Privacy Policy
Last updated: 13 April 2026
1. Introduction
This Privacy Policy is governed by the laws of England and Wales.
This Privacy Policy explains how we collect, use, store, and protect your data when you engage our services, including the creation of AI-generated images and videos based on photographs you provide.
2. Who we are
Venue Vision Studio Ltd ("we", "us", "our") is registered in England and Wales under company number 17109544. We are the data controller for the data described in this policy.
Registered address: Suite Ra01, 195-197 Wood Street, London, E17 3NU
ICO registration number: ZC112215
Contact: charlotte@venuevisionstudio.co.uk
This policy should be read alongside our Terms and Conditions.
3. What data we collect
We only collect the data that is necessary to deliver our services and manage our business relationships.
Via our website
The only data we collect via our website is through our scheduling provider, Calendly. When you book a consultation, Calendly collects your name, email address, business name, and any additional information you provide during the booking process. When you use the Calendly booking widget embedded on our website, Calendly may set cookies on your device. These include necessary cookies required for the widget to function, as well as optional cookies for personalisation, analytics (which may include tracking clicks, cursor movement, and screen recordings within the widget), and marketing purposes. Calendly provides its own cookie consent mechanism within the widget. For full details, see Calendly's Privacy Policy.
Our website is hosted by Cloudflare. Cloudflare may automatically process visitor data (including IP addresses and browser information) and set functional cookies for security and performance purposes. We do not access or use this data. For details, see Cloudflare's Privacy Policy.
Cookies
A cookie is a small text file placed on your device when you visit a website. Cookies serve various purposes including enabling website functionality, analysing traffic, and personalising content.
Our website uses Cloudflare Web Analytics to collect anonymous, aggregate website usage data (such as page views, referrers, and browser type). Cloudflare Web Analytics does not use cookies, does not collect personal data, and does not track or identify individual visitors. For details, see Cloudflare's Web Analytics Privacy Policy.
Our website itself does not set any first-party cookies. However, the third-party services embedded on or supporting our website may set cookies on your device, as described below. We do not use or access any data collected by these cookies.
- Calendly — The booking widget embedded on our website may set necessary cookies required for the widget to function, as well as optional cookies for personalisation, analytics (which may include tracking clicks, cursor movement, and screen recordings within the widget), and marketing. Calendly provides its own cookie consent mechanism within the widget.
- Cloudflare — Cloudflare may set functional cookies (such as
__cflband__cf_bm) for security and performance purposes. These are strictly necessary cookies and do not require consent under PECR. We do not use or access any data collected by these cookies.
Because we do not set any first-party cookies and the only third-party cookies on our website are either strictly necessary (Cloudflare) or managed by their own consent mechanisms (Calendly), we do not display a separate cookie consent banner. You can manage cookies at any time through your browser settings — for guidance, visit www.allaboutcookies.org. Please note that disabling cookies may affect the functionality of certain features on our website, such as the Calendly booking widget.
During client engagements
When you become a client, we receive additional data outside of this website in order to deliver our services. This includes:
- Your contact details (name, email address, phone number)
- Your signature, collected during the contract signing process
- Payment information provided during invoicing and payment processing. Payments are made via bank transfer — we do not collect or store your bank details
- Photographs provided by you via email or file transfer
- Project briefs and correspondence
Our service agreement requires that images must not contain identifiable individuals. If such data is inadvertently provided, it will be deleted as soon as reasonably practicable and not used beyond what is necessary to identify and remove it.
We do not collect special category data such as health, ethnicity, or biometric data. If we inadvertently receive data of this nature, we will delete it as soon as reasonably practicable.
Our services are directed at businesses, not individuals under 18. We do not knowingly collect data from children.
4. Why we collect it
We use your data to:
- Schedule and manage consultation bookings
- Deliver AI-generated image and video services as described in our service agreement
- Manage our client relationship and project communications
- Deal with queries, complaints, and claims
- Comply with legal requirements
We comply with UK GDPR principles. Our legal bases for processing are:
- Contract performance — where we have a service agreement in place, we process your data to deliver the services set out in that agreement, obtain your signature during contract signing, and communicate with you for the purposes of the project.
- Legitimate interest — for managing consultations, enquiries, and prospective client communications, whether initiated by you or by us; improving our services; maintaining internal records; and defending or pursuing legal claims.
- Legal obligation — to comply with applicable laws and regulations.
