GDPR Compliance Statement

General Data Protection Regulation (GDPR)
At SO Creative Studio, we are fully committed to protecting your personal data and respecting your privacy in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Lawful Basis for Processing

We process personal data on one or more of the following lawful bases:

• Consent: when you voluntarily submit your details through our contact form or subscribe to updates.

• Contract: when we need to communicate with you in relation to a project or service you have requested.

• Legitimate interests: for internal business operations such as responding to enquiries, record keeping, and improving our website experience.

Data Retention

We keep personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Enquiry form submissions are typically deleted within 12 months unless they lead to an ongoing working relationship.

Data Sharing

We do not share, sell, or rent your data to third parties.
However, your data may be processed securely by trusted service providers (such as Squarespace and Google) who help us host our website or manage analytics. These providers are GDPR-compliant and handle data according to strict privacy and security standards.

International Data Transfers

As Squarespace operates globally, some technical data may be transferred outside the UK. Where this occurs, Squarespace ensures appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK ICO.

Your Rights

Under GDPR, you have the right to:

• Access, correct, or delete your personal data.

• Withdraw consent at any time.

• Object to or restrict processing.

• Request a copy of the information we hold about you.

To exercise any of these rights, please email hello@so-creativestudio.com.

Data Controller

SO Creative Studio
Email: hello@so-creativestudio.com
Location: United Kingdom