studiolr_yellow-01.jpg
 

Privacy Policy


1. Who we are 

StudioLR Limited (“we”, “us”, “our”) is a creative agency registered in Scotland with company number SC271269, and our registered address is 25 The Bond Building, Breadalbane Street, Edinburgh, EH6 5JW. 

We are the data controller for the personal data described in this policy. If you have any questions or concerns about this policy or how we handle your data, please contact: 

Jen Landels
StudioLR 
25 The Bond Building 
Breadalbane Street 
Edinburgh 
EH6 5JW 

Email: privacy@studiolr.com
Phone: 0131 454 3200 


2. What this policy covers 

This policy explains how StudioLR collects, uses, and stores personal data when you: 

  • Visit our website at www.studiolr.com 

  • Enquire about or engage our services 

  • Communicate with us by email, phone, face-to-face, or through our website 

  • Are a contact within one of our client or supplier organisations. 

We do not sell products or services directly to consumers through our website. 


3. Data security 

We take the security of your personal data seriously. To ensure we keep your data safe, we adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of the personal or transactional information stored on our website and systems. 

  • Secure, encrypted connections on our website (HTTPS) 

  • The encryption of personal data on our systems 

  • Access controls and authentication on systems containing personal data 

  • Regular review of data access permissions 

  • Use of reputable, security-certified third-party providers 

  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. 

No method of transmission or storage is completely secure, but we are committed to protecting your data to the best of our ability. 


4. Personal data we collect 

When you get in touch with us, we may collect: 

  • Your full name and job title 

  • Your company name, email address, postal address and phone number 

  • Other information you include in correspondence or enquiry forms. 

We collect information automatically about your visit to our website. Please see our Cookies Section for more details. 

We may also: 

  • collect your details from publicly-available sources (for example, your company website, LinkedIn, or Public Contracts Scotland) so we can send you information about our services. Where we obtain your details from public sources, we will provide this privacy information when we first contact you, and you can object to direct marketing at any time. 

  • collect and process your data with your consent. 

It is important that any personal data we hold about you is accurate and current. If your personal data changes during your relationship with us, please let us know. 

 

Data held 

We use Salesforce to manage our business relationships. This may include: 

  • Contact details of individuals within client and prospect organisations 

  • Records of communications, meetings, and project history 

  • Notes relevant to our business relationship. 

We use Mailchimp and LinkedIn Sales Navigator to manage our marketing activity. This may include: 

  • Contact details of: 

  • individuals within client and prospect organisations 

  • freelancers and suppliers 

  • students, employees past and present, and industry peers. 

  • Preferences for the type of communications the above individuals wish to receive. 

We use Xero, Dext and Modulr to manage our financial activity. This may include: 

  • Contact details of individuals within client, supplier and prospect organisations 

  • Details of prospective, current and historical projects 

  • Notes relevant to our business relationships and projects 

  • Billing and invoicing information relating to the above. 

We use Squarespace and Microsoft 365 to manage communications relating to Concerns or Grievances. This may include: 

  • Contact details of individuals raising the concern, including their name, email address and phone number 

  • A detailed description of the concern being raised, and the individual’s desired resolution 

  • Other information the individual shares during their correspondence with us. 

We use Microsoft 365 to manage communications relating to vacancies or speculative applications. This may include: 

  • Contact details of individuals, including their name, address, email address and phone number 

  • Detailed information relating to the individual’s skills and experience. 

 

Data collected automatically via our website 

When you visit our website, we collect certain data automatically through cookies and similar technologies. This may include: 

  • Your IP address and approximate location 

  • Browser type and version, operating system, and device type 

  • Pages visited, time spent on site, and referring URL 

  • Interactions with site features and forms. 

Further details about our use of cookies are set out in Section 11 below. 

 

5. How and why we use your personal data 

We only process your personal data where we have a lawful basis to do so under UK GDPR. 

The personal data we collect will be used for the following purposes: 

  • Responding to enquiries and providing quotes for our services – which may be received by us via email, phone, form, message, or in person 

  • Delivering our services and managing our projects 

  • Invoicing, payments, and financial record-keeping 

  • Maintaining our CRM and managing business relationships 

  • Sending you information about our services which is applicable to you in your role 

  • Gathering information about your services which are applicable to our company or our clients 

  • Providing services on behalf of a client who has contracted us to work for them 

  • Analysing website usage to improve our site 

  • Handling concerns or grievances 

  • Handling vacancies or speculative applications 

  • Complying with legal or regulatory obligations. 

 

Our legal basis for processing of your personal data is: 

  • Responding to enquiries and providing quotes for our services: To meet contractual, or pre-contractual, obligations entered into or requested by you. 

  • Delivering our services and managing our projects: Performance of a contract. 

  • Invoicing, payments, and financial record-keeping: Performance of a contract and legal obligation (tax and accounting requirements). 

  • Maintaining our CRM and managing business relationships: Legitimate interests – to manage and develop our client relationships effectively. 

