Lovebird Studios Limited – Data Protection Policy

**1. Introduction**
Love Bird Studios Limited (“the Company”) is committed to protecting the privacy and security of personal information. This Data Protection Policy outlines how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.2. Scope**
This policy applies to all personal data processed by the Studio, including data relating to customers, employees, contractors, suppliers, and other individuals with whom the Studio interacts.3. Data Protection Principles**
We adhere to the following principles when processing personal data:1. **Lawfulness, Fairness, and Transparency**: Personal data will be processed lawfully, fairly, and in a transparent manner.
2. **Purpose Limitation**: Data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.3. **Data Minimisation**: Only the data necessary for the purposes set out will be collected.
4. **Accuracy**: We will take reasonable steps to ensure the accuracy of the data we hold and keep it up to date.
5. **Storage Limitation**: Data will be kept in a form that permits identification of individuals for no longer than necessary.
6. **Integrity and Confidentiality**: Personal data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage.4. Data We Collect**
We may collect the following personal data:- **Customer Data**: Name, contact information (email, phone number), payment details, and booking history.
– **Employee Data**: Name, contact information, employment records, financial information, and performance data.
– **Supplier Data**: Business contact information, payment details, and contract history.5. Legal Basis for Processing**
We will only process personal data where we have a legal basis to do so. The legal bases include:- **Consent**: The individual has given clear consent to process their personal data for a specific purpose.- **Contractual Necessity**: Processing is necessary for the performance of a contract with the individual or to take steps before entering into a contract.
– **Legal Obligation**: Processing is necessary to comply with a legal obligation.
– **Legitimate Interests**: Processing is necessary for the legitimate interests of the Studio or a third party, provided those interests do not override the individual’s rights and freedoms.6. Data Subject Rights**
Individuals have the following rights regarding their personal data:1. **Right to Access**: Individuals can request access to their personal data and information on how we process it.
2. **Right to Rectification**: Individuals can request that inaccurate or incomplete data be corrected.
3. **Right to Erasure**: Individuals can request the deletion of their personal data in certain circumstances.
4. **Right to Restrict Processing**: Individuals can request that processing of their data is restricted in certain situations.
5. **Right to Data Portability**: Individuals can request to receive their data in a structured, commonly used format and have it transferred to another controller.
6. **Right to Object**: Individuals can object to the processing of their personal data in certain circumstances.
7. **Rights Related to Automated Decision-Making and Profiling**: Individuals can object to decisions made solely based on automated processing, including profiling.7. Data Security**
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or damage. These measures include:- Access controls to personal data.
– Regular training for employees on data protection.
– Secure storage and encryption of data where appropriate. – Regular audits of data processing activities.8. Data Retention**
We will only retain personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements. When data is no longer required, we will securely delete or anonymise it.9. Data Sharing**
We do not share personal data with third parties unless:- It is necessary to fulfill our services (e.g., payment processing). – We are required to do so by law.
– The individual has given explicit consent.In cases where we do share data with third parties, we ensure they comply with data protection laws and have adequate safeguards in place.10. Data Breach**
In the event of a data breach that poses a risk to the rights and freedoms of individuals, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach. Affected individuals will also be informed without undue delay.11. Changes to This Policy**
We may update this Data Protection Policy from time to time. We will notify individuals of any significant changes by email or by placing a prominent notice on our website.12. Contact Information**
If you have any questions about this Data Protection Policy or how we handle your personal data, please contact:Raphael VraetsLovebird Studios Limited
Pigdown Plantation, Pigdown Lane, Hever TN8 7LX info@lovebirdstudios.uk
07357817393