- Consent — where we carry out work outside of a formal service agreement (for example, portfolio work in exchange for a testimonial), we process your data on the basis of your consent, which you may withdraw at any time by contacting us.
Under the Privacy and Electronic Communications Regulations (PECR), we may occasionally contact you with relevant offers or updates about our services where we have an existing business relationship or you have previously enquired. You can opt out of these communications at any time by contacting us.
5. How we store your data
Booking data is processed by Calendly, Inc. and remains stored on their secure servers. We access this data only to manage appointments.
Client-provided materials (photographs, briefs, and correspondence) may be stored on Google Drive, our cloud file storage platform. For details, see Google's Privacy Policy.
Client materials are stored securely for the duration of our business relationship (see Section 10 for retention details). For details on how photographs are processed using AI, see Section 7.
Some of the services we use are operated by US-based companies. The specific safeguards in place for each provider are as follows:
- Calendly, Inc. (USA) — Calendly processes booking data on servers in the United States. Transfers are governed by Standard Contractual Clauses (SCCs) and Calendly's Data Processing Addendum. See Calendly's Privacy Policy for details.
- Google LLC (USA) — Client materials stored on Google Drive may be processed in the United States or other jurisdictions. Google relies on SCCs and its Data Processing Amendment. See Google's Privacy Policy for details.
- Cloudflare, Inc. (USA) — Cloudflare may process visitor data (including IP addresses) through its global network. Cloudflare relies on SCCs and its Data Processing Addendum. See Cloudflare's Privacy Policy for details.
Where UK adequacy decisions apply to a recipient country, transfers may also rely on those decisions. You may contact us for further information about the safeguards in place for any specific transfer.
6. Data security
We implement appropriate technical and organisational measures to protect your data, including:
- Secure file storage systems
- Access controls and authentication
- Encryption where we deem it appropriate
Despite these measures, no system is completely secure and we cannot guarantee absolute security of your data.
In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in accordance with UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay, providing details of the breach, the likely consequences, and the measures we have taken or propose to take in response.
7. AI and image processing
IMPORTANT NOTICE: All outputs produced as part of our services are AI-generated visualisations intended for illustrative and marketing purposes only. They do not represent real-life outcomes, accurate depictions, or guarantees of any property, product, event, or subject matter. No party should rely on the outputs as literal or photographic representations. Industry-specific disclaimers are set out in our Terms and Conditions.
- Processing involves the use of third-party AI service providers, and by submitting photographs you grant us a licence to use, process, reproduce, and transform those images solely for the purpose of delivering our services, including by passing them through third-party platforms and AI tools as necessary. Full licence terms are set out in our Terms and Conditions
- Your images are used only for the purposes agreed between us
- We do not use your images to train AI models
- Outputs are AI-generated visualisations and may not reflect real-world conditions, actual appearances, or accurate depictions of any property, product, event, or subject matter
- No guarantee of accuracy is given, and outputs should not be relied upon as literal or photographic representations
Automated decision-making
Our use of AI tools is limited to generating visual outputs based on photographs you provide. No automated decisions are made about you as an individual, and no profiling takes place. All AI outputs are reviewed and delivered by us as part of a human-led service.
