Introduction
This privacy notice describes how we will collect, use, share and otherwise process your personal data in
connection with your use of:
- Icon Builder (which was last updated in March 2025 mobile application (App).
-
Any of our services that are accessible through the App (Services).
Please read the following carefully to understand our practices regarding your personal data and how we
will treat it.
Important information and who we are
Studio Sanctus is the controller and is responsible for your personal data (we, us or our in this notice).
Contact details
Our full details are:
-
Full name of legal entity: STUDIO SANCTUSLTD
-
Name or title of [DPO OR data privacy manager]: [DETAILS]
-
Email address: frjustin@studiosanctus.com
-
Postal address: 71-75 Shelton Street
Covent Garden, London, WC2H 9JQ
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK
regulator for data protection issues.
Changes to the privacy notice and your duty to inform us of changes
We keep our privacy notice under regular review.
It may change and, if it does, those changes will be posted on this page and notified to you by push
notification. You may be required to read and acknowledge the changes to continue your use of the App or
the Services.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if
your personal data changes during our relationship with you.
Third party links and sites
Our App and Services may, from time to time, contain links to and from the websites of third parties. Please
note that these websites (and any services accessible through them) are controlled by those third parties
and are not covered by this privacy notice. You should review their own privacy notices to understand how
they use your personal data before you submit any personal data to these websites or use these services.
The data we collect about you
We collect, use, store and transfer different kinds of personal data about you.
We do not intentionally collect any special categories of personal data about you (this includes details
about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political
opinions,
trade union membership, information about your health, and genetic and biometric data).
How is your personal data collected?
We collect your personal data in the following way:
-
Registration.We collect your Identity Data and Contact Data when you register your
account
with us.
-
Communications.WWhen you communicate with us via email, telephone, one of our online
forms or chat we collect your Contact Data. If you contact us through the App using the chat
function, we also collect to operate our chat function and respond to your messages. If the
communication relates to an error or problem you are having with the App or one of our
Services, we will also collect Usage Data for diagnosis and improvement.
-
Information you generate when using our App and Services.
Each time you access and use
our App and Services we collect Content, Device, Personalisation and Usage Data. We collect
Content Data where you upload it to the App or interact with the content available on the App.
We collect Device, Personalisation and Usage Data.
-
Information we collect through monitoring the use of our App, Sites and Services.
Each
time you access and use our App and Services we collect information about that access and
use, being Device, Content, and Usage Data.
-
Additional information we otherwise collect through our App, Sites and Services where
we have your consent to do so.
Where you provide your consent, we collect your Location
Data on an ongoing basis while you have the App installed on your device.
-
Direct Marketing.
We collect and record Direct Marketing Data when we add you to our
marketing database, you request to change your direct marketing preferences, or you interact
with our direct marketing communications.
-
Connected Data.
We collect Connected Data when you choose to connect to your account.
-
Social Media Data.
We collect Social Media Data when you choose to connect your social
media account to your account.
-
Unique application numbers.When you want to install or uninstall a Service containing a
unique application number or when such a Service searches for automatic updates, that number
and information about your installation, for example, the type of operating system, may be sent
to us.
How we use your personal data
We will only use your personal data when we have a lawful basis to do so. Our lawful basis for each
purpose for which we use your personal data is specified below. Most commonly we will use your personal
data in the following circumstances:
-
Consent.Where you have freely consented before the processing in a specific, informed
and
unambiguous indication of what you want. You can withdraw your consent at any time by
contacting us (see Your legal rights below).
-
Performance of a contract.
Where we need to process your personal data to perform a
contract with you or where you ask us to take steps before we enter into a contract with you.
Where we rely on performance of a contract and you do not provide the necessary information,
we will be unable to perform your contract.
-
Legitimate interests.
