1. Introduction
32CREATE (“we,” “our,” or “us”) is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website or engage with us as a creative agency for fashion brands.
This policy is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
32CREATE
Email: hello@32create.co.uk
Location: Manchester, United Kingdom
Instagram: @32create
If you’d like our full registered address for any formal correspondence, request it by email.
3. What Personal Data We Collect
We only collect personal data that you voluntarily provide to us, primarily through our enquiry form. This may include:
- Contact information: name, email address, Instagram handle, brand/business name
- Project information: website URL, niche/industry, services you’re interested in, project notes
- Communication content: any other information you choose to include in your message or in subsequent correspondence
4. How We Collect Your Data
We collect your personal data when you:
- Submit our enquiry form on the website
- Contact us directly by email or through social media
- Engage with us about a project, proposal, or ongoing work
5. Legal Basis for Processing
We process your personal data on the following bases under UK GDPR:
- Legitimate interest (Article 6(1)(f)): to respond to enquiries and provide information about our services
- Contract performance (Article 6(1)(b)): to deliver creative services you’ve requested
- Consent (Article 6(1)(a)): where you’ve given explicit consent for specific processing
6. How We Use Your Personal Data
We use your personal data to:
- Respond to your enquiries
- Prepare quotes and proposals
- Deliver creative services and manage projects
- Communicate updates about ongoing work
- Maintain records of our business relationship
- Comply with legal and accounting obligations
7. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We may share data only in the following circumstances:
- With trusted service providers who help us run our business (email, accounting, file storage), under confidentiality obligations
- With freelance collaborators involved in your project, where strictly necessary (and only the minimum required)
- Where required by law, court order, or to protect our legal rights
- With your explicit consent
8. Data Retention
We keep your personal data only as long as necessary:
- Enquiry data (no project booked): 24 months from last contact
- Active client data: for the duration of our working relationship plus 7 years (for accounting and legal compliance)
- Marketing communications: until you unsubscribe or withdraw consent
9. Your Rights Under UK GDPR
You have the following rights over your personal data:
- Right of access — request a copy of the personal data we hold
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure (“right to be forgotten”) — request deletion of your data
- Right to restrict processing — limit how we use your data
- Right to data portability — receive your data in a structured format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — withdraw consent at any time
To exercise any of these rights, email us at hello@32create.co.uk. We will respond within one month.
10. Data Security
We use appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse. This includes secure cloud storage, encrypted communications, and access controls. No internet transmission is 100% secure, but we take all reasonable steps.
11. International Data Transfers
Your data is primarily processed within the UK and European Economic Area (EEA). Some of our service providers (e.g. email, file storage) may transfer data outside the UK/EEA. Where they do, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses.
12. Cookies and Website Analytics
Our website uses essential cookies necessary for it to function. We do not use behavioural tracking or advertising cookies without your consent. If we add analytics in the future, we will update this policy and request consent where required.
13. Children’s Privacy
Our services are aimed at businesses and brands. We do not knowingly collect personal data from anyone under 18. If you believe a child has submitted data, contact us and we’ll delete it.
14. Changes to This Privacy Policy
We may update this policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated via the website.
15. Contact for Data Protection Matters
For any questions about this policy, your data, or to exercise your rights:
Email: hello@32create.co.uk
Instagram: @32create
16. Supervisory Authority
You have the right to complain to the UK’s data protection regulator if you believe we have mishandled your data:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk
This Privacy Policy is effective as of 3 May 2026.