Privacy Policy for Shove Studio

Last Updated: 27 May 2025

This Privacy Policy explains how Shove Studio ("we," "us," or "our") collects, uses, discloses, and protects personal data in compliance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR). This policy applies to all services we provide, including design, website hosting, management, and communications.

1. Data Collection and Use

1.1 Types of Data Collected

We collect and process the following categories of personal data:

• Client Information: Names, email addresses, phone numbers, business addresses, and websites.

• Project Data: Design briefs, feedback, and communications related to client projects.

• Website Usage Data: IP addresses, browser types, device information, and pages visited on websites we host or manage.

• Payment Data: Credit/debit card details (processed via Stripe), billing addresses, and transaction histories.

• Communication Data: Emails, chat logs, and support tickets handled through Google Workspace/Gmail.

1.2 Purposes of Processing

We use personal data to:

• Deliver design services and manage client subscriptions.

• Process payments and maintain financial records.

• Provide website hosting, security updates, and technical support.

• Communicate service updates, invoices, and promotional offers (with consent).

2. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

• Contractual Necessity: To fulfil service agreements with clients.

• Legitimate Interests: For website analytics, fraud prevention, and service improvements.

• Consent: For marketing communications and non-essential cookies.

3. Data Sharing and Third Parties

We share data with:

• Framer.com: Hosting platform that processes website usage and client project data.

• Stripe: Payment processor that handles transactional data.

• Google Workspace: Email and communication service provider.

• Subcontractors: Freelancers or agencies involved in client projects under strict confidentiality agreements.

Third parties act as data processors and are contractually obligated to comply with UK GDPR.

4. International Data Transfers

Data may be transferred outside the UK to third parties in the US (e.g., Framer, Stripe, Google). Transfers are safeguarded through Standard Contractual Clauses or adequacy decisions.

5. Your Rights

Under UK GDPR, you have the right to:

• Access, correct, or delete your data.

• Restrict processing or object to marketing.

• Data portability and withdrawal of consent.
  To exercise these rights, contact us at hey@shove.studio

6. Data Security

We implement technical measures (SSL encryption, firewalls) and organizational safeguards (staff training, access controls) to protect data1319. Regular security audits are conducted to mitigate risks.

7. Data Retention

We retain data only as long as necessary:

• Client Records: 7 years post-subscription for tax/legal compliance.

• Website Backups: 12 months unless otherwise requested.

• Marketing Data: Until consent is withdrawn.

8. Cookies and Tracking

Our website uses:

• Essential Cookies: For login sessions and payment processing (no consent required).

• Analytics Cookies: To monitor traffic via Google Analytics (consent required).

• Marketing Cookies: For social media campaigns (consent required).

Manage preferences via our cookie banner or browser settings.

9. Policy Updates

We will notify users of material changes via email or website announcements.

10. Contact Us

For questions or complaints, contact:
Email: hey@shove.studio