Skip to main content

Privacy Policy

Last updated: May 2026

  1. Home
  2. Privacy Policy

1. Who We Are

Quanta Digital Studio is a trading name of QUANTA DIGITAL STUDIO LTD (Company No. 17250035), registered in England and Wales. Our registered office is Suite RA01, 195-197 Wood Street, London, E17 3NU. ICO Registration Number: ZC165024.

We are the data controller for personal data collected through this website (quantadigital.co.uk). This means we determine how and why your data is processed.

If you have any questions about this policy or your data, contact us at hello@quantadigital.co.uk.

2. What Data We Collect

Information you provide directly

Contact form: When you submit an enquiry, we collect your name, email address, enquiry type, and message. If you request a consultation, we also collect your phone number and preferred date and time. If you enquire about a membership or standalone service, we collect your tier or service preferences.

Newsletter subscription: When you subscribe to our insights newsletter, we collect your email address. Providing your name is optional.

Information collected automatically

Your IP address is automatically collected when you interact with our website (contact form submissions, newsletter subscriptions). It is encrypted before storage and retained solely for security, spam prevention, and audit purposes.

Our website uses a session cookie to maintain your browsing state and a CSRF token for security. These are strictly necessary for the website to function.

What we do NOT collect

We do not collect sensitive personal data (such as health information, biometric data, or political opinions). We do not store payment card details. Our services and communications are intended for business professionals. We do not knowingly collect personal data from anyone under the age of 13.

3. How We Use Your Data

  • Respond to enquiries and provide information about our services.
  • Send our insights newsletter to confirmed subscribers (double opt-in, consent required).
  • Improve and secure our website — detect and prevent spam, abuse, and unauthorised access.
  • Comply with legal obligations — maintain records as required by applicable law.

We never sell your personal data to third parties. We do not use your data for automated decision-making or profiling. We do not use your data to train artificial intelligence models.

4. Legal Bases for Processing (UK GDPR)

Under the UK General Data Protection Regulation, we process your data on the following lawful bases:

  • Consent: Newsletter subscription. You provide explicit consent by completing the double opt-in process. You can withdraw consent at any time by clicking the unsubscribe link in any email or contacting us.
  • Legitimate interests: Responding to enquiries you submit via our contact form, maintaining security logs, and preventing fraud. We have assessed that these interests do not override your rights and freedoms.
  • Legal obligation: Where we are required to retain records for tax, accounting, or regulatory purposes.

5. Who We Share Your Data With

We use the following third-party service providers to operate our website and deliver our services. All are contractually bound to process data only on our instructions and maintain appropriate security standards. We do not sell data to any of these providers.

Resend — Email Delivery

We use Resend (resend.com) to send transactional and marketing emails. Resend receives your email address, name, and the content of the email in transit. Resend is US-based and GDPR-compliant through Standard Contractual Clauses. Resend Privacy Policy.

Hetzner — Hosting

Our website is hosted on Hetzner (hetzner.com) servers located in Germany. Hetzner processes data as a data processor under EU adequacy. Hetzner Privacy Policy.

Cloudflare R2 — Backup Storage

Encrypted database backups are stored on Cloudflare R2, an S3-compatible object storage service. R2 buckets can be configured with EU jurisdiction for data residency. Cloudflare Privacy Policy.

Google Maps — Embedded Maps

Our location pages embed Google Maps via an iframe. Google receives your IP address and the location query when the map loads. Google Privacy Policy.

Umami — Analytics

We use Umami (umami.is) for website analytics. Umami is privacy-focused: it does not use cookies, does not collect personal data, and does not track individuals across sites. Our instance is EU-hosted (cloud.umami.is). Umami Privacy Policy.

Cloudflare — DNS & Content Delivery

Our domain uses Cloudflare (cloudflare.com) for DNS and content delivery. Cloudflare receives visitor IP addresses as part of standard web traffic proxying and may set a strictly necessary bot-protection cookie. Cloudflare Privacy Policy.

We may also disclose your data if required by law, court order, or regulatory authority.

6. International Data Transfers

Some of our service providers process data outside the United Kingdom:

  • Resend (USA): Protected by Standard Contractual Clauses and Resend's certification under the EU-US Data Privacy Framework.
  • Hetzner (Germany): Located within the EU, which has an adequacy decision from the UK. No additional safeguards are required for hosting.
  • Cloudflare R2 (EU): Backup data stored in EU jurisdiction R2 buckets, within adequacy-decision territory.
  • Cloudflare (Global): May process data globally per their network architecture. Protected by Standard Contractual Clauses.
  • Umami (EU cloud): Hosted within the EU.

Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are:

Data Type Retention Period What Happens After
Contact enquiries (closed) 12 months Permanently deleted
Unconfirmed newsletter subscriptions 14 days Permanently deleted
Confirmed newsletter subscribers Until you unsubscribe + 90 days Permanently deleted
Website session data 30 minutes of inactivity Automatically expired
Encrypted database backups Rolling: 7 days all → +21 days 1 daily → +4 weeks 1 weekly → +6 months 1 monthly → +1 year 1 yearly → auto-deleted at 5 GB cap Automatically rotated and deleted

These retention periods are enforced through automated processes. If you request deletion of your data, we will remove it from our active systems promptly and it will naturally age out of backups within the retention period.

Client data: If a contact enquiry leads to a client relationship, the associated data is retained for the duration of the client engagement and any applicable legal or regulatory retention obligations.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption: All traffic is encrypted via HTTPS with HSTS preload. Database backups are AES-256-CBC encrypted. Session data is encrypted at rest. IP addresses are encrypted before storage and can only be decrypted using a cryptographic key held exclusively by Quanta Digital Studio Ltd.
  • Access control: Data is stored on access-controlled servers. Database access is password-protected and not exposed to the internet.
  • Application security: We use Content Security Policy headers, CSRF protection, rate limiting on all forms, and brute-force protection.

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

9. Cookies & Tracking

Our website uses only strictly necessary cookies:

  • Session cookie: Maintains your browsing session. Expires when you close your browser or after 30 minutes of inactivity.
  • CSRF token: Protects form submissions against cross-site request forgery. Essential for website security.

We do not use advertising cookies, profiling cookies, or third-party tracking cookies.

Our analytics (Umami) is privacy-focused and does not use cookies or collect personal data. Cloudflare may set a strictly necessary bot-protection cookie (__cf_bm) to distinguish legitimate traffic from bots.

You can disable cookies through your browser settings, but some website features may not function correctly without them.

10. Your Rights (UK GDPR)

Under the UK General Data Protection Regulation, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete data.
  • Right to erasure: Ask us to delete your personal data in certain circumstances.
  • Right to restrict processing: Ask us to limit how we process your data.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email us at hello@quantadigital.co.uk. We will respond within one month. There is no fee for making a request.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator. Visit ico.org.uk for more information.

11. Children's Data

Our website and services are intended strictly for business professionals and commercial use. We do not knowingly collect personal data from anyone under the age of 13. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

12. Third-Party Links

Our website links to third-party platforms including social media (Instagram, Facebook, LinkedIn, X/Twitter) and Google Maps. Clicking these links takes you to external websites. We are not responsible for their content or privacy practices. Please review their respective privacy policies before providing any personal data.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. The latest version is always available on this page, with the effective date shown at the top. Material changes may be communicated to newsletter subscribers via email.

14. Contact & Complaints

For questions about this privacy policy or to exercise your data rights:

  • Email: hello@quantadigital.co.uk
  • Postal: QUANTA DIGITAL STUDIO LTD, Suite RA01, 195-197 Wood Street, London, E17 3NU, United Kingdom

UK supervisory authority: Information Commissioner's Office (ICO)ico.org.uk