Customer Privacy Notice

This privacy notice tells you what to expect us to do with your personal information.

• Contact details

• What information we collect, use, and why

• Lawful bases and data protection rights

• Where we get personal information from

• How long we keep information

• Who we share information with

• Sharing information outside the UK

• How to complain

Contact details

Email

info@distancecolourstudios.com

What information we collect, use, and why

We collect or use the following information to provide and improve products and services for clients:

• Names and contact details

• Addresses

• Gender

• Pronoun preferences

• Occupation

• Date of birth

• Payment details (including card or bank information for transfers and direct debits)

• Financial data (including income and expenditure)

• Transaction data (including details about payments to and from you and details of products and services you have purchased)

• Usage data (including information about how you interact with and use our website, products and services)

• Information relating to compliments or complaints

• Records of meetings and decisions

We collect or use the following personal information for the operation of client or customer accounts:

• Names and contact details

• Addresses

• Purchase or service history

• Account information, including registration details

• Information used for security purposes

• Marketing preferences

We collect or use the following personal information for the prevention, detection, investigation or prosecution of crimes:

• Names and contact information

• Client accounts and records

• Financial information eg for fraud prevention or detection

We collect or use the following personal information for information updates or marketing purposes:

• Names and contact details

• Addresses

• Profile information

• Marketing preferences

• Purchase or account history

• Website and app user journey information

• IP addresses

We collect or use the following personal information for research or archiving purposes:

• Names and contact details

• Addresses

• Purchase or client account history

• Website and app user journey information

• IP addresses

We collect or use the following personal information to comply with legal requirements:

• Name

• Contact information

• Client account information

• Any other personal information required to comply with legal obligations

We collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details

• Addresses

• Payment details

• Account information

• Purchase or service history

• Relevant information from previous investigations

• Customer or client accounts and records

• Financial transaction information

• Correspondence

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.

• Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.

• Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.

• Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.

• Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.

• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.

• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• To provide and continuously enhance our colour grading services, allowing us to effectively manage your projects, deliver high-quality results, optimise our workflows based on your needs, and build strong client relationships. The benefits to clients include tailored, efficient, and continuously improving services, leading to better quality results. We ensure risks are minimised by collecting only necessary data, maintaining strict confidentiality, implementing robust security measures, adhering to data retention policies, and respecting all individual data rights. This processing is proportionate and supports a mutually beneficial, high-quality service.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• Our legitimate interest in processing personal information (such as client names, contact details, communication history, and project details) for the operation of client or customer accounts is essential for managing your relationship with us effectively and efficiently. This processing is necessary to:

•  Ensure accurate record-keeping of your projects and communications. - 

• Manage invoicing, payments, and account status.

• Maintain a clear overview of our ongoing and past collaborations.

• Address any queries, complaints, or claims related to your account.

• Detect and prevent fraud or unauthorized access to your account. 

These activities are integral to providing a streamlined and professional service, which benefits both you through efficient account management and us by enabling the smooth operation of our business, without causing undue impact on your privacy rights.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for the prevention, detection, investigation or prosecution of crimes are:

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• Our legitimate interest in processing personal information for the prevention, detection, investigation, or prosecution of crimes is to protect our business, our clients, and our systems from illegal activities, fraud, and security breaches. This processing is necessary to:

• Safeguard our financial interests and ensure secure transactions.

• Protect our systems and client data from unauthorized access or cyber threats.

• Comply with lawful requests from law enforcement or regulatory bodies, where a legal obligation may not directly apply but protecting our business and others is a legitimate concern. 

The benefits include enhanced security for client projects and financial transactions, and a more secure operating environment for all. We ensure risks are minimised by processing only strictly necessary data, maintaining robust security protocols, and only using this data for the specified purpose, always balancing our legitimate interest with the individual's rights and freedoms.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• Our legitimate interest in processing personal information for information updates or marketing purposes is to effectively communicate our services and relevant industry insights, fostering valuable professional relationships. This processing is necessary to:

• Inform existing and potential clients about our colour grading services, updates, and special offers.

• Share industry news or insights that may be of professional interest to them.

• Cultivate our professional network and grow our business, which in turn allows us to continue providing high-quality services.

The benefits include clients receiving relevant information that helps them in their own projects and sourcing, and allows us to maintain a sustainable business. We ensure risks are minimised by processing only necessary data, maintaining strict confidentiality, implementing robust security measures, and providing clear opt-out mechanisms. This processing is conducted in a balanced manner, respecting individual rights and freedoms.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for research or archiving purposes:

• Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• Our legitimate interest in collecting and using personal information for research or archiving purposes is to ensure the long-term effectiveness and continuous improvement of our services. This processing is necessary to:

• Efficiently recall past projects and client specifications for future reference, allowing for seamless adjustments or re-exports.

• Analyse trends in project types, technical requirements, and client feedback over time to inform service development and operational optimisation.

• Maintain a secure historical record of our work for internal reference and quality assurance. 