Where it is necessary for our legitimate interests (or those of a third party)
and your interests and fundamental rights do not override those interests. We make sure we
consider and balance any potential impact on you (both positive and negative) and your rights
before we process your personal data for our legitimate interests. You can obtain further
information about how we assess our legitimate interests against any potential impact on you in
respect of specific activities by contacting us.
-
Legal obligation.
Where we need to use your personal data to comply with a legal or regulatory
obligation. Where we rely on legal obligation and you do not provide the necessary information,
we may be unable to fulfil a right you have or comply with our obligations to you, or we may
need to take additional steps, such as informing law enforcement or a public authority or
applying for a court order.
Delivery and improvement of our App and purchases
| Purpose or activity |
Type of personal data |
Lawful basis for processing |
| To permit you to install the App
and register you as a new App
user |
Identity
Contact
Financial
Device
|
Legitimate interests (delivering
our App to you) |
| To take steps towards
providing you with services at
your request, to process and
fulfil in-App purchases and
deliver services to you,
including managing payments
and sending you service
communications |
Identity
Contact
Transaction
Device
[location]
|
Performance of a contract |
|
To provide you with your
membership or subscription
benefits, fulfil your purchase or
redemption of gift cards
|
Identity
Contact
Transaction
|
Performance of a contract
|
|
Enforce our terms and
conditions, including to collect
money owed to us
|
Identity
|
Legitimate interests (to recover
debts due to us)
|
Account management and profiling
| Purpose or activity |
Type of personal data |
Lawful basis for processing |
|
Combining the information we
collect about you into a single
customer account profile
|
Contact
Direct marketing
|
Legitimate Interests (to
publicise and grow our
business)
|
Direct marketing
| Purpose or activity |
Type of personal data |
Lawful basis for processing |
|
To send you direct marketing
|
Contact
|
Consent
|
|
communications via push
notification
|
Device
Direct Marketing
|
Unless we can rely on the soft
opt-in and you have not opted
out, in which case we rely on
Legitimate Interest (to publicise
and grow our business)
|
Troubleshooting, improvement and security
| Purpose or activity |
Type of personal data |
Lawful basis for processing |
|
To administer, monitor and
improve our business, Services
and this App including
troubleshooting, data analysis
and system testing
|
Identity
Contact
Device
|
Legitimate interests (for running
our business, provision of
administration and IT services,
network security, maintaining
the security of our App and
Services, providing a secure
service to users and preventing
fraudulent and other misuse of
our App)
|
|
Applying security measures to
our processing of your personal
data, including processing in
connection with the App
|
All personal data under this
privacy notice
|
Legal obligation (applying
appropriate technical and
organisational measures under
Article 32 of the UK GDPR
|
|
Otherwise monitoring use of
the App and deploying
appropriate security measures
|
Contact
Security
Transaction
|
Legitimate interests (running
our business, provision of
administration and IT services,
network security, maintaining
the security of our App and
services, providing a secure
service to users and preventing
fraudulent and other misuse of
our App)
|
Rights and obligations
| Purpose or activity |
Type of personal data |
Lawful basis for processing |
|
To comply with our other legal
obligations, including
compliance with tax legislation,
judicial, law enforcement and
government authorities'
requests
|
All personal data under this
privacy notice
|
Legal obligation
|
Other communications
| Purpose or activity |
Type of personal data |
Lawful basis for processing |
|
To notify you of changes to the
App, Services, your purchases
and our terms and conditions
|
Contact
|
For ongoing or prospective
contracts, Performance of a
contract
|
|
for ongoing contracts
|
|
Otherwise, Legitimate interests
(in servicing our users and
prospective users)
|
|
To notify you of updates to this
privacy notice
|
Contact
Transaction
|
Legal obligation (to inform you
of our processing under Articles
13 and 14 of the UK GDPR)
|
|
To respond to your requests to
exercise your rights under this
notice
|
As relevant to your request
|
Legal obligation (complying
with data subject requests
under Chapter 3 of the UK
GDPR
|
|
To ask you to complete a
survey and process your
response (where applicable,
please also see the separate
privacy notice)
|
Contact
|
Legitimate interests (to analyse
how users use our products or
Services and to develop them
and grow our business)
Unless you have previously
opted out, where we will rely on
Consent
|
|
To otherwise respond to your
enquiries, fulfil your requests
and to contact you where
necessary
|
As relevant to your enquiry or
request
|
Legitimate interests (service
our users and prospective
users)
|
Automated decision making and profiling
We do not make decisions based solely on automated processing or profiling that produce legal
effects concerning you (or have similarly significant effects).