  • Sending information about our services which is applicable to you in your role: Legitimate interests for B2B communications in relation to promoting services that you use, relevant in your role, or consent (for newsletter subscriptions). Where PECR requires consent for electronic marketing, we’ll only share marketing communications where we have it; otherwise we’ll provide an easy opt-out in every direct marketing communication. 

  • Gathering information about your services which are applicable to our company or our clients: Legitimate interests – sourcing suppliers/partners and supporting delivery of our client work. 

  • Providing services on behalf of a client who has contracted us to work for them: Fulfilment of contractual obligations to client Controllers. Personal data will be processed in accordance with their instructions and our contract with them – their Data Protection policy will apply. 

  • Analysing website usage to improve our site: Legitimate interests – to understand how visitors use our site and improve their experience. 

  • Handling concerns or grievances: Legitimate interests – addressing issues raised, and, where relevant, legal claims 

  • Handling vacancies or speculative applications: Legitimate interests – recruitment. 

  • Complying with legal or regulatory obligations: Fulfilling our legal or regulatory obligations. 

 

6. Who we share your data with 

We do not sell your personal data to anyone, but may share your data with the following categories of recipients where necessary: 

  • Our CRM provider: (SalesForce) – to manage client and prospect relationships 

  • Website hosting, features and analytics: (SquareSpace, Vimeo, Google Analytics, Google Tag Manager) – to host our site, manage site tags, provide enhanced functionality, and understand usage patterns 

  • Email and communication tools: (Microsoft 365, Mailchimp, LinkedIn Sales Navigator, Google Forms) – to manage communications and surveys 

  • Accounting and invoicing: (Xero, Dext, Modulr) – to process payments and maintain financial records 

  • Professional advisors: Our accountants, legal advisors, and specialist research suppliers, where necessary 

  • Regulatory authorities: The ICO, HMRC, or others where required by law 

We require any organisations that access your data in the course of providing services on our behalf to have appropriate controls in place, and comply with all data protection laws that apply. 


7. How long we keep your data  

  • General enquiries: We retain personal data for up to 6 years and one month after the creation date for the purposes it was collected, and to comply with statutory limitation periods and tax obligations.  

  • Newsletter sign-ups: Kept until the individual unsubscribes, with minimal proof of consent held for a short period after. 

  • SalesForce leads: Review every 6 months; delete/minimise after 3 years of inactivity (unless there’s an active relationship) 

  • Vacancies and speculative applications: Review every 12 months, or longer with consent to keep on file for future roles. 

  • Concerns and Grievances: Retained for the length of the investigation and a post-closure period of one year for auditing purposes. 

Where personal data is no longer required or is no longer relevant, we will ensure it is securely deleted or anonymised. 


8. International data transfers 

Some of our third-party service providers process personal data outside the UK. Where this involves a restricted transfer, we use appropriate safeguards such as the UK IDTA and/or the UK Addendum to EU Standard Contractual Clauses, or adequacy mechanisms (including the UK extension to the EU–US Data Privacy Framework where applicable). You can request details of the relevant safeguards by contacting us. 


9. Your rights 

Under UK GDPR, you have the following rights in relation to your personal data: 

  • Right of access: You can request a copy of the personal data we hold about you. 

  • Right to rectification: You can ask us to correct inaccurate or incomplete data. 

  • Right to erasure: You can ask us to delete your personal data in certain circumstances. 

  • Right to restrict processing: You can ask us to limit how we use your data. 

  • Right to data portability: You can request your data in a structured, machine-readable format. 

  • Right to object: You can object to processing based on legitimate interests or for direct marketing purposes. 

  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time. 

To exercise any of these rights, please contact us (see Section 1 for details). We will respond within one month of receiving your request. Please be aware that in order to exercise these rights, you may be required to prove your identity – this will be confirmed when we receive your request. 

If you are not satisfied with how we handle your request, you have the right to seek advice from, or complain to, the Information Commissioner’s Office (ICO)

Website: www.ico.org.uk 
Telephone: 0303 123 1113 


10. Other websites 

Our website contains links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours. You should read other sites Privacy Policies before giving them your personal information. 


11. Cookies 

Our website uses cookies – small pieces of information sent by a web server to a web browser – to help us understand how visitors use our site and to improve the browsing experience. You can find out more about cookies at www.allaboutcookies.org

The information we get through these cookies is anonymised or aggregated where possible. 

Types of cookies we use 

  • Strictly necessary cookies: These are required for the website to function properly (e.g. security, accessibility preferences). They cannot be switched off. 

  • Analytics cookies (including SquareSpace, Google Analytics and Google Tag Manager): These help us understand how visitors interact with our website by collecting usage data (often pseudonymous). 

  • Functional cookies (including Vimeo and SquareSpace form functionality): These help improve the user experience of our site. Embedded videos and forms may use cookies, or similar technologies may be set when you interact with them. 

You can manage your cookie preferences through the cookie settings on our website, or through your browser settings. Please note that disabling certain cookies may affect site functionality. 


12. Changes to this policy 

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. We will update the “Last updated” date at the bottom of this page when we make changes. For significant changes, we will make reasonable efforts to notify affected individuals directly. 

Last updated: 24/03/2026