The benefits include providing clients with efficient project recall capabilities and ensuring our services remain cutting-edge and responsive to industry needs. We ensure risks are minimized by processing only necessary data, maintaining strict confidentiality, implementing robust security measures, adhering to defined data retention periods, and respecting all individual data rights. This processing is proportionate and supports a mutually beneficial, high-quality service.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information to comply with legal requirements:

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:

• Our legitimate interest in processing personal information for dealing with queries, complaints, or claims is to effectively resolve issues, maintain client satisfaction, and safeguard our business interests. This processing is necessary to:

• Investigate and respond to your inquiries or complaints promptly and fairly.

• Resolve any disputes that may arise, ensuring a professional and equitable outcome.

• Defend against potential claims and protect our legal rights.

• Use feedback from queries or complaints to improve our services and internal processes.

The benefits include efficient resolution for clients and continuous service improvement for us. We ensure risks are minimised by processing only necessary data, maintaining strict confidentiality, implementing robust security measures, and adhering to defined data retention periods, always balancing our legitimate interest with your rights and freedoms.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from

• Directly from you

• Publicly available sources

• Suppliers and service providers

• Third parties:

• Referral sources: When another freelancer, production company, or existing client refers a new potential client to us and provides contact details.

How long we keep information

We will only keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Here are our specific retention periods for key categories of personal information:

• Original Camera Media (Rushes)

• Deleted from our local storage 14 days after final project delivery, unless otherwise mutually agreed upon in writing. You are responsible for maintaining your own long-term backups.

• Colour Grading Project Files

• Retained for a period of 7 years from the date of final delivery. After this period, project files containing personal data are securely deleted or anonymised where possible.

• Work-in-Progress (WIP) Renders

• Deleted from our review platforms within 30 days of final project delivery/approval.

• Final Deliverables (on transfer platforms)

• Removed from our transfer platforms 30 days after delivery.

• Final Graded Masters (for Portfolio)

• We retain final graded master files, or clips extracted from them, for as long as they remain part of our active portfolio, showreels, and marketing materials. This is for the purpose of showcasing our work and attracting new business, as outlined in our Fair Usage & Promotional Policy.

• Physical Hard Drives (Uncollected)

• Drives not collected or returned within 30 days of project completion will be placed into secure, long-term storage, and you may incur storage fees thereafter.

• Client Contact & Account Details

• Retained for 7 years after your last active project or significant communication. This period allows us to manage ongoing client relationships, facilitate repeat business, address any future queries or complaints, and comply with potential legal claims or obligations.

• Financial & Transactional Data 

• Retained for a minimum of 6 years plus the current tax year, to comply with UK tax law (HMRC requirements) and company law.

• Communication Records

• Retained for 7 years after your last active project or significant communication, aligning with client contact data retention for dispute resolution and service improvement.

• Website & App User Journey Information / IP Addresses

• Retained for 26 months or for shorter periods as relevant for website performance analysis and security purposes.

• Security & Compliance Information

• Retained for as long as necessary to meet the specific legal or security obligation, or to defend against potential claims (typically 6-7 years, or as mandated by specific regulations).

• Sensitive Information (Gender, Pronoun Preferences, Date of Birth)

• If collected, these are treated with heightened care and retained only for the specific, explicit purpose for which they were collected, and for no longer than necessary for that purpose (e.g., deleted immediately after project completion if only for a specific cast detail, or held for 7 years if part of core client record).

For more information on how long we store your personal information or the criteria we use to determine this, please contact us using the details provided above.

Who we share information with

Data processors

Quickbooks

This data processor does the following activities for us: Processes financial data, invoice details, client names, and payment records for your accounting and tax purposes.

Monzo Business

This data processor does the following activities for us: Processes your business's financial transactions, including client payments, which involves personal data related to those transactions.

Louper

Processes video, audio, and client names, email addresses, and comments for live sessions, project reviews, and deliverable distribution.

17Hats

Processes client names, contact details, project information, and billing data on our behalf for client management, scheduling, and invoicing.

WeTransfer

Facilitate the transfer of large media files, which may contain personal data (e.g., video/audio of individuals) and process associated client contact details for transfer notifications.

MASV

Facilitate the transfer of large media files, which may contain personal data (e.g., video/audio of individuals) and process associated client contact details for transfer notifications.

Google Workspace

Processes emails, chat logs, meeting participants' data (if recorded and stored), and files stored in the cloud, all of which contain personal information.

Professional Accounting Services 

Processes the business's financial records, including client invoices, payments, and other data necessary for preparing our annual accounts and tax returns.

Others we share personal information with

• Other financial or fraud investigation authorities

• Insurance companies, brokers or other intermediaries

• Professional or legal advisors

• Regulatory authorities

• Organisations we’re legally obliged to share personal information with

• Publicly on our website, social media or other marketing and information media

• Professional consultants

Sharing information outside the UK

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: 17Hats

Category of recipient: CRM Platform

Country the personal information is sent to: United States

How the transfer complies with UK data protection law: The country or sector has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge)

Organisation name: Louper

Category of recipient: Video Platform

Country the personal information is sent to: United States

How the transfer complies with UK data protection law: The country or sector has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge)

Where necessary, our data processors will share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: MASV

Category of recipient: FIle Transfer

Country the personal information is sent to: Canada

How the transfer complies with UK data protection law: The country or sector has been assessed as providing adequate protection to data subjects (also known as Adequacy Regulations or UK data bridge)

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated

11th June 2025