Privacy Policy
Owner and Data Controller:
Studio Andthen Ltd.
Suite 231,
Central Chambers
109 Hope Street
G2 6LL

Registered Company Number: SC540683

Data Subject:
The individual to whom Personal Data refers to.

Personal Data:
Any information relating to an identified or identifiable natural person, the ‘data subject.’
This Privacy Policy Notice outlines how Studio Andthen Ltd (referenced as Andthen) collects and uses personal information. This policy applies to the data that we collect from:
Policy statement
Studio Andthen Ltd. Is committed to:
This Privacy Policy was last updated in August 2018 and will be reviewed at least every three years.
  1. Andthen does not make use of Cookies. No personal data will be collected by accessing the website
  2. Individuals who sign up to Andthen’s newsletter will be asked to provide Personal Data: their email address only.
  3. In fulfilling a contract, we may record:
    • Personal Data, such as: name; date of birth; email address; phone number; identification numbers; location data.
  4. Research participants who are involved in Andthen’s creative work may be asked to provide:
    • Personal Data, such as: name; date of birth; email address; phone number; identification numbers; location data.
    • Sensitive Personal Data, such as: gender; ethnicity; sexuality; physical/mental health; political/religious beliefs, visual data (such as photographs and video participation), and voice.
  5. Prospective employees applying for a position with Andthen may be requested to submit a CV containing which may include:
    • Personal Data, such as: name; date of birth; email address; phone number; identification numbers; location data; social media credentials; employment history; education.
Personal Data will never be collected or processed for any reason other than the original purpose that was agreed between Andthen and the Data Subject. In cases where Sensitive Personal Data is collected, an extended version of our privacy and consent policy will be issued to Data Subjects and discussed with them at the time.
Andthen uses third party services to aid with the collection and processing of Personal Data, such as:
Lawful Bases of Processing Data
Andthen takes appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of Personal Data.

Andthen processes Personal Data relating to the Data Subject only if one of the following applies:
  1. Consent: The individual who is providing the data has given unambiguous formal consent.
  2. Contract: Provision of Data is necessary for the performance of an agreement with the Subject and/or for any pre-contractual obligations.
  3. Legal Obligation: Processing is necessary for compliance with a legal obligation to which the Owner is subject.
  4. Public Task: Processing is related to a task that is carried out in the public interest.
  5. Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
Data is processed at the office of Andthen and in any other places where the parties involved in the processing are located. Depending on the Subject’s location, data transfers may involve transferring data to a country other than their own.
Retention Time
Personal Data is processed and stored for as long as it is required to fulfil the purpose that it was collected for:
Once the retention period has expired, Personal Data will be deleted.
The Rights of Data Subjects
In relation to their Personal Data, Subjects have the right to do the following:
  1. To be informed, with transparent information and communication from the Controller at the time of data collection.
  2. Withdraw consent to the processing of their Personal Data that has previously been given. They can withdraw consent at any time.
  3. Access their Personal Data, to view what data is being held on them and how it is being processed. They can request a copy of this data.
  4. Verify the data that is held on them, by gaining access and requesting for it to be corrected or updated.
  5. Restrict the processing of their Personal Data. Subjects can request that the Owner cease the processing of their data, in which case the data will be stored for its original purpose or deleted.
  6. To be forgotten, by having their Personal Data deleted from the Owner.
  7. Data Portability, by having their Personal Data transferred to another Controller. Subjects can obtain their data in an appropriately readable format, have it transferred to another Controller and deleted from the previous.
Any requests to exercise these rights can be directed to the Owner via These requests can be exercised free of charge and will be addressed by the Owner within one month.