Privacy Policy

Last updated: April 2026

Studio AROS Ltd (“we”, “us”, “our”) is committed to protecting your personal data. This policy explains what we collect through studioaros.com, why we collect it, and what your rights are under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Studio AROS Ltd is a company registered in England & Wales. We act as the data controller for personal data collected through this website.

Contact: [email protected]

2. Information we collect

Information you give us

When you submit an enquiry through our contact form we collect the details you choose to share, typically:

• your first and last name;
• your email address;
• your phone number, if provided;
• the project location, if provided;
• the contents of your message.

Information collected automatically

When you visit the Site, our hosting provider may automatically log technical information such as your IP address (often partially anonymised), the type of device and browser you are using, the pages you visit, and the date and time of your visit. This information is used to keep the Site running, to maintain security, and in aggregate to understand how the Site is used.

3. How we use your information

We use the information we collect to:

• respond to enquiries and discuss potential projects;
• maintain a record of correspondence with prospective and current clients;
• operate, secure and improve the Site;
• comply with our legal and regulatory obligations.

We will not use your information for automated decision-making or profiling.

4. Lawful basis

We process personal data on the following lawful bases under UK GDPR:

• Consent — for non-essential cookies and any optional analytics where you have agreed.
• Legitimate interests — for responding to your enquiry, keeping the Site running and securing it against misuse.
• Contract — for any subsequent project engagement, governed by a separate written agreement.
• Legal obligation — where we need to retain certain records to comply with applicable law.

5. Sharing your information

We do not sell your personal data. We share it only with the limited service providers we rely on to run the Site, and only to the extent necessary:

• FormSubmit processes contact-form submissions and forwards them to our inbox. The form data passes through their servers in transit.
• Vercel hosts the Site and may collect basic technical and performance data to deliver pages and protect against abuse.
• Email and productivity providers we use to read and reply to your enquiry (for example, our email provider).

These providers act as our processors and are bound to handle your data only as instructed and in line with applicable law. We may also disclose information where required by law or to protect our rights.

6. International transfers

Some of our service providers are based outside the UK. Where personal data is transferred internationally we rely on appropriate safeguards, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an applicable adequacy decision.

7. How long we keep it

We keep enquiry correspondence for as long as is reasonably needed to respond to you and, where it leads to a project, for the duration of the engagement and a reasonable period afterwards for record-keeping and legal purposes. Server logs are typically retained for a short period before being rotated or deleted.

8. Cookies

This Site uses a small number of cookies and similar technologies. We group them as follows:

• Strictly necessary — required for the Site to function (for example, recording your cookie preference itself). These do not require consent.
• Analytics & performance — used, with your consent, to understand how the Site is used so we can improve it.

The first time you visit the Site we ask for your preference. You can change it at any time by clicking Cookie Settings in the footer.

9. Your rights

Under UK GDPR you have the following rights in relation to your personal data:

• the right to be informed about how your data is used;
• the right of access to a copy of the data we hold about you;
• the right to rectify inaccurate data;
• the right to erasure, in certain circumstances;
• the right to restrict processing;
• the right to data portability;
• the right to object to processing based on legitimate interests;
• the right to withdraw consent at any time, where consent is the lawful basis.

To exercise any of these rights please contact us at [email protected]. We aim to respond within one month.

10. Complaints

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, or by calling 0303 123 1113. We’d appreciate the chance to address your concerns first — please get in touch.

11. Security

We take reasonable technical and organisational measures to protect your information from loss, misuse and unauthorised access. No method of transmission over the internet is fully secure, so we cannot guarantee absolute security; please bear this in mind when sending information through the Site.

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date above shows the current version. Material changes will be highlighted on the Site.

13. Contact

If you have any questions about this policy or how your data is handled, please email [email protected].