Data Privacy Policy
1. Introduction and Who We Are
Clase Connected Ltd ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share and protect personal information about you, and tells you about your rights under UK data protection law.
- Data Controller
- Clase Connected Ltd
- Registered address
- Unit 2 Mornington Place, Waterberry Drive, Waterlooville, PO7 7XX
- Company number
- 3074862
- VAT number
- GB 665067421
- [email protected]
- Telephone
- +44 (0)2392 247920
- Website
- www.claseconnected.com
- ICO registration
- Registered with the Information Commissioner's Office
2. Who This Policy Applies To
This Privacy Policy applies to personal data we obtain and use from the following categories of individuals:
Website Activity
Note: Our website is not intended for children under 18, and we do not knowingly collect data relating to children.
- Individuals who access and use our website, including online tools, apps, enquiry forms, surveys or promotions.
- Those who sign up to receive newsletters or other information from us.
- Those who register for events or download resources.
Trading Activity
- Points of contact for our customers, suppliers, service providers, partners and resellers.
- Customers and end users of the communications services, equipment or technical and engineering support we provide (e.g. crew members), including those who make support requests.
References in this Policy to "you" and "your" are to an individual within the above categories for whom we hold and process personal information.
3. Data Protection Principles
We comply with UK GDPR and the Data Protection Act 2018. The personal information we hold about you will be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for specified, explicit and legitimate purposes, and not processed in a manner incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (data minimisation).
- Accurate and, where necessary, kept up to date.
- Retained only for as long as necessary for the purposes for which it was collected.
- Processed securely, protecting against unauthorised or unlawful processing and against accidental loss, destruction or damage.
- Not transferred to a third country without appropriate safeguards.
We are accountable for compliance with these principles and can demonstrate that compliance on request.
4. What Personal Data We Collect
Personal data means any information about an individual from which that person can be identified. It does not include anonymous data or information about organisations.
The categories of personal data we may collect include:
| Category | Examples |
|---|---|
| Identity Data | Name, username or similar identifier, title; marital status; date of birth and gender; CCTV footage (if you visit our office); proof of identification (e.g. passport, driving licence, national ID card) |
| Contact Data | Billing and delivery addresses; email address; telephone numbers (including mobile); fax numbers; business card information |
| Financial Data | Bank account and payment card details (for billing and payment purposes) |
| Transaction Data | Details of payments, orders and products/services purchased; email and written communications with us; telephone call records (which may be recorded for training purposes) |
| Technical Data | IP address, login data, browser type and version; call records and location data; time zone setting and location; operating system, platform and device information used to access our websites, tools and apps |
| Profile Data | Username, password and credentials; interests, preferences, feedback and survey responses |
| Usage Data | Information about how you use our websites and services |
| Marketing & Comms Data | Your preferences regarding marketing communications; your communication channel preferences |
We may also collect, use and share Aggregated Data (statistical or demographic data) for any purpose. Aggregated Data does not directly or indirectly identify you.
5. How We Collect Personal Data
Direct interactions
You may give us personal data directly by completing forms, corresponding with us by post, email, telephone or in person, or through our website. This includes data provided when:
- Making an enquiry or registering interest in our services;
- Entering into a contract or placing an order;
- Subscribing to our newsletter or marketing;
- Providing feedback or completing a survey.
Automated technologies
As you interact with our website and applications, we may automatically collect Technical Data about your equipment, browsing actions and patterns via cookies, server logs and similar technologies. Please refer to our Cookie Policy for full details.
Third parties and publicly available sources
We may receive personal data about you from:
- Analytics providers such as Google (which may be based outside the UK);
- Payment and delivery service providers such as Stripe and DPD;
- Our customers or clients, who provide data about their crew members or end users as part of their service agreements with us.
6. Failure to Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to fulfil the contract we have with you or are trying to enter into. This could mean we are unable to provide the products or services you have requested.
In such cases we may have to cancel or suspend a product or service, but we will notify you if this is the case at the time.
7. Legal Bases for Processing
We will only use your personal data when the law permits us to do so. The legal bases we rely upon are:
- Performance of a contract: where we need to perform or manage a contract with you, or where you will receive services or equipment we provide.
- Legitimate interests: where it is necessary for our legitimate business interests (or those of a third party), provided your interests and fundamental rights do not override those interests.
- Legal obligation: where we need to comply with a legal or regulatory obligation (e.g. sharing data with government or law enforcement agencies, or retaining financial records for tax purposes).
- Consent: we do not generally rely on consent as a legal basis for processing. Where we do (e.g. for certain direct marketing), you have the right to withdraw consent at any time by contacting [email protected].
The table below summarises the key purposes for which we use your personal data and the corresponding legal bases:
| Purpose | Type of data | Lawful basis |
|---|---|---|
| Responding to enquiries / managing contact | Identity, Contact | Legitimate interests |
| Performing a contract (supply of services/equipment) | Identity, Contact, Financial, Transaction | Performance of a contract |
| Managing supplier/reseller relationships | Identity, Contact, Transaction | Legitimate interests |
| Sending service updates and technical notices | Identity, Contact, Technical | Performance of a contract / Legitimate interests |
| Direct marketing to existing customers | Identity, Contact, Marketing | Legitimate interests |
| Fraud prevention and compliance | Identity, Contact, Technical, Transaction | Legal obligation / Legitimate interests |
| Credit checks | Identity, Financial | Legitimate interests |
| Website analytics and improvement | Technical, Usage | Legitimate interests |
| CCTV monitoring at our premises | Identity (image) | Legitimate interests |
| Complying with legal or regulatory obligations | All relevant categories | Legal obligation |
Contact us at [email protected] for details about the specific legal ground(s) being relied on for any particular processing activity.
