CLAYA TECH LTD
About Services Portfolio Contact
Harlow, United Kingdom Request a Consultation
About Services Portfolio Contact

CLAYA TECH LTD
64 Silvesters, Harlow, CM19 5NW

Contents

  • 1. Who We Are
  • 2. What Data We Collect
  • 3. How We Collect Data
  • 4. Legal Basis for Processing
  • 5. How We Use Your Data
  • 6. Data Sharing
  • 7. International Transfers
  • 8. Data Retention
  • 9. Your Rights
  • 10. Cookies
  • 11. Security
  • 12. Third-Party Links
  • 13. Children
  • 14. Changes to This Policy
  • 15. Contact Us

Privacy Policy

Last updated: 28 May 2026

1. Who We Are

CLAYA TECH LTD ("we", "our", "us") is a company registered in England and Wales, with its registered office at 64 Silvesters, Harlow, CM19 5NW, United Kingdom. We provide computer systems design, custom programming, technical consultancy and related professional services to businesses and organisations across the United Kingdom.

We are the data controller in respect of the personal data described in this Privacy Policy. This means that we are responsible for determining the purposes and means of processing personal data that we hold about you.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection legislation in force in the United Kingdom.

This Privacy Policy explains what personal data we collect about you, how and why we use it, how long we retain it, who we share it with, and what rights you have in relation to your personal data. We encourage you to read this policy carefully. If you have questions that are not answered here, please contact us using the details provided at the end of this document.

This policy applies to all personal data collected and processed by CLAYA TECH LTD in connection with the operation of our website at clayatech.work, our professional services activities, and our commercial relationships with clients, prospective clients, suppliers and other professional contacts.

2. What Personal Data We Collect

We collect different categories of personal data depending on your relationship with us and the nature of your interaction with our website and services. The categories of personal data we may collect include the following.

Identity and Contact Data

This includes your full name, job title, company or organisation name, business address, telephone number and email address. We collect this data when you complete a contact form on our website, send us an email, telephone us, or engage with us in the course of a professional relationship.

Technical and Usage Data

When you visit our website, we may collect technical data about your device and your use of the site, including your IP address, browser type and version, operating system, referral source, pages visited, time spent on pages, and other standard web analytics data. This data is collected automatically through cookies and similar technologies. Please refer to our Cookie Policy for further details.

Enquiry and Communications Data

When you contact us with an enquiry, we collect and retain the content of your message, along with the date and time of the communication and any attachments you provide. This allows us to respond appropriately and maintain a record of our communications history with you.

Professional and Commercial Data

In the course of providing services to clients, we may collect professional data relevant to the engagement, including information about your organisation's technical systems, operational processes, business requirements and strategic objectives. This information is shared with us in the context of a confidential professional relationship and is subject to our standard confidentiality obligations in addition to this Privacy Policy.

Financial and Contractual Data

If we enter into a commercial agreement with you or your organisation, we may collect and retain data necessary to administer the engagement, including contract terms, invoicing details, payment records and correspondence relating to the commercial relationship. We do not store payment card data directly — all financial transactions are handled through regulated payment processors.

Preferences and Marketing Data

Where you have provided your explicit consent, we may retain records of your marketing preferences, including whether you have opted in to receive professional communications from us. We do not engage in broad email marketing campaigns and do not purchase mailing lists.

3. How We Collect Your Personal Data

We collect personal data through a variety of direct and indirect channels, as described below.

Direct Collection

We collect personal data directly from you when you complete the contact form on our website, send us an email at tech@clayatech.work, telephone us, attend a meeting or call with our team, or otherwise initiate contact with us for the purpose of enquiring about or using our services. In these cases, you are voluntarily providing personal data and you are aware that you are doing so.

Automatic Collection

We collect certain technical data automatically when you visit our website. This is done through standard web analytics tools and cookies. The data collected in this way typically does not, on its own, identify you as a specific individual, though in certain circumstances it may be possible to identify you if combined with other information we hold. Please refer to our Cookie Policy for a detailed explanation of how we use cookies and similar technologies.

Collection from Third Parties

On occasion, we may receive personal data about you from third parties. For example, a colleague or business associate may provide your contact details in the context of introducing or referring you to us. Where this occurs, we will process your data in accordance with this Privacy Policy and will provide you with this notice at the earliest practicable opportunity if we intend to enter into direct communications with you.

