Privacy Policy | ClearOps

Template — not legal advice. This document is a template provided for general guidance only. It is not legal advice and may not fit your specific circumstances. Have it reviewed and adapted by a qualified solicitor or data-protection professional before you publish or rely on it.

This Privacy Policy explains how [LEGAL NAME, e.g. ClearOps Ltd] ("ClearOps", "we", "us", "our") collects and uses personal data when you visit our website (clearops.co.uk), enquire about our services, or engage us as a client. We are committed to handling your data responsibly and in line with UK data protection law (the UK GDPR and the Data Protection Act 2018).

1. Who we are (the controller)

[LEGAL NAME] is [a sole trader based in the United Kingdom / a company registered in England and Wales]. (Delete whichever does not apply once your entity is confirmed.)

Legal name: [LEGAL NAME]
Company number: [COMPANIES HOUSE NUMBER — if a limited company]
Registered / business address: [REGISTERED OR BUSINESS ADDRESS]
ICO registration number: [ICO REGISTRATION REFERENCE]
Contact for data matters: naz@clearops.co.uk

For the personal data described in this policy, ClearOps is the data controller (we decide why and how it is processed). Where we handle personal data on behalf of a client as part of delivering our services, we act as a data processor — that relationship is governed by our Data Processing Agreement, not this policy.

2. The personal data we collect

a) Website visitors

Technical data: IP address, browser type, device information, and pages visited.
Cookie and analytics data — see our Cookie Notice.

b) Leads and enquirers

Identity and contact data you give us: name, business name, email address, phone number.
The content of your enquiry, booking, or messages (e.g. a "Teardown" call booking or a lead-magnet download).
Marketing preferences and email engagement data (opens/clicks) if you subscribe.

c) Clients (and client staff/contacts)

Contact and business details for the people we work with at a client.
Project, scope, billing, and payment information.
Correspondence and meeting notes relating to engagements.

We do not intentionally collect special category data (e.g. health, race, political opinions) about website visitors or leads. If a client engagement requires processing such data, it is handled under a Data Processing Agreement with appropriate safeguards.

3. How we collect it

Directly from you (forms, emails, calls, bookings, contracts).
Automatically when you use our website (cookies and analytics).
Occasionally from public sources (e.g. a company website or LinkedIn) when researching a prospective client.

4. Why we use it and our lawful bases

Purpose	Lawful basis (UK GDPR Art. 6)
Responding to enquiries and booking calls	Legitimate interests / steps prior to entering a contract
Delivering services and managing the engagement	Performance of a contract
Invoicing, payments, and accounting records	Legal obligation / performance of a contract
Sending marketing emails to subscribers and relevant business contacts	Consent, or legitimate interests under the "soft opt-in" where permitted (see PECR)
Website analytics and improving our site	Consent (for non-essential cookies)
Security, fraud prevention, and protecting our business	Legitimate interests
Complying with legal and regulatory duties	Legal obligation

Where we rely on legitimate interests, we have balanced our interests against your rights and concluded our use is proportionate. You can ask us for details, or object, at any time.

5. Email marketing & your consent

We send marketing emails (such as our newsletter and the resources you ask for) only where we have a lawful basis under the UK GDPR and the Privacy and Electronic Communications Regulations (PECR):

Consent: where you tick a clear, unticked opt-in box or otherwise ask to receive our emails (for example, when downloading a checklist or subscribing).
"Soft opt-in": where you are an existing or prospective business contact whose details we obtained in the course of a sale or negotiation, we may email you about similar services — and you can opt out at any time.

Every marketing email contains a one-click unsubscribe link, and you can also email naz@clearops.co.uk to opt out. We keep a record of consent and a suppression list so that opt-outs are honoured. Our email marketing is delivered through a third-party provider (see section 6).

6. Third parties and sub-processors

We use trusted third-party providers to run our business. These may process personal data on our behalf. Categories include:

Function	Provider (examples)
Business email & productivity	Google Workspace
Website hosting / CDN	Cloudflare Pages / Netlify (or similar)
Scheduling / bookings	Google Calendar
Email marketing	MailerLite (or similar)
Website analytics	Google Analytics 4 (GA4) or a privacy-friendly alternative
Payments & invoicing	Stripe
CRM / pipeline	[CRM PROVIDER, e.g. HubSpot / Notion]
Automation engine	n8n (self-hosted) / Make / Zapier
Third-party AI tools	Anthropic (Claude) / OpenAI (or similar)

A note on AI tools. We use third-party AI services to help deliver our work (for example, drafting, summarising, classifying or extracting information). We choose providers that offer business/enterprise terms, and we have a data-handling policy governing what may and may not be sent to AI tools. We aim to minimise personal and confidential data sent to such tools, prefer providers that do not train their models on our inputs under their business terms, and apply this especially to client data handled under a Data Processing Agreement.

We do not sell your personal data. We only share it where necessary to deliver our services, comply with the law, or where you have asked us to.

7. International transfers

Some of our providers are based outside the UK (for example, in the US or EU). Where personal data is transferred outside the UK, we ensure an appropriate safeguard is in place, such as:

transfer to a country covered by UK adequacy regulations; or
the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with appropriate supplementary measures.

You can ask us for more detail on the safeguards used for a specific provider.

8. How long we keep it (retention)

Website/analytics data: typically up to 26 months, or per the analytics tool's retention setting.
Lead/enquiry data: up to 24 months after last contact, then deleted or anonymised, unless you become a client.
Client records and correspondence: for the duration of the engagement plus up to 6 years (to meet contractual, tax, and legal-claim periods).
Accounting/financial records: at least 6 years, as required by UK tax law.
Marketing consent records: until you unsubscribe, then a suppression record is kept to honour your opt-out.

When data is no longer needed, we securely delete or anonymise it.

9. Your rights

Under UK data protection law you have the right to:

be informed about how we use your data (this policy);
access the personal data we hold about you (a "DSAR");
rectify inaccurate or incomplete data;
erase your data ("right to be forgotten"), in certain circumstances;
restrict or object to processing, including direct marketing;
data portability (receive your data in a usable format);
withdraw consent at any time, where we rely on consent;
not be subject to solely automated decisions with legal or similarly significant effects.

To exercise any right, email naz@clearops.co.uk. We will respond within one month. There is normally no charge. We may need to verify your identity first.

10. Cookies

Our website uses cookies for essential functionality and (with your consent) analytics. Full details are in our Cookie Notice.

11. Security

We use appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit, strong authentication, restricted use of third-party AI tools, and least-privilege access to client systems. No system is perfectly secure, but we take our responsibilities seriously.

12. Complaints

If you have a concern about how we handle your data, please contact us first at naz@clearops.co.uk so we can put it right.

You also have the right to complain to the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113 · www.ico.org.uk

13. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top shows the latest version. Material changes will be highlighted on our website.