Criminal offence data and special category data
We do not intentionally collect criminal offence data about you. However we may process data
relating to criminal offences in monitoring the use of our App for security purposes, where we
suspect you may have committed a crime, such as attempting to make a fraudulent purchase or
claim or circumvent the security of the App or Services. In such circumstances we will provide that
information to law enforcement and/or use it to establish, exercise or defend a legal claim. In those
circumstances, according to the type of activity and purpose, we will rely on legitimate interests
(protecting our business, employees and other users) and legal obligation (where required by legal,
judicial or law enforcement to disclose or process that information). UK law authorises that
processing under the Data Protection Act 2018 and although the appropriate authorisation will
depend on a case-by-case basis, monitoring for criminal behaviour through the use of our App is in
the Substantial public interest (preventing or detecting unlawful acts) and processing information
related to suspected criminal activity for legal claims is permitted under the additional condition of
authorised under applicable national law.
Disclosures of your personal data
We may share your personal data with the following third parties:
-
External third parties.
-
Your Appstore Provider and mobile network operator to allow you to install the App.
-
Service providers based in the UK who provide IT and system administration services,
hosting services for our App, delivery and logistics services, payment processing, fraud and
identity verification providers, customer service support, email delivery and administration,
and data storage and analysis.
-
Our professional advisors based in the UK including lawyers, auditors, insurers and
consultants who provide legal, accounting, and insurance services.
-
Your service providers that you have appointed and we need to contact to fulfil your
requests, such as your banking or payment card provider to process your transactions.
-
Marketing and promotional partners and co-operatives based in the UK with whom we share
data to enhance our offerings and identify prospective customers.
-
Third party partners where you have subscribed to receive marketing from or with them.
-
Third parties to whom we may choose to sell, transfer or merge parts of our business or our
assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change
happens to our business, then the new owners may use your personal data in the same way as
set out in this privacy notice.
-
HM Revenue and Customs, regulators, law enforcement, public authorities or other third parties
based in the UK where necessary to exercise our rights or comply with a legal obligation.
International transfers
We do not transfer your personal data outside the UK.
Data security
All information you provide to us is stored on our secure servers and located in the UK. Any payment
transactions carried out by us or our chosen third-party provider of payment processing services will be
encrypted using Secured Sockets Layer (SSL) technology. Where we have given you (or where you have
chosen) a password that enables you to access certain parts of our App or Services, you are responsible
for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to protect your
personal data from loss, unauthorised use or access.
We will collect and store personal data on your device using application data caches and browser web
storage (including HTML5) and other technology.
Certain Services include social networking, chat room or forum features. Ensure when using these features
that you do not submit any personal data that you do not want to be seen, collected or used by other users.
We have put in place procedures to detect and respond to personal data breaches and notify you and any
applicable regulator when we are legally required to do so.
Data retention
In some circumstances you can ask us to delete your data: see Your legal rights below for further
information.
Once we no longer have a legal right to hold your personal data, we will delete or, in some circumstances,
we will anonymise your personal data (so that it can no longer be associated with you) for research or
statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you do not use the App for a period of [TIME PERIOD] then we will treat the account as expired and will
delete your personal data.
Your legal rights
You have the following rights under data protection laws in relation to your personal data.
