Privacy Policy

1. Introduction
HNB Studio is committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and secure your information when you visit our website or use our services.

2. Who we are & Contact Details
We are HNB Studio Ltd. We are the data controller.
Contact: info@hnbstudio.co.uk.
If you have questions about this policy or wish to exercise your rights, please get in touch.

3. What Data We Collect & When
We collect personal data when you:

  • Book or attend classes (via our website or booking provider)
  • Sign up for newsletters or make enquiries
  • Complete health questionnaires or feedback forms
  • Types of data include:
  • Contact details (e.g. name, email, phone)
  • Health and medical information (optional, via form)
  • Booking and payment history
  • Website usage data (IP address, browser type)
  • Marketing preferences and newsletter sign‑ups

4. How & Why We Use Your Data (Lawful Bases)
We process data under these UK GDPR lawful bases:

  • Contract: to manage your bookings and studio services.
  • Consent: for newsletters, feedback requests, or marketing.
  • Legitimate interest: personalized offers or improving services (balanced against your rights) 

5. Data Sharing With Third Parties
We may share your data with carefully selected third parties:

  • Booking and payment platform 
  • Accounting software provider 
  • Newsletter or email-marketing platforms
  • Web hosting or analytics providers

Sharing only occurs under GDPR-compliant agreements. We do not sell your data 

6. Cookies & Tracking
Our website uses cookies and similar technologies to:

  • Understand site usage
  • Remember preferences
  • Provide a smoother, personalised experience

You can manage or delete cookies via your browser settings or our cookie banner.

7. Data Retention
We retain your personal data only as long as necessary for the purposes stated above. For example:

  • Marketing preferences: until you unsubscribe
  • Health forms: securely deleted once no longer needed

We will delete or anonymize your data once it’s no longer required. 

8. Your Rights Under UK GDPR
You have the right to:

  • Access, correct, delete, or restrict your data
  • Withdraw consent on marketing emails anytime
  • Lodge a complaint with the ICO (Information Commissioner’s Office) if you believe there’s a breach or misuse of your data 

To exercise any rights or ask questions, contact us using the details above.

9. Data Security
We take reasonable measures to protect your data, including:

  • Access controls
  • Encryption of sensitive information
  • Staff training and confidentiality agreements

While no system is completely risk-free, we follow industry best practices to maintain security.

10. Policy Updates
We may update this policy periodically. The latest version will always be posted here, and we may notify you of major changes (via email or site notice).