establishment, exercise or potential defence of legal claims should they arise.
Floppynet
If you have asked or ask us to purchase a domain name on your behalf we will use your personal details to register the domain name. We will make you aware of this at the time and the use of personal details to register a domain name is a requirement.
When we register the domain name we pass on your personal details to Floppynet and you can find out more about their privacy policy here.
1Password
When you email or communicate sensitive information to us that we might need in the future (such as domain name control panel username and password details or other sensitive ‘password’ style data) we store this in our fully encrypted 1Password vault.
Root Studio employees must have a secure login account to access this information.
You can find out more about 1Password (AgileBits, Inc) privacy policies here.
Dropbox
When you email or communicate digital information to us that we might need in the future (such documents, images or other data required to carry out work on your behalf) we store this using Dropbox for Business. We use this service to ensure employee’s have access to our filesystem regardless of which machine they login from across mobile and desktop applications.
Root Studio employees must have a secure login account to access this information which is secured using two factor authentication.
You can find out more about Dropbox’s privacy policies here.
Others we share personal information with
Organisations we’re legally obliged to share personal information with.
Downloads & Media Files
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available, users are advised to verify their authenticity using third party anti-virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti-virus software or similar applications.
External Website Links & Third Parties
Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable links to other websites, similar to this.)
Shortened URL's; URL shortening is a technique used on the web to shorten URL's to something substantially shorter. This technique is especially used in social media and looks similar to this (example: https://bit.ly/2x6tzJW). Users should take caution before clicking on shortened URL links and verify their authenticity before proceeding.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should therefore note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Policy & Usage
We adopt a Social Media Policy to ensure our business and our staff conduct themselves accordingly online. While we may have official profiles on social media platforms users are advised to verify authenticity of such profiles before engaging with, or sharing information with such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
Our website doesn’t feature social sharing buttons but you can find further information about some social media privacy and usage policies in the resources section below.
Sharing information outside the UK
Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place. Please contact us for more information.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal data.
Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.
You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Resources & Further Information
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Last updated 24th July 2024