-
Access. Request access to and/or a copy of the personal data we process about you
(commonly known as a data subject access request). This enables you to check that we are
lawfully processing it.
-
Correction. Request correction of any incomplete or inaccurate data we hold about you. (We
may need to verify the accuracy of the new data you provide to us.)
-
Deletion. Request us to delete or remove personal data where there is no good reason
for us continuing to process it. You also can ask us to delete or remove your personal data where you
have successfully exercised your right to object to processing (see below), where we have processed your
information unlawfully or where we need to erase your personal data to comply with law. (In some cases,
we may need to continue to retain some of your personal data where required by law. If these apply, we
will notify you at the time of our response.)
-
Objection. Object to us processing your personal data where (a) we are relying on
legitimate interests as the lawful basis and you feel the processing impacts on your fundamental rights
and freedoms, or (b) the processing is for direct marketing purposes. In some cases, we may refuse your
objection if we can demonstrate that we have compelling legitimate grounds to continue processing your
information which override your rights and freedoms.
-
Restriction. Request that we restrict or suspend our processing of your personal data:
- if you want us to establish the data's accuracy;
- where our use of the data is unlawful, but you do not want us to erase it;
- where we no longer require it, but you need us to hold onto it to establish, exercise or defend
legal claims; or
- you have objected to our use of your data, but we need to verify whether we have overriding
legitimate grounds to use it.
-
Data portability. Request we transfer certain of your personal data to you or your
chosen third party in a structured, commonly used, machine-readable format. This right only applies to
information processed by automated means that we process on the lawful bases of consent or performance
of a contract.
-
Withdraw consent. Withdraw your consent at any time where we are relying on consent to
process your personal data. Please know that this does not affect the lawfulness of any processing
carried out before you withdraw your consent, and after withdrawal, we may not be able to provide
certain products or services to you. We will advise you if this is the case at the time you withdraw
your consent.
-
Complain to the UK data protection regulator. If you are unhappy with how we process
your
personal data, we ask that you contact us first using the details below so that we have the chance to
put it right. However, you also have the right to make a complaint to the ICO at any
time.
You can exercise any of these rights at any time by contacting us at frjustin@studiosanctus.com.
Description of categories of personal data
-
Identity Data: first name, last name, title, date of birth and Profile Data.
-
Contact Data: first name, last name, contact address, email address and telephone
numbers, your communication preferences and copies of the communications between you and us.
-
Profile Data: your email address, username and password.
-
Transaction Data: billing and delivery addresses, payment card details, history of your
payments, purchases, deliveries, returns and refunds and the applicable terms and conditions of your
purchases.
-
Device Data: the type of device you use, your unique device identifier, mobile network
information, your mobile operating system, the type of mobile browser you use, IP address, and time zone
setting.
-
Content Data: information that you store or generate in the App, being photos, videos
and associated metadata, check-ins, posts and messages.
-
Usage Data: logs and detail of your use of our Apps and Services, being the dates and
times on which you download, access and update the App and our Services, any error or debugging
information, and the resources that you access and the actions we and you take in relation to them.
-
Security Data: information we collect about your use of the App, our Services and our
Sites in order to ensure your and our other users' safety and security, being Usage Data and the
information provided to us by our payment processing provider.
-
Direct Marketing Data: your direct marketing preferences, consents for receiving direct
marketing from us and/or our third parties and the history of the direct marketing communications we
have sent to you.
-
Location Data: your current location as disclosed by GPS technology, WiFi connections,
your IP address for the time period where you have permitted us to collect it.
-
Connected Data: information stored on your Device that you permit the App to connect
to, being login information.
-
Social Media Data: your social media account information.
-
Feedback Data: your feedback and survey responses.
-
Personalisation Data: Device Data, Content Data, Transaction Data, Connected Data,
Social Media Data, Usage Data, Location Data, and the preferences we have inferred you have and use to
personalise the App and Services, being the preferences noted in your account.