The Olive Studio

Privacy Policy

Last updated 4 May 2026

Last updated: 1 February 2026

This Privacy Policy explains how The Olive Studio (“we”, “us”, “our”) collects, uses and protects personal data when you visit theolivestudio.com, submit a form on the site, or otherwise interact with us. We are the data controller for the personal data we hold about you.

Who we are

The Olive Studio is a creative agency providing branding, design, print, web development, hosting, managed services and marketing. You can reach us by email at hello@theolivestudio.com, or by post at our registered office.

What we collect

We only collect personal data that you give us directly. Depending on which forms you complete, this may include:

  • Contact details — your name, email address, phone number and (where given) your organisation.

  • Project information — the contents of any message, design brief, reference, file attachment or other material you send us via the contact form, design request form or by email.

  • Newsletter preferences — your email address if you subscribe to our newsletter.

  • Technical information — standard server logs (IP address, browser type, request timing) generated automatically when you visit our website. We do not use third-party analytics or advertising cookies.

We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us so we can delete it.

How we use your data

We use your personal data to:

  • Respond to your enquiries and design requests.

  • Quote, contract and deliver work you have engaged us to do.

  • Send transactional emails (acknowledgements, project updates, invoices).

  • Send our newsletter, where you have opted in. You can unsubscribe at any time.

  • Operate, secure and improve our website and services.

  • Comply with our legal and accounting obligations.

Lawful bases for processing

Under the UK GDPR and EU GDPR, we rely on the following lawful bases:

  • Contract — processing necessary to take steps at your request before entering into a contract, or to perform a contract you have entered with us.

  • Legitimate interests — running and securing our website, replying to enquiries, and developing our services. We balance our interests against your rights and freedoms.

  • Consent — for marketing emails (our newsletter) and for any optional cookies we may introduce in future. You may withdraw consent at any time.

  • Legal obligation — tax, accounting, anti-fraud and other obligations required by law.

Who we share your data with

We do not sell your personal data. We share it only with carefully selected service providers who help us run our business, under written contracts that require them to protect it:

  • Supabase — database and file storage for form submissions and CMS content.

  • Amazon Web Services (SES) — transactional email delivery, in the eu-west-2 (London) region.

  • Vercel — website hosting and content delivery.

  • Professional advisors — our accountants, lawyers and insurers, where reasonably needed.

  • Authorities — where we are required by law to disclose information.

International transfers

Some of our service providers may process data outside the United Kingdom, including in the European Economic Area and the United States. Where we transfer personal data outside the UK or EEA, we put in place appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or processor adequacy decisions, so your data continues to receive an essentially equivalent level of protection.

How long we keep your data

We retain personal data only as long as necessary for the purposes for which it was collected:

  • Enquiry and design-request submissions: typically up to 24 months from last contact, after which we delete or anonymise them.

  • Newsletter subscribers: until you unsubscribe.

  • Client records and invoices: at least 7 years to comply with UK accounting and tax law.

  • File uploads attached to design requests: typically up to 12 months from project completion, then deleted.

Your rights

You have the following rights under data-protection law:

  • Access — request a copy of the personal data we hold about you.

  • Rectification — ask us to correct inaccurate or incomplete data.

  • Erasure — ask us to delete your data where there is no good reason for us to keep it.

  • Restriction — ask us to limit how we use your data.

  • Objection — object to processing based on our legitimate interests, and to direct marketing.

  • Portability — receive your data in a structured, machine-readable format.

  • Withdraw consent — for processing based on consent, at any time, without affecting earlier processing.

To exercise any of these rights, email hello@theolivestudio.com. We respond within one month.

If you are unhappy with how we have handled your personal data, you have the right to complain to the UK Information Commissioner’s Office (ico.org.uk) or to the data-protection authority in your country of residence.

Security

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, alteration, disclosure or access. These include encrypted connections (HTTPS/TLS) for all site traffic, server-side hashing and encryption for credentials, role-based access control for our admin systems, and private storage buckets for confidential file uploads. No system is perfectly secure, so we cannot guarantee absolute security — but we treat your data with appropriate care.

Cookies

We use a small number of strictly necessary cookies. See our Cookie Policy for details.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The “Last updated” date at the top will indicate when the latest changes were made. Material changes will be highlighted on the website.

Contact us

For any questions about this policy or how we handle your personal data, email hello@theolivestudio.com.