1. Important Information and Who We Are

Controller

Circle Cloud Ltd is the controller responsible for your personal data (“Circle Cloud”, “we”, “us”, or “our” throughout this notice).

We have appointed a Data Privacy Manager to oversee questions relating to this notice.

Contact Details

Legal entity: Circle Cloud Ltd

Data Privacy Manager: Andrew Ballantyne

Email: andrew.ballantyne@circlecloud.co.uk

Postal address: Fusion Hive, North Shore Road, Stockton-on-Tees, TS18 2NB

Telephone: 0191 672 7011

You may contact the Information Commissioner’s Office (ICO) at any time (www.ico.org.uk). However, we would appreciate the opportunity to address your concerns first.

Your responsibility to keep your data up to date

Please let us know if your personal data changes during your relationship with us.

Links to third-party sites

Our website may contain links to third-party websites or services. We are not responsible for their privacy practices and encourage you to read their privacy notices.

2. The Data We Collect About You

“Personal data” means any information that can identify you directly or indirectly.

We may collect, use, store, and transfer the following types of personal data:

Identity Data

First name, last name, username, title, date of birth, gender.

Contact Data

Billing address, delivery address, email address, telephone numbers.

Financial Data

Bank account details, payment card details.

Transaction Data

Details of products and services purchased, payments made or received.

Technical Data

IP address, browser type, browser version, login details, time zone setting, operating system, device type, and other technology used to access our website.

Profile Data

Username, password, preferences, interests, purchase history, feedback, survey responses.

Usage Data

How you use our website, products, and services.

Marketing and Communications Data

Preferences for receiving marketing and communication from us and third parties.

Aggregated Data

We may generate aggregated or statistical data, which cannot identify you. If aggregated data is linked with personal data, it is treated as personal data.

We do NOT collect:

• Special category data (e.g., race, health, biometrics, sexuality)
• Criminal offence data

If you fail to provide personal data

If required data is not provided, we may be unable to provide services or fulfil a contract.

3. How We Collect Your Personal Data

We collect data in the following ways:

Direct interactions

You provide data by:

• Applying for services
• Creating an account
• Subscribing to publications
• Requesting marketing information
• Providing feedback or completing surveys

Automated technologies

We collect Technical Data as you interact with our website using:

• Cookies
• Server logs
• Analytics tools
  (See our Cookie Policy for details.)

We may use marketing attribution tools—for example, tracking engagement with content or product categories to tailor future communications.

Third-party sources

We may receive data from:

• Analytics providers (e.g., Google Analytics 4)
• Marketing service providers such as Prospect Global Ltd (Sopro)
• CRM and marketing automation platforms (such as Salesforce and Pardot)
• Publicly available sources

4. How We Use Your Personal Data

We only use your personal data when lawful. Legal bases include:

• Performance of a contract
• Legitimate interests
• Compliance with legal obligations
• Consent (e.g., email marketing)

You may withdraw consent at any time.

How we use your data

We use your data to:

• Register new customers
• Process and deliver orders
• Manage payments and recover debt
• Manage our relationship with you
• Administer and protect our website
• Provide tailored website content
• Deliver marketing and recommendations
• Analyse data to improve our services

If we need to use your data for a new purpose, we will notify you and explain the legal basis.

5. Disclosures of Your Personal Data

We may share your data with:

• CRM, marketing and communication platforms, such as Salesforce, Pardot, Exchange, and SharePoint
• Trusted service providers, including cloud hosting and IT support
• Marketing partners, such as Sopro
• Professional advisers, including auditors or legal advisers
• Authorities, where required by law
• Potential buyers, in the event of a business sale or merger

We require all third parties to protect your data and only process it on our instructions.

6. International Transfers

Some third parties may be located outside the UK.

When transferring your data internationally, we ensure appropriate safeguards, including:

• UK adequacy regulations
• International Data Transfer Agreements (IDTAs)
• UK Addendum to EU Standard Contractual Clauses
• UK–US Data Bridge, where applicable

For details of specific safeguards, please contact us.

7. Data Security

We have implemented appropriate technical and organisational measures to protect your data against loss, misuse, or unauthorised access. Access is limited to employees and suppliers with a business need, under strict confidentiality obligations.

If a data breach occurs, we will notify you and regulators where legally required.

8. Data Retention

We retain your data only as long as necessary to fulfil the purposes for which it was collected, including legal and accounting obligations.

Where possible, we anonymise data so it can no longer identify you.

You may request deletion of your data at any time (see Section 9).

9. Your Legal Rights

Under the UK GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request erasure
• Object to processing
• Restrict processing
• Request data portability
• Withdraw consent

To exercise any rights, contact us using the details in Section 1.

We may request proof of identity to keep your data secure.

10. Glossary

Legitimate Interest

Our interest in operating and improving our business in ways that do not override your rights.

Performance of Contract

Processing necessary to provide products or services you request.

Comply with a Legal Obligation

Processing required to meet legal requirements.