Privacy Policy
Last updated: 12 July 2026
This Privacy Policy explains how Maskrey Studio collects, uses, shares and protects your personal data when you visit maskrey.studio, book a call, or otherwise get in touch. It also sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to handling your data lawfully, fairly and transparently.
Contents
- Who we are and how to contact us
- The personal data we collect
- How we collect your data
- How we use your data and our lawful bases
- Who we share your data with
- International data transfers
- How long we keep your data
- How we keep your data secure
- Your data protection rights
- Cookies and similar technologies
- Children's privacy
- Changes to this policy
- How to complain
01Who we are and how to contact us
Maskrey Studio ("we", "us", "our") is a web design studio based in Derbyshire, England, operated by Joe Maskrey. For the purposes of UK data protection law, we are the data controller responsible for your personal data.
If you have any questions about this policy or how we handle your data, contact us:
Maskrey Studio — data protection enquiries
Email: joe@maskrey.studio
Post: Belper, Derbyshire, England (full postal address available on request)
02The personal data we collect
We only collect the data we need to respond to you and run our business. Depending on how you interact with us, this may include:
- Enquiry and booking data — your name, email address, time zone, the date and time you choose, and any information or notes you provide when you book a call with us through our online scheduling tool.
- Communications data — the content of emails and messages you send us, and our correspondence with you, including any details you share about your business, your project or your requirements.
- Technical and usage data — your IP address, approximate location derived from it, browser type and version, device and operating system, referring website, and the pages you view. This is generated automatically when any website is loaded and is processed by our hosting and content-delivery providers largely for security and to serve the site.
- Usage analytics — aggregated, anonymous statistics about how the site is used (such as pages viewed, the referring site, and general country, browser and device type), measured by our cookieless analytics tool. This does not identify you individually and sets nothing on your device.
We use a privacy-friendly, cookieless analytics tool (Plausible) to understand how the site is used — it does not set cookies, does not collect data that identifies you, and does not track you across other websites. We do not run advertising or behavioural-tracking tools, and we do not build marketing profiles of visitors. We do not knowingly collect any special category data (such as data about health, ethnicity, religion or political views). Please don't send us special category data unless it's genuinely necessary.
03How we collect your data
- Directly from you — when you book a call, email us, or otherwise get in touch.
- Automatically — when you load the site, technical data is collected by your browser's requests to our hosting, content-delivery and font providers (see section 5).
- From third parties — if you book through our scheduling tool, we receive the booking details you submit to that tool.
04How we use your data and our lawful bases
Under UK GDPR we must have a valid "lawful basis" for using your personal data. We rely on the following:
| What we do | Why | Lawful basis |
|---|---|---|
| Respond to enquiries and bookings | To reply to you, arrange and hold a call, and discuss whether we can work together | Taking steps at your request before entering a contract; and our legitimate interests in responding to enquiries |
| Provide our services | To plan, design and deliver work if you become a client | Performance of a contract with you |
| Operate, secure and maintain the website | To deliver the site reliably, prevent abuse and keep it secure | Our legitimate interests in running a safe, functioning website |
| Keep records and manage our business | Correspondence, quotes, and business administration | Our legitimate interests; and, where relevant, compliance with a legal obligation (e.g. tax and accounting) |
| Measure how the site is used (analytics) | To understand which pages and calls-to-action work, and improve the site | Our legitimate interests in understanding and improving our website, using privacy-friendly, cookieless analytics |
Where we rely on legitimate interests, we have considered whether those interests are overridden by your rights, and we believe our use is proportionate and expected. Where our client is a company or other organisation rather than you personally, the contract is with that organisation, so we rely on our legitimate interests in delivering the contracted work and communicating with our client's staff and contacts. We do not currently send marketing emails from this website. If that ever changes, we will only do so where we are permitted to, and you will always be able to opt out.
Do you have to provide your data?
Providing your personal data is not a statutory requirement. Where you contact us or book a call, giving us your name, email address and any details you choose to share is necessary for us to respond to you and, if you become a client, to enter into and perform a contract with you. If you choose not to provide this information, we won't be able to reply to your enquiry or provide our services.
06International data transfers
Some of our providers (including Cloudflare, Cal.com and Google) are based in, or store or process data in, countries outside the UK, such as the United States. Where we engage a provider as our processor and your data is transferred outside the UK, we rely on appropriate safeguards — for example UK "adequacy" regulations, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses, together with additional measures where appropriate. Some transfers instead happen because your browser connects directly to a provider (such as Google Fonts or the code-library service) as you load the site; in those cases the provider receives limited technical data under its own terms and safeguards rather than under an arrangement we have put in place. Our analytics provider, Plausible, stores its data within the European Union rather than outside it. You can ask us for more detail on the safeguards that apply.
07How long we keep your data
We keep your personal data only for as long as we need it for the purposes set out above. In practice:
- Enquiries and bookings that don't lead to work: we generally keep these for up to 24 months in case you get back in touch, then delete them.
- Client records: if you become a client, we keep relevant records for the duration of our engagement and afterwards as required for legal, accounting and tax purposes (generally up to 6 years).
- Technical logs held by our hosting and security providers are kept for a limited period — typically no more than a few months — in line with their retention policies.
You can ask us to delete your data sooner — see your rights below.
08How we keep your data secure
We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration. These include serving the site over an encrypted HTTPS connection, choosing reputable providers with strong security practices, and limiting access to your data to those who need it. No method of transmission or storage is completely secure, but we take reasonable steps to protect your information and to notify you and the regulator of any serious breach where the law requires us to.
09Your data protection rights
Under UK data protection law you have the following rights, free of charge in most cases:
- Access — to be told whether we hold data about you and to receive a copy of it.
- Rectification — to have inaccurate or incomplete data corrected.
- Erasure — to ask us to delete your data ("the right to be forgotten") in certain circumstances.
- Restriction — to ask us to limit how we use your data in certain circumstances.
- Objection — to object to processing based on our legitimate interests.
- Portability — to receive certain data in a portable, machine-readable format.
- Withdraw consent — where we rely on your consent, to withdraw it at any time (this won't affect processing already carried out).
- Rights around automated decisions — we do not make decisions about you by solely automated means or carry out profiling.
To exercise any of these rights, email joe@maskrey.studio. We may need to verify your identity. We will respond within one month of receiving a valid request; where a request is complex or you have made several, we may extend this by up to two further months, as the law permits, and will let you know if we need to.
11Children's privacy
Our website and services are aimed at businesses and are not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.
12Changes to this policy
We may update this policy from time to time to reflect changes to our practices or the law. When we do, we will revise the "last updated" date at the top of this page. Where changes are significant, we will take reasonable steps to bring them to your attention.
13How to complain
If you have a concern about how we handle your data, please contact us first so we can try to put it right. You also have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk