top of page

Privacy POLICY

Story Creative Studio Ltd

(Company number 16405649)

20 Wenlock Road, London, England, N1 7GU

 

INTRODUCTION

 

This Privacy Policy explains how Story Creative Studio Ltd (Story, we, us or our) collects and uses personal data in the course of operating our creative agency and providing our services, including when you visit our website or contact us by email. We are committed to protecting your privacy and handling your personal data in a fair, lawful and transparent manner.

 

By using our website or otherwise providing personal data to us, you acknowledge that you have read and understood this Privacy Policy.

 

IMPORTANT INFORMATION AND WHO WE ARE

 

Story Creative Studio Ltd is a company registered in England and Wales with company number 16405649. Our registered office is at 20 Wenlock Road, London, England N1 7GU.

 

For the purposes of UK data protection law, we are the controller of the personal data described in this policy.

 

If you have any questions about this Policy or how we handle personal data, you can contact us at: hello@story.studio

 

THE TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU

 

The personal data we collect depends on how you interact with us, but may include:

 

Contact details such as your name, business email address, telephone number, job title and organisation;

 

Business and project information including information about your organisation, brand, creative brief and content requirements;

 

Content and media such as photographs, video footage and audio recordings we create or receive in connection with client projects, which may identify individuals (including employees, talent, event attendees or members of the public);

 

Online data and basic technical information from your visit to our website (such as IP address, browser type and approximate location) and any information you provide in emails or via our contact email; and/or

 

Marketing information including your marketing preferences and any feedback, testimonials or case studies you give us.

 

We do not knowingly collect personal data directly from children via the website. Where children appear in content, consent is obtained via their parent or guardian or the relevant client, as appropriate.

 

HOW IS YOUR PERSONAL DATA COLLECTED

 

We collect personal data in the following ways:

 

When you or your organisation contact us by email or telephone;

 

When your organisation engages us to provide services and during the course of those service;

 

When we attend or host shoots, events or locations where we create content;

 

From our clients, who may provide us with information about individuals (for example, staff, talent or customers) featured in the content we produce; and

 

Automatically, to a limited extent, when you visit our website (for example, via cookies and similar technologies. Please refer to our Cookie Policy for more details).

 

PURPOSES AND LAWFUL BASES FOR PROCESSING

 

We use personal data for the purposes and on the lawful bases set out below.

 

Providing our services

 

We process personal data to plan, produce and deliver creative content and campaigns, to manage projects, shoots and production schedules and to communicate with clients and suppliers.

Lawful basis includes performance of a contract (where we have a contract with you or your organisation) and our legitimate interests in providing our services and running our business.

 

Communicating with you

 

We process personal data to respond to enquiries, provide proposals and statements of work and to manage client and supplier relationships.

Lawful basis includes our legitimate interests in responding to enquiries and managing our relationships.

 

Featuring individuals in content

 

We process personal data to film and photograph individuals and to use content in line with project objectives and any agreed usage rights. This may include individuals appearing in campaigns, on social media or internal communications for our clients.

Lawful basis includes our legitimate interests in creative production and brand promotion, and where required, consent via signed or digital consent forms, particularly for street shoots, minors or sensitive contexts.

 

Marketing and case studies

 

We may use selected content, testimonials or case studies in our own marketing (for example, on our website, social channels or pitch materials).

Lawful basis includes our legitimate interests in promoting our services and, where we rely on consent, your consent, which you may withdraw at any time.

 

Administration, finance and legal compliance

 

We process personal data for invoicing, accounting, record-keeping, managing our business operations, managing disputes and complying with legal and regulatory obligations.

Lawful basis includes legal obligations (for example tax and accounting requirements) and our legitimate interests in business administration and protection of our legal rights.

 

DISCLOSORES OF YOUR PERSONAL DATA

 

We may share personal data with:

 

Our clients, where necessary to deliver content and services or to share project files;

 

Freelancers and contractors (for example photographers, videographers, editors and producers) who work under our instructions and are bound by confidentiality and data protection obligation;

 

Professional advisers, such as legal, tax and insurance advisers; and/or

 

Regulators and public authorities, where we are required to do so by law.

We do not sell your personal data.

INTERNATIONAL TRANSFERS

 

Some of our freelancers and content production partners may be located outside the UK, including in the United States, and we may transfer footage or other personal data to them. We may also use cloud services hosted outside the UK.

 

Where we transfer personal data outside the UK or the European Economic Area, we will ensure that an appropriate safeguard is in place, such as standard contractual clauses approved by the UK Information Commissioner’s Office, together with the UK International Data Transfer Addendum or other lawful transfer mechanisms, and any additional measures required by law.

 

DATA SECURITY AND RETENTION

 

We retain personal data only for as long as necessary for the purposes described in this Policy, including to meet legal, accounting or reporting requirements. As a guide:

 

Core client and project records (including content files and project correspondence) will be retained for up to 7 years after completion of the relevant project.

 

Contracts, invoices and financial records will be retained for up to 6 years from the end of the relevant financial year.

 

Enquiry information (where no contract is entered into) will be retained for up to 2 years from the last contact.

 

Marketing content and testimonials will be retained for as long as we reasonably require them for marketing, or until consent is withdrawn.

 

Employee and HR records will be retained in accordance with our internal retention schedule (typically up to 6 years after the end of employment, with shorter periods for some categories such as emergency contact details).

 

We may retain data for longer if necessary in relation to a dispute, complaint or legal claim.

 

YOUR LEGAL RIGHTS & COMPLAINTS

 

Depending on your location and subject to certain conditions, you may have the following rights in relation to your personal data:

 

The right of access to request a copy of the personal data we hold about you;

The right to rectification to request correction of inaccurate or incomplete data;

The right to erasure to request deletion of your data in certain circumstances;

The right to restrict processing to request that we restrict how we use your data;

The right to object to our processing of your data in certain circumstances, including where we rely on legitimate interests;

The right to data portability to request a copy of your data in a structured, commonly used and machine-readable format where we process it by automated means and on the basis of consent or contract; and

The right to withdraw consent where we process personal data based on your consent, you may withdraw that consent at any time.

 

To exercise any of these rights, please contact us at hello@story.studio

 

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you are unhappy with how we use your personal data. More information is available on the ICO’s website.

 

No fee usually required

 

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

 

What we may need from you

 

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

Time limit to respond

 

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

COOKIES

 

At present, our website only uses cookies that are strictly necessary for the site to function and does not use analytics or tracking cookies.

In future, we may implement analytics tools (for example Google Analytics 4 or Meta pixel) and other cookies to help us understand how visitors use our site and to improve our services. If we do so, we will update this Privacy Policy and our Cookie Policy and implement a cookie banner and consent mechanism to obtain your consent where required.

For more information, please refer to our Cookie Policy.

SECURITY

 

We use appropriate technical and organisational measures to protect personal data, including:

 

Use of secure cloud storage (Microsoft OneDrive and SharePoint, Google Drive);

Role-based access controls and password-protected HR and finance folders, restricted to senior staff and our Finance Director as appropriate;

Use of company-issued laptops for employees, with security and endpoint protection measures;

Contractual and technical safeguards for freelancers and third-party service providers;

Restrictions on the use and retention of project media, including secure storage of SD cards and clear deletion practices at the end of retention periods.

 

Please note that, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

 

CONTACT DETAILS

 

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact [our DPO] OR [us] in the following ways:

Email address: hello@story.studio

Postal address: 20 Wenlock Road, London, England N1 7GU.

 

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

 

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised “last updated” date. We encourage you to review this Policy periodically to stay informed about how we use personal data.

bottom of page