Publicly Available Sources

In connection with our professional activities, we may collect personal data from publicly available professional sources, such as Companies House records, professional directory listings, or publicly accessible LinkedIn profiles, for the purpose of identifying and contacting appropriate professional contacts at organisations we believe may benefit from our services. In these cases, we process only professional contact information and only in the context of legitimate professional outreach.

4. Legal Basis for Processing Personal Data

We are required under UK GDPR to identify a lawful basis for each processing activity involving personal data. The following lawful bases apply to our processing activities.

Contractual Necessity

Where you have entered into a commercial agreement with CLAYA TECH LTD for the provision of services, we process personal data as necessary for the performance of that contract. This includes processing data to communicate with you about project matters, deliver the agreed services, issue invoices, and administer the commercial relationship.

Legitimate Interests

We process certain personal data on the basis of our legitimate interests as a professional services business. Our legitimate interests in this context include: responding to enquiries received through our website and other channels; maintaining records of professional communications for the purpose of business continuity and quality management; analysing website usage to improve our online presence and user experience; and conducting proportionate professional outreach to organisations and individuals who may have a genuine need for our services. In each case, we have assessed that our legitimate interests are not overridden by the interests, rights or freedoms of the individuals concerned, taking into account the nature of the data, the relationship between us, and the reasonable expectations of the individuals whose data is processed.

Legal Obligation

In certain circumstances, we are required to process personal data to comply with our legal obligations. This includes retaining financial and contractual records for the period required by UK tax legislation, responding to lawful requests from regulatory authorities, and complying with any court order or other legal process that requires us to disclose personal data.

Consent

Where we rely on consent as the basis for a specific processing activity, we will seek your consent at the relevant time and in a clear and specific manner. You have the right to withdraw consent at any time and doing so will not affect the lawfulness of processing carried out prior to withdrawal. Where consent is relied upon, it will be identified clearly at the point of collection.

5. How We Use Your Personal Data

We use personal data for the specific purposes described below. We do not use personal data for purposes that are incompatible with the purpose for which it was originally collected, except where you have given your consent or where permitted by applicable law.

  • To respond to enquiries submitted through our contact form, by email, or by telephone, and to provide the information or assistance requested.
  • To prepare and deliver professional services in accordance with the terms of any engagement agreement entered into with you or your organisation.
  • To communicate with you about matters relating to an active or proposed engagement, including project updates, delivery milestones, review meetings and handover arrangements.
  • To issue invoices, process payments and administer the financial aspects of our commercial relationships.
  • To maintain records of our professional communications and activities for the purposes of business continuity, dispute resolution and quality assurance.
  • To analyse website usage patterns and improve the functionality, content and user experience of our website.
  • To comply with our legal and regulatory obligations, including obligations under UK tax legislation and data protection law.
  • To protect our legitimate business interests and legal rights, including in the context of dispute resolution, enforcement of contractual terms and protection against fraud.
  • Where you have provided consent, to send you professional communications that we believe may be of interest to you, relating to our services, technical insights or relevant industry developments. You may withdraw this consent at any time by contacting us at tech@clayatech.work.

We do not engage in automated decision-making or profiling activities that produce legal or similarly significant effects in respect of individuals.

6. Sharing Your Personal Data

We treat the personal data we hold about you with professional discretion and do not share it with third parties except in the circumstances described in this section.

Service Providers and Data Processors

We engage certain third-party service providers who process personal data on our behalf in the course of providing services to us. These include our email hosting provider, website hosting provider, analytics service providers, and professional accounting software providers. All such providers are engaged under contractual terms that require them to process personal data only on our instructions and in accordance with applicable data protection legislation. Where our service providers are established outside the United Kingdom, we ensure that appropriate safeguards are in place for international data transfers, as described in Section 7 below.

Professional Advisers

We may share personal data with our professional advisers, including our legal advisers, accountants and insurers, where necessary for the purpose of obtaining professional advice or in the context of a legal claim, dispute or regulatory matter. Such advisers are subject to duties of professional confidentiality.

Legal and Regulatory Disclosure

We may be required to disclose personal data to law enforcement authorities, regulatory bodies, courts or other official bodies where required to do so by applicable law, court order or other legal process, or where we have a good faith belief that disclosure is necessary to protect the rights, property or safety of CLAYA TECH LTD, our clients, or others.

