Privacy Policy

Introduction. Anatomy Ventures Ltd ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (weareanatomy.com) and use our creative technology services. Anatomy Ventures Ltd is the data controller responsible for your personal data. Registered address: 1a Talbot Place, Cardiff, CF11 9BY. Company number: [INSERT COMPANY NUMBER]. Contact: hello@weareanatomy.com. Please read this privacy policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this privacy policy. Information We Collect. We may collect personal information that you voluntarily provide to us when you enquire about or commission our services, request a demo or contact us, subscribe to our newsletter, participate in a project or engagement with us, or provide feedback or communicate with us. This information may include your name and job title, email address, company name and industry, phone number, and project briefs, assets, and related materials you share with us. When you access our website, we may automatically collect certain information, including device type and operating system, browser type and version, IP address and general location, pages visited and time spent on pages, and referring website or source. Lawful Basis for Processing. Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases depending on the type of processing: contractual necessity (Article 6(1)(b)), where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract, for example delivering services you have commissioned, managing project communications, and invoicing; legitimate interests (Article 6(1)(f)), where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights, for example improving our services, website analytics, and business development communications to existing clients and professional contacts; consent (Article 6(1)(a)), where you have given clear consent for us to process your personal data for a specific purpose, for example subscribing to our newsletter or opting in to marketing communications, and you may withdraw consent at any time; and legal obligation (Article 6(1)(c)), where processing is necessary to comply with a legal obligation, for example retaining financial records for tax purposes. How We Use Your Information. We use the information we collect to provide, operate, and deliver our services, manage client relationships and project communications, respond to your enquiries and support requests, send administrative information, project updates, and invoices, send marketing communications (with your consent where required), improve and develop our services and website, ensure website security and prevent fraud, and comply with legal obligations. How We Share Your Information. We may share your information in the following situations. We may share your information with third-party vendors, service providers, and contractors who perform services on our behalf (known as data processors), including cloud hosting and infrastructure providers (Amazon Web Services, EU/UK regions), analytics services, email and communication platforms, and accounting and invoicing software. We ensure all processors are bound by appropriate data processing agreements and only process your data on our instructions. We may disclose your information if required to do so by law or in response to valid requests by public authorities such as a court or government agency. In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, and we will notify you of any such change and any choices you may have regarding your information. International Data Transfers. Your information may be transferred to and processed in countries outside the United Kingdom. Some of our service providers, such as cloud infrastructure and communication platforms, may process data in the United States or other jurisdictions where data protection laws may differ from those in the UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place in accordance with UK GDPR, including UK International Data Transfer Agreements (IDTAs), standard contractual clauses approved by the ICO, and transfers to countries with adequate data protection as recognised by the UK government. Data Retention. We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Our general retention periods are as follows: client project data is retained for the duration of the client relationship plus 6 years to comply with statutory limitation periods and tax obligations; marketing and newsletter data is retained until you unsubscribe or withdraw consent; website analytics data that is aggregated and anonymised may be retained indefinitely while identifiable data such as IP addresses is retained for no longer than 26 months; and enquiry and correspondence data is retained for 2 years from the date of last contact unless a business relationship is established. When personal data is no longer required, we will securely delete or anonymise it. Data Security. We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction, including encryption of data in transit and at rest, access controls and authentication measures, regular review of security practices, and incident response procedures. However, no method of transmission over the Internet or electronic storage is 100% secure, and while we strive to protect your personal information, we cannot guarantee its absolute security. Your Rights. Under UK GDPR, you have the following rights regarding your personal information: access, to request a copy of the personal information we hold about you; rectification, to request correction of inaccurate or incomplete information; erasure, to request deletion of your personal information in certain circumstances; restriction, to request that we restrict processing of your information; portability, to request to receive your data in a structured, commonly used, machine-readable format; objection, to object to processing of your personal information where we rely on legitimate interests as the lawful basis; and withdraw consent, where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal. To exercise any of these rights, please contact us at hello@weareanatomy.com and we will respond to your request within one month as required by UK GDPR. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been infringed. The ICO can be contacted via their website at https://ico.org.uk, by telephone on 0303 123 1113, or by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. We would appreciate the opportunity to address your concerns before you approach the ICO, so please do contact us in the first instance. Cookies and Tracking Technologies. We use cookies and similar tracking technologies to track activity on our website and hold certain information. Cookies are small data files stored on your device. We use cookies to remember your preferences and settings, analyse how our website is used, and deliver relevant content and features. Essential cookies are necessary for the website to function and cannot be switched off, while non-essential cookies such as analytics and marketing cookies require your consent before being placed on your device. You can manage your cookie preferences through our cookie consent banner when you first visit our website or by adjusting your browser settings at any time. Children's Privacy. Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we can take necessary action. Changes to This Privacy Policy. We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date, and where changes are significant we may also notify you directly by email. We encourage you to review this Privacy Policy periodically for any changes, and changes to this Privacy Policy are effective when they are posted on this page. Contact Us. If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us at Anatomy Ventures Ltd, 1a Talbot Place, Cardiff, CF11 9BY, or by email at hello@weareanatomy.com.