Last updated: 01/10/2025

Privacy Policy

Penn Studio Limited is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and protect personal information when:

  • You visit pennstudio.co.uk or contact us through our website.
  • We provide design, development, hosting, or maintenance services for client websites and systems.
  • We act as a Data Controller for our own business operations.
  • We act as a Data Processor on behalf of our clients.

If you have any questions, please contact:

andrew@pennstudio.co.uk

Company Name: Penn Studio Limited
Company Number: 11450406
Registered Address: Unit 10, Silver End Business Park, Brettell Lane, Brierley Hill, DY5 3LG, United Kingdom.

1. The Data We Collect

1.1 Data We Collect Via Our Website (as Data Controller)

When you visit our website or contact us, we may collect:

Information you submit via forms

  • Name
  • Email address
  • Phone number
  • Any message or project information you provide

Technical & analytics data

Collected through Google Analytics (GA4) and Google Search Console:

  • IP address (anonymised by Google)
  • Device information
  • Browser type
  • Pages visited
  • Interaction data

Cookies & tracking

  • Essential cookies for website functionality
  • Analytics cookies (Google Analytics)
    No marketing/advertising cookies are currently used, but this may change. The policy will be updated if so.

We do not operate a newsletter or email marketing signup.

1.2 Data We Collect From Clients (as Data Controller)

For communication, contracting, invoicing, and project management, we may collect:

  • Names
  • Email addresses
  • Phone numbers
  • Billing details
  • Project files and documentation
  • Login credentials shared for project work (secured and encrypted)

This data is stored securely within systems that use Two-Factor Authentication (2FA), including Google Workspace and QuickBooks.

1.3 Data We Process on Behalf of Clients (as Data Processor)

For websites and systems we build, host, or maintain, we may process:

  • Website user submissions (e.g., contact forms)
  • Customer details
  • Booking/enquiry data
  • E-commerce order information
  • Other personal data submitted via client websites

This data is always processed under instruction from the client and in accordance with our contractual obligations.

2. How We Use Personal Data

2.1 When We Act as Data Controller

We use personal data to:

  • Respond to enquiries
  • Provide quotes and proposals
  • Deliver contracted services
  • Manage invoices, payments, and accounts
  • Maintain security and monitor website performance
  • Improve our website and services

2.2 When We Act as Data Processor

We process data only as required to operate, host, support, or maintain client websites. This includes:

  • Storing website databases and files
  • Providing technical support
  • Performing updates and security maintenance
  • Diagnosing and resolving issues
  • Managing backups

We do not use end-user data for our own purposes.

3. Legal Bases for Processing (UK GDPR)

We rely on one or more of the following lawful bases:

  • Contractual necessity – to provide services you request
  • Legitimate interests – website analytics, security, business operations
  • Legal obligations – accounting and record-keeping
  • Consent – where explicitly required (e.g., certain cookies)

When processing on behalf of clients, the client determines the lawful basis, not Penn Studio.

4. Data Storage & Security

We take data protection seriously and employ the following measures:

  • All internal systems protected with Two-Factor Authentication
  • Secure UK data centres for hosting client websites
  • Servers regularly patched and updated
  • Firewalls and intrusion prevention systems
  • Infrastructure monitored by a professional server technician
  • Servers penetration tested
  • Encrypted backups
  • Restricted access only to authorised personnel

Client and visitor data is stored using:

  • Google Workspace – for email and file storage
  • QuickBooks – for accounting
  • Trello – for project management
  • Other secure, industry-standard tools

5. How Long We Keep Data

  • Contact form enquiries — retained only as long as required to respond
  • Client project data — retained for the duration of the project and often indefinitely where needed to maintain, update, or reference our work
  • Analytics data — retained according to Google Analytics (GA4) default retention settings
  • Website hosting data — retained as long as we provide hosting/maintenance services to the client

Clients may request deletion of website data at any time, subject to legal or contractual requirements.

6. Sharing Personal Data

We may share data with trusted third-party processors such as:

  • Google (Workspace & Analytics)
  • QuickBooks
  • Trello
  • UK-based hosting providers
  • Our server technician(s) and security partners

We do not sell, rent, or trade personal data.

International transfers are protected through:

  • UK Adequacy Regulations
  • Standard Contractual Clauses (SCCs)
  • Additional security measures

7. Your Rights

Under UK GDPR, you have rights including:

  • The right to access your data
  • The right to correct inaccurate data
  • The right to request deletion
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • Rights related to automated decision-making

To exercise your rights, contact:
📧 andrew@pennstudio.co.uk

When we act as a Data Processor, requests must be made to the Data Controller (our client).

8. Websites We Build & Host (Data Processing)

For websites we create, host, or maintain:

  • The client is the Data Controller
  • Penn Studio is the Data Processor
  • We process personal data only according to client instructions
  • We implement appropriate security measures
  • We offer SLAs, backups, and maintenance services
  • Clients are responsible for their own cookie consent, privacy notices, and lawful bases

A separate Data Processing Agreement (DPA) is available for clients upon request.

9. Cookies

Our website uses:

  • Essential cookies — required for website functionality
  • Analytics cookies — via Google Analytics (GA4)

We do not currently use marketing cookies.
If this changes, this policy will be updated, and a cookie banner may be introduced.

10. Changes to This Policy

We may update this Privacy Policy occasionally. Updates will be posted on this page with a revised “last updated” date.

11. Contact Us

For privacy questions, data access requests, or security concerns:

andrew@pennstudio.co.uk
Penn Studio Limited, Unit 10 Silver End Business Park, Brettell Lane, Brierley Hill, DY5 3LG, UK
Company Number: 11450406