Business Transfers

In the event that CLAYA TECH LTD is involved in a business transfer, merger, acquisition or sale of assets, personal data held by us may be transferred to the successor entity. We would ensure that any such transfer is subject to appropriate data protection safeguards and that affected individuals are informed.

We do not sell, rent or trade personal data to or with any third party for commercial purposes.

7. International Transfers of Personal Data

Our primary operations are based in the United Kingdom and the majority of the personal data we process is stored and processed within the United Kingdom. Where we engage service providers that process personal data outside the United Kingdom, we take steps to ensure that such transfers comply with applicable UK data protection legislation.

For transfers to countries that are not subject to an adequacy decision by the UK Information Commissioner's Office (ICO), we ensure that appropriate safeguards are in place, such as the use of the International Data Transfer Agreement (IDTA) or the Addendum to the EU Standard Contractual Clauses as approved for use in the United Kingdom, or other appropriate transfer mechanisms recognised under applicable UK legislation.

If you would like further information about the mechanisms we use for international data transfers, or copies of the relevant safeguards, please contact us at tech@clayatech.work.

8. Data Retention

We retain personal data only for as long as is necessary for the purposes described in this Privacy Policy, or as required by applicable legal, regulatory or professional obligations. Our standard retention practices are as follows.

Enquiry and Contact Data

Personal data submitted through our contact form or provided in connection with a preliminary enquiry that does not progress to a commercial engagement is retained for a period of twelve months from the date of last contact. After this period, such data is securely deleted unless there is a specific legitimate reason to retain it for longer.

Client and Engagement Data

Personal data associated with an active client engagement is retained for the duration of the engagement and for a period of seven years thereafter. This extended retention period reflects our obligations under UK tax legislation and our legitimate interest in maintaining records that may be relevant to any dispute or claim arising in connection with the engagement.

Financial and Contractual Records

Financial records, including invoices, payment records and commercial correspondence, are retained for a minimum of six years in accordance with the requirements of HMRC and standard accounting practice. Certain records may be retained for longer where required by specific legal or regulatory obligations applicable to our business.

Website Analytics Data

Aggregated website analytics data is retained for a period of up to twenty-six months. Anonymised statistical data derived from analytics may be retained for longer for the purpose of trend analysis and website improvement.

Marketing Preferences

Records of marketing consent and preference are retained for as long as is necessary to demonstrate compliance with our obligations under applicable data protection and marketing legislation. If you withdraw consent, your preference is recorded and retained for a sufficient period to demonstrate that we have acted in accordance with your instructions.

When personal data is no longer required, we take appropriate steps to ensure its secure and permanent deletion or anonymisation.

9. Your Rights Under UK GDPR

UK GDPR provides individuals with a range of rights in relation to their personal data. These rights apply subject to certain limitations and exemptions. Where you wish to exercise any of the rights described below, please contact us using the details provided in Section 15 of this policy. We will respond to your request within one calendar month of receipt, although we may request additional information from you to verify your identity before processing your request.

Right of Access

You have the right to request a copy of the personal data we hold about you and to be provided with information about how and why it is being processed. This is sometimes referred to as a subject access request. We will provide this information free of charge, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or decline to respond.

Right to Rectification

If you believe that personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected or completed. We will use reasonable endeavours to verify your request and make any necessary corrections promptly.

Right to Erasure

You have the right to request the deletion of your personal data in certain circumstances — for example, where the data is no longer necessary for the purpose for which it was collected, where you withdraw consent (and there is no other lawful basis for processing), or where you object to processing and there are no overriding legitimate grounds. This right is subject to our obligations to retain data under applicable legal and regulatory requirements.

Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while we are verifying the accuracy of data you have disputed, or while we are assessing an objection you have raised. Where processing is restricted, we will continue to store the relevant data but will not otherwise process it without your consent, except in limited circumstances.

Right to Data Portability

Where processing is based on your consent or on the performance of a contract, and is carried out by automated means, you have the right to receive a copy of the personal data you provided to us in a structured, commonly used and machine-readable format, and to request that we transmit this data directly to another controller where technically feasible.

Right to Object

You have the right to object to the processing of your personal data where we rely on legitimate interests as our lawful basis. If you raise such an objection, we will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing is necessary for the establishment, exercise or defence of legal claims. You have an unconditional right to object to processing for direct marketing purposes.

