Skip to main content

Privacy policy

The following privacy policy provides a simple overview of what happens to your personal data when you visit our website at www.studiotapioca.co.uk. This privacy policy only applies to the website of Studio Tapioca/Pacifican and does not apply to linked websites that are not owned and controlled by us.

What is personal data?

Personal data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not personal data. This includes, for example, the number of users of a website. However, we reserve the right to put this data to additional uses to the extent permitted or required by law or necessary to support legal or criminal investigations. In this case, we will inform you again about this further data processing to the extent required by law and obtain your consent.

Data collection on this website

In principle, we will only use your personal data in accordance with the applicable data protection laws, in particular the Dutch GDPR Implementation Act (Uitvoeringswet Algemene Verordening gegevensbescherming) (UAVG) and the General Data Protection Regulation (GDPR) (given the similarity of both collectively referred to as “GDPR”) and only as described in this privacy policy.

Who is responsible for data collection on this website?

Data processing on this website is carried out by Pacifican at Burgemeester de Herderplantsoen 46, 2396 WZ in Koudekerk aan den Rijn, Netherlands, registered under Dutch chamber of commerce number 86078852 (hereinafter referred to as “we” or “Studio Tapioca” or “Pacifican”). You can reach us using [email protected] in case you have any questions.

How do we process your data?

In the course of our business and website operations, we process data. This also includes disclosure by transmission to third parties and, where applicable, to so-called third countries outside the Netherlands and the EEA. Where we transfer data outside the Netherlands or EEA, we have highlighted this accordingly below.

The individual data concerned, processing purposes, legal bases, recipients and, where applicable, transfers to third countries are listed below:

  • a) Hosting

    This website is hosted using an external service provider (Cloudflare, Inc. of 101 Townsend St. San Francisco, CA 94107). The personal data collected on this website is stored on Cloudflare’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated via a website.

    Cloudflare is used for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

    Cloudflare will only process your data insofar as this is necessary for the fulfilment of its service obligations and follow our instructions with regard to this data. We have concluded a data processing agreement with Cloudflare, which is a contract to ensure that Cloudflare only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

  • b) Log file during website visit

    We (Cloudflare on our behalf) log your website visit. In doing so, we process:

    • Name(s) of our accessed web site(s),
    • date and time of the access,
    • the amount of data transferred,
    • the browser type and version,
    • the operating system you use,
    • the referrer URL (the previously visited web site),
    • your IP address,
    • the requesting provider.

    The legal basis for data processing is our legitimate interest in the ongoing provision and security of our web site in accordance with Art. 6 (1) f GDPR.

    The log file is deleted after seven days, unless it is needed to prove or clarify specific legal violations that have become known within the retention period.

  • c) Contacting us

    If you contact us, we process the data you submit for the purpose of processing and handling your enquiry. This may include Name, contact details—if provided by you—and your message. The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations in accordance with Art. 6 (1) b) GDPR and/or our legitimate interest in processing your enquiry in accordance with Art. 6 (1) f) GDPR.

  • d) Contract fulfilment and data management in the context of service provision

    We process various data within the framework of the provision of our services and for the initiation and processing of the existing contractual relationship between you and us.

    If you have commissioned us to provide a service, we process your data (if provided: Name, contact details (email address and telephone number), address, bank details, and all information that is necessary in the context of fulfilling the services, exclusively for the purpose of processing and handling the contractual relationship.

    This includes in particular our appropriate advice and support, correspondence with you, invoicing, fulfilment of our accounting and tax obligations.

    Accordingly, the data is processed on the basis of Art. 6 (1) b) GDPR as well as to fulfil our legal obligations pursuant to Art. 6 (1) c) GDPR.

  • e) Use of cookies

    We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our cookie policy. The legal basis for the use of cookies is your consent in accordance with Art. 6 para. 1 a) GDPR as well as our legitimate interest in accordance with Art. 6 para. 1 f) GDPR.

  • f) Audio and video conferences

    For communication with our customers, we use, among other things, online conference tools. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool. Conferencing tools typically collect all data that you provide/enter when you use these tools and may include (e-mail address and/or your telephone number).

    In addition, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” in connection with the communication process (metadata).

    The provider of the tool processes all technical data required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.

    If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards and other information shared while using the service.

    Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy policies of the respective tools used.

    The tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.

  • g) Testimonials

    Within the testimonial section, we may display certain personal information, share certain details, knowledge and insights. When you approve and submit your testimonial to us your consent is obtained, and you have choices about the information in your testimonial.

