Data Privacy Policy – Clase Connected

Data Privacy Policy

  • Version 2.1
  • Last updated: May 2026
  • Review due: May 2027
  • Clase Connected Ltd  |  Company No. 3074862

1. Introduction and Who We Are

Clase Connected Ltd ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share and protect personal information about you, and tells you about your rights under UK data protection law.

Data Controller
Clase Connected Ltd
Registered address
Unit 2 Mornington Place, Waterberry Drive, Waterlooville, PO7 7XX
Company number
3074862
VAT number
GB 665067421
Email
[email protected]
Telephone
+44 (0)2392 247920
Website
www.claseconnected.com
ICO registration
Registered with the Information Commissioner's Office
Data Protection Officer (DPO): We do not currently have a designated DPO. Privacy queries should be directed to [email protected]. We keep this position under review as our processing activities evolve.

2. Who This Policy Applies To

This Privacy Policy applies to personal data we obtain and use from the following categories of individuals:

Website Activity

Note: Our website is not intended for children under 18, and we do not knowingly collect data relating to children.

  • Individuals who access and use our website, including online tools, apps, enquiry forms, surveys or promotions.
  • Those who sign up to receive newsletters or other information from us.
  • Those who register for events or download resources.

Trading Activity

  • Points of contact for our customers, suppliers, service providers, partners and resellers.
  • Customers and end users of the communications services, equipment or technical and engineering support we provide (e.g. crew members), including those who make support requests.

References in this Policy to "you" and "your" are to an individual within the above categories for whom we hold and process personal information.

3. Data Protection Principles

We comply with UK GDPR and the Data Protection Act 2018. The personal information we hold about you will be:

  • Processed lawfully, fairly and in a transparent manner.
  • Collected only for specified, explicit and legitimate purposes, and not processed in a manner incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (data minimisation).
  • Accurate and, where necessary, kept up to date.
  • Retained only for as long as necessary for the purposes for which it was collected.
  • Processed securely, protecting against unauthorised or unlawful processing and against accidental loss, destruction or damage.
  • Not transferred to a third country without appropriate safeguards.

We are accountable for compliance with these principles and can demonstrate that compliance on request.

4. What Personal Data We Collect

Personal data means any information about an individual from which that person can be identified. It does not include anonymous data or information about organisations.

The categories of personal data we may collect include:

CategoryExamples
Identity Data Name, username or similar identifier, title; marital status; date of birth and gender; CCTV footage (if you visit our office); proof of identification (e.g. passport, driving licence, national ID card)
Contact Data Billing and delivery addresses; email address; telephone numbers (including mobile); fax numbers; business card information
Financial Data Bank account and payment card details (for billing and payment purposes)
Transaction Data Details of payments, orders and products/services purchased; email and written communications with us; telephone call records (which may be recorded for training purposes)
Technical Data IP address, login data, browser type and version; call records and location data; time zone setting and location; operating system, platform and device information used to access our websites, tools and apps
Profile Data Username, password and credentials; interests, preferences, feedback and survey responses
Usage Data Information about how you use our websites and services
Marketing & Comms Data Your preferences regarding marketing communications; your communication channel preferences

We may also collect, use and share Aggregated Data (statistical or demographic data) for any purpose. Aggregated Data does not directly or indirectly identify you.

Special Category Data: We do not intentionally collect any Special Category personal data (i.e. data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, health data, sexual orientation or criminal conviction data) through our website or trading activities. If such data is inadvertently shared with us, we will delete it promptly unless we have a specific lawful basis and explicit consent for processing it.

5. How We Collect Personal Data

Direct interactions

You may give us personal data directly by completing forms, corresponding with us by post, email, telephone or in person, or through our website. This includes data provided when:

  • Making an enquiry or registering interest in our services;
  • Entering into a contract or placing an order;
  • Subscribing to our newsletter or marketing;
  • Providing feedback or completing a survey.

Automated technologies

As you interact with our website and applications, we may automatically collect Technical Data about your equipment, browsing actions and patterns via cookies, server logs and similar technologies. Please refer to our Cookie Policy for full details.

Third parties and publicly available sources

We may receive personal data about you from:

  • Analytics providers such as Google (which may be based outside the UK);
  • Payment and delivery service providers such as Stripe and DPD;
  • Our customers or clients, who provide data about their crew members or end users as part of their service agreements with us.
Where personal data is provided to us by a third party (e.g. a client providing crew member data), that third party is the data controller and is responsible for ensuring compliance with UK GDPR and informing you that your data has been shared with us. We will act as data processor in relation to such data and handle it in accordance with this Policy.

6. Failure to Provide Personal Data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to fulfil the contract we have with you or are trying to enter into. This could mean we are unable to provide the products or services you have requested.

In such cases we may have to cancel or suspend a product or service, but we will notify you if this is the case at the time.

7. Legal Bases for Processing

We will only use your personal data when the law permits us to do so. The legal bases we rely upon are:

  • Performance of a contract: where we need to perform or manage a contract with you, or where you will receive services or equipment we provide.
  • Legitimate interests: where it is necessary for our legitimate business interests (or those of a third party), provided your interests and fundamental rights do not override those interests.
  • Legal obligation: where we need to comply with a legal or regulatory obligation (e.g. sharing data with government or law enforcement agencies, or retaining financial records for tax purposes).
  • Consent: we do not generally rely on consent as a legal basis for processing. Where we do (e.g. for certain direct marketing), you have the right to withdraw consent at any time by contacting [email protected].

The table below summarises the key purposes for which we use your personal data and the corresponding legal bases:

PurposeType of dataLawful basis
Responding to enquiries / managing contactIdentity, ContactLegitimate interests
Performing a contract (supply of services/equipment)Identity, Contact, Financial, TransactionPerformance of a contract
Managing supplier/reseller relationshipsIdentity, Contact, TransactionLegitimate interests
Sending service updates and technical noticesIdentity, Contact, TechnicalPerformance of a contract / Legitimate interests
Direct marketing to existing customersIdentity, Contact, MarketingLegitimate interests
Fraud prevention and complianceIdentity, Contact, Technical, TransactionLegal obligation / Legitimate interests
Credit checksIdentity, FinancialLegitimate interests
Website analytics and improvementTechnical, UsageLegitimate interests
CCTV monitoring at our premisesIdentity (image)Legitimate interests
Complying with legal or regulatory obligationsAll relevant categoriesLegal obligation

Contact us at [email protected] for details about the specific legal ground(s) being relied on for any particular processing activity.

8. Marketing

We may send you marketing communications if you have requested information from us, or purchased goods or services from us, and have not opted out of receiving that marketing.

We will always:

  • Obtain your express opt-in consent before sharing your personal data with any third party for marketing purposes.
  • Give you a clear and easy means to opt out of marketing in every communication we send.
  • Respect your opt-out promptly — within 5 business days.

You can opt out of marketing at any time by:

Opting out of marketing will not affect your receipt of service-related communications (e.g. maintenance notices, invoice correspondence) that are necessary for us to fulfil our contractual obligations.

9. Cookies and Third-Party Links

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse site traffic and personalise content.

A full Cookie Policy is available on our website and sets out the categories of cookies we use, their purpose, duration and the third parties who may set cookies on our site.

Our website may include links to third-party websites, plug-ins and applications. We do not control these third-party sites and are not responsible for their privacy notices. We encourage you to read the privacy notice of every external website you visit.

You can control cookie settings through your browser preferences. Disabling certain cookies may affect the functionality of our website.

10. Disclosure of Personal Data

We may share your personal data with the following categories of third parties, and only to the extent necessary:

  • Professional advisers: lawyers, bankers, auditors and insurers providing consultancy, legal, insurance and accounting services.
  • Service providers, resellers and suppliers: where necessary to deliver contracted equipment, products or services or to resolve product or service issues.
  • Technology providers: software, hosting, analytics and communications platforms used in the operation of our business.
  • Payment processors: such as Stripe, for the processing of financial transactions.
  • Delivery partners: such as DPD, for the fulfilment of physical goods.
  • Regulators and authorities: tax authorities, the ICO and law enforcement agencies, where required or permitted by law.
  • Business purchasers: in the event we sell or transfer all or part of our business or assets, personal data may be transferred to the new owner under equivalent privacy obligations.

We require all third parties to respect the security of your personal data and process it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes; we permit them only to process your data for specified purposes and in accordance with our instructions, governed by appropriate data processing agreements.

11. International Transfers of Personal Data

We may transfer your personal data to countries outside the United Kingdom. Whenever we do so, we ensure a similar level of protection by implementing at least one of the following safeguards:

  • Adequacy decisions: transferring to countries the UK government has confirmed provide an adequate level of data protection.
  • UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs): using approved contractual mechanisms that impose equivalent data protection obligations.
  • Your explicit consent to the transfer (where required).
  • Other derogations permitted by UK GDPR (e.g. necessity for performance of a contract, or establishing legal claims).

Several of our external third parties (e.g. Google Analytics, certain suppliers) are based outside the UK or operate data servers outside the UK. We conduct due diligence to ensure appropriate safeguards are in place. Contact us at [email protected] for further details about international transfer mechanisms.

12. Security of Personal Data

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. These measures include:

  • Restricting access to personal data to employees, agents and contractors who have a legitimate business need to know;
  • Requiring those with access to process personal data only on our instructions, subject to a duty of confidentiality;
  • Regularly reviewing our IT systems and data security policies.

We have procedures to deal with any suspected personal data breach. We will notify you and the ICO of a breach where we are legally required to do so, normally within 72 hours of becoming aware of it.

Whilst we take data security seriously, no internet transmission is completely secure. You are responsible for keeping any account credentials (such as passwords) confidential.

13. Retention of Personal Data

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements.

As a general guide to retention periods:

Data categoryRetention periodBasis
Customer contact, identity, financial and transaction dataMinimum 6 years after end of customer relationshipHMRC / tax requirements
CCTV footageNormally overwritten within 30 daysLegitimate interests (unless required for an active incident)
Marketing and communications dataWhile you remain an active contact, or until erasure/consent withdrawalLegitimate interests / consent
Website / technical / analytics dataUp to 26 monthsICO guidance on analytics

Where we anonymise your personal data for research or statistical purposes, we may use that information indefinitely without further notice. A full Data Retention Schedule is maintained internally and is available on request.

14. Your Legal Rights

Under UK GDPR you have the following rights in relation to your personal data. There are some exceptions; if an exemption applies, we will explain our reasons in writing.

Right to be informed To receive clear, transparent information about how we use your personal data — as set out in this Policy.
Right of access (SAR) To obtain a copy of the personal data we hold about you and information about how we process it. We must respond within one month.
Right to rectification To have inaccurate or incomplete personal data corrected or completed.
Right to erasure To request deletion of your personal data where there is no compelling reason for its continued processing. Subject to legal exceptions.
Right to restrict processing To ask us to suspend processing of your data in certain circumstances (e.g. while we verify its accuracy).
Right to data portability To receive your personal data in a structured, commonly used and machine-readable format, where processing is based on consent or contract and carried out by automated means.
Right to object To object to processing based on legitimate interests (including profiling) or direct marketing. We must stop direct marketing processing immediately on receipt of an objection.
Automated decision-making To not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, unless you have given explicit consent or it is necessary for a contract.
Right to withdraw consent Where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

Exercise your rights

To exercise any of the rights above, please contact us:

📧 [email protected]

📞 +44 (0)2392 247920

📮 Unit 2 Mornington Place, Waterberry Drive, Waterlooville, PO7 7XX

We will not charge a fee for legitimate Subject Access Requests. We may ask you to verify your identity before responding. We aim to respond to all requests within one month.

15. Complaints and the ICO

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters:

  • Website: www.ico.org.uk
  • Telephone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us in the first instance at [email protected] or on +44 (0)2392 247920.

16. Keeping Your Data Accurate

It is important that the personal data we hold about you is accurate and current. Please notify us of any changes to your personal data by emailing [email protected].

If you provide us with personal data about another person (e.g. a crew member or colleague) in connection with our products or services, this Policy applies equally to them. You should ensure that you have obtained any necessary permissions to share their personal data with us and that they are aware of how it will be used.

17. Change of Purpose

We will only use your personal data for the purposes for which it was originally collected, unless we reasonably consider that another use is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

18. Changes to This Privacy Policy

We keep this Privacy Policy under regular review. Any changes will be published on our website at www.claseconnected.com/privacy-policy and, where appropriate, notified to you by email.

This policy was last reviewed and updated in May 2025. The version number at the top of this page indicates the version currently in force.