Studio Laurie Ltd · Effective 30 June 2026 · Version 1.0
The short version. Studio Laurie Ltd is a UK software company that builds the Studio Laurie care management platform. This policy explains what personal data we handle, why, and what your rights are. We take privacy seriously because the people whose data flows through our platform — care residents, their families, and care staff — are among the people we most need to protect.
Studio Laurie Ltd is a private limited company registered in England and Wales.
Studio Laurie Ltd
29 Ashley Lane, Moulton, Northampton, NN3 7TH
Email: dpo@studiolaurie.co.uk
ICO Data Protection Registration: ZC142013
Studio Laurie operates in two distinct roles depending on who you are and how you interact with us. The same policy applies to both, but your data and your rights work slightly differently in each:
If you are a resident of a care provider that uses Studio Laurie, or a member of their family, or one of their staff: your data subject rights are exercised through the care provider, not directly with us. We will help the care provider respond to your requests, but the care provider is your first point of contact.
The data held in the platform depends on what your organisation has configured. Typically it includes:
Some of this data is special category data under the UK GDPR (specifically: health, care needs, and similar information). We handle it only on instructions from the customer organisation and only for the purposes set out in the Data Processing Agreement.
Our lawful basis is performance of a contract with the customer organisation (the controller). The controller is responsible for ensuring they have an appropriate lawful basis under UK GDPR Article 6, and where special category data is processed, under Article 9, for the data held in their account.
We use a small number of trusted sub-processors to operate the platform. Each is bound by a written contract requiring them to handle personal data lawfully and only for the purposes we instruct.
We do not sell personal data to anyone. We do not use the data held in customer organisations' accounts to train AI models or for our own commercial purposes. We share data only where required by law (for example, to respond to a lawful order from a regulator or law enforcement agency).
A current list of our sub-processors is maintained and available on request to customer organisations.
Our core application infrastructure and file storage are hosted in the United Kingdom and the European Economic Area.
Some of our sub-processors may process data in jurisdictions outside the UK / EEA, notably the United States. Where this occurs, we rely on UK GDPR-recognised transfer mechanisms, including the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or adequacy decisions where applicable. In particular:
Studio Laurie uses AI to assist with specific operational tasks. We are deliberate about where AI is used and where it is not:
AI is used to:
AI is not used to:
Every AI-assisted care note must be reviewed and explicitly confirmed by the staff member before it is saved. The staff member remains the named author and is accountable for the accuracy of the record. A separate internal policy, AI in Care Notes, sets out our governance in more detail and is available to customer organisations on request.
Held for as long as necessary to respond to your enquiry, and for a reasonable period afterwards for legitimate business records (typically 24 months). Anonymised analytics may be held longer.
Held for as long as the customer organisation's contract with us is active, and for a defined period afterwards as specified in our Data Processing Agreement with the customer. Retention periods are set by the customer organisation in line with their own regulatory obligations — for care records in England, this typically means at least 8 years after the last contact with the resident.
Our backups are kept for up to 30 days. Where you exercise a right to deletion, your data will be removed from live systems immediately but may remain in backups for up to 30 days before being overwritten.
We take the security of personal data seriously and have technical and organisational measures in place appropriate to the sensitivity of the data we handle:
Despite these measures, no system is completely secure. We will notify the customer organisation and, where required, the Information Commissioner's Office, of any personal data breach in accordance with our legal obligations.
Under UK data protection law, you have rights including:
If you are a website visitor or someone we are corresponding with directly, contact us at dpo@studiolaurie.co.uk to exercise any of these rights. We will respond within one month (extendable in complex cases).
If you are a platform user (resident, family member, or staff member of a customer organisation), please contact the customer organisation (your care provider or employer) first — they are the data controller for your data on the platform. We will support them in responding to your request.
Our website uses a minimal number of cookies, primarily for security and basic site functionality (so-called "strictly necessary" cookies, which do not require consent). We do not use cookies for advertising or cross-site tracking.
If we add analytics cookies in the future, we will request your consent before setting them and update this policy.
Our platform is designed for use by adult care providers and is not intended to collect data directly from children. Where the platform is used to manage care for residents who include children (for example, in a children's service), the customer organisation is responsible for ensuring appropriate parental consent and safeguarding arrangements are in place.
We review this policy regularly and update it when our practices change or when the law requires. The "Effective" date at the top of this page shows when the current version was published. We will notify customer organisations of material changes through the platform or by email.
Privacy contact
Email: dpo@studiolaurie.co.uk
Post: Privacy Contact, Studio Laurie Ltd, 29 Ashley Lane, Moulton, Northampton, NN3 7TH
If you are not satisfied with how we have handled your data or your request, you have the right to complain to the Information Commissioner's Office:
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
We would, however, appreciate the opportunity to address your concerns directly before you approach the ICO, so please contact us first if possible.