    The storage of testimonials is based on your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke your consent at any time. For this purpose, an informal communication by email to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

Analytics

Google Analytics

We use Google Analytics, a service provided by Google Inc. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymised by means of IP anonymisation so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: https://tools.google.com/dlpage/gaoptout?hl=en. The legal basis for this processing is Art. 6 para. 1 letter f) GDPR, our legitimate interest.

Duration of data storage

We only store personal data for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. If you make a request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply, the storage period for certain data may be up to 10 years, irrespective of the processing purposes.

Transfer of personal data

We will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the performance of our services (legal basis for processing: Art. 6 para. 1 lit. b) GDPR), you have consented to the disclosure (legal basis for processing: Art. 6 para. 1 lit. a) GDPR) or the disclosure of data is permitted by relevant legal provisions.

We are entitled to outsource the processing of your personal data in whole or in part to external service providers acting as processors pursuant to Art. 4 No. 8 GDPR within the framework of the data protection provisions. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing, as well as the implementation and fulfilment of reporting obligations.

The service providers commissioned by us process your data exclusively in accordance with our instructions. We remain responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and additional controls by us.

Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order (legal basis for processing: Art. 6 (1) (c) GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil our legitimate interests (legal basis for processing: Art. 6 (1) (f) GDPR).

Data transfer into third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Automated decision-making

Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place at Pacifican.

Your data subject rights

  • a) Information

    Upon request, we will provide you at any time and free of charge with information about all personal data that we have stored about you.

  • b) Correction, deletion, restriction of processing (blocking), objection

    If you no longer agree with the storage of your personal data or if this data has become incorrect, we will arrange for the deletion or blocking of your data or make the necessary corrections (insofar as this is possible according to the applicable law) on the basis of a corresponding instruction. The same applies if we are only to process data in a restrictive manner in the future. You have the right to object in particular in cases where your data is required for the performance of a task that is in the public interest or in our legitimate interest, as well as profiling based on this. You also have such a right of objection in the event of data processing for the purpose of direct advertising.

  • c) Right to revoke consent with effect for the future

    You may revoke your consent at any time with effect for the future. Your revocation will not affect the lawfulness of the processing up to the time of revocation.

  • d) Data portability

    If data is processed on the basis of a contract, pre-contractual negotiations, consent or with the help of automated procedures, you have the right to data portability. Upon request, we will provide you with your data in a common, structured and machine-readable format so that you can transfer the data to another data controller if you wish.

  • e) Exercise of your data subject rights and right of appeal

    To assert these rights, please contact us. The same applies if you have questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority. The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time (https://autoriteitpersoonsgegevens.nl). We would, however, appreciate the chance to deal with your concerns before you approach the Autoriteit Persoonsgegevens.

Data Subject Access Request

For clarification, you have the right to request confirmation from us at any time as to what information we hold about you and to request that we amend, update, or delete that information. We may comply with your request in response. In addition, we have the following options:

  • Ask you to confirm your identity, or
  • ask you for more information about your request, and
  • where permitted by law, refuse your request (however, in this case we will explain the reasons for the refusal).

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Security

State-of-the-art internet technologies are used to ensure the security of your data. During the online enquiry process, your details are secured with SSL encryption. For secure storage of your data, the systems are protected by firewalls that prevent unauthorised access from outside. In addition, technical and organisational security measures are used to protect the personal data you have provided against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

Obligation to provide personal data

You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the provision of the above services. If you do not provide us with this personal data, we may not be able to provide the service.

Social media

We are present in “social media” (Instagram operated by Meta Platforms Inc. of 181 South Park Street Suite 2 San Francisco, CA 94107, USA, and LinkedIn Corporation of 605 W Maude Ave, Sunnyvale, CA 94085, USA) in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers there. We would like to point out that you use Instagram and the functions offered on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).

In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This allows, for example, advertisements to be placed within and outside the Instagram platform that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).

We do not collect and process any data from your use of our service beyond this. The processing of users’ personal data is based on our legitimate interests in providing users with effective information and communicating with users pursuant to Art. 6 para. 1 p.1 lit. f. GDPR. If you are asked by the respective providers for consent to data processing, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a., Art. 7 GDPR.

If you are a member of Instagram and do not want the network to collect data about you via our website and link it to your stored membership data with Instagram, you must:

  • log out of your Instagram account before visiting our website,
  • delete the cookies on your device, and
  • close and restart your browser.

After logging in again, however, you will once more be recognisable to the network as a specific user. In the case of requests for information and the assertion of user rights, we would also like to point out that these can most effectively be asserted with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

Children’s data

Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your child has provided us with personal data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

Changes

This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.

Queries and complaints

If you have any questions, please do not hesitate to contact us.