8. Client responsibilities
By submitting photographs to us, you confirm that:
- You warrant that you own all necessary rights to the images or have obtained all required permissions, licences, and consents to submit them to us for processing
- You shall use the generated images and video only for lawful purposes and in accordance with all applicable laws, regulations, and industry standards in your jurisdiction
- You are solely responsible for ensuring that your use of the generated outputs complies with all applicable advertising standards, consumer protection laws, and any other regulatory requirements in your jurisdiction, including but not limited to labelling, transparency, and the prohibition of misleading advertising
- You expressly consent to your photographs being processed by third-party AI service providers for the purpose of generating AI images and video as part of our services, and you acknowledge that this processing is integral to the delivery of our services
- You acknowledge and accept that once images are submitted to third-party AI providers for processing, those providers may process the data in accordance with their own terms and privacy policies, and that we shall not be held liable for how those providers handle data beyond the contractual safeguards we have in place
- You warrant that the images you submit do not contain any unlawful content, third-party intellectual property for which you do not have the necessary rights, or any other material that could give rise to legal liability, and you agree to indemnify and hold us harmless against any claims, losses, damages, or expenses arising from a breach of this warranty
9. Marketing use of images
AI images and video generated as part of our services are intended for your own marketing use. By using the outputs, you acknowledge and agree that:
- We will not use your images for our own marketing or promotional purposes without your consent
- If consent is given, you may withdraw it at any time by contacting us
- All AI-generated images must be clearly and prominently labelled as such (e.g. “AI Visualisation” or “Artist’s Impression”) in any and all marketing materials, publications, or communications in which they appear, in accordance with applicable advertising standards in your jurisdiction. Failure to do so is solely your responsibility
- You are solely responsible for ensuring that your use of AI-generated images complies with all advertising standards, consumer protection laws, and regulatory requirements applicable in your jurisdiction (for example, in the UK, the Advertising Standards Authority (ASA) guidelines), including any requirements around transparency, labelling, and the prohibition of misleading advertising. We have no obligation to advise you on the requirements of your jurisdiction
- We accept no liability whatsoever for any claims, losses, damages, costs, or expenses arising directly or indirectly from your use of AI-generated outputs, including but not limited to your failure to label outputs as required by this policy, to comply with applicable advertising standards or consumer protection laws, or to otherwise use outputs in a lawful and non-misleading manner. You agree to indemnify and hold us harmless against any such claims. Full liability terms are set out in our Terms and Conditions
10. How long we keep it
We retain booking and enquiry data for the duration of our business relationship and for 12 months afterwards, so that we can follow up on your enquiry or provide further services. If no business relationship is established, enquiry data is deleted within 6 months of your last contact with us.
Client-provided materials (photographs, briefs) and final outputs are retained for the duration of our business relationship and for 12 months afterwards, so that we can deliver additional services without requiring you to resubmit materials. Where portfolio permission has been granted, we retain copies of final approved outputs for as long as that consent remains in place. Financial and contractual records (including invoices, contracts, and payment confirmations) are retained for 6 years after the end of the business relationship, in accordance with the Limitation Act 1980 and HMRC requirements.
You can request deletion of your data at any time by contacting us (see Section 14). We periodically review retained data and delete anything that is no longer needed.
11. Who we share it with
We do not sell or rent your data. In order to deliver our services, your data may be shared with:
- Calendly — scheduling and booking
- Cloudflare — website hosting, security, and performance
- Google Drive — cloud file storage
- Third-party AI processing providers — strictly for the delivery of our services
- Professional advisors — such as legal and accounting professionals, where necessary
- Regulatory or legal authorities — where required by law
12. Where we get your information from
We collect personal information from the following sources:
- Directly from you — when you book a consultation, enquire about our services, enter into a service agreement, or provide photographs and project materials
- Publicly available sources — such as business websites, social media profiles, and business directories, where we research potential clients
- Third parties — such as referrals from other businesses or industry contacts
13. Third-party links
Our website, emails, proposals, and other communications may contain links to third-party websites. By clicking on a third-party link, you will leave our website and be directed to an external site that is entirely independent of Venue Vision Studio Ltd. These links are provided for your convenience only and do not constitute any endorsement, approval, or recommendation of the third-party website or its content. We have no control over the content, privacy policies, or practices of third-party websites, and those websites may collect their own data about you independently of this Privacy Policy. We accept no responsibility or liability for any loss or damage arising from your use of any third-party website. We encourage you to review the privacy policies of any third-party websites you visit.
14. Your rights
Under UK GDPR, you have the right to:
- Access — request a copy of the data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data (this right may not apply where we process your data under a legal obligation)
- Restriction — ask us to limit how we use your data
- Portability — request your data in a portable format (applies where processing is based on consent or contract and carried out by automated means)
- Objection — object to our processing of your data (applies where processing is based on legitimate interest; this right does not apply where processing is based on consent or contract)
- Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal
Which rights are available to you may depend on the lawful basis we rely on for a particular processing activity. For more information on your data protection rights and the exemptions that may apply, visit the ICO's website.
To exercise any of these rights, email us at charlotte@venuevisionstudio.co.uk — we will respond within 30 days. In exceptional cases where your request is complex or we have received a high volume of requests, we may extend this period by a further two months, in which case we will notify you within the initial 30-day period and explain the reason for the delay.
15. Complaints
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Website: ico.org.uk/make-a-complaint
- Helpline: 0303 123 1113
16. Changes to this policy
We may update this policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.
17. Acceptance of this policy
By using our website or engaging our services, you confirm that you have read and understood this Privacy Policy.
18. Contact
If you have any questions about this Privacy Policy or how we handle your data, please contact us at charlotte@venuevisionstudio.co.uk