Skip to main content

Privacy Policy

Last updated: April 2026

1. Data Controller

DASHLEA MEDIA LLP ("we," "us," or "our") operates this website and is the data controller responsible for the processing of your personal data under applicable data protection laws.

We are a limited liability partnership registered in England and Wales under registration number OC457950. Registered office: 71-75 Shelton Street, Covent Garden, London, Greater London, United Kingdom, WC2H 9JQ. For data protection inquiries, you can contact us at legalreq@straltis-studio.com.

2. Information We Collect

We collect the following categories of personal data:

  • Privacy.<strong>Contact information:</strong> Name, email address, phone number, company name — collected when you submit contact forms, register for an account, or request a consultation.
  • Privacy.<strong>Usage data:</strong> Browser type, IP address, pages visited, time spent on pages, referring URL — collected via cookies and server logs.
  • Privacy.<strong>Communication data:</strong> Records of correspondence when you contact us directly.

3. How We Use Your Information

We process your personal data for the following purposes:

  • To provide and maintain our services
  • To respond to your inquiries and fulfill your requests
  • To send you service-related communications
  • To analyze website usage and improve user experience
  • To comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your personal data under one or more of the following legal bases:

  • Privacy.<strong>Consent:</strong> You have given explicit consent for specific purposes (e.g., marketing communications).
  • Privacy.<strong>Contract:</strong> Processing is necessary to perform a contract with you or to take steps at your request before entering a contract.
  • Privacy.<strong>Legal obligation:</strong> Processing is required to comply with applicable laws and regulations.
  • Privacy.<strong>Legitimate interests:</strong> Processing is necessary for our legitimate business interests, such as improving our services, fraud prevention, or network security, provided these interests are not overridden by your rights.

5. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our standard retention periods are:

  • Privacy.<strong>Account data:</strong> Retained for the duration of your account plus 7 years for legal and tax compliance purposes.
  • Privacy.<strong>Communication data:</strong> Retained for 3 years from the date of last contact.
  • Privacy.<strong>Analytics data:</strong> Retained for 26 months (Google Analytics standard retention period).
  • Privacy.<strong>Marketing data:</strong> Retained until you unsubscribe or request deletion.

After these periods, data is either deleted, anonymized, or archived for legal compliance where required.

6. Third-Party Data Processors

We engage the following third-party service providers to process your personal data on our behalf. Each processor operates under their own privacy policies and terms of service:

  • Privacy.<strong>Supabase</strong> — Database hosting and authentication services. Supabase acts as a data processor for user accounts, session data, and application data. Data is stored in secure cloud infrastructure with encryption at rest and in transit. Supabase is SOC 2 Type II certified and GDPR compliant.
  • Privacy.<strong>Google Analytics</strong> — Website analytics and usage tracking. Google collects anonymized data about how visitors use our website to help us improve user experience. Google is certified under the EU-U.S. Data Privacy Framework.
  • Privacy.<strong>Meta Platforms (Facebook/Instagram)</strong> — Advertising and analytics services. Meta Pixel tracks conversions and audience behavior for advertising campaigns we manage. Meta is certified under the EU-U.S. Data Privacy Framework.

7. International Data Transfers

As a UK-registered company, we primarily process data within the United Kingdom. However, some of our third-party processors may transfer data outside the UK and European Economic Area. Where such transfers occur, we ensure appropriate safeguards are in place:

  • Privacy.<strong>Supabase:</strong> Data may be transferred to the United States. Supabase relies on Standard Contractual Clauses (SCCs) and is certified under applicable data transfer frameworks.
  • Privacy.<strong>Google:</strong> Data may be transferred globally. Google is certified under the EU-U.S. and UK-U.S. Data Privacy Frameworks.
  • Privacy.<strong>Meta:</strong> Data may be transferred globally. Meta is certified under the EU-U.S. and UK-U.S. Data Privacy Frameworks.

You may request a copy of the specific safeguards we use by contacting us at legalreq@straltis-studio.com.

8. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Privacy.<strong>Access:</strong> Request a copy of the personal data we hold about you
  • Privacy.<strong>Rectification:</strong> Request correction of inaccurate personal data
  • Privacy.<strong>Erasure:</strong> Request deletion of your personal data ("right to be forgotten")
  • Privacy.<strong>Restriction:</strong> Request limitation of processing
  • Privacy.<strong>Portability:</strong> Request data in a structured, machine-readable format
  • Privacy.<strong>Objection:</strong> Object to processing based on legitimate interests
  • Privacy.<strong>Withdraw consent:</strong> Where processing is based on consent, withdraw at any time

To exercise any of these rights, contact us at legalreq@straltis-studio.com. We will respond within 30 days of receiving your request.

9. Data Subject Request (DSAR) Procedure

To submit a data subject request, please contact us at legalreq@straltis-studio.com. We will verify your identity before processing your request to ensure the security of your personal data.

We will respond to all valid requests within 30 days as required by UK GDPR. For complex requests, we may extend this period by up to two additional months, in which case we will notify you within the initial 30-day period.

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit, access controls, and regular security assessments.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us at legalreq@straltis-studio.com.

You may also contact us through our contact page or by post at DASHLEA MEDIA LLP, United Kingdom.