Leap Studio Privacy Policy

——————————————————————————————————————————————————————————————-

1. Introduction

Leap Studio Limited (“we”, “us”, or “our”) is committed to protecting your privacy and safeguarding your personal data.

This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. Please read this policy carefully to understand how we handle your personal data.

2. Data Controller

Leap Studio Limited is the data controller responsible for your personal data.

Contact details: Leap Studio Limited Data Protection Officer

Email: privacy@leapstudio.co.uk

3. Personal Data We Collect

We may collect and process the following categories of personal data: Identity and contact information, including name, postal address, email address, and telephone number Identification and verification data, such as passports, driving licences, or electronic identity checks where required

Children’s information, limited strictly to what is necessary for identification purposes (e.g. name, age, gender)

Technical data, including IP address, browser type, cookies, log data, and usage information when you visit our website or use our services

Publicly available information Images and recordings, including CCTV footage and recordings of online meetings or calls

Service-related information, including: Communications and correspondence with you Records of services provided or proposed

Complaints, enquiries, feedback, surveys, and research responses

Information received from third parties, such as employers, clients, subcontractors, suppliers, or publicly available sources

4. How We Use Your Personal Data

We use your personal data for the following purposes:

To perform contracts with you, your employer, or our clients

To comply with legal and regulatory obligations To manage and administer our business operations

To provide, improve, and manage our services

To communicate with you, including responding to enquiries and service updates

For marketing and business development, where permitted by law or where you have provided consent

To carry out research, surveys, and analysis

To protect our legal rights and prevent fraud Where appropriate, we may anonymise or pseudonymise personal data so it can no longer be associated with you.

5. Lawful Bases for Processing

We process personal data under one or more of the following lawful bases: Performance of a contract Legal obligation Legitimate interests, provided these do not override your rights and freedoms Consent, where required (for example, direct marketing communications) Where processing is based on consent, you may withdraw your consent at any time.

6. Failure to Provide Personal Data

If you do not provide personal data when requested, we may be unable to: Perform a contract with you or your employer Comply with legal or regulatory obligations Provide certain services

7. Data Sharing and Disclosure

We may share your personal data with: Third-party service providers, including IT and cloud providers, professional advisers, insurers, marketing providers, and financial institutions

Regulators, authorities, or law enforcement, where required by law

Third parties involved in a business sale, merger, or restructuring

All third-party processors are required to implement appropriate security measures and may only process personal data in accordance with our instructions.

8. International Data Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as: UK adequacy regulations Standard contractual clauses Other lawful transfer mechanisms

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, accounting, or reporting requirements.

When determining retention periods, we consider: The nature and sensitivity of the data Legal and regulatory obligations

Business needs Whether the data can be anonymised

10. Data Security

We have implemented appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure.

Access to personal data is restricted to employees, contractors, and third parties with a legitimate business need and subject to confidentiality obligations. We maintain procedures to manage data breaches and will notify affected individuals and regulators where legally required.

11. Your Data Protection Rights

Under UK GDPR, you have the right to: Request access to your personal data

Request correction of inaccurate or incomplete data

Request erasure of your personal data

Object to processing based on legitimate interests or for direct marketing Request restriction of processing

Request data portability where applicable

Withdraw consent at any time where processing is based on consent

We may request proof of identity before responding to a request. We aim to respond within one month.

12. Complaints

If you have concerns about how we handle your personal data, you have the right to complain to the Information Commissioner’s Office (ICO): Website: https://ico.org.uk Telephone: 0303 123 1113

We encourage you to contact us first so we can try to resolve your concern.

13. Cookies

We use cookies and similar technologies.

Please see our Cookie Policy for further information on how we use cookies and how you can manage your preferences.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any significant changes will be posted on our website.