SG Studio

Launch Offer: 40% off for the first 10 customers. Book now! Launch Offer: 40% off for the first 10 customers. Book now! Launch Offer: 40% off for the first 10 customers. Book now!
Get a Quote
Get a Quote
Get a Quote

Privacy Policy

Home > Privacy Policy

Effective Date: 22 May 2026

1. Identity of the Data Controller

This Privacy Policy applies to Social Gravity Ltd, a company registered in Ireland under Company Registration Number 678586.

SG Studios (www.sgstudios.ie) is a trading name and brand of Social Gravity Ltd and is not a separately registered company. References in this policy to Social Gravity Ltd, “we”, “us”, or “our” therefore include SG Studios. Social Gravity Ltd is the data controller for all personal data processed under both the Social Gravity and SG Studios brands.

Registered Office:

Unit 13c, Block 13, Blanchardstown Corporate Park 1, Dublin 15, D15 KV70, Ireland

Contact Details:

  • Email (general): hello@social-gravity.com
  • Email (data protection / Subject Access Requests): hello@social-gravity.com
  • Phone: 01 437 0609
  • Website: www.social-gravity.com

Social Gravity Ltd has not appointed a Data Protection Officer as our processing operations do not meet the threshold requiring a mandatory DPO under Article 37 of the GDPR. All data protection queries and requests should be directed to hello@social-gravity.com.

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website at www.social-gravity.com
  • Visitors to our SG Studios website at www.sgstudios.ie and clients who book or use the SG Studios recording facilities
  • Prospective, current, and former clients of Social Gravity Ltd
  • Individuals whose data is processed as part of the delivery of our digital marketing and studio services
  • Any person who contacts us by email, phone, contact form, or social media

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website at www.social-gravity.com
  • Visitors to our SG Studios website at www.sgstudios.ie and clients who book or use the SG Studios recording facilities
  • Prospective, current, and former clients of Social Gravity Ltd
  • Individuals whose data is processed as part of the delivery of our digital marketing and studio services
  • Any person who contacts us by email, phone, contact form, or social media

2. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website at www.social-gravity.com
  • Visitors to our SG Studios website at www.sgstudios.ie and clients who book or use the SG Studios recording facilities
  • Prospective, current, and former clients of Social Gravity Ltd
  • Individuals whose data is processed as part of the delivery of our digital marketing and studio services
  • Any person who contacts us by email, phone, contact form, or social media

This policy does not apply to third-party websites linked from our website. We are not responsible for the privacy practices of those sites.

3. Legal Basis for Processing

We process personal data in accordance with Article 6 of the GDPR. The legal bases we rely on include:

  • Contract (Article 6(1)(b)): Processing is necessary for the performance of a contract with you, or to take pre-contractual steps at your request.
  • Legitimate Interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests, including business development, security, and fraud prevention, where these interests are not overridden by your rights.
  • Consent (Article 6(1)(a)): Where you have given clear consent for us to process your data for a specific purpose, such as marketing communications. You may withdraw consent at any time.
  • Legal Obligation (Article 6(1)(c)): Where processing is necessary for compliance with a legal obligation, including tax, accounting, and regulatory requirements.

4. Personal Data We Collect

4.1 Data You Provide Directly

  • Full name
  • Email address
  • Phone number
  • Company name and website
  • Payment information (processed via secure third-party payment providers)
  • Studio booking details where you book SG Studios facilities, including requested dates and times, room selection, number of attendees, and the nature of your session
  • Any other information you provide in correspondence, contact forms, or meetings

4.2 Data Collected Automatically

When you visit our website, we may automatically collect:

  • IP address and approximate location
  • Browser type, device type, and operating system
  • Pages visited, links clicked, and content accessed
  • Session duration and referral source
  • Behavioural and analytics data via cookies and tracking technologies (see Section 9)

4.3 Data Collected in the Course of Providing Services

As part of delivering digital marketing services to clients, we may process:

  • Access credentials to client platforms (Google Ads, Meta, websites, CRM systems etc.) — stored securely and used solely for service delivery
  • Client customer data provided to us for campaign targeting purposes — processed only on the client’s instructions
  • Performance and analytics data relating to campaigns and services delivered

5. How We Use Personal Data

  • To respond to enquiries and provide quotations
  • To enter into and perform contracts for the provision of digital marketing services
  • To deliver, manage, and report on agreed services
  • To send service-related communications
  • To send marketing communications where consent has been given or where legitimate interests apply
  • To process payments and maintain financial records
  • To comply with legal and regulatory obligations
  • To protect our legal rights and interests, including in the event of a dispute
  • To improve our website and services through analytics

6. International Data Transfers

Social Gravity Ltd operates with a fulfilment team based in Karachi, Pakistan, which is located outside the European Economic Area (EEA). We take this obligation seriously and have implemented the following safeguards:

  • All team members in Pakistan operate exclusively on company-owned and company-managed devices.
  • Access to client data and systems is restricted on a strict need-to-know basis, controlled by management in Ireland.
  • All devices are subject to company security policies including password protection, encryption, and remote wipe capability.
  • No personal data is transferred to personal devices or personal accounts.
  • Data transfers to Pakistan are governed by appropriate safeguards in accordance with Article 46 GDPR, including standard contractual clauses and internal data processing agreements.
  • Employees in Pakistan are contractually bound to confidentiality obligations and data protection requirements consistent with GDPR standards.

Where we use third-party processors based outside the EEA (see Section 7), we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or that the transfer falls within an adequacy decision.

7. Third-Party Data Processors

We use the following third-party processors and platforms in the course of our business. Each has been assessed for GDPR compliance. We have Data Processing Agreements (DPAs) or rely on Standard Contractual Clauses where applicable:

Analytics & Advertising

  • Google Analytics 4 — website analytics
  • Google Ads — paid search advertising management
  • Google Search Console — website search performance
  • Meta (Facebook & Instagram) — social media advertising and analytics
  • TikTok — social media advertising and analytics
  • LinkedIn — professional network advertising and analytics
  • YouTube — video platform and advertising
  • Pinterest — social media advertising
  • Microsoft Clarity — session recording and heatmapping
  • Hotjar — session recording and user behaviour analytics
  • Google Tag Manager — tag and pixel management

Payments & Finance

  • Stripe — card payment processing
  • GoCardless — direct debit payment processing

Hosting & Infrastructure

  • A2 Hosting — website hosting services
  • Blacknight — domain registration and hosting
  • Hosting Ireland — domain registration and hosting
  • Google Workspace (GSuite) — email, document storage, and collaboration
  • Microsoft (365) — productivity and communication tools

CRM & Project Management

  • GoHighLevel (GHL) — CRM, marketing automation, and client communication
  • ClickUp — project management and task tracking

AI Tools

  • Claude (Anthropic) — AI-assisted content and workflow automation
  • OpenAI — AI-assisted content and workflow automation

Note: AI tools are used solely for internal operational purposes. No client personal data is inputted into AI tools without explicit client instruction and agreement.

Other Processors

Depending on the specific services agreed with a client, we may engage additional third-party software providers for purposes such as website hosting, email marketing, booking systems, or e-commerce. Where this involves the processing of personal data, clients will be informed in advance, and appropriate data processing agreements will be in place.

8. Sharing of Personal Data

We do not sell personal data. We do not share personal data with third parties except in the following circumstances:

  • With third-party processors listed in Section 7, strictly for service delivery purposes
  • With members of our organisation (including our fulfilment team in Pakistan) on a need-to-know basis for service delivery
  • Where required by law, regulation, or court order
  • Where necessary to establish, exercise, or defend legal rights or claims
  • In connection with a business sale, merger, or restructuring, where data protection obligations are transferred

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. By continuing to use our website, you consent to the use of cookies in accordance with this policy.

9.1 Cookies We Use

  • Essential cookies: Required for the website to function. Cannot be disabled.
  • Analytics cookies: Google Analytics 4, Microsoft Clarity, Hotjar — used to understand how visitors use our website.
  • Marketing and retargeting pixels: Meta Pixel, TikTok Pixel, LinkedIn Insight Tag, Google Ads Conversion Tracking — used to measure advertising effectiveness and deliver relevant advertising.
  • Tag management: Google Tag Manager — used to deploy and manage all tracking tags.

9.2 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. You may also opt out of interest-based advertising through the relevant platform settings (e.g. Google Ad Settings, Meta Ad Preferences).

10. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, in accordance with the following principles:

  • Client data: Retained for the duration of the contract and for 6 years thereafter, in compliance with Irish taxation and company law requirements.
  • Client offboarding: Upon termination of a client contract, we complete offboarding within 45 days. Active campaign data, platform access, and operational files are deleted within this period. Residual data retained includes email correspondence, invoices, proof of work delivered, and any data required for legal compliance.
  • Website analytics data: Retained in accordance with the retention settings of the relevant platform (e.g. Google Analytics default retention periods).
  • Prospective client data: Retained for up to 2 years from last contact, unless you request earlier deletion.

Financial records: Retained for 7 years in accordance with Irish Revenue requirements.

11. Your Data Protection Rights

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access (Article 15): You have the right to request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.
  • Right to erasure (Article 17): You have the right to request deletion of your personal data in certain circumstances.
  • Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your data in certain circumstances.
  • Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used format.
  • Right to object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

12. How to Exercise Your Rights — Subject Access Requests

To exercise any of your rights under GDPR, including submitting a Subject Access Request (SAR), you must contact us using the dedicated data protection channel:

Email: hello@social-gravity.com

Please mark your email clearly as a ‘Subject Access Request’ or ‘GDPR Request’. Requests sent to any other email address within our organisation will be redirected to this address and the response timeline will commence from the date received at this designated address.

Upon receipt of your request we will:

  • Acknowledge receipt of your request
  • Verify your identity where we have reasonable doubt as to the identity of the requester, in accordance with Article 12(6) GDPR. The response timeline does not commence until identity has been adequately confirmed.
  • Respond within one calendar month of receipt of the valid, verified request
  • Where a request is complex or numerous, we may extend this period by a further two months. We will notify you of any extension within the first month and provide reasons.

All requests are handled free of charge unless manifestly unfounded or excessive, in which case a reasonable administrative fee may apply or we may refuse to act, with reasons provided.

13. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include:

  • SSL/TLS encryption on our website and communications
  • Secure hosting environments with reputable providers
  • Access controls restricting data access to authorised personnel only
  • Company-managed devices for all team members, including our fulfilment team in Pakistan
  • Anti-spam, antivirus, and firewall protections
  • Regular review of data access and security procedures

 

In the event of a personal data breach that is likely to result in a risk to individuals, we will notify the Data Protection Commission within 72 hours of becoming aware, and affected individuals without undue delay where required under Article 34 GDPR.

14. Right to Lodge a Complaint

If you are dissatisfied with how we have handled your personal data or responded to a Subject Access Request, you have the right to lodge a complaint with the Data Protection Commission (DPC), the Irish supervisory authority for data protection:

  • Website: www.dataprotection.ie
  • Email: info@dataprotection.ie
  • Phone: +353 57 868 4800
  • Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

 

We would ask that you contact us in the first instance to attempt to resolve any concern before escalating to the DPC.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or regulatory guidance. The effective date at the top of this document will be updated accordingly. We recommend reviewing this policy periodically. Where changes are material, we will notify clients directly.

SG Studio

Ireland Based Studio Rental Services