8. Marketing
We may send you marketing communications if you have requested information from us, or purchased goods or services from us, and have not opted out of receiving that marketing.
We will always:
- Obtain your express opt-in consent before sharing your personal data with any third party for marketing purposes.
- Give you a clear and easy means to opt out of marketing in every communication we send.
- Respect your opt-out promptly — within 5 business days.
You can opt out of marketing at any time by:
- Emailing [email protected];
- Calling +44 (0)2392 247920; or
- Clicking the unsubscribe link in any marketing email.
Opting out of marketing will not affect your receipt of service-related communications (e.g. maintenance notices, invoice correspondence) that are necessary for us to fulfil our contractual obligations.
9. Cookies and Third-Party Links
Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse site traffic and personalise content.
A full Cookie Policy is available on our website and sets out the categories of cookies we use, their purpose, duration and the third parties who may set cookies on our site.
Our website may include links to third-party websites, plug-ins and applications. We do not control these third-party sites and are not responsible for their privacy notices. We encourage you to read the privacy notice of every external website you visit.
You can control cookie settings through your browser preferences. Disabling certain cookies may affect the functionality of our website.
10. Disclosure of Personal Data
We may share your personal data with the following categories of third parties, and only to the extent necessary:
- Professional advisers: lawyers, bankers, auditors and insurers providing consultancy, legal, insurance and accounting services.
- Service providers, resellers and suppliers: where necessary to deliver contracted equipment, products or services or to resolve product or service issues.
- Technology providers: software, hosting, analytics and communications platforms used in the operation of our business.
- Payment processors: such as Stripe, for the processing of financial transactions.
- Delivery partners: such as DPD, for the fulfilment of physical goods.
- Regulators and authorities: tax authorities, the ICO and law enforcement agencies, where required or permitted by law.
- Business purchasers: in the event we sell or transfer all or part of our business or assets, personal data may be transferred to the new owner under equivalent privacy obligations.
We require all third parties to respect the security of your personal data and process it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes; we permit them only to process your data for specified purposes and in accordance with our instructions, governed by appropriate data processing agreements.
11. International Transfers of Personal Data
We may transfer your personal data to countries outside the United Kingdom. Whenever we do so, we ensure a similar level of protection by implementing at least one of the following safeguards:
- Adequacy decisions: transferring to countries the UK government has confirmed provide an adequate level of data protection.
- UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs): using approved contractual mechanisms that impose equivalent data protection obligations.
- Your explicit consent to the transfer (where required).
- Other derogations permitted by UK GDPR (e.g. necessity for performance of a contract, or establishing legal claims).
Several of our external third parties (e.g. Google Analytics, certain suppliers) are based outside the UK or operate data servers outside the UK. We conduct due diligence to ensure appropriate safeguards are in place. Contact us at [email protected] for further details about international transfer mechanisms.
12. Security of Personal Data
We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. These measures include:
- Restricting access to personal data to employees, agents and contractors who have a legitimate business need to know;
- Requiring those with access to process personal data only on our instructions, subject to a duty of confidentiality;
- Regularly reviewing our IT systems and data security policies.
We have procedures to deal with any suspected personal data breach. We will notify you and the ICO of a breach where we are legally required to do so, normally within 72 hours of becoming aware of it.
Whilst we take data security seriously, no internet transmission is completely secure. You are responsible for keeping any account credentials (such as passwords) confidential.
13. Retention of Personal Data
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements.
As a general guide to retention periods:
| Data category | Retention period | Basis |
|---|---|---|
| Customer contact, identity, financial and transaction data | Minimum 6 years after end of customer relationship | HMRC / tax requirements |
| CCTV footage | Normally overwritten within 30 days | Legitimate interests (unless required for an active incident) |
| Marketing and communications data | While you remain an active contact, or until erasure/consent withdrawal | Legitimate interests / consent |
| Website / technical / analytics data | Up to 26 months | ICO guidance on analytics |
Where we anonymise your personal data for research or statistical purposes, we may use that information indefinitely without further notice. A full Data Retention Schedule is maintained internally and is available on request.
14. Your Legal Rights
Under UK GDPR you have the following rights in relation to your personal data. There are some exceptions; if an exemption applies, we will explain our reasons in writing.
Exercise your rights
To exercise any of the rights above, please contact us:
📮 Unit 2 Mornington Place, Waterberry Drive, Waterlooville, PO7 7XX
We will not charge a fee for legitimate Subject Access Requests. We may ask you to verify your identity before responding. We aim to respond to all requests within one month.
15. Complaints and the ICO
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters:
- Website: www.ico.org.uk
- Telephone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us in the first instance at [email protected] or on +44 (0)2392 247920.
16. Keeping Your Data Accurate
It is important that the personal data we hold about you is accurate and current. Please notify us of any changes to your personal data by emailing [email protected].
If you provide us with personal data about another person (e.g. a crew member or colleague) in connection with our products or services, this Policy applies equally to them. You should ensure that you have obtained any necessary permissions to share their personal data with us and that they are aware of how it will be used.
17. Change of Purpose
We will only use your personal data for the purposes for which it was originally collected, unless we reasonably consider that another use is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
18. Changes to This Privacy Policy
We keep this Privacy Policy under regular review. Any changes will be published on our website at www.claseconnected.com/privacy-policy and, where appropriate, notified to you by email.
This policy was last reviewed and updated in May 2025. The version number at the top of this page indicates the version currently in force.

