Sandbox Studio Software Ltd Privacy Policy

Last Updated: 23 June 2025

At Sandbox Studio Software Ltd, your privacy and personal data are paramount. This Privacy Policy details how we collect, use, share, and safeguard your information when you engage with our software solution, Sandbox Studio, whether directly or through platforms like AWS Marketplace, or when you interact with us and attend our events. As the 'Data Controller,' we are responsible for determining the purposes and means of processing your personal data.

1. Who We Are

At Sandbox Studio Software Ltd, we are the 'Data Controller' for the personal data we process, meaning we are responsible for deciding how and why your personal data is used in relation to our software solution. When you acquire or use Sandbox Studio through AWS Marketplace, please note that certain data processing activities related to the AWS marketplace transaction and underlying cloud infrastructure are conducted by AWS. AWS processes this data according to its own AWS Privacy Notice.

Data Controller: Sandbox Studio Software Ltd (SBS)

  • Company Address: 128, City Road, London EC1V 2NX, United Kingdom
  • Contact Email: privacy@sandboxstudiosoftware.com
  • Data Protection Officer (DPO):
    • Gordon Steele - Chairman
    • privacy@sandboxstudiosoftware.com

2. Information We Collect About You

We collect information from you in various ways:

  • Information You Provide Directly:
    • Account Data: When you create an account directly with SBS or through the AWS Marketplace, register for a service, or make a purchase, we may collect information such as your name, email address, postal address, phone number, payment details, and business information.
    • Content and Communications: Information you upload, store, or share through our services (e.g., documents, messages, comments), and any communications with us (e.g., customer support inquiries).
    • Marketing Preferences: Your preferences for receiving marketing communications from us.
  • Information We Collect Automatically:
    • Usage Data: Details of your visits to our website and application, including traffic data, location data, usage patterns, and the resources that you access.
    • Device Information: Information about your computer or mobile device, including your IP address, operating system, browser type, and device identifiers.
    • Cookies and Tracking Technologies: Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. We use the following cookies:
      • Strictly Necessary Cookies: These are cookies that are required for the operation of our website.
      • Analytical/Performance Cookies: They allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

  • Information from Third Parties:
    • We may receive information about you from third-party service providers (e.g. AWS Marketplace, payment processors, analytics providers) or partners.

3. How and Why We Use Your Personal Data (Lawful Basis)

We process your personal data for specific purposes and rely on a specific lawful basis for each processing activity under the UK GDPR:

  • To Provide and Improve Our Services:
    • Purpose: To operate, maintain, and improve our software solution, Sandbox Studio, to enable you to access and use the services; to process transactions and send related information.
    • Lawful Basis: Performance of a contract with you, or steps taken at your request before entering into a contract.
  • For Communication and Support:
    • Purpose: To send you technical notices, updates, security alerts, and administrative messages; to respond to your comments, questions, and customer service requests.
    • Lawful Basis: Performance of a contract with you, or our legitimate interests (e.g., to ensure our services are running smoothly and to provide effective customer support).
  • For Personalisation and Marketing:
    • Purpose: To personalise your experience; to send you marketing communications and promotions about our products and services that may be of interest to you.
    • Lawful Basis: Your consent (where required for direct marketing) or our legitimate interests (e.g., to promote our services to existing customers or prospects where appropriate, provided your rights are not overridden). You can withdraw consent at any time.
  • For Security and Fraud Prevention:
    • Purpose: To detect, investigate, and prevent fraudulent transactions and other illegal activities, and to protect the rights and property of Sandbox Studio Software Ltd and others.
    • Lawful Basis: Our legitimate interests (e.g., to protect our business and customers from fraud) and compliance with a legal obligation.
  • For Compliance with Legal Obligations:
    • Purpose: To comply with applicable laws, regulations, legal processes, or governmental requests (e.g., tax, accounting, or regulatory obligations).
    • Lawful Basis: Compliance with a legal obligation.

4. Data Sharing Practices

We may share your personal data with the following categories of recipients:

  • Service Providers: Third-party vendors and service providers who perform services on our behalf (e.g., AWS Marketplace, payment processing, hosting, analytics, marketing, customer support). These providers are contractually bound to protect your data and only use it for the purposes for which we disclose it to them.
  • For Business Accounts: If you use our services as part of a business account, your information may be shared with your organisation's administrators and other authorised users.
  • With Your Consent: We may share your information with third parties when you give us your explicit consent to do so, or when you choose to integrate our services with third-party applications.
  • Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
  • Legal Compliance and Protection: If required by law, court order, or governmental regulation, or if we believe it's necessary to protect the rights, property, or safety of Sandbox Studio Software Ltd, our users, or others.
  • Aggregated or Anonymised Data: We may share aggregated or anonymised data, which cannot reasonably be used to identify you, with third parties for various purposes, including industry analysis, demographic profiling, and marketing.

We also receive personal data from certain third parties, such as:

  • As an AWS Marketplace seller, AWS may share certain customer information (such as contact details, purchase information, and account numbers) with us to facilitate the transaction, provisioning, licensing, and support of your software.

5. International Data Transfers

As Sandbox Studio Software Ltd operates globally and our customers deploy Sandbox Studio within their AWS accounts across various regions worldwide, your personal data may be transferred to, stored in, and processed in countries outside the UK. This includes scenarios where we use service providers located outside the UK, or where your use of AWS services facilitates data processing in different international locations.

When we transfer your personal data outside the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government (adequacy decisions).
  • Where specific adequacy regulations are not in place, we will use specific contracts approved by the UK Information Commissioner's Office (ICO) which give personal data the same protection it has in the UK (e.g., UK Standard Contractual Clauses).
  • Where applicable, we may rely on your explicit consent for specific transfers, or where the transfer is necessary for the performance of a contract with you.

6. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example:

  • Account data: Retained as long as your account is active and for a period thereafter to allow for account recovery or for our legitimate business purposes, such as analysis or record-keeping, or to comply with our legal obligations.
  • Transaction data: Retained for 7 years to comply with tax and accounting regulations.
  • Marketing consent: Retained until you withdraw your consent.

7. Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • The Right to Be Informed: You have the right to be informed about the collection and use of your personal data, which is what this Privacy Policy aims to do.
  • The Right to Access: You have the right to request a copy of the personal data we hold about you.
  • The Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • The Right to Erasure ("Right to be Forgotten"): You have the right to request that we delete your personal data in certain circumstances.
  • The Right to Restrict Processing: You have the right to request that we limit the way we use your personal data in certain circumstances.
  • The Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • The Right to Object: You have the right to object to the processing of your personal data in certain circumstances, particularly where we are processing it based on our legitimate interests or for direct marketing.
  • Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you, except in certain permitted circumstances.

To exercise any of these rights, please contact us at privacy@sandboxstudiosoftware.com. We will respond to your request within one month.

8. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us, and we will take steps to delete such information.

9. Data Security

We have implemented appropriate technical and organisational security measures to protect your personal data from accidental loss, unauthorised access, alteration, disclosure, or destruction. These measures include, encryption, access controls, password rotation and staff training. While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

11. How to Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@sandboxstudiosoftware.com
  • Postal Address: 128, City Road, London EC1V 2NX, United Kingdom
  • Phone: (+44) 1752 717739

12. Your Right to Complain to the ICO

If you are not satisfied with our response or believe we are processing your personal data unlawfully, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

  • ICO Website: www.ico.org.uk
  • ICO Helpline: 0303 123 1113

Contact Information

Email: privacy@sandboxstudiosoftware.com

Phone: (+44) 1752 717739

Address:

128, City Road
London EC1V 2NX
United Kingdom

Contact Us