top of page

Privacy Policy for The Sticky Studio

​

1. Introduction

The Sticky Studio is committed to protecting the privacy and personal data of our customers. This General Data Protection Regulation (GDPR) policy outlines how we collect, use, store, and protect the personal data of parents/guardians and their children who participate in our art and craft classes for babies and toddlers.

​

2. Data Controller

The Sticky Studio is the data controller for the personal data processed under this policy. Our contact details are: The Sticky Studio

272 Worton Road TW7 6EE

Hello@thestickystudio.com

07454284109 - 07525708534

​

3. Types of Data Collected

We may collect and process the following types of personal data:

  • Parent/Guardian Information:

    • Full Name

    • Email Address

    • Phone Number

    • Emergency Contact Details (name and phone number of an alternative contact person)

    • Payment Information (processed securely by third-party payment providers – we do not store full payment card details)

    • Any relevant medical information about the parent/guardian that may impact their participation or ability to supervise their child.

  • Child Information:

    • Child's First Name

    • Child's Date of Birth (for age-appropriate class placement)

    • Any relevant medical information, allergies, or special needs that may impact their participation or require specific accommodations during classes (e.g., severe allergies, mobility issues).

  • Photographic/Video Consent:

    • We may request consent to take photographs or videos of children participating in classes for promotional purposes (e.g., social media, website). This is always optional, and explicit consent will be obtained.

    • ​

4. Lawful Basis for Processing

We will only process personal data when we have a lawful basis to do so. Our lawful bases for processing include:

  • Contract: Processing is necessary for the performance of a contract with you (e.g., to provide the art and craft classes you have booked).

  • Legitimate Interests: Processing is necessary for our legitimate interests, provided these do not override your fundamental rights and freedoms (e.g., to manage bookings, communicate class updates, improve our services, prevent fraud).

  • Consent: Where required, we will obtain your explicit consent for specific processing activities (e.g., for marketing communications, taking photographs/videos). You have the right to withdraw your consent at any time.

  • Legal Obligation: Processing is necessary to comply with a legal obligation (e.g., for tax purposes, safeguarding).

 

5. How We Collect Data

We collect personal data through various methods, including:

  • Online Booking Forms: When you register for a class through our website or booking platform.

  • In-Person Registration: If you register directly at a class or event.

  • Email and Phone Communications: When you contact us with inquiries or provide information.

  • Consent Forms: For specific purposes like photography.

 

6. How We Use Data

We use the collected personal data for the following purposes:

  • To provide and manage our art and craft classes:

    • Processing bookings and payments.

    • Communicating class schedules, changes, and updates.

    • Managing attendance and class registers.

    • Ensuring the safety and well-being of all participants, particularly concerning medical information or special needs.

  • To communicate with you:

    • Responding to inquiries and feedback.

    • Sending important service announcements.

    • With your consent, sending marketing communications about our classes, offers, or events.

  • To improve our services:

    • Analysing participation trends to develop new classes and activities.

    • Gathering feedback to enhance class content and delivery.

  • For safeguarding and safety:

    • Having emergency contact details for unforeseen circumstances.

    • Being aware of medical conditions or allergies to ensure a safe environment.

  • For legal and regulatory compliance:

    • Maintaining accurate records for tax and accounting purposes.

    • Complying with any legal obligations related to safeguarding children.

 

7. Data Sharing

We will not share your personal data with third parties unless:

  • It is necessary for the provision of our services: For example, with a secure third-party payment processor to facilitate payments. We ensure any third parties we work with are GDPR compliant.

  • We have your explicit consent: For example, sharing a testimonial with your permission.

  • We are legally required to do so: For example, in response to a court order or other legal process.

  • For safeguarding reasons: If there are serious concerns about the welfare of a child, we may be required to share information with relevant authorities (e.g., social services, emergency services).

We will never sell or rent your personal data to third parties for marketing purposes.

 

8. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Booking and Payment Records: Typically retained for [e.g., 7 years] for tax and accounting purposes after your last class.

  • Child Medical/Special Needs Information: Retained for the duration of the child's participation in classes and for a short period thereafter (e.g., 6-12 months) in case of any follow-up required, then securely deleted.

  • Consent for Photography/Marketing: Retained as long as consent is active or until you withdraw it.

  • Inquiries/Correspondence: Retained for a reasonable period to manage ongoing relationships and improve customer service.

Once data is no longer required, it will be securely deleted or anonymised.

 

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Secure online booking platforms: Using reputable providers with strong security protocols.

  • Password protection: For all digital data and systems.

  • Restricted access: Limiting access to personal data to only those employees or contractors who need it to perform their duties.

  • Regular backups: To prevent data loss.

  • Physical security: For any paper records.

 

10. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • The right to be informed: About how your data is being used.

  • The right of access: To obtain a copy of the personal data we hold about you.

  • The right to rectification: To request that inaccurate or incomplete data be corrected.

  • The right to erasure ("the right to be forgotten"): To request the deletion of your personal data in certain circumstances.

  • The right to restrict processing: To request that we limit the way we use your data in certain situations.

  • The right to data portability: To receive your personal data in a structured, commonly used, and machine-readable format.

  • The right to object: To the processing of your personal data in certain circumstances, including for direct marketing.

  • Rights in relation to automated decision-making and profiling: We do not currently engage in automated decision-making or profiling.

To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within one month.

 

11. Children's Privacy

We understand the importance of protecting the privacy of children. Given the nature of our classes for babies and toddlers, we primarily collect personal data from parents/guardians, who act on behalf of their children. We will always seek parental consent for any processing activities directly related to children where required by law (e.g., photography).

 

12. Changes to this Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website or by other appropriate means.

 

13. Complaints

If you have any concerns about how we handle your personal data, please contact us in the first instance. We will do our best to resolve your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Helpline number: 0303 123 1113 ICO website: www.ico.org.uk 

​

Policy Last Updated: July 2025

bottom of page