← Back to home

Privacy & Cookie Policy

Last updated: 13 July 2026 · Version 1.0 · UK GDPR / Data Protection Act 2018 / PECR

This policy explains how Comera Group Limited ("we", "us", "our"), operating as Comera Group, collects, uses, shares and protects personal data when you visit this website or get in touch about the Group and its businesses, and your rights under UK data protection law.

It covers visitors to this website and people who enquire through it. If you go on to engage one of the Group's companies, that company will give you any additional privacy information relevant to the work it carries out for you.

Who we are

Having assessed our processing, we are not required to appoint a statutory Data Protection Officer; the contact above handles all data protection matters. This policy is governed by UK data protection law, principally the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) for cookies and marketing.

What data we collect

Please don't include sensitive personal information (such as health details) or operationally sensitive material in a form message — the website is not intended to collect special category or classified data.

How we use your data and our lawful bases

PurposeLawful basis (UK GDPR)
Respond to your enquiry about the Group, its businesses, capabilities or partnership programmesTaking steps at your request before entering a contract (Art. 6(1)(b)), and our legitimate interests in responding to enquiries (Art. 6(1)(f))
Route your enquiry to the Group company best placed to answer itLegitimate interests (Art. 6(1)(f))
Manage our relationship with you and keep business recordsLegitimate interests; legal obligation
Send you marketing (occasional Comera Group updates)Consent (Art. 6(1)(a)) — only if you opt in; you can withdraw at any time
Measure and improve the websiteConsent (for non-essential analytics cookies)
Provide services and meet our legal and regulatory duties (if you become a client or partner)Contract; legal obligation

We will only send you marketing if you have opted in, and every marketing email includes an unsubscribe link. We do not sell your data or share it with third parties for their own marketing.

Cookies and similar technologies

When you first visit our site we show a cookie banner that lets you accept or reject non-essential cookies. Non-essential cookies are not set until you consent, and you can change your choice at any time by clearing the site data in your browser. We use the following categories:

CategoryExamplesPurposeConsent needed?
Strictly necessaryA record of your cookie choice, stored in your browserRemembers your consent decision so we don't ask again, and keeps the site workingNo — required for the service
Analytics / performanceGoogle Analytics (_ga, _ga_*)Measures how the site is used so we can improve itYes

Google Analytics loads only after you accept analytics cookies. We enable IP anonymisation and do not use it for advertising. Google Analytics cookies last up to 2 years; we retain the analytics data for up to 14 months. You can also block or delete cookies through your browser settings, though some parts of the site may not work properly without strictly necessary cookies.

Who we share your data with

We do not sell your data. We share it only as follows:

Our service providers act under contracts that require them to protect your data and use it only on our instructions. We may also disclose data where required by law, by a regulator, or to establish, exercise or defend legal claims. If you engage one of the Group's companies, data sharing relevant to that engagement is covered in its engagement information.

International transfers

Some of our providers process data outside the UK. Where they do, an appropriate safeguard is in place:

ProviderRoleLocationSafeguard
FasthostsHostingUnited KingdomNo overseas transfer
Zoho (ZeptoMail)Transactional emailEuropean UnionUK adequacy regulations for the EEA
Zoho (CRM / Campaigns)CRM & marketingInternationalInternational Data Transfer Agreement (IDTA) / UK Addendum to the EU Standard Contractual Clauses
GoogleAnalyticsUnited States / globalUK Extension to the EU–US Data Privacy Framework and/or the IDTA

Details of the specific safeguards are available on request from our data protection contact.

How long we keep your data

We keep personal data no longer than necessary for the purpose it was collected, unless the law requires us to keep it for longer.

How we protect your data

We use technical and organisational measures proportionate to the data we hold: encryption in transit (HTTPS/TLS), reputable service providers, access limited to those who need it, and protections on our forms against spam and abuse. No system is completely secure, but we take reasonable steps to safeguard your information.

Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict or object to our processing of your personal data, to data portability, and to withdraw consent at any time where processing is based on consent. To exercise any of these, email privacy@comeragroup.co.uk. We will respond within one month, and there is normally no charge.

Complaints

If you have concerns about how we handle your data, please contact us first so we can try to put things right. You also have the right to complain to the UK supervisory authority: the Information Commissioner's Office (ICO) — ico.org.uk, helpline 0303 123 1113.

Changes to this policy

We may update this policy from time to time. We will post the updated version here and change the "last updated" date above. Where changes are significant, we will take reasonable steps to highlight them.

Contact us

Comera Group Limited
Origin Workspace, 40 Berkeley Square, Bristol, BS8 1HP
Data protection: privacy@comeragroup.co.uk

← Back to home