Privacy Policy for Chroma Collective
Chroma Collective (“we,” “our,” or “us”) is committed to protecting the privacy of our clients, website visitors, and anyone who interacts with our services, including Brand Identity Design, Editorial Layout and Publishing, Interactive and UI/UX Design, Experiential Design for Travel, Technology Product Styling, Book Cover and Interior Design, Digital Content Creation, and Marketing Asset Design. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
1. Information We Collect
We collect various types of information, including personal data, to provide and improve our creative services. The types of information we collect depend on the nature of your interaction with Chroma Collective.
- Information You Provide Directly: This includes information you give us when you inquire about our services, engage us for a project, sign up for newsletters, respond to a survey, or communicate with us. This may include your name, email address, phone number, company name, postal address, and details about your project or design needs.
- Information from Your Use of Our Online Platform: We may collect information about how you access and use our website. This can include IP addresses, browser types, operating systems, referring URLs, pages viewed, and the dates/times of visits. This data is primarily used for analytical purposes to improve our services and online presence.
- Information from Third-Party Sources: In some cases, we may receive information about you from third-party sources, such as business partners or public databases, where permitted by law and necessary for our services.
2. How We Use Your Information
We use the information we collect for the following purposes:
- To Provide and Manage Our Services: This includes fulfilling contracts for design projects, maintaining client relationships, and managing project-related communications.
- Communication: To respond to your inquiries, provide information about our services, send updates regarding your projects, and deliver newsletters or marketing communications you have opted into.
- Improvement of Services: To understand how our services are used, conduct analytics, research, and development to improve our design processes, service offerings, and the functionality of our online platform.
- Legal and Security Purposes: To comply with legal obligations, enforce our terms and conditions, and protect the security and integrity of our business and online platform.
3. Legal Basis for Processing Personal Data (GDPR)
For individuals in the European Economic Area (EEA) and the UK, we rely on the following legal bases for processing your personal data:
- Performance of a Contract: When processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (e.g., providing design services).
- Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, and your interests and fundamental rights do not override those interests (e.g., improving our services, marketing activities where consent is not required).
- Consent: When you have given explicit consent for specific processing purposes (e.g., for certain marketing communications). You have the right to withdraw your consent at any time.
- Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject.
4. Disclosure of Your Information
We do not sell your personal data. We may share your information with:
- Service Providers: Third-party vendors and service providers who perform services on our behalf (e.g., website hosting, analytics, payment processing, professional advisors). These providers are contractually obligated to protect your data and only use it for the purposes for which we disclose it to them.
- Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
- Legal Requirements: When required to do so by law, court order, or governmental regulation, or if we believe in good faith that such action is necessary to comply with legal processes or protect the rights, property, or safety of Chroma Collective, our clients, or the public.
5. Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. This includes encryption, access controls, and regular security assessments. While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure.
6. International Data Transfers
As a company based in the United Kingdom, your data will primarily be processed within the UK and EEA. If we transfer personal data to countries outside the UK or EEA, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or reliance on adequacy decisions, to ensure your data is afforded a similar level of protection.
7. Your Data Protection Rights (GDPR)
If you are in the EEA or UK, you have certain rights regarding your personal data:
- Right to Access: You have the right to request a copy of the personal data we hold about you.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
- Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data under certain circumstances.
- Right to Restrict Processing: You have the right to request the restriction of processing of your personal data under certain conditions.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
- Right to Object: You have the right to object to the processing of your personal data under certain circumstances, including processing for direct marketing purposes.
- Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement. In the UK, this is the Information Commissioner's Office (ICO).
To exercise any of these rights, please contact us at the address provided below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post any new Privacy Policy on this page and update the "last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
10. Contact Us
If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us:
Chroma Collective
7 Park Crescent, Flat 3B,
London, Greater London, W1B 1PB, United Kingdom