PRIVACY POLICY – TOKEN STUDIO ARCH 76
Last Updated: July 2025
Governing Law: England & Wales
1. Controller Information
Token Studio Arch 76
Email: [info@tokenstudio.co.uk]
2. Data We Collect & Why
Data Type Purpose Legal Basis
Name, Email, Phone Booking confirmations, account management Contractual Necessity
Payment Details* Processing workshop fees Contractual Necessity
Voucher Codes Validating third-party bookings Legitimate Interest
Photos/Videos Marketing (with explicit consent)Consent
Emergency Contact Safety during workshops Vital Interest
*Note: We never store card details. Payments via PCI-DSS compliant processors (Stripe/PayPal).
3. How We Share Your Data
Third-Party Platforms:
Voucher issuers (e.g., RedLetterDays) for validation
Payment gateways (Stripe/PayPal)
Email service (e.g., Mailchimp) for booking confirmations
Legal Obligations: Disclosed only if required by UK law (e.g., HMRC, courts).
Never sold to advertisers or third parties.
4. Data Retention
Data Type Retention Period
Booking Records 3 years (financial compliance)
Liability Waivers 7 years (legal protection)
Uncollected Pottery Records 60 days post-notification
Marketing Consents Until withdrawn
5. Your Rights (GDPR/UK DPA 2018)
You may request:
Access to your data
Correction of errors
Deletion (where no legal basis exists)
Withdraw marketing consent
Submit requests to: [info@tokenstudio.co.uk] (Response within 30 days).
6. Cookies
Essential: Session cookies (for booking system functionality).
Analytical: Google Analytics (anonymized – opt-out via browser).
No non-essential cookies without prior consent.
7. Security Measures
SSL encryption on all data transmissions.
Password-protected booking systems.
Staff trained in GDPR compliance.
8. Policy Updates
Changes posted at: [Privacy Policy Page]
Material changes notified via email.