Purpose

Stocks Tylor Benson Ltd or “STB Design” or “the Company” is dedicated to protecting your privacy and handling your personal data with transparency and respect. This privacy notice explains how we process personal data through stbdesign.com and any online platforms whether you are a client, supplier or website visitor. It also outlines your rights under data protection laws including the UK Data Protection Act 2018, UK GDPR and EU GDPR.

Controller for Personal Data

A “controller” is a person or organisation who alone or jointly determines the purposes for which and the way any personal data is or is likely to be processed. Unless we notify you otherwise STB Design is the controller of your personal data for the purpose of this website and where we directly interact with you.  

Scope

This notice applies to personal data processed in connection with:

  • Clients: When we deliver strategic brand and graphic design consultancy services to you.

  • Suppliers: If you provide products or services that enable our creative practice.

  • Website visitors: Anyone browsing stbdesign.com or interacting with site content, tools or messages.

Types of Personal Data We May Collect

Personal data means information relating to an identified or identifiable person. Anonymised data falls outside this scope.

We may collect, use, store and transfer the following categories of personal information:

  • Identity Data: Name, business name, job title, username or similar identifier.

  • Contact Data: Email address, telephone, billing/delivery address.

  • Portfolio or Project Data: Project briefs, feedback, assets shared in the delivery of design and consultancy services.

  • Financial Data: Bank details, payment card details, invoices.

  • Transaction Data: Details of payments, service agreements, past commissions.

  • Technical Data: IP address, browser type, device identifier, operating system, cookies and similar tracking technologies.

  • Profile Data: Project preferences, testimonials, survey responses.

  • Usage Data: How you use our website and online features, including traffic logs and interactions.

  • Marketing and Communications Data: Preferences for receiving our email updates, invites, thought-leadership or news.

We process different types of data depending on your relationship with us, as set out below.

Lawful Bases: How We Use Your Personal Data

STB Design will only process your data where legal bases apply. This may include:

  • Performance of a contract: For example, to deliver brand strategy or graphic design services as agreed.

  • Legal obligation: Compliance with tax, accounting or regulatory requirements.

  • Legitimate interests: For example, to ensure the security of stbdesign.com, improvement of our services or to communicate innovations in design.

  • Consent: For marketing or non-essential cookies, which you may withdraw at any time via privacy@stbdesign.com or unsubscribe links.

  • Vital interests: To protect you or others in an emergency.

  • Public obligation: Where required for public safety or statutory notice.

 How We Collect Your Data

  • Directly from you: Including when you complete contact forms, download resources, share project briefs or correspond via email or telephone.

  • Third-party sources: From project partners, suppliers or referrals relevant to our work.

  • Automatically via technology: When you browse stbdesign.com, we and our analytics partners collect technical and usage data through cookies and similar tools (see our Cookies Notice).

 Use of Artificial Intelligence

We may use artificial intelligence (AI) tools to enhance our services and provide you with a better experience. These tools assist us in improving efficiency, identifying trends and tailoring our offerings to your needs. However, please note that our use of AI is limited to supporting and streamlining our processes and it does not involve making decisions about you. All decisions related to your interactions with us are made by our team, ensuring a personal and thoughtful approach. We are committed to transparency and safeguarding your privacy as we continue to leverage technology responsibly for your benefit.

Cookies and similar technologies

We gather information and statistics collectively about visitors to our website. Analysis of this information demonstrates the most frequently used sections of the website and assists us in continually improving the online service. Please also refer to our cookies notice for more information on how we set cookies.

Processing Tables

The tables below provide an overview of our information processing practices. It outlines the key processing activities we undertake, the categories of personal data involved and the lawful basis for each activity. By presenting this information, we aim to ensure transparency and help you understand how data is managed during our interactions and activities and to clarify how your information is handled in accordance with data protection regulations.

Client: Processing Information

This is where we interact directly with you or your organisation to deliver our design services.

Processing activities

Categories of personal data

Lawful basis

Sign you up as a client, including initiating discussions and proposals

Identity Data, Contact Data

Performance of a contract; Consent (to access client resources or collaborative workspaces)

Consultation, briefing and project delivery (strategy workshops, design services, brand development)

Identity Data, Contact Data, Portfolio or Project Data, Profile Data

Performance of a contract

Responding to queries and feedback throughout the project

Identity Data, Contact Data

Performance of a contract; Legitimate interests (client relationship and service excellence)

Processing payments, invoices and project-related finances

Identity Data, Contact Data, Financial Data, Transaction Data

Performance of a contract; Legitimate interests (recovery of fees, smooth operation)

Register you for our e-newsletters, insights, invites or marketing communications

Identity Data, Contact Data

Consent (Opt-in) or Soft Opt-in as permitted by law

Showcase case studies, testimonials or client designs on stbdesign.com (with your prior permission)

Identity Data, Profile Data, Portfolio or Project Data

Consent – We will always request your approval before publishing any personal/client information on our site or portfolio. To update or withdraw your testimonial, please contact us including your name, testimonial location and contact details.

Administer, protect and maintain our business, website, project portals and data hosting

Identity Data, Contact Data, Technical Data

Legitimate interests (IT operations, security, service delivery, business administration); Legal obligation

Supplier: Processing Information

For suppliers (printers, illustrators, software providers, etc.) who help STB Design deliver creative solutions.

Processing activities

 

Categories of personal data

Lawful basis

Engagement as a supplier or project partner (e.g., for outsourced production or collaborative work)

Identity Data, Contact Data

Performance of a contract

Processing payments, handling supplier accounts and related transactions

Identity Data, Contact Data, Financial Data, Transaction Data

Performance of a contract

Correspondence regarding service delivery, project support and partnership

Identity Data, Contact Data

Performance of a contract; Legitimate interests (smooth collaboration and communications)

Supplier: Processing Information

This is where you are a supplier of products and services to us where you do not fall into the category of suppliers above – for example IT administration providers and general administration providers for the smooth running of our business.

Processing activities

Categories of personal data

Lawful basis

 

For you to provide services and products to us

 

Identity Data, Contact Data,

Performance of a contract

Manage payments, fees and charges we owe you

Identity Data, Contact Data, Financial Data, Transaction Data

 

Performance of a contract with you

To engage with you as a customer for product/service support

Identity Data, Contact Data

Performance of a contract

Necessary for our legitimate interests so that we are able to get in touch with our queries, issues and concerns.

 Website Visitor: Processing Information

For anyone exploring stbdesign.com or making initial contact with STB Design.

Processing activities

Categories of personal data

Lawful basis

Handling inquiries via our website forms, email links, phone and AI-powered chat features

Identity Data, Contact Data

Legitimate interests (responding to interest in our services or general queries)

Notifying you about updates to our privacy notice, terms or major site changes

Identity Data, Contact Data (if provided)

Legitimate interests (transparency and good governance)

Troubleshooting, maintaining and protecting stbdesign.com, including security, analytics, hosting and system integrity

Identity Data, Contact Data, Technical Data

Legitimate interests (site performance, security, user experience); Legal obligation

Delivering relevant site content and measuring campaign effectiveness (inspiration, news, portfolio highlights)

Identity Data, Contact Data, Profile Data, Usage Data, Marketing and Communications Data, Technical Data

Legitimate interests (marketing, site improvements, content strategy)

Website analytics to refine our design, services and client engagement

Technical Data, Usage Data

Legitimate interests (site design, business development); Consent for non-essential cookies as set out in our Cookies Notice

Non-essential cookies (where consent is required by law or jurisdiction)

Technical Data

Consent

Marketing communications

You can ask us to stop sending you marketing messages at any time by using the unsubscribe link in marketing emails, updating your preferences through your account or contacting us via the website or email. Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of a contract or other transactions.

Children’s Privacy

Our website is not intended for children and we do not knowingly collect personal data relating to children. If you become aware that a child has provided us with personal data, please contact us and we will delete such information.

Who We Share Your Personal Data With

As part of delivering our services and operating stbdesign.com, we may need to share your personal data with carefully selected third parties to support both our creative work and the smooth running of our business operations. These third parties may include:

  • Service Providers: Organisations who support our website, project management, IT infrastructure and general business operations including web hosting companies, email communications partners, analytics platforms and cloud storage providers.

  • Professional Advisors: External experts such as lawyers, accountants, auditors and insurers, who advise us in relation to legal, financial and risk management matters.

