Website privacy notice

1. INTRODUCTION

Studio Health is committed to protecting your privacy and being transparent about how we process your personal information. This document describes what data we collect, why we collect it, how we use it, how we keep it secure, and the conditions under which we share it. It also outlines your rights under the General Data Protection Regulation (UK GDPR) 2016 and the Data Protection Act 2018.

This website is not intended for use by children under the age of 13. We do not knowingly collect personal data from children. By submitting your data, you confirm that you are 13 years of age or older.

Studio Health is a data controller (registration: ZB019722), and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).

Contact Details

  • Full name of legal entity: Studio Health (trading name of Candida Halton Ltd)
  • DPO: Raman Sidhu
  • Email address: hello@studio-health.com
  • Postal address: Unit 21, Springfield House, 5 Tyssen Street, London, E8 2LY

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes.

2. WHAT PERSONAL DATA WE COLLECT AND HOW WE USE IT

Personal data means any information capable of identifying an individual. It does not include anonymised data.

  • Contact and Business Relationship Data – includes communications you send to us and data relating to your relationship with us (name, email, phone number, organisation details, billing and transaction information).
    We process this to communicate with you, provide services, manage relationships, maintain records, and handle legal claims.
    Lawful basis: legitimate interests and performance of a contract.
  • Recruitment Data – includes your name, contact details, CV, employment history, qualifications and recruitment-related information.
    We process this to assess your suitability for employment.
    Lawful basis: legitimate interests.
    Data is retained for up to 6 months unless otherwise required or consent is given.
  • User Data – includes how you use our website and services, including cookies and posted content.
    We process this to operate, maintain and secure our website.
    Lawful basis: legitimate interests.
  • Participant Data – includes data collected during research projects (e.g. contact details, demographics, survey/interview responses, potentially special category data such as health or ethnicity).
    We process this for research and evaluation activities.
    Lawful basis: legitimate interests and, where applicable, explicit consent or Article 9(2)(j) scientific research provisions.

Where applicable, project-specific privacy notices may be provided. These may be shared directly or made available online: [insert link to project privacy notices page].

We will only use your personal data for the purpose it was collected or a compatible purpose. We do not carry out automated decision making or profiling.

3. HOW WE COLLECT YOUR PERSONAL DATA

We collect data directly from you (e.g. forms, emails) and automatically via cookies and similar technologies. Please see our cookie policy for more details.

5. SHARING YOUR PERSONAL DATA

We share personal data only where necessary with:

  • IT, cloud storage and collaboration providers (e.g. Microsoft 365, Dropbox)
  • Survey and research platforms (e.g. Qualtrics)
  • Transcription and analysis providers (e.g. OtterAI, CollabCoder)
  • Professional advisers (lawyers, auditors, insurers)
  • Government bodies or regulators where required

We do not sell your personal data or share it for marketing purposes.

6. INTERNATIONAL TRANSFERS

Data is primarily stored within the UK/EEA, but some providers may process data internationally (including the US).

  • Transfers to countries with adequate protection
  • Use of recognised data transfer frameworks
  • Standard contractual clauses or equivalent safeguards

We assess risks and implement additional safeguards where required.

7. DATA SECURITY

We implement appropriate security measures and restrict access to authorised personnel only.

8. DATA RETENTION

We retain personal data only as long as necessary. For tax purposes, customer data is kept for six years.

We may anonymise data for research purposes and retain it indefinitely.

9. YOUR LEGAL RIGHTS

You have rights including access, correction, erasure, restriction, transfer, objection, portability, and withdrawal of consent.

More information:

ICO Individual Rights

To exercise your rights, email: hello@studio-health.com

10. COMPLAINTS

If you have concerns, please contact us first. We aim to acknowledge complaints within 30 days.

You may also contact the ICO:
www.ico.org.uk

11. THIRD-PARTY LINKS

We are not responsible for third-party websites. Please review their privacy policies when visiting them.

12. COOKIES

We use essential cookies required for site functionality. These do not require consent.

We do not currently use analytics or marketing cookies. If this changes, we will update this notice and request consent where required.

Disabling cookies may affect website functionality.

13. REVIEW OF THIS NOTICE

We will periodically review this Privacy Notice to keep it up to date.