Rights Related to Automated Decision-Making

We do not use automated decision-making processes, including profiling, that produce legal or similarly significant effects in respect of individuals. If this were to change in the future, we would update this policy accordingly and would ensure that appropriate safeguards are in place.

Right to Lodge a Complaint

If you are concerned about the way in which we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). The ICO can be contacted at ico.org.uk, by telephone on 0303 123 1113, or by post to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. We would, however, welcome the opportunity to address your concern directly before you contact the ICO, and we encourage you to reach out to us in the first instance.

10. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to enhance the user experience and collect usage data. A cookie is a small text file placed on your device by a website server. Cookies do not give us access to your device beyond the information they are designed to transmit.

We use cookies for the following purposes: to enable essential website functionality; to remember your preferences; to analyse how our website is used so that we can improve it; and, in limited circumstances, to support the performance of third-party tools and services embedded in our website. We do not use cookies for advertising or for tracking your activity across third-party websites.

For full details of the cookies we use, their purpose, and your options for managing them, please refer to our Cookie Policy, which forms part of our overall data protection framework.

11. Security of Personal Data

We take the security of personal data seriously and have implemented a range of technical and organisational measures designed to protect personal data against accidental loss, unauthorised access, disclosure, alteration or destruction.

Our security measures include: the use of secure communication protocols (HTTPS) for our website; access controls limiting access to personal data to those within our organisation who have a legitimate need; the use of reputable and security-conscious service providers for hosting and processing activities; and regular review of our security practices in response to the evolving threat landscape.

We also take reasonable steps to ensure that any third parties to whom we disclose personal data implement appropriate security measures.

Notwithstanding these measures, no data transmission over the internet and no method of electronic storage is completely secure. We cannot guarantee absolute security and cannot accept responsibility for unlawful access to or alteration of personal data by a third party despite our reasonable precautions. In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, we will comply with our notification obligations under UK GDPR, including notifying the ICO within 72 hours of becoming aware of the breach where required, and notifying affected individuals where the breach is likely to result in a high risk to their rights and freedoms.

12. Third-Party Websites and Links

Our website may contain links to third-party websites. These links are provided for your convenience and information. We do not control the content or data practices of third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party website you visit through a link from our site. This Privacy Policy applies only to the data we collect and process in connection with clayatech.work and our professional services activities.

Where our website embeds third-party content or tools — such as mapping services — those third parties may collect data about your interaction with their tools in accordance with their own privacy policies.

13. Children's Data

Our website and professional services are directed exclusively at businesses and professional organisations. We do not knowingly collect personal data from individuals under the age of 18. If you believe that a person under 18 has provided personal data to us, please contact us at tech@clayatech.work and we will take appropriate steps to delete that data promptly. If you are under 18, please do not submit any personal data through our website or contact forms.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, applicable legislation or the structure of our business. When we make material changes to this policy, we will update the "last updated" date at the top of this page. We encourage you to review this page periodically to remain informed about how we handle your personal data.

Where required by applicable law, we will seek your consent before implementing material changes that affect the way in which we process your personal data. For clients with active engagements, we will communicate material policy changes directly to relevant contacts.

Continued use of our website following the publication of changes to this Privacy Policy constitutes your acknowledgement of those changes. If you disagree with any part of this policy, please cease using our website and contact us with your concerns.

15. How to Contact Us

If you have any questions about this Privacy Policy, wish to exercise any of your data protection rights, or have a concern about the way we handle your personal data, please contact us using the following details.

CLAYA TECH LTD
64 Silvesters
Harlow
CM19 5NW
United Kingdom

Email: tech@clayatech.work
Telephone: +44 7742 808756

We aim to respond to all data protection enquiries within one calendar month of receipt. For complex requests, we may require up to an additional two months and will advise you accordingly if this is the case. Where we request further information from you for the purpose of verifying your identity before processing a rights request, the time limit for our response is paused until we receive the required information.

For information about the role of the UK Information Commissioner's Office and how to make a complaint, see Section 9 above.

CLAYA TECH LTD

Professional computer systems design and technical services for established businesses across the United Kingdom.

Currently accepting new engagements
Navigation
  • About
  • Services
  • Portfolio
  • Contact
Legal
  • Privacy Policy
  • Cookie Policy
  • Terms of