Skip to content

Privacy Policy

Data Privacy Notice


1. Step2 Design Policy and Summary

Step2 Design has a Data Protection Policy and this document is a product of that policy. The EU General Data Protection Regulation (GDPR) and PECR are the main stem of Data Protection provisions within UK and this company will comply with all relevant legislation.

For customers of Step2 Design (customers includes anyone who ‘purchases’ any of our services as well as those seeking our product design services) where we have captured personal data in order to service your requirements and provide you with relevant information into the future. This will be done under the auspices of Legitimate Interest and Contract. In some circumstances we may use Consent as a reason for retention.

For employees of the company as well as contractors; the auspices of contract from each contracted person/entity will be used for holding data. The minimum but adequate personal details will be held in accordance with the specific requirement of the individuals.

It may be necessary to pass personal data to third parties in the course of the running of the business such as using a web builder or using a mailing service. Where this is necessary the third parties will be required to treat the data in accordance with relevant legislation and be subject to Non-disclosure provisions. They will be required to treat the data securely and only for the purpose specified by the Idea Reality. 

Step2 Design is the data controller and the person responsible in the company is Patrick Williams and his contact details are set out below. All personal data will be kept in the company offices in a secure fashion. The data will only be used for the purposes it was collected. 

Patrick Williams, one of our Directors and manager of our Data Protection can be contacted through: +44(0) 7540 394398, or patrick@step2-design.co.uk

2. Personal data – what is it?

Personal data relates to a living individual who can be identified from data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”) and any subsequent legislation.

3. Who are we?

We are Step2 Design Ltd a product design business based in Bristol, UK. The Data Protection Manager (Patrick Williams) is responsible for the use and security of your data. 

4. How do we process your personal data?

Step2 Design complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data for the following purposes: –

  • To provide product and design information and services to our customers;
  • To administer the company including the provisions required for all employees.
  • To maintain our own accounts and records;
  • To promote Step2 Design as an established professional design organization in the UK;

5. What is the legal basis for processing your personal data?

  • Processing is necessary, using Legitimate Interest for carrying out obligations under financial, employment, social security or social protection law, or a collective agreement;
  • Processing where contracts are the essential element;

6. Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with personnel and other organisations associated with Step2 Design in order to provide company services. We will only share your data with third parties for the running of the company subject to relevant legal provisions incumbent on all.

7. How long do we keep your personal data?

We keep data in accordance with the ICO guidance. Normally customer data that has not involved a financial transaction in its capture is kept for two years after which the customer will be asked to consent to further retention. Customers who have undertaken a financial transaction with the company will also have their data held for five years for information provision purposes as well as for repeat business and seven years as required by HMRC. Contractors and Employees data will be reduced to a minimum on completion of the contract and only kept a record of employment/service for reference purposes. All Financial records and associated personal data will be kept for the year of the transaction and six full tax years following.

8. Your rights and your personal data 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: –

  • The right to request a copy of your personal data which Step2 Design holds about you;
  • The right to request that Step2 Design corrects any personal data if it is found to be inaccurate or out of date; 
  • The right to request your personal data is erased where it is no longer necessary for Step2 Design to retain;
  • The right to withdraw your consent (if under the consent permission) to the processing at any time;
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable)
  • The right to lodge a complaint with the Information Commissioners Office.

9.  Further processing

If Step2 Design wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

10.  Your part in Data protection

It would be very useful if you could make a point of keeping the company informed of any changes to the information we hold about you.

11. Contact Details

To exercise all relevant rights, queries of complaints please in the first instance contact the Data Protection Manager. Patrick Williams on +44(0) 7540 394398, or patrick@step2-design.co.uk or Step2 Design Ltd, HERE, 470 Bath Road, Arnos Vale, Bristol, BS4 3AP.

You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

12. Types of data we collect

Website Cookies

Our website uses cookies to collect information. This includes information about browsing behaviour by people who access our website: pages viewed and the customer’s journey around our website. Detailed information is set out in our Cookie Policy below.

Google Analytics

When someone visits step2-design.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Third Parties

Your information is only accessible to third parties which help us to manage our business, such as our Accountants, our Customer Relationship System, Web Hosting.

Please rest assured that none of the above partners are able to contact you unless you tell them this is acceptable. We will not share sensitive information or your payment details. This is something you will control.

Access to your personal information

You are entitled to view, amend, or delete the personal information that we hold. Email your request to our Data Protection Manager Patrick Williams at patrick@step2-design.co.uk

We will action these requests as quickly as possible for you.