  • Payment Processors: Trusted providers who facilitate invoicing, secure payment collection and financial transactions for the services you receive.

  • Creative Industry Partners: Print suppliers, illustrators, photographers and other creative collaborators who help bring your commissioned projects to life. We share data strictly relevant to the execution and delivery of your project.

  • Marketing and Communications Partners: Agencies or platforms that assist us with marketing communications, event organisation and client relationship management.

  • Regulatory and Government Authorities: Official bodies with whom we must comply under applicable laws and regulations such as HMRC or data protection authorities when disclosure is required.

  • Business Transaction Partners: In the event that we sell, transfer or merge parts of our business or assets, your data may be disclosed to prospective buyers, merger partners or their advisors.

  • Sale, Merger or Transfer of Business: In the context of a sale, merger or transfer of all or any part of our business, your personal data may be shared with or transferred to third parties involved in the transaction such as potential buyers, merger partners or professional advisors. Rest assured, any processing of personal data during such transactions will be handled with the same level of care, security and respect for privacy as outlined in this notice.

  • Other Third Parties: Where you provide your explicit consent or where there is another lawful basis, we may share data with additional partners to support events, workshops, training sessions or industry networking.

We require all third-party service providers to respect the security of your personal data and to treat it in accordance with the law.

International transfers for UK/EU

We may transfer and process your personal data outside of the United Kingdom (UK) /European Union (EU) to countries where data protection laws are less stringent than those in the UK/EU. When we transfer your personal data outside of the UK/ EU we only do so to entities that offer our users the same level of data protection as that afforded by the UK Data Protection Act 2018 (including the UK GDPR) and the EU GDPR/ Data Protection Laws.

  1. We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information; or

  2. We will use specific contracts approved for use in the UK or EU which give personal information the same protection it has in the UK/EU. For example, the use of Article 46 UK and EU GDPR safeguard mechanisms to transfer personal data endorsed by the UK Government or European Commission.

For other countries we will use local law guidance to ensure personal data is transferred securely where there is a requirement in law to do so.

To find out more about the transfer mechanism used please contact us.

Data Security

We have implemented appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These steps include pseudonymisation and encryption, restricted access and staff training in data protection. In addition, we limit access to your personal data to those employees, agents, contractors and designated third parties who have a business need to know. They will only process your data on our instructions and are subject to confidentiality.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. Details of retention periods for different aspects of your personal data are available in our data retention policy, which you can request by contacting us.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.

Data Subject Rights

Under certain circumstances, you have rights under Data Protection Laws. Not all rights are absolute and depending on where you are located, not all rights are given to you. You can:

Request access to your personal data: This is known as a “subject access request” and enables you to receive a copy of the personal data we hold about you.

Request correction of your personal data: This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you at the time of your request.

Object to processing of your personal data: This is where we are processing your personal data based on a legitimate interest or those of a third party and you may challenge this.  However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to any legal claims.  See also Marketing communications.

Request restriction of processing your personal information: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the information’s accuracy (b) where our use of the information is unlawful but you do not want us to erase it (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

Request transfer of your personal information (“data portability”): This is where in some circumstances we will provide to you or a third party you have chosen your personal data in a structured, commonly used, machine-readable format.

Right to withdraw consent: This is where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. Depending on the processing activity, we may not be able to provide certain services to you if you withdraw your consent. We will advise you if this is the case at the time you withdraw your consent.

Automated decision making:  This is where decisions are made about you by automated means. We do not carry out automated decision making.

Carrying out your data subject rights

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information or to exercise any of your other rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

If you wish to exercise any of the rights set out above, please contact us.

Concerns and complaints

We would appreciate the chance to deal with your concerns in the first instance. Please see Contact us section. If you have unresolved issues, you have the right to complain at any time to a data protection supervisory authority for data protection issues such as the UK data protection regulator – the Information Commissioner’s Office (ICO). 

You may lodge a complaint with a supervisory authority if you live or work outside the UK or you have a complaint concerning our personal data processing activities.

Changes to this Privacy Notice

We keep our privacy notice under regular review and may update it from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on stbdesign.com. We encourage you to check this notice occasionally to ensure you understand how we process your personal data.

Contacting Us

If you have any questions about this privacy notice, your data or to exercise your rights, please contact us using:

 Version control

This version was last updated in January 2026.