PRIVACY
POLICY

Last updated: May 2025

dreamlab ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and your rights in relation to it. We are the data controller for personal data collected through this website (dreamlab.org.uk).

---

1. Who we are

dreamlab is a Creative Technology Innovation Studio based across MediaCity Manchester, Liverpool, Cumbria and London. If you have any questions about this policy, please get in touch via our contact form.

2. What data we collect

Information you provide to us

When you submit our contact form or otherwise get in touch, we collect:

• Your first and last name
• Your email address
• Your company or organisation name (if provided)
• The content of your message
• Your area of interest (service enquiry type)

Information collected automatically

When you visit our website we may collect standard technical data including your IP address, browser type, pages visited, and referring URL. This is collected via server logs and analytics tools.

3. How we use your data

We use the information you provide to:

• Respond to your enquiry or message
• Send you information about our services where you have requested it
• Improve our website and services

We will not use your data for any purpose incompatible with the reason you provided it. We will never sell your personal data to third parties.

4. Legal basis for processing

We process your data on the following legal bases under UK GDPR:

• Legitimate interests — to respond to business enquiries and communicate with prospective clients.
• Consent — where you have opted in to receive marketing communications.
• Contract — where processing is necessary to fulfil a contract with you.

5. Cookies

Our website may use cookies for analytics and to improve your experience. These include:

• Essential cookies — required for the website to function.
• Analytics cookies — to understand how visitors use our site (e.g. page views, traffic sources). We use anonymised data only.

You can manage or disable cookies through your browser settings at any time.

6. Third-party services

We use the following third-party services that may process your data:

• Formspree — processes contact form submissions. Data is transmitted securely. See Formspree's privacy policy ↗.
• Vimeo — serves background video content. See Vimeo's privacy policy ↗.
• LinkedIn — linked from our site. See LinkedIn's privacy policy ↗.

7. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Contact form submissions are typically retained for up to 2 years.

8. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data (the "right to be forgotten")
• Restrict or object to processing
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us via our contact form. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) ↗, the UK supervisory authority for data protection.

9. Data security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data transmitted via our contact form is encrypted in transit.

10. Changes to this policy

We may update this privacy policy from time to time. The date at the top of the page will always reflect the most recent revision. Continued use of our website after changes are posted constitutes your acceptance of the updated policy.

11. Contact us

If you have any questions or concerns about this privacy policy or how we handle your data, please get in touch via our contact form.