Skip to content

Version 1.3 – Updated May 2026

1.0 About this Policy

1.1 Document Control

This document is reviewed annually and updated as required.

1.2 Policy Purpose

North Product Design Limited & NPD London Limited, trading as “npd”, are committed to protecting the privacy and personal data of everyone we work with — whether you’re a prospective customer, an existing client, a supplier, or a member of our team.

This Privacy Policy explains how we collect, store and use your personal data, and how we meet our obligations under GDPR legislation. If you have any questions, we’re always happy to help — just get in touch:

By Email: hello@npd.studio

Online: www.npd.studio

1.3 Distribution

This policy is published on our website and is available to existing customers and suppliers at any time.

2.0 The Policy

2.1 Introduction

The UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR) require all companies to handle personal information securely and maintain accurate records of how that information is stored and used. At npd, we take this seriously.

We will always process personal data in line with the following principles — it shall be:

2.2 How We Collect Personal Information

We collect personal information through the following means:

2.3 The Type of Personal Information We Collect and Store

Information collected directly by npd may include:

Information transferred to npd by third parties (which may be a subset of a larger dataset) can include:

2.4 How We Use Personal Information

We may use your personal information to:

npd operates a ‘need to know’ policy when sharing information with employees, agents or subcontractors. We only share what is necessary for the task at hand, and all parties are obligated to use that information in line with this privacy statement.

We may also disclose personal information where required by law, in connection with legal proceedings, or to establish, exercise or defend our legal rights.

Non-Disclosure Agreements (NDAs)

Before approaching any supplier to discuss your project, npd operates a clear NDA policy. All relevant suppliers will be asked to sign a non-disclosure agreement before we share any project-relevant or personal information. We will also ask for your consent before sharing your information with any third party in order to fulfil our services.

Direct Marketing Communications

We only send marketing communications that we believe are genuinely useful and relevant to you, and you can opt out at any time.

If you’ve chosen to opt in to our marketing communications, we’ll use your information to keep you informed about products and services from npd, and occasionally from selected partner businesses.

To help us improve the relevance of our emails, we may receive a read confirmation when you open an email from us, where your device supports this.

To opt out at any time, simply follow the unsubscribe link at the bottom of any communication.

2.5 How We Keep Your Personal Information Secure

The security of your data is something we take very seriously at npd. We hold Cyber Essentials Plus certification, which means our systems and controls are independently assessed and verified against the UK government’s Cyber Essentials framework — providing you with confidence that we maintain robust, up-to-date protections against cyber threats.

In addition to our certification, we take the following technical and organisational measures to protect your information:

Client Website Data

All npd client data for hosted websites is held on the secure servers of our hosting partners. Whilst the data within a client’s website is owned and remains the responsibility of the client, npd has controlled access to this data and will never use it for any purpose other than in the client’s interest.

If you’d like to know which hosting company holds your data, where it is stored, or who has access to it, please email hello@npd.studio and our team will provide the details you need.

If you wish to delete data from your website, this is your responsibility as the website owner. If you’d like to task npd with this work, an hourly charge of £150 will apply to book and action the request.

2.6 What We Will Do in the Event of a Data Breach

If we become aware at any time that your data has been compromised, or that a breach of our systems has occurred that affects the security of your personal information, we will notify the Information Commissioner’s Office (ICO) and you directly, without undue delay.

2.7 Our Lawful Basis for Processing Your Data

Where personal information has been collected directly by npd, we will ensure we have your permission to use it in connection with the fulfilment of our services or in order to pursue further work.

Where personal information is transferred to npd by a third party for the purposes of fulfilling a service, we will obtain written confirmation from the transferring party that they have the consent of all individuals to whom the information relates, prior to entering into a contract.

2.8 Data Retention

We handle data retention as follows:

Data disposal is carried out using an electronic shredder or equivalent secure means.

2.9 Your Rights

Anyone whose personal data npd holds has the following rights:

Subject Access Requests

You can request a copy of the data we hold about you at any time. We will respond within one month of receiving your written request, and wherever possible, sooner.

This information is provided free of charge. However, we reserve the right to charge a reasonable fee of £10 inc. VAT where a request is manifestly unfounded, excessive or repetitive.

Where possible, we will provide your information in a structured, machine-readable format such as CSV or PDF, and may provide access via a secure self-service area within your customer account.

To submit a Subject Access Request, please contact our team by email at hello@npd.studio or via our website at www.npd.studio.

2.10 Updating This Policy

npd may update this privacy policy from time to time. The most current version is always available at www.npd.studio/privacy-policy. We recommend checking this page periodically to stay up to date with any changes.

2.11 Contacting npd

If you have any questions about this privacy policy or the personal information we hold about you, please get in touch:

By email: hello@npd.studio

Online: www.npd.studio

2.12 Making a Complaint

If you have a concern about how npd handles your personal information, we’d ask that you raise it with us first so we can put things right.

By email: hello@npd.studio

We’ll acknowledge your complaint within 30 days of receiving it, let you know who’s handling it and what to expect, then investigate and come back to you with our findings and what we’ve done (or plan to do) as a result.

If you’re not satisfied with our response, or would prefer to raise the matter independently, you also have the right to report it to the Information Commissioner’s Office (ICO):

Email: casework@ico.org.uk
Website: www.ico.org.uk

Book a free consultation

We focus on making
good choices together.

We’re a product design agency that helps transform your product ideas into tangible, interactive objects. We love the idea of working with like-minded people to make something amazing.

Email:

hello@npd.studio

Main Studio:

01772 973 544

Manchester:

0161 974 3201

London:

020 4548 3661