Privacy Policy

Last updated: 20 April 2026

This Privacy Policy explains how Yeema Ltd, trading as Yeema Studio ("we", "us", "our") collects, uses, and protects personal data when you use this website, book a call, or engage us for services.

1. Who We Are (Data Controller)

Yeema Ltd (trading as Yeema Studio) is the data controller responsible for the personal data collected via this website.

Registered company name: Yeema Ltd

Trading name: Yeema Studio

Company number: 14890204

Registered in: England and Wales

Registered office: 128 City Road, London, United Kingdom, EC1V 2NX

Contact for data requests: [email protected]

2. Personal Data We Collect

  • Contact data you provide (for example: name, email address, company name, message contents) when you email us or otherwise contact us.
  • Scheduling data when you book a call (for example: name, email address, availability, timezone, and meeting details).
  • Usage and device data (for example: IP address, browser type, pages viewed, approximate location inferred from IP, and log data) collected automatically when you browse the site.
  • Communications (records of emails and other messages you send us).

If you provide personal data about someone else, you must ensure you have the right to share it with us.

3. How We Use Personal Data (Purposes and Lawful Bases)

We process personal data under the UK GDPR and the Data Protection Act 2018. Our main lawful bases are: performance of a contract (or steps before entering a contract), legitimate interests, consent (where required), and legal obligations.

  • Responding to enquiries: to reply to messages and discuss a potential project.
    Lawful basis: legitimate interests; steps before entering a contract.
  • Scheduling calls: to arrange and manage calls you book.
    Lawful basis: steps before entering a contract; legitimate interests.
  • Delivering services: if you become a client, to provide product, brand, or web design/development services.
    Lawful basis: performance of a contract.
  • Site security and abuse prevention: to keep the site secure and prevent fraud.
    Lawful basis: legitimate interests; legal obligations (where applicable).
  • Marketing communications: to share updates about our services.
    Lawful basis: consent where required; otherwise legitimate interests. You can opt out at any time.
  • Legal and accounting: to comply with legal obligations and handle disputes.
    Lawful basis: legal obligation; legitimate interests.

4. How We Secure Personal Data

We take the security of personal data seriously and use appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, or alteration.

  • Data is transmitted over HTTPS/TLS when sent to and from our website and email providers.
  • Access to systems holding personal data is restricted to authorised personnel and protected by strong, unique passwords and multi-factor authentication where supported.
  • We use reputable service providers (for example for hosting, email, and scheduling) with their own recognised security controls.
  • We hold personal data only for as long as necessary (see the Data Retention section below) and delete or anonymise it when no longer required.

No method of transmission over the internet or method of electronic storage is 100% secure. While we take reasonable steps to protect personal data, we cannot guarantee absolute security.

5. How We Obtain Consent

Where we rely on consent as our lawful basis (for example for certain analytics cookies, or for marketing emails where required by law), we will ask for your consent clearly and separately before we process your personal data for that purpose. You can withdraw your consent at any time:

  • For marketing emails: use the unsubscribe link in any marketing message, or email us.
  • For cookies: change your preferences in your browser, or in our cookie banner if shown.
  • For any other consent-based processing: email [email protected].

Withdrawing consent does not affect the lawfulness of any processing we carried out before you withdrew it.

6. Cookies and Similar Technologies

We may use cookies and similar technologies to operate the website and, where enabled, to measure usage. Under UK law (including PECR), some cookies require your consent.

  • Strictly necessary cookies: required for core functionality and security.
  • Analytics cookies: help us understand how the site is used. Where required, we will only set these after consent.
  • Third-party content: booking tools (for example, our scheduling provider) may set cookies when you interact with them.

You can manage cookies through your browser settings. If we implement a cookie banner, you will be able to manage preferences there.

7. Sharing Personal Data (Processors and Recipients)

We may share personal data with trusted service providers who help us run the site and deliver services. These providers act as processors (handling data on our instructions) or independent controllers depending on the service.

  • Scheduling: Cal.com (used to allow you to book calls).
  • Payment processing: a regulated third-party payment service provider processes card payments made against our invoices via secure payment links. We do not see or store full card details. The payment service provider is the controller of the card data it processes and operates under its own privacy policy.
  • Hosting/Infrastructure: our web hosting and content delivery providers.
  • Email/Communications: email providers used to send and receive messages.
  • Professional advisers: legal, accounting, or insurance advisers (when necessary).

We do not sell your personal data.

8. International Transfers

Some service providers (including our payment service provider and certain hosting and email providers) may process data outside the UK. Where this happens, we rely on appropriate safeguards in line with UK data protection law, including the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses (SCCs), or transfers to jurisdictions covered by a UK adequacy decision.

9. Data Retention

We keep personal data only as long as necessary for the purposes described above, including to meet legal, accounting, or reporting requirements.

  • Enquiry emails: typically up to 24 months.
  • Call bookings: typically up to 12 months.
  • Client records: typically up to 6 years after the end of a client relationship (subject to circumstances).

10. Your Rights

Subject to conditions and exceptions under UK data protection law, you have rights including:

  • Access to your personal data.
  • Rectification of inaccurate personal data.
  • Erasure of personal data.
  • Restriction of processing.
  • Data portability.
  • Objection to processing (including objection to direct marketing).
  • Withdrawal of consent (where processing is based on consent).

To exercise your rights, contact us at [email protected].

You also have the right to complain to the Information Commissioner's Office (ICO). You can find details at ico.org.uk.

ICO contact details: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113.

11. Providing Your Data

You are not legally required to provide personal data to us. However, if you do not provide certain details (for example, an email address), we may not be able to respond to your enquiry or arrange a call.

12. Automated Decision-Making

We do not use your personal data for automated decision-making (including profiling) that produces legal or similarly significant effects.

13. Children's Privacy

This website is not intended for children and we do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this policy from time to time. We will post the updated version on this page and update the "Last updated" date.