PRIVACY NOTICE

Jessica Digital Creative Studio

This Privacy Notice explains how Jessica Newman, trading as Jessica Digital Creative Studio, a sole trader operating under the laws of England and Wales ("the Contractor", "we", "us"), collects, uses, and protects personal data. We are registered with the Information Commissioner's Office (ICO) under registration number ZC186588.

1. Who We Are

1.1  Jessica Newman, trading as Jessica Digital Creative Studio, is the Data Controller for the personal data described in this Notice. We are based in England and process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Questions about this Notice or how your data is handled can be sent to hello@jessicadigitalstudio.com

2. What Personal Data We Collect

2.1 We may collect the following categories of personal data, depending on your relationship with us:

  • Contact details — name, email address, phone number, business name;

  • Enquiry and project information — details submitted via enquiry forms, Dubsado, Trello, Slack, Telegram, or WhatsApp in connection with a project or Brand Audit, including brand assets, briefs, and business information you choose to share;

  • Payment information — processed by Stripe and/or Dubsado on our behalf. For clients on a payment plan or retainer, Stripe securely stores your payment method to process future scheduled payments automatically, as set out in your signed service agreement. We do not store full card details ourselves;

  • Newsletter/marketing data — your email address and engagement with our emails, if you subscribe to our mailing list via Flodesk;

  • Website usage data — collected via Google Analytics and Google Search Console, including pages visited, general location, device/browser type, and how you found the website.

3. How We Use Your Data, and Our Legal Basis

3.1  We use personal data for the following purposes, relying on the following lawful bases under the UK GDPR:

  • To deliver a signed service agreement or Brand Audit — performance of a contract (Article 6(1)(b));

  • To respond to enquiries before any contract exists — our legitimate interest in responding to prospective clients (Article 6(1)(f));

  • To meet tax, accounting, and legal record-keeping obligations — legal obligation (Article 6(1)(c));

  • To send newsletter or marketing emails — your consent (Article 6(1)(a)), which you may withdraw at any time by unsubscribing;

  • To understand and improve website performance via analytics — your consent, given via our cookie banner (Article 6(1)(a)).

4. Cookies and Analytics

4.1  Google Analytics uses cookies and similar technologies to collect anonymised or pseudonymised information about how visitors use the website. Google Search Console does not collect data directly from visitors but provides us with aggregated search performance information.

4.2  Where analytics cookies are not strictly necessary for the website to function, we will ask for your consent via a cookie banner before they are set, in accordance with the Privacy and Electronic Communications Regulations (PECR). You can withdraw consent or manage cookie preferences at any time via the cookie banner on this website.

5. Who We Share Data With

5.1  We use the following third-party service providers to process personal data on our behalf:

  • Dubsado — client enquiries, proposals, invoicing, and Brand Audit checkout and intake;

  • Stripe — payment processing;

  • Flodesk — newsletter/mailing list;

  • Trello — project briefs and content management;

  • Slack, Telegram, and/or WhatsApp — client communication, depending on the service booked;

  • Google Analytics and Google Search Console — website analytics.

5.2  We take reasonable steps to ensure any third-party processor we use provides an appropriate level of data protection. We do not sell personal data to third parties.

5.3  Artificial Intelligence Tools: we use AI tools to support our internal creative workflow. We do not input personal data, confidential information, financial data, legal documents, or other sensitive client material into AI tools. Only anonymised, non-identifiable, project-relevant information is used to assist the creative process. As only anonymised, non-identifiable information is used, these AI tools are not treated as processors of personal data under UK GDPR.5.4 Client's Own Customer Data: we do not expect clients to share personal data relating to their own customers, audience, or mailing lists with us. Where a client wishes to do so for a specific project, a separate Data Processing Agreement will be put in place beforehand, in line with Article 28 UK GDPR.

6. International Transfers

6.1  Where any third-party processor listed in Section 5 stores or processes personal data outside the UK or European Economic Area, we ensure an appropriate safeguard is in place, such as an adequacy decision or Standard Contractual Clauses, as required under UK GDPR.

7. How Long We Keep Your Data

7.1  We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Project files and client contact details are generally retained for up to six (6) years following completion of the relevant service, unless a longer retention period is required by law or is reasonably necessary to establish, exercise, or defend legal claims.

7.2  Where an enquiry does not result in a signed service agreement, we will retain that enquiry data only for as long as reasonably necessary to follow up, or until you ask us to delete it.

7.3  Newsletter subscriber data is retained until you unsubscribe or request deletion.

8. Your Rights

8.1  Under UK GDPR, you have the right to request access to, correction of, or deletion of your personal data, and to object to or restrict certain processing. You can exercise these rights by contacting hello@jessicadigitalstudio.com.

8.2  You have the right to withdraw consent at any time (for example, by unsubscribing from our newsletter or declining analytics cookies), without affecting the lawfulness of processing carried out before withdrawal.

8.3  You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk  if you believe your data has been handled unlawfully.8.4 Where processing is based on consent or contract and carried out by automated means, you may also have the right to data portability in accordance with UK GDPR8.4 If your payment details are stored by Stripe for recurring payments, you may request their removal at any time by contacting hello@jessicadigitalstudio.com. Removing stored payment details does not affect any payment obligations under your signed service agreement; an alternative payment method will need to be arranged.

9. Children's Data

9.1  Our services are intended for businesses and individuals acting in a business capacity. We do not knowingly collect personal data from children.

10. Changes to This Notice

10.1  We may update this Privacy Notice from time to time. The version published on our website is the current version. Material changes will be reflected by an updated publish date.

11. Contact

11.1  Questions about this Privacy Notice, or requests relating to your personal data, can be directed to hello@jessicadigitalstudio.com.