BackStudios.mlStudios.ml
Sign inGet Started
Privacy PolicyTerms of ServiceCookie PolicyGDPR CompliancePIPL ComplianceCCPA NoticeData Processing AgreementAcceptable Use PolicySecurity
UK

UK GDPR Compliance

UK Data Protection

Studios.ml is committed to protecting the personal data of individuals in the United Kingdom in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

UK Representative

Our UK representative for data protection matters can be contacted at uk-privacy@studios.ml

1. Data Controller Information

Studios.ml, Inc. acts as a data controller for personal data collected from UK residents. Our registered address for UK data protection purposes is:

Studios.ml UK Operations
71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom

2. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract Performance: Processing necessary to fulfill our service agreement with you
  • Legitimate Interests: Processing for our legitimate business interests, balanced against your rights
  • Consent: Where you have given clear consent for specific processing activities
  • Legal Obligation: Processing required to comply with UK law

3. Your Rights Under UK GDPR

As a UK data subject, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain types of processing
  • Rights Related to Automated Decision-Making: Not be subject to solely automated decisions

4. International Data Transfers

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place:

  • UK adequacy regulations for approved countries
  • International Data Transfer Agreement (IDTA)
  • UK Addendum to EU Standard Contractual Clauses
  • Binding Corporate Rules where applicable

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by UK law. Retention periods are documented in our data retention policy.

6. Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Regular security assessments and penetration testing
  • SOC 2 Type II and ISO 27001 certified infrastructure
  • Employee training on data protection

7. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals without undue delay.

8. Contact the ICO

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
ico.org.uk

9. Contact Us

For any questions about UK GDPR compliance or to exercise your rights, contact our Data Protection Officer:

Last updated: January 2025