PRIVACY POLICY
Privacy Notice (UK GDPR / Data Protection Act 2018)
Last updated: 2025
This Privacy Notice explains how NB Monument Design Studio Ltd. (“we”, “us”, “our”) collects, uses, discloses, stores, and protects personal data when you visit our website, contact us, request a quotation, submit materials (including photographs), or purchase our services.
1. Data Controller
NB Monument Design Studio Ltd. is the data controller for the personal data described in this Privacy Notice.
Email: info@monumentdesignstudio.com
Address: 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
2. ICO Registration
We are registered with the UK Information Commissioner’s Office (ICO) for data protection purposes.
ICO Registration Number: ZC040690
3. Definitions
Personal data means information relating to an identified or identifiable individual.
Processing means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Client Materials means photographs, files, and any content you submit for the purpose of service delivery.
4. Categories of Personal Data We Process
We may process the following categories of personal data, depending on the nature of our engagement:
Identity and contact data: name, company name, email, telephone number, country/region.
Communications data: emails, messages, instructions, approvals, revision requests, and project notes.
Client Materials (image data): photographs and related files you submit for restoration, retouching, compositing, colourisation, and/or engraving-ready preparation.
Billing and transactional data: invoices, payment references, transaction identifiers and payment status (we do not store full card details).
Limited technical data: basic website access data (e.g., IP address and device/browser information) where enabled by platform settings.
5. Special Category Data (If Included in Images)
Photographs may contain information that could be considered special category data (for example, health indicators or ethnicity). We do not request such information; however, it may be present within Client Materials you supply. Where this occurs, we treat Client Materials as confidential and restrict access on a need-to-know basis.
6. Purposes of Processing and Lawful Bases (UK GDPR)
We process personal data only where we have a lawful basis to do so, including:
Contract (Art. 6(1)(b)): to provide quotations, deliver services, supply previews, process revisions, and deliver final files.
Legitimate interests (Art. 6(1)(f)): to operate our business, maintain service records, ensure quality control, prevent fraud/abuse, and enforce our contractual terms (balanced against your rights).
Legal obligation (Art. 6(1)(c)): to meet accounting, tax, and regulatory requirements.
Consent (Art. 6(1)(a)): where required (for example, optional marketing communications or publication of your work in our portfolio).
7. Confidentiality of Client Materials
Client Materials are handled as confidential business information:
used exclusively to deliver the service you request;
not sold, licensed, or shared for marketing;
not published publicly without your express written permission;
retained only for the period set out in Section 12 (unless you request earlier deletion and it is legally permissible).
8. AI-Assisted Processing and Third-Party Platforms
We may use AI-assisted tools within our internal workflows to support restoration and technical enhancement. Where third-party platforms or services are used, Client Materials are processed under confidentiality and for service delivery purposes only. We do not authorise third parties to use Client Materials for our marketing or for redistribution.
9. Data Sharing (Recipients) and Processors
We may share personal data strictly where necessary with:
payment processors (e.g., PayPal, Stripe) and banking/transfer services (e.g., bank transfer, Wise);
communication and file-delivery services;
cloud storage providers used for secure delivery;
professional advisers (e.g., accountants) where required for compliance.
Where third parties process personal data on our behalf, they act as processors and are required to apply appropriate confidentiality and security measures.
10. International Data Transfers (UK / US / Worldwide Clients)
We serve clients internationally, including in the United Kingdom and the United States. Where personal data is transferred outside the UK, we implement appropriate safeguards in line with UK GDPR, such as contractual protections and risk-based technical measures where appropriate.
11. Security Measures
We maintain appropriate technical and organisational measures designed to protect personal data, including controlled access, secure storage, and secure delivery practices. No method of transmission or storage is completely risk-free; however, we take reasonable measures to reduce risk.
12. Retention
Client Materials and project files: retained for 3 months following completion to support delivery, minor follow-up, and continuity of service, unless you request earlier deletion and it is legally permissible.
Invoices and accounting records: retained as required by UK legal and regulatory obligations.
13. Your Rights (UK GDPR)
Subject to applicable law, you may have rights to:
access your personal data;
rectify inaccurate data;
request erasure (in certain circumstances);
restrict processing;
object to processing based on legitimate interests;
data portability (where applicable);
withdraw consent where processing relies on consent.
Requests should be submitted to: info@monumentdesignstudio.com
14. Complaints
If you have concerns, please contact us first. You also have the right to complain to the UK Information Commissioner’s Office (ICO).
15. Updates to This Privacy Notice
We may update this Privacy Notice from time to time. The current version will be published on our website.