Privacy Architecture
At webdesignbureau, we treat data with the same architectural rigor as our design systems. This policy outlines our commitment to the General Data Protection Regulation (GDPR) and how we handle the personal identifiers of our clients and visitors within our London atelier operations.
Data Collection
Parameters
We do not engage in broad-spectrum data harvesting. Our collection is surgical, limited to what is necessary for high-performance design delivery and professional communication.
"We prioritize the integrity of your intellectual property. Project-related data is housed in isolated environments, accessible only to the design leads assigned to your brief."
Security Baseline
Our studio applies industrial-grade encryption standards. Data security is not a feature but the foundational layer of our digital architecture.
Encryption
All data in transit is protected via TLS 1.3, while resting data utilizes AES-256 encryption. We utilize hardware-bound security keys for internal studio access.
Sovereignty
We host primarily on London-based server infrastructure (UK South). This ensures that your data remains subject to UK jurisdiction and high-tier compliance standards.
Integrity
Quarterly penetration testing is conducted on all studio assets. We maintain a zero-trust network policy for all remote and in-studio design workstations.
Physical Access Controls
Our studio at 160 City Rd employs 24/7 security monitoring and biometric access logs. Client sensitive data is never stored on physical unencrypted drives within the office.
Your Sovereignty
Under the direct mandate of the Information Commissioner’s Office (ICO), you retain full rights over your personal identifiers. We facilitate all request types with zero friction.
Submit formal requestAccess and Portability
You have the right to request a machine-readable ledger of all personal data we hold. Data requests are fulfilled within 30 calendar days of verification. We provide these exports in strictly structured JSON or CSV formats to ensure portability.
Rectification & Deletion
Known as the 'Right to be Forgotten.' You may request the absolute erasure of your personal records from our active servers. This excludes data we are legally mandated to retain for HM Revenue & Customs (HMRC) purposes.
Objection of Processing
You may restrict how we use your data, specifically regarding marketing communications or automated profiling. Note: webdesignbureau does not currently utilize automated decision-making or behavioral profiling tools for any client service.
Legal Dispute Resolution
Any concerns regarding our data practices should first be directed to our Data Protection Lead. If we do not resolve your concern, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
Processor Architecture
We select our sub-processors based on rigorous ISO 27001 and SOC2 compliance audits. Data is shared only where strictly essential for operation.
Invoicing Portals
Used for transactional data and UK tax compliance records. Encrypted at REST.
Hosting Stacks
AWS and Vercel infrastructure based in the London region. Full GDPR DPA in place.
Project Pipeline
Client relationship records and communication logs. No marketing tracking enabled.
Studio Email
Enterprise-grade communication server with S/MIME encryption capabilities.
All systems are monitored 24/7/365 for anomalous activity. We maintain an incident response plan designed to notify users of high-risk breaches within 72 hours.
Privacy Inquiry?
Should you have questions regarding this architecture, our Data Protection Lead is available at the studio.