Privacy Policy

Last updated: 9 January 2025

This Privacy Policy explains how Blanc Story Studio ("we", "us", "our") collects, uses, stores, and shares personal data when you interact with us, including when you enquire about or book our event venue hire services.

1) Who we are (Data Controller)

Blanc Story Studio is the data controller for the personal data we process.

Contact email: contact@blancstorystudio.comBusiness address: 61 A Bury New Rooad, Mancheser

2) What personal data we collect

We may collect and process the following categories of personal data:

  • Identity and contact details: name, email address, phone number, social handles.

  • Booking details: event date/time, guest numbers, hire duration, add-ons requested (tables/chairs/arches/personalisation), viewing requests.

  • Payment and transaction details: payment status, amounts paid, invoices/receipts, and transaction references. (We do not store full card details; card payments are handled by our payment provider.)

  • Messages and communications: enquiries, emails, DMs, call notes, and customer service messages.

  • Photos/videos (if applicable): if you share media with us or if we capture content during viewings/events where you are identifiable.

  • Technical data (if applicable): if you visit our website, we may collect IP address, device/browser data, and cookie identifiers.

3) How we collect your data

We collect personal data when you:

  • Contact us with an enquiry

  • Book a viewing or venue hire

  • Pay a deposit or balance

  • Communicate with us via email, phone, social media, or messaging apps

  • Use our website (if applicable)

We may also receive limited information from third parties such as booking/payment providers (e.g., confirmation of payment).

4) Why we use your data (purposes)

We use your personal data to:

  • Respond to enquiries and provide quotes

  • Manage bookings, viewings, and venue hire arrangements

  • Take and reconcile payments, deposits, and refunds

  • Communicate important booking information (timings, access, policies, reminders)

  • Provide customer support and handle complaints or disputes

  • Maintain business records (accounting and legal compliance)

  • Improve our services and customer experience

  • Protect our business and customers from fraud or misuse

5) Our lawful bases for processing (GDPR)

Under the UK GDPR (and EU GDPR where applicable), we rely on the following lawful bases:

  • Contract: to take steps at your request before entering a contract (e.g., providing a quote) and to perform our contract with you (e.g., managing your booking).

  • Legitimate interests: to run and improve our business, communicate with customers, prevent fraud, and keep records—where these interests are not overridden by your rights.

  • Legal obligation: to comply with legal requirements (e.g., accounting/tax record keeping).

  • Consent: where required (e.g., certain marketing messages or non-essential cookies). You can withdraw consent at any time.

6) Marketing

We may contact you with updates or offers if you have asked to hear from us or where permitted by law.

You can opt out at any time by replying “unsubscribe” (or the equivalent) or by contacting us.

7) Cookies (website)

If we operate a website, it may use cookies and similar technologies.

  • Essential cookies help the site function.

  • Analytics cookies help us understand how visitors use the site.

  • Marketing cookies help us measure advertising performance.

Where required, we will request your consent for non-essential cookies. You can also control cookies through your browser settings.

8) Who we share your data with

We only share personal data when necessary, including with:

  • Booking and scheduling providers (e.g., to manage appointments)

  • Payment providers (e.g., to process card payments)

  • Professional advisers (accountants, legal advisers)

  • Service providers who support our operations (e.g., email, cloud storage)

We require service providers to protect your data and only use it for the services they provide to us.

We do not sell your personal data.

9) International transfers

Some of our service providers may store or process data outside the UK/EEA.

Where this happens, we ensure appropriate safeguards are in place (such as adequacy regulations or standard contractual clauses) to protect your personal data.

10) How long we keep your data (retention)

We keep personal data only as long as necessary for the purposes described above.

Typical retention periods may include:

  • Booking and payment records: kept for as long as needed for accounting/tax and to manage disputes (often up to 6 years in the UK).

  • Enquiry records (no booking): typically kept for a shorter period (e.g., up to 12–24 months) unless you ask us to delete them sooner.

11) Data security

We take appropriate technical and organisational measures to protect personal data, including access controls and secure systems.

No method of transmission or storage is 100% secure, but we work to protect your information and review our security practices.

12) Your data protection rights (GDPR)

Depending on your location, you have rights including:

  1. Right of access – request a copy of your personal data.

  2. Right to rectification – correct inaccurate or incomplete data.

  3. Right to erasure (“right to be forgotten”) – request deletion in certain circumstances.

  4. Right to restrict processing – request we limit how we use your data.

  5. Right to data portability – receive your data in a usable format and transfer it.

  6. Right to object – object to processing based on legitimate interests and to direct marketing.

  7. Rights related to automated decision-making – we do not typically use automated decision-making that produces legal or similarly significant effects.

To exercise your rights, contact us at contact@blancstorystudio.com.

13) Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to resolve it.

You also have the right to complain to your data protection authority:

  • UK: Information Commissioner’s Office (ICO) – https://ico.org.uk/

  • EU/EEA: your local supervisory authority

14) Children

Our services are not directed to children, and we do not knowingly collect personal data from children.

15) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will apply from the “Last updated” date above.