Website privacy notice

1. INTRODUCTION

Studio Health is committed to protecting your privacy and being transparent about how we process your personal information. This document describes what data we collect, why we collect it, how we use it, how we keep it secure, and the conditions under which we share it. It also outlines your rights under the General Data Protection Regulation (UK GDPR) 2016 and the Data Protection Act 2018.

This website is not intended for use by children under the age of 13. We do not knowingly collect personal data from children. By submitting your data, you confirm that you are 13 years of age or older.

Studio Health is a data controller (registration: ZB019722), and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).

We have appointed a Data Protection Officer who is in charge of privacy-related matters. If you have any questions about this privacy notice, please contact the Data Protection Officer using the details below.

Contact Details

  • Full name of legal entity: Studio Health (trading name of Candida Halton Ltd)
  • DPO: Raman Sidhu
  • Email address: hello@studio-health.com
  • Postal address: Unit 21, Springfield House, 5 Tyssen Street, London, E8 2LY

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes.

2. WHAT PERSONAL DATA WE COLLECT AND HOW WE USE IT

Personal data means any information capable of identifying an individual. It does not include anonymised data.

  • Contact and Business Relationship Data – includes communications you send to us and information relating to your relationship with us (name, email, phone number, organisation details, billing and transaction information).
    We process this data to communicate with you, provide our services, manage relationships, maintain records, and establish, pursue or defend legal claims.
    Lawful basis: legitimate interests and performance of a contract.
  • Recruitment Data – includes your name, contact details, CV, employment history, qualifications and any information shared during recruitment.
    We process this data to assess your suitability for employment and manage recruitment processes.
    Lawful basis: legitimate interests.
    Data is retained for up to 6 months unless a longer period is required or you consent to future opportunities.
  • User Data – includes data about how you use our website and services, including cookies and content you post.
    We process this data to operate, maintain and secure our website and business.
    Lawful basis: legitimate interests.
  • Participant Data – includes data collected during research or evaluation projects (e.g. contact details, demographic information, survey/interview responses, and potentially special category data such as health or ethnicity).
    We process this data for research and evaluation purposes. Participation is voluntary.
    Lawful basis: legitimate interests (Article 6), and where applicable explicit consent or Article 9(2)(j) (scientific research).

Where you take part in a specific research or evaluation project, you may be provided with a separate project-specific privacy notice explaining how your data will be used, including any partners, data sharing arrangements, or international transfers.

We will only use your personal data for the purpose it was collected or a reasonably compatible purpose. We do not carry out automated decision making or profiling.

3. HOW WE COLLECT YOUR PERSONAL DATA

We collect data directly from you (for example when you complete forms or contact us by email) and automatically through cookies and similar technologies when you use our website. Please see our cookie policy for more details.

4. SHARING YOUR PERSONAL DATA

We share personal data only where necessary with:

  • IT, cloud storage and collaboration providers (e.g. Microsoft 365, Dropbox)
  • Survey and research platforms (e.g. Qualtrics)
  • Transcription and analysis providers (e.g. OtterAI, CollabCoder)
  • Professional advisers (lawyers, auditors, insurers)
  • Government bodies or regulators where required

We require all third parties to respect the security of your data and process it in accordance with data protection laws. We do not sell your personal data or share it for marketing purposes.

We may also disclose personal data where required by law or to protect our legal rights.

5. INTERNATIONAL TRANSFERS

Core data storage is within the UK or EEA, but some providers may process data outside these regions, including in the United States.

  • Transfers to countries with adequate protection
  • Use of recognised data transfer frameworks
  • Standard contractual clauses or equivalent safeguards

We assess risks and apply additional safeguards where required.

6. DATA SECURITY

We implement appropriate security measures to prevent your personal data from being lost, used, altered, disclosed or accessed without authorisation. Access is limited to those with a business need and subject to confidentiality obligations.

7. DATA RETENTION

We retain personal data only as long as necessary for the purposes it was collected, including legal, accounting, or reporting requirements.

For tax purposes, we are required to retain certain customer data for six years after they cease being customers.

We may anonymise data for research or statistical purposes and use it indefinitely.

8. YOUR LEGAL RIGHTS

You have rights including access, correction, erasure, restriction, transfer, objection, data portability, and withdrawal of consent (where applicable).

More information:

ICO Individual Rights

To exercise your rights, please email: hello@studio-health.com

9. COMPLAINTS

If you have concerns about how we handle your personal data, please contact us first. We aim to acknowledge complaints within 30 days and respond promptly.

If you are not satisfied, you may contact the Information Commissioner’s Office (ICO):
www.ico.org.uk

10. THIRD-PARTY LINKS

This website may include links to third-party websites. We are not responsible for their privacy practices and encourage you to read their privacy notices.

11. COOKIES

We use essential cookies required for website functionality. These do not require consent.

We do not currently use analytics or marketing cookies. If this changes, we will update this notice and request consent where required.

Disabling cookies may affect how the website functions.

12. REVIEW OF THIS NOTICE

We will periodically review this Privacy Notice to keep it up to date with how we process personal data.