Effective Date: 27 March 2026
Last Updated: 27 March 2026
This Privacy Policy explains how S3 Venture Studio LTD (trading as makea.co) collects, uses, shares, and protects personal data when you use our website at https://makea.co and our B2B on-demand manufacturing platform (together, the "Platform"). We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
Please read this Privacy Policy carefully. By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy.
1. Data Controller Identity and Contact Details
1.1. The data controller responsible for your personal data is:
S3 Venture Studio LTD
Company Number: 15048607
Registered Address: 254-258 Goswell Road, London, EC1V 7EB, United Kingdom
Trading as: makea.co
Website: https://makea.co
1.2. If you have any questions about this Privacy Policy or our data processing practices, you may contact us at:
Email: support@makea.co
Postal Address: S3 Venture Studio LTD, 254-258 Goswell Road, London, EC1V 7EB, United Kingdom
1.3. Data Protection Officer
We are not required to appoint a Data Protection Officer under Article 37 of the UK GDPR. All privacy-related enquiries should be directed to the contact details set out in clause 1.2 above.
2. Personal Data We Collect
2.1. We collect and process the following categories of personal data:
(a) Names — your full name and, where applicable, the name of your business contact persons, collected when you register an account, submit enquiries, or correspond with us;
(b) Email addresses — your business email address, collected during account registration, form submissions, and communications;
(c) Payment details — payment card information and billing details, collected and processed securely via our third-party payment processor, Stripe. We do not store full payment card numbers on our servers;
(d) Usage data — information about how you interact with the Platform, including pages visited, features used, session duration, and clickstream data;
(e) IP addresses — your Internet Protocol address, collected automatically when you access the Platform. Where IP addresses are processed for analytics purposes, IP anonymisation is enabled;
(f) CRM contact notes and interaction history — records of our business interactions with you, including meeting notes, correspondence summaries, and relationship management data, managed via our CRM system (Folk CRM);
(g) Message content and metadata — the content of messages exchanged through our internal communications platform (Lark), including timestamps and sender/recipient information, to the extent such messages relate to your account or enquiries; and
(h) Form submission data — information you provide when completing forms on our website (hosted via Webflow), including enquiry forms, contact forms, and onboarding forms.
2.2. Special Category Data
We do not intentionally collect special category data (as defined in Article 9 of the UK GDPR) or criminal conviction data. If you believe you have provided such data to us in error, please contact us immediately using the details in Section 1.
2.3. Minors
The Platform is a business-to-business service. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us so that we can delete it promptly.
3. How We Use Your Personal Data
3.1. We process your personal data for the following purposes:
(a) Account creation and management — to create, maintain, and administer your account on the Platform, and to verify your identity;
(b) Platform service delivery — to provide you with access to the Platform, facilitate on-demand manufacturing workflows between brands and suppliers, and deliver the core services you have requested;
(c) Payment processing — to process payments for services rendered through the Platform, manage invoicing, and handle refunds or disputes;
(d) Website analytics — to analyse how users interact with the Platform, identify trends, measure the effectiveness of our content, and improve the user experience. IP anonymisation is enabled for this purpose;
(e) Customer relationship management — to manage our business relationship with you, including maintaining records of our interactions, tracking correspondence, and providing personalised support;
(f) Internal communications — to facilitate internal team communications relating to your account, enquiries, or service delivery;
(g) Website operation and form processing — to operate and maintain the Platform website, process form submissions, and respond to your enquiries;
(h) Marketing communications — to send you marketing materials about our services, where you have provided your consent. You may withdraw your consent at any time (see Section 8);
(i) Legal and regulatory compliance — to comply with our legal obligations, including financial record-keeping requirements imposed by HM Revenue and Customs (HMRC); and
(j) Security and fraud prevention — to protect the Platform, our users, and our business from fraudulent activity, unauthorised access, and other security threats.
4. Lawful Bases for Processing
4.1. Under Article 6 of the UK GDPR, we rely on the following lawful bases for processing your personal data:
4.2. Performance of a Contract (Article 6(1)(b))
We process certain personal data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes:
(a) account data required to create and maintain your Platform account;
(b) payment details required to process transactions through Stripe; and
(c) data necessary to deliver the Platform services you have requested.
4.3. Legitimate Interests (Article 6(1)(f))
We process certain personal data where it is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and freedoms. We have carried out a balancing assessment for each of the following processing activities:
(a) Website analytics (via Google Analytics with IP anonymisation enabled) — our legitimate interest is to understand how users interact with the Platform and to improve our services. The impact on individuals is minimal due to IP anonymisation;
(b) CRM contact management (via Folk CRM) — our legitimate interest is to maintain effective business relationships and provide responsive support. We process only business contact information;
(c) Internal communications (via Lark) — our legitimate interest is to coordinate service delivery and respond to user enquiries efficiently;
(d) Website operation (via Webflow) — our legitimate interest is to maintain and operate the Platform website and process form submissions; and
(e) Security and fraud prevention — our legitimate interest is to protect the Platform, our users, and our business from unauthorised access, fraud, and other security threats. We process IP addresses and usage data for this purpose. We have assessed that this processing does not disproportionately affect your rights and freedoms, as the data processed is limited to what is necessary for security purposes and does not involve sensitive personal data.
4.4. Consent (Article 6(1)(a))
We rely on your consent for the following processing activities:
(a) the use of marketing cookies on the Platform; and
(b) the sending of direct marketing communications.
You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. To withdraw your consent, please contact us at support@makea.co or use the unsubscribe mechanism provided in our marketing communications.
4.5. Legal Obligation (Article 6(1)(c))
We process certain personal data where it is necessary to comply with a legal obligation to which we are subject. This includes the retention of financial and payment records as required by HMRC for tax and accounting purposes.
5. Data Sharing and Third-Party Processors
5.1. General
We do not sell your personal data to third parties. We share your personal data only with the third-party service providers set out below, each of which acts as a data processor on our behalf under Article 28 of the UK GDPR. We have entered into data processing agreements with each processor.
5.2. Our third-party processors are:
(a) Stripe — provides payment processing services. Stripe processes your payment details (including card information and billing address) to facilitate transactions on the Platform. Stripe's privacy policy is available at https://stripe.com/privacy;
(b) Google Analytics — provides website analytics services. Google Analytics processes usage data and anonymised IP addresses to generate reports on Platform usage and user behaviour. IP anonymisation is enabled. Google's privacy policy is available at https://policies.google.com/privacy;
(c) Amazon Web Services (AWS) — provides cloud hosting and infrastructure services. AWS hosts the Platform and stores personal data on our behalf. AWS's privacy policy is available at https://aws.amazon.com/privacy;
(d) Lark — provides internal communications services. Lark processes message content and metadata relating to your account and enquiries. Lark's privacy policy is available at https://www.larksuite.com/en_us/privacy-policy;
(e) Google (email services) — provides email hosting and communication services. Google processes email content and metadata when we communicate with you via email. Google's privacy policy is available at https://policies.google.com/privacy;
(f) Folk CRM — provides customer relationship management services. Folk CRM processes your contact details, interaction history, and CRM notes. Folk's privacy policy is available at https://www.folk.app/privacy-policy; and
(g) Webflow — provides website hosting, form processing, and email services. Webflow processes form submission data and website usage data. Webflow's privacy policy is available at https://webflow.com/legal/privacy.
5.3. We may also disclose your personal data to third parties where:
(a) we are required to do so by law, regulation, or court order;
(b) it is necessary to protect our rights, property, or safety, or the rights, property, or safety of others;
(c) it is necessary in connection with a merger, acquisition, or sale of all or a portion of our assets, in which case the successor entity will be bound by this Privacy Policy; or
(d) you have provided your explicit consent to the disclosure.
6. International Data Transfers
6.1. Transfers Outside the UK
Some of our third-party processors are based in, or process personal data in, countries outside the United Kingdom, including the United States of America. This means your personal data may be transferred to and processed in countries that may not provide the same level of data protection as the United Kingdom.
6.2. Safeguards
Where we transfer personal data outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with Article 46 of the UK GDPR. Our primary transfer mechanism is the UK International Data Transfer Agreement (IDTA), as approved by the Information Commissioner's Office. Where the IDTA is not available or applicable, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission and approved for UK use by the Secretary of State.
6.3. The following processors may involve international data transfers:
| Processor | Service | Primary Location | Transfer Safeguard |
|---|---|---|---|
| Stripe | Payment processing | United States | IDTA / SCCs |
| Google Analytics | Website analytics | United States | IDTA / SCCs |
| AWS | Cloud hosting | United States / Global | IDTA / SCCs |
| Lark | Internal communications | Singapore / Global | IDTA / SCCs |
| Google (Email) | Email services | United States | IDTA / SCCs |
| Folk CRM | Customer relationship management | European Union / United States | IDTA / SCCs |
| Webflow | Website hosting and forms | United States | IDTA / SCCs |
6.4. Requesting Safeguards
You may request a copy of the relevant transfer safeguards by contacting us at support@makea.co.
7. Data Retention Periods
7.1. We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our retention periods are as follows:
(a) Payment and financial records — 7 years from the date of the transaction — HMRC legal requirement for tax and accounting records;
(b) Account data — Duration of the business relationship plus 6 years — Limitation period for contractual claims under the Limitation Act 1980;
(c) Analytics and usage data — 26 months from collection — Standard analytics retention period; sufficient for trend analysis;
(d) CRM contact data — Duration of the business relationship plus 2 years — Reasonable period for follow-up and relationship management;
(e) Communications data (Lark) — 2 years from the date of communication — Reasonable period for reference and dispute resolution; and
(f) Form submission data (Webflow) — 2 years from the date of submission — Reasonable period for enquiry management and follow-up.
7.2. Deletion and Anonymisation
At the end of the applicable retention period, we will securely delete or anonymise your personal data. Where anonymisation is used, the data will no longer be capable of identifying you and may be retained indefinitely for statistical purposes.
7.3. Extended Retention
In certain circumstances, we may retain your personal data for longer periods where required by law, or where it is necessary for the establishment, exercise, or defence of legal claims.
8. Your Data Protection Rights
8.1. Under the UK GDPR, you have the following rights in relation to your personal data:
(a) Right of access (Article 15) — you have the right to request a copy of the personal data we hold about you, together with information about how we process it. We will respond to your request within one month of receipt;
(b) Right to rectification (Article 16) — you have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete personal data;
(c) Right to erasure (Article 17) — you have the right to request that we delete your personal data in certain circumstances, including where the data is no longer necessary for the purpose for which it was collected, or where you withdraw your consent;
(d) Right to restriction of processing (Article 18) — you have the right to request that we restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data or where the processing is unlawful;
(e) Right to data portability (Article 20) — you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where the processing is based on consent or contract performance and is carried out by automated means;
(f) Right to object (Article 21) — you have the right to object to the processing of your personal data where we rely on legitimate interests as the lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims; and
(g) Right to withdraw consent — where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before the withdrawal.
8.2. Exercising Your Rights
To exercise any of your rights, please contact us at support@makea.co. We will respond to your request within one month of receipt. In certain circumstances, we may extend this period by a further two months where the request is complex or we have received a number of requests from you. We will inform you of any such extension within one month of receipt of your request.
8.3. Fees
We will not charge a fee for responding to your request unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.
8.4. Identity Verification
We may request proof of identity before processing your request to ensure the security of your personal data.
9. Cookies and Tracking Technologies
9.1. Overview
The Platform uses cookies and similar tracking technologies. Cookies are small text files placed on your device when you visit the Platform. We use the following types of cookies:
9.2. Strictly Necessary Cookies
These cookies are essential for the operation of the Platform. They enable core functionality such as security, session management, and accessibility. These cookies do not require your consent under PECR, as the Platform cannot function properly without them.
9.3. Analytics Cookies
Analytics cookies are placed on your device only with your prior consent, in accordance with Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR). We use Google Analytics cookies to collect information about how users interact with the Platform, including data such as pages visited, time spent on each page, and how users navigate through the Platform. IP anonymisation is enabled, meaning your full IP address is not stored by Google Analytics. You may withdraw your consent at any time by adjusting your cookie preferences on the Platform or by contacting us at support@makea.co. Where you have provided consent to the placement of analytics cookies, we rely on legitimate interests (Article 6(1)(f) UK GDPR) as the lawful basis for processing the resulting data, as our legitimate interest is to understand how users interact with the Platform and to improve our services.
9.4. Marketing Cookies
We may use marketing cookies to deliver relevant advertisements and track the effectiveness of our marketing campaigns. These cookies are only placed on your device with your prior consent, in accordance with PECR. You may withdraw your consent at any time by adjusting your cookie preferences on the Platform or by contacting us at support@makea.co.
9.5. Managing Cookies
You can manage your cookie preferences at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. Most web browsers allow you to:
(a) view what cookies are stored on your device and delete them individually or in bulk;
(b) block cookies from particular websites;
(c) block all cookies from being set; and
(d) delete all cookies when you close your browser.
9.6. Further Information
For more information about cookies and how to manage them, you may visit www.allaboutcookies.org.
10. Security Measures
10.1. Our Commitment
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, accidental loss, destruction, or damage, in accordance with Article 32 of the UK GDPR.
10.2. Our security measures include:
(a) encryption of personal data in transit using TLS (Transport Layer Security) protocols;
(b) secure cloud hosting infrastructure provided by AWS, which maintains industry-standard certifications including ISO 27001 and SOC 2;
(c) access controls to restrict access to personal data to authorised personnel on a need-to-know basis;
(d) secure payment processing via Stripe, which is certified as a PCI DSS Level 1 Service Provider;
(e) regular review of our data processing practices and security measures; and
(f) staff awareness of data protection obligations.
10.3. Limitations
While we take all reasonable steps to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your personal data.
11. Changes to This Privacy Policy
11.1. We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or business operations. Where we make material changes, we will notify you by:
(a) posting the updated Privacy Policy on the Platform with a revised "Last Updated" date; and
(b) where appropriate, sending you an email notification to the email address associated with your account.
11.2. Continued Use
We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after the posting of changes constitutes your acknowledgement of those changes.
11.3. Governing Version
The version of this Privacy Policy effective at the time of your use of the Platform governs our processing of your personal data.
12. Contact Details and How to Make a Complaint
12.1. If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal data, please contact us at:
S3 Venture Studio LTD (trading as makea.co)
Email: support@makea.co
Postal Address: 254-258 Goswell Road, London, EC1V 7EB, United Kingdom
Director: Weijing Chen
12.2. Response Commitment
We take all complaints seriously and will endeavour to resolve your concern promptly. We will acknowledge receipt of your complaint within 5 business days and aim to provide a substantive response within 30 days.
13. Right to Complain to the ICO
13.1. If you are not satisfied with our response to your complaint, or if you believe that we are processing your personal data in a manner that is not compliant with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection.
13.2. The ICO's contact details are:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk
Live chat: https://ico.org.uk/global/contact-us/live-chat
13.3. Contact Us First
We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first using the details in Section 12.
