Privacy & Cookie Policy
Last updated: 13 July 2026 · Version 1.0 · UK GDPR / Data Protection Act 2018 / PECR
This policy explains how Comera Group Limited ("we", "us", "our"), operating as Comera Group, collects, uses, shares and protects personal data when you visit this website or get in touch about the Group and its businesses, and your rights under UK data protection law.
It covers visitors to this website and people who enquire through it. If you go on to engage one of the Group's companies, that company will give you any additional privacy information relevant to the work it carries out for you.
Who we are
- Data controller: Comera Group Limited, a company registered in England and Wales (company number 06340829).
- Registered office: Origin Workspace, 40 Berkeley Square, Bristol, BS8 1HP.
- Data protection contact: privacy@comeragroup.co.uk.
Having assessed our processing, we are not required to appoint a statutory Data Protection Officer; the contact above handles all data protection matters. This policy is governed by UK data protection law, principally the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) for cookies and marketing.
What data we collect
- Enquiry & contact data you give us through our enquiry form: your name, email address, organisation and phone number (if you provide them), the nature of your enquiry, your message, and whether you opt in to marketing.
- Communications: the content of any emails or messages you send us.
- Technical & usage data: IP address, device and browser type, pages visited and referring pages — collected through cookies and analytics, and only with your consent for non-essential cookies (see Cookies below).
Please don't include sensitive personal information (such as health details) or operationally sensitive material in a form message — the website is not intended to collect special category or classified data.
How we use your data and our lawful bases
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Respond to your enquiry about the Group, its businesses, capabilities or partnership programmes | Taking steps at your request before entering a contract (Art. 6(1)(b)), and our legitimate interests in responding to enquiries (Art. 6(1)(f)) |
| Route your enquiry to the Group company best placed to answer it | Legitimate interests (Art. 6(1)(f)) |
| Manage our relationship with you and keep business records | Legitimate interests; legal obligation |
| Send you marketing (occasional Comera Group updates) | Consent (Art. 6(1)(a)) — only if you opt in; you can withdraw at any time |
| Measure and improve the website | Consent (for non-essential analytics cookies) |
| Provide services and meet our legal and regulatory duties (if you become a client or partner) | Contract; legal obligation |
We will only send you marketing if you have opted in, and every marketing email includes an unsubscribe link. We do not sell your data or share it with third parties for their own marketing.
Cookies and similar technologies
When you first visit our site we show a cookie banner that lets you accept or reject non-essential cookies. Non-essential cookies are not set until you consent, and you can change your choice at any time by clearing the site data in your browser. We use the following categories:
| Category | Examples | Purpose | Consent needed? |
|---|---|---|---|
| Strictly necessary | A record of your cookie choice, stored in your browser | Remembers your consent decision so we don't ask again, and keeps the site working | No — required for the service |
| Analytics / performance | Google Analytics (_ga, _ga_*) | Measures how the site is used so we can improve it | Yes |
Google Analytics loads only after you accept analytics cookies. We enable IP anonymisation and do not use it for advertising. Google Analytics cookies last up to 2 years; we retain the analytics data for up to 14 months. You can also block or delete cookies through your browser settings, though some parts of the site may not work properly without strictly necessary cookies.
Who we share your data with
We do not sell your data. We share it only as follows:
- Within the Comera Group — your enquiry is passed to the Group company best placed to answer it (for example a training, security, energy or human-performance business), which will use it only to respond to you.
- Fasthosts (UK) — website hosting.
- Zoho Corporation — ZeptoMail (EU) — sends transactional emails, such as the confirmation you receive after making an enquiry.
- Zoho Corporation — Zoho CRM & Zoho Campaigns — manages enquiries and leads and, if you opt in, sends our marketing.
- Google — Google Analytics, used only with your consent.
Our service providers act under contracts that require them to protect your data and use it only on our instructions. We may also disclose data where required by law, by a regulator, or to establish, exercise or defend legal claims. If you engage one of the Group's companies, data sharing relevant to that engagement is covered in its engagement information.
International transfers
Some of our providers process data outside the UK. Where they do, an appropriate safeguard is in place:
| Provider | Role | Location | Safeguard |
|---|---|---|---|
| Fasthosts | Hosting | United Kingdom | No overseas transfer |
| Zoho (ZeptoMail) | Transactional email | European Union | UK adequacy regulations for the EEA |
| Zoho (CRM / Campaigns) | CRM & marketing | International | International Data Transfer Agreement (IDTA) / UK Addendum to the EU Standard Contractual Clauses |
| Analytics | United States / global | UK Extension to the EU–US Data Privacy Framework and/or the IDTA |
Details of the specific safeguards are available on request from our data protection contact.
How long we keep your data
- Enquiries that don't become clients or partners: up to 24 months from your last contact with us, then deleted.
- Marketing contacts: until you unsubscribe or withdraw consent (we also review our list periodically).
- Website analytics: up to 14 months.
- Client and partner records (if you engage us): for the period required by the relevant engagement and by law.
We keep personal data no longer than necessary for the purpose it was collected, unless the law requires us to keep it for longer.
How we protect your data
We use technical and organisational measures proportionate to the data we hold: encryption in transit (HTTPS/TLS), reputable service providers, access limited to those who need it, and protections on our forms against spam and abuse. No system is completely secure, but we take reasonable steps to safeguard your information.
Your rights
Under UK GDPR you have the right to access, rectify, erase, restrict or object to our processing of your personal data, to data portability, and to withdraw consent at any time where processing is based on consent. To exercise any of these, email privacy@comeragroup.co.uk. We will respond within one month, and there is normally no charge.
Complaints
If you have concerns about how we handle your data, please contact us first so we can try to put things right. You also have the right to complain to the UK supervisory authority: the Information Commissioner's Office (ICO) — ico.org.uk, helpline 0303 123 1113.
Changes to this policy
We may update this policy from time to time. We will post the updated version here and change the "last updated" date above. Where changes are significant, we will take reasonable steps to highlight them.
Contact us
Comera Group Limited
Origin Workspace, 40 Berkeley Square, Bristol, BS8 1HP
Data protection: privacy@comeragroup.co.uk