Privacy policy

Our policy will help you understand how we respect your privacy and protect your data.

Biorna Design Limited privacy policy

Last updated: March 2025

  • Biorna Design Limited ("we", "us", "our") is committed to protecting and respecting your privacy. This privacy policy sets out how we collect, use, store, and protect any personal data you provide when you visit our website at biorna.co.uk (the "website") or otherwise engage with us.

    Please read this policy carefully. By using our website, you confirm that you have read and understood how we handle your personal data. This policy should be read alongside our cookie policy, which is also available on our website.

  • We are the data controller responsible for your personal data.

    Biorna Design Limited

    Registered in Scotland

    Website: biorna.co.uk

    Email: info@biorna.co.uk

    If you have any questions about this policy or how we handle your personal data, please contact us using the details above.

  • We collect personal data in the following ways:


    3.1 Contact form

    When you submit an enquiry through our website contact form, we collect the following information:

    • First name and last name (required)

    • Email address (required)

    • Phone number (optional)

    • Subject and message content

    We use this information solely to respond to your enquiry and to communicate with you about potential or ongoing projects.


    3.2 Website usage data

    When you visit our website, certain technical information is collected automatically through cookies and analytics tools, including your IP address, browser type, pages visited, and how you arrived at our site. This is described in more detail in our cookie policy.


    3.3 Direct correspondence

    If you contact us directly by email or by any other means outside of the contact form, we may retain that correspondence and any personal data contained within it for the purposes of responding to you and managing our business relationship.


    3.4 Data we do not collect

    We do not knowingly collect sensitive personal data (such as information relating to health, ethnicity, or religion), nor do we collect personal data from children under the age of 16. Our website is not directed at children.

  • Under the UK General Data Protection Regulation (UK GDPR), we must have a lawful basis for processing your personal data. We rely on the following:

    • Legitimate interests: We process enquiry and correspondence data to respond to you and to manage our business effectively. We have assessed that doing so does not override your rights and interests.

    • Contractual necessity: Where we are engaged to carry out work for you, we process your data as necessary to fulfil that contract.

    • Legal obligation: We may process or retain certain data where we are required to do so by law, for example for accounting and tax purposes.

    • Consent: Where we rely on your consent to process data (for example, in relation to certain cookies), you have the right to withdraw that consent at any time.

  • We use the personal data we collect for the following purposes:

    • To respond to enquiries submitted through our contact form

    • To communicate with you about projects, proposals, and ongoing work

    • To fulfil our contractual obligations to clients

    • To maintain our business records and comply with legal and financial obligations

    • To analyse and improve the performance of our website

    We will never sell your personal data to third parties, nor will we use it for advertising or direct marketing purposes without your explicit consent.

  • We treat your personal data with the utmost discretion. We may share it only in the following limited circumstances:


    6.1 Service providers and data processors

    We work with a small number of trusted third-party suppliers who may have access to personal data in the course of providing services to us. These include:

    • Squarespace Inc.: Our website is hosted and managed through Squarespace, which processes contact form submissions and website usage data on our behalf. Squarespace is based in the United States and operates under appropriate data transfer safeguards.

    • Google LLC: We use Google Analytics to analyse website traffic. Google may process data outside the United Kingdom. For more information, please see our cookie policy.

    • Marketing consultant: We work with an external marketing consultant who manages our website and may, in the course of that work, have access to data held within the Squarespace platform.

    • Accountant: Our accountant may have access to financial records and related correspondence that contain personal data, for the purposes of preparing accounts and meeting our tax obligations.

    All third parties with whom we share personal data are required to handle it in accordance with applicable data protection law and to keep it secure.


    6.2 Legal requirements

    We may disclose your personal data if required to do so by law, or in response to a valid request from a public authority such as a regulatory body or law enforcement agency.


    6.3 Social media platforms

    Our website contains links to our profiles on Instagram and Facebook, operated by Meta Platforms Inc. If you follow these links, you will be leaving our website and your use of those platforms will be governed by Meta's own privacy policy. We are not responsible for the privacy practices of third-party platforms.

  • Some of our third-party service providers, including Squarespace and Google, are based outside the United Kingdom. Where your personal data is transferred internationally, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the UK Information Commissioner's Office (ICO), to protect your data to the same standard as it would receive within the UK.

  • We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. Our retention periods are as follows:

    • Contact form enquiries and email correspondence: 2 years from the date of last contact

    • Client project data and communications: 6 years from the date of project completion, in line with standard contractual limitation periods

    • Financial and accounting records: 6 years, as required by HMRC

    Once data is no longer required, we will delete or anonymise it securely.

  • Under UK GDPR, you have the following rights in relation to your personal data:

    • Right of access: You may request a copy of the personal data we hold about you.

    • Right to rectification: You may ask us to correct any inaccurate or incomplete data.

    • Right to erasure: You may ask us to delete your personal data in certain circumstances.

    • Right to restrict processing: You may ask us to limit how we use your data in certain circumstances.

    • Right to data portability: You may request that we transfer your data to another organisation in a structured, commonly used format.

    • Right to object: You may object to our processing of your data where we rely on legitimate interests as our lawful basis.

    • Right to withdraw consent: Where we rely on consent to process your data, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

    To exercise any of these rights, please contact us at info@biorna.co.uk. We will respond to your request within one month. We will not charge a fee for handling your request unless it is manifestly unfounded or excessive.

    We may need to verify your identity before we are able to fulfil your request.

  • We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure. These include secure email practices, use of reputable third-party platforms with their own security standards, and limiting access to personal data to those who have a genuine need to see it.

    Whilst we take every reasonable precaution, please be aware that no method of transmission over the internet is entirely secure. If you have any concerns about the security of your data, please contact us immediately at info@biorna.co.uk.

  • Our website may contain links to third-party websites, including our social media profiles on Instagram and Facebook. This policy applies only to our website, and we are not responsible for the privacy practices of any external sites. We encourage you to review the privacy policies of any third-party sites you visit.

    In future, our website may also include embedded content from Google Maps or YouTube. Where such content is present, those platforms may collect data about your interaction with the embedded content, subject to their own privacy policies.

  • We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal obligations. The most recent version will always be available on our website, with the date of the last update shown at the top of the page. We encourage you to review this policy periodically.

    Where changes are material, we will take reasonable steps to bring them to your attention.

  • If you are unhappy with how we have handled your personal data, please contact us in the first instance at info@biorna.co.uk and we will do our best to resolve the matter promptly.

    If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the supervisory authority for data protection in the United Kingdom:

    Website: ico.org.uk

    Telephone: 0303 123 1113

    Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF