Privacy Policy

1. Who we are

This website, gsy-studio.com, is operated by Guernsey AI Limited, a company registered in the Bailiwick of Guernsey (company registration number CMP76229), trading as “GSY Studio” (“GSY Studio”, “we”, “us” or “our”).

We are the data controller responsible for the personal data described in this policy. If you have any questions, or wish to exercise your rights, contact us at mani@gsy-ai.com or +44 07839 705967.

2. The law we follow

We are established in Guernsey and most of our clients are based in the United Kingdom. We therefore handle personal data in line with both:

• the Data Protection (Bailiwick of Guernsey) Law, 2017, overseen by the Office of the Data Protection Authority (ODPA); and
• the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, overseen by the Information Commissioner's Office (ICO), where we process the personal data of individuals in the UK.

Where these regimes use different words for the same idea, we apply the standard that gives you the greater protection.

3. The information we collect

a. Visitors to this website

Our website does not use tracking cookies, analytics or advertising pixels. Like virtually all websites, our hosting provider automatically records limited technical information (such as your IP address, browser type and the pages requested) in server logs, which are used to keep the site secure and running.

b. People who contact us or book a call

If you email us, call us, or book a call through our online calendar, we collect the details you provide — typically your name, email address, phone number, business name and anything you choose to tell us about your enquiry. Bookings are taken through Google Calendar (see section 6).

c. Clients

If you become a client, we process the information needed to deliver and bill for our services — for example your business and contact details, billing information, login or domain details where relevant, and the content and materials you give us for your website.

d. Prospective clients (marketing data)

We carry out business-to-business outreach. To do this we collect limited business-contact information about clinics and other businesses we believe may be interested in our services — such as a business name, a publicly listed business email or phone number, a website or social media handle, and the business's location. This information is gathered from publicly available sources and business listings. We do not seek to build profiles of individuals beyond what is needed to make relevant business contact, and you can ask us to stop at any time (see sections 8 and 9).

4. How we use your information, and our lawful basis

We use personal data for the following purposes:

• To respond to enquiries and arrange or hold calls — on the basis of taking steps at your request before entering a contract, and our legitimate interest in responding to you.
• To provide, support and bill for our services — on the basis of performing our contract with you (or your business).
• To carry out B2B marketing and outreach to relevant businesses — on the basis of our legitimate interest in promoting our services to businesses likely to be interested, balanced against the limited, business-only nature of the data and your right to object.
• To keep our website and systems secure and to meet our legal and accounting obligations — on the basis of our legitimate interests and compliance with legal obligations.

Where we ever rely on your consent (for example, if we introduce an optional newsletter), you can withdraw that consent at any time.

5. Cookies and tracking

This website does not currently set tracking, analytics or advertising cookies. Only strictly necessary technical processing required to serve the site takes place. If we introduce cookies or analytics in future, we will update this policy and, where required, ask for your consent first.

6. Who we share your information with

We do not sell your personal data. We share it only with trusted service providers who help us run our business, and only as far as needed. These include providers of:

• website hosting and infrastructure (our site is hosted on Vercel);
• email, calendar and file storage (Google Workspace, including Google Calendar for bookings);
• customer-relationship management and outreach tools, used to organise enquiries and our B2B contact lists;
• payment processing (for example PayPal), where you make payments to us; and
• professional advisers (such as accountants) where necessary.

These providers act as our processors and are only permitted to use the data to provide their service to us. We may also disclose information where we are required to by law.

7. International transfers

Some of our service providers are based outside Guernsey and the UK (for example in the United States). Where personal data is transferred internationally, we rely on appropriate safeguards — such as the providers' adequacy status, standard contractual clauses, or equivalent protections recognised under Guernsey and UK data protection law — so that your data remains protected.

8. How long we keep your information

We keep personal data only for as long as we need it. Enquiry information is kept while we are in contact and for a reasonable period afterwards; client and billing records are kept for the duration of the relationship and for as long as we are legally required to retain financial records; and marketing-contact data is kept only while a business remains a relevant prospect, or until you ask us to remove it.

9. Your rights

Under Guernsey and UK data protection law you have the right to:

• ask what personal data we hold about you and get a copy of it;
• have inaccurate data corrected;
• ask us to delete your data, or to restrict how we use it;
• object to our processing, including objecting to direct marketing at any time;
• ask us to transfer certain data to you or another provider (data portability); and
• withdraw consent where we rely on it.

To exercise any of these rights, email us at mani@gsy-ai.com. We will not charge you, and we aim to respond within the timeframes set by law. There is no charge to opt out of marketing — just reply “stop” or “unsubscribe”, or email us, and we will remove you.

10. Security

We take reasonable technical and organisational measures to protect personal data against loss, misuse and unauthorised access. No method of transmission or storage is completely secure, but we work to keep your information safe and to use reputable providers.

11. Children

Our website and services are aimed at businesses and are not directed at children. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this policy from time to time. The current version is always the one published on this page, and the date at the top shows when it last changed.

13. How to contact us or complain

For anything relating to your data, contact us first at mani@gsy-ai.com — we would always like the chance to put things right.

You also have the right to complain to a data protection regulator. In Guernsey this is the Office of the Data Protection Authority (ODPA), odpa.gg. In the UK it is the Information Commissioner’s Office (ICO), ico.org.uk.