Privacy Policy (UK/EU GDPR)
Last updated: 25/05/2026
Website: www.sayshe.studio
Data Controller: Cynthia Sheeamalan (SAYSHE Studio)
This Privacy Policy explains how Cynthia Sheeamalan (SAYSHE Studio) (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit our website, contact us, or interact with our services.
We comply with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and applicable data protection laws.
1. Who we are
We are Cynthia Sheeamalan (SAYSHE Studio), an independent artist/creative based in the UK.
If you have any questions about this policy or your data, you can contact us at:
Email: hello@sayshe.studio
2. What personal data we collect
We may collect the following types of personal data:
a) Information you provide directly
Name
Email address
Contact details
Commission or enquiry details
Messages you send via contact forms or email
b) Automatically collected data
When you visit our website, we may collect:
IP address
Browser type and version
Device information
Pages visited and time spent
Referring website
This is typically collected via analytics tools and cookies.
c) Transaction data (if applicable)
If you purchase artwork or services:
Billing name and address
Payment confirmation details (processed via third-party providers)
We do not store full payment card details.
3. How we use your data
We use your personal data for the following purposes:
Responding to enquiries or commission requests
Providing artistic services or fulfilling orders
Managing client communications
Improving our website and user experience
Analysing website performance and traffic
Complying with legal or tax obligations
4. Lawful basis for processing
We process your data under the following legal bases:
Consent – when you contact us or opt into communications
Contract – when processing is necessary to fulfil a commission or purchase
Legal obligation – for accounting or tax requirements
Legitimate interests – for website security, analytics, and business improvement
5. How we store your data
We take reasonable technical and organisational measures to protect your personal data.
Your data is stored securely and only accessed when necessary.
We retain personal data only for as long as necessary:
Enquiries: up to [e.g. 12–24 months]
Commission/client records: up to [e.g. 6 years for tax compliance]
Analytics data: as set by provider defaults (often 14–26 months)
6. Sharing your data
We do not sell your personal data.
We may share data with trusted third-party providers, including:
Website hosting providers
Email services (e.g. contact form or newsletter tools)
Analytics providers (e.g. Google Analytics)
Payment processors (e.g. Stripe, PayPal)
These providers only process data on our behalf and must comply with GDPR requirements where applicable.
7. International transfers
Some service providers may store or process data outside the UK or EEA.
When this happens, we ensure appropriate safeguards are in place, such as:
Standard Contractual Clauses (SCCs)
Adequacy decisions by the UK or European Commission
8. Your data protection rights
Under UK/EU GDPR, you have the right to:
Access your personal data
Request correction of inaccurate data
Request deletion of your data (“right to be forgotten”)
Restrict or object to processing
Withdraw consent at any time
Request data portability
Lodge a complaint with a supervisory authority
In the UK, this is the Information Commissioner’s Office (ICO): https://ico.org.uk
9. Cookies and tracking technologies
We use cookies and similar technologies to improve website functionality and analyse traffic.
For full details, please see our Cookie Policy.
10. Third-party links
Our website may include links to external websites (e.g. social media platforms, galleries, or shops).
We are not responsible for the privacy practices of those websites and recommend reviewing their policies separately.
11. Data security
We take reasonable steps to protect your personal data from:
Loss
Misuse
Unauthorised access
Disclosure or alteration
However, no method of online transmission is 100% secure.
12. Children’s privacy
This website is not intended for children under 13 (or 16 in some EU jurisdictions). We do not knowingly collect data from children.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.
14. Contact us
If you have any questions about this Privacy Policy or your personal data, please contact:
Email: hello@sayshe.studio
Website: www.sayshe.studio

