Privacy Policy

How we collect, use, and protect your data. Last updated January 2025.

MFM Studio ("we", "us", "our") respects your privacy. This policy explains how we collect, use, store, and protect your personal data when you use our website or services. We comply with UK GDPR and the Data Protection Act 2018.

1. Who we are

MFM Studio is a UK-based web design business. We build and maintain websites for businesses. Our contact details are available on the Contact page.

2. Data we collect

We may collect:

  • Contact details — Name, email, phone number when you submit an enquiry form
  • Project information — Business name, website requirements, and content you provide for a project
  • Technical data — IP address, browser type, device type when you visit our site (for security and analytics)
  • Cookies — Theme preference and basic usage data (see section 5)

3. How we use your data

We use your data to:

  • Respond to enquiries and provide quotes
  • Deliver website design, build, and support services
  • Send project updates and invoices where agreed
  • Improve our website and services
  • Comply with legal obligations

We do not sell your data to third parties.

4. Legal basis

We process your data on the following bases:

  • Contract — To fulfil services you have requested
  • Legitimate interests — To respond to enquiries and improve our site
  • Consent — For marketing communications (only where you opt in)

5. Cookies

Our site uses essential cookies to remember your theme preference (light or dark mode) and basic session data. These are stored in your browser. We do not use advertising or third-party tracking cookies. You can clear cookies in your browser settings at any time.

6. Third parties

We may share data with:

  • Form processors — To handle contact form submissions (e.g. Formspree)
  • Hosting providers — To host your website and our own site
  • Analytics — Only if we use them, and only in anonymised form

These providers process data under contract and in line with UK data protection law.

7. Data retention

We keep enquiry and project data for as long as needed to deliver services and handle follow-ups. After a project ends, we retain records for up to 7 years for legal and accounting purposes, then delete or anonymise them. You can ask us to delete your data earlier where we have no legal duty to keep it.

8. Your rights

Under UK GDPR you have the right to:

  • Access — Request a copy of the data we hold about you
  • Rectification — Ask us to correct inaccurate data
  • Erasure — Ask us to delete your data in certain circumstances
  • Restrict processing — Limit how we use your data
  • Object — Object to processing based on legitimate interests
  • Data portability — Receive your data in a structured format

To exercise these rights, contact us via the Contact page. You also have the right to complain to the ICO (Information Commissioner's Office).

9. Security

We take reasonable steps to protect your data, including secure forms, encryption where appropriate, and access controls. No method of transmission over the internet is 100% secure, but we follow good practice.

10. Changes

We may update this policy from time to time. The "Last updated" date at the top will change. We encourage you to review this page periodically.

11. Contact

For questions about this policy or your data, get in touch via our Contact page.

← Back to home