Privacy Policy
Last Updated: 04 Nov 2024
Lapis AI Studio Limited’s Privacy and Data Protection Policy ("Privacy Policy")
At Lapis AI Studio Limited (“we”, “us”, or “our”), we prioritize safeguarding your privacy and Personal Data. We strictly adhere to the United Kingdom General Data Protection Regulation ("GDPR"), the Data Protection Act 2018, and all other applicable laws in the UK. This Privacy Policy outlines how we collect, process, and protect your data. It will also inform you about your privacy rights, how the law protects you, and outline our staff's obligations when handling data.
Individuals from whom we may collect and use data include:
-
Customers
-
Suppliers
-
Business contacts
-
Employees/Staff Members
-
Third parties connected to customers
-
Other relevant individuals in contact with our organization
This Privacy Policy applies to all employees and staff and to all Personal Data we handle.
Your Data Controller
Lapis AI Studio Limited is responsible for your Personal Data and acts as your Data Controller. While we are not legally required to appoint a Data Protection Officer, any queries regarding your data can be addressed to contact@lapisaistudio.com or by post at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
You have the right to contact the Information Commissioner’s Office (ICO), the UK authority for data protection issues (www.ico.org.uk), but we encourage you to first allow us to address your concerns.
Processing Data on Behalf of a Controller and Processor Responsibilities
As Data Controllers, we assign staff members (Processors) to manage your data on our behalf. The following responsibilities fall to the Data Controller and Processors:
-
Ensure all data processing is based on one of the legal grounds outlined in GDPR.
-
Processors must maintain confidentiality by law or contract.
-
Implement technical and organizational measures to mitigate data security risks.
-
Get authorization before engaging another Processor.
-
Assist Controllers with responding to requests from data subjects.
-
Provide Controllers with necessary information for GDPR compliance.
-
Maintain records of data processing activities.
-
Cooperate with supervisory authorities upon request.
-
Ensure data handlers process data only under Controller instructions.
-
Notify the Controller promptly of any data breaches.
Types of Data / Privacy Policy Scope
Personal Data refers to information that can identify an individual. We may collect, store, and use various types of Personal Data, including:
-
Profile/Identity Data: First name, last name, gender, date of birth.
-
Contact Data: Phone numbers, addresses, email addresses.
-
Marketing and Communications Data: Preferences for receiving information from us.
-
Billing Data: Payment details such as debit/credit card information.
-
Financial Data: Banking details such as account number and sort code.
-
Transactional Data: Records of payments made for our services/products.
We do not collect special categories of Personal Data, such as data about race, religion, health, or criminal offenses.
The Legal Basis for Data Collection
The GDPR allows for Personal Data collection and processing under several conditions:
-
Consent: Provided when, for example, you opt-in to receive marketing emails.
-
Contractual Obligations: Some data is necessary to fulfil our contracts with you.
-
Legal Compliance: Data may be collected for legal purposes, such as fraud prevention.
-
Legitimate Interests: We may collect data for legitimate business reasons without significantly impacting your rights, such as using your address for deliveries.
Our Data Uses
We will only use your Personal Data when permitted by law.
Marketing and Content Updates
Unless you request otherwise, we may send you marketing updates and content that might interest you. Occasionally, we may suggest products or services based on your interests.
Change of Purpose
We will use your Personal Data only for the purposes it was collected unless it is necessary for another purpose that is compatible with the original. If we need to use your data for a different purpose, we will inform you of the legal grounds allowing us to do so.
Your Rights and How You Are Protected by Us
Under GDPR, you have several rights, including:
-
Right to be informed about how your data is processed.
-
Right of access to view the Personal Data we hold.
-
Right to rectification to correct inaccurate data.
-
Right to erasure to delete your data under certain circumstances.
-
Right to object to data processing, particularly for marketing.
-
Right to restrict processing under specific conditions.
-
Right to data portability to transfer your data to another provider.
To exercise any of these rights, contact us at contact@lapisaistudio.com.
Your Control Over Lapis AI Studio Limited's Use of Your Personal Data
You can delete your account at any time, although we may not guarantee the deletion of all stored data. For assistance, contact us directly.
Your account is protected by a password, and you must take steps to secure your password and limit unauthorized access to your account.
How We Protect Your Personal Data
We are committed to ensuring the security of your data and safeguarding it from unauthorized disclosure. Any Personal Data we collect is accessible only to a limited number of employees with special access privileges and who are bound by strict confidentiality obligations. If we engage subcontractors to store your data, we will retain control over your Personal Data and will not expose it to security risks that would not have been present had we kept the data ourselves.
Please be aware that no method of data transmission over the internet can be guaranteed as entirely secure. Third parties outside of the control of Lapis AI Studio Limited may unlawfully intercept or access transmissions or private communications. While we make every effort to protect your Personal Data, we cannot guarantee or warrant the security of any information you transmit to us. Transmission of data is carried out at your own risk. If you believe that your interaction with us is no longer secure, please contact us immediately.
Opting Out of Marketing Promotions
You can opt out of marketing messages at any time, but we may retain other data from your interactions with us for non-marketing purposes.
How to Request Your Data and the Process for Obtaining It
You will not be required to pay a fee to access your Personal Data (or to exercise any of your other rights). However, if your request is manifestly unfounded, we reserve the right to refuse to fulfil your request.
To help verify your identity and confirm that you have the right to access your Personal Data (or exercise any of your other rights), we may ask you to provide specific information. This is a security measure to ensure that Personal Data is not shared with anyone who is not authorized to receive it. We may also contact you for further details regarding your inquiry to expedite our response.
Your Data and Third Parties
We may share non-Personal Data with third parties. Personal Data may be shared with subcontractors or affiliates, subject to confidentiality agreements, and used solely for the purposes for which it was disclosed, in accordance with our instructions.
In the event of a change in control, acquisition, or the licensing of our technology, Personal Data may be transferred to the acquiring entity, whose Privacy Policy may govern its further use.
We may also share your Personal Data if required for legal purposes or to enforce our terms or this Privacy Policy.
Third-Party Links
Our site may contain links to third-party websites, and we are not responsible for their privacy practices.
Cookies and Tracking Technologies
Our website may use cookies and similar tracking technologies to enhance your user experience and analyse website traffic. Cookies are small text files placed on your device that help us recognize your device on subsequent visits.
We use the following types of cookies:
-
Essential Cookies: Necessary for the operation of our website.
-
Analytical Cookies: Help us understand how visitors interact with our website by collecting information anonymously.
-
Marketing Cookies: Used to deliver advertisements relevant to you and your interests.
You can manage your cookie preferences through your browser settings. Disabling cookies may impact your experience on our website and limit functionality.
Data Breach Notification
In the unlikely event of a data breach that may impact your Personal Data, we will take all necessary measures to assess the breach and its implications. If it is determined that your rights and freedoms may be adversely affected, we will notify you without undue delay, in compliance with GDPR requirements.
Data Sharing with Law Enforcement
We may share your Personal Data with law enforcement agencies, governmental authorities, or regulatory bodies as required by law or in response to valid legal requests. We will notify you unless prohibited by law.
How Long We Retain Your Data
We will retain your Personal Data for as long as necessary for its purpose or as required by law.
Age Limit for Our Users
You must be 18 or older to use Lapis AI Studio Limited. We do not knowingly collect data from children.
User Responsibilities
You must ensure that any Personal Data you provide is accurate and up to date. Protect your account credentials, secure your device, and comply with applicable laws when using our services.
International Transfer of Data
Your data may be stored and processed outside the UK. By using our services, you consent to these transfers.
Notification of Changes and Acceptance of Policy
We regularly review this Privacy Policy and post updates here. By using Lapis AI Studio Limited, you agree to this policy.
Interpretation
In this Privacy Policy, all instances of "including" mean "including but not limited to." Our staff members are not authorized to enter into contracts on behalf of Lapis AI Studio Limited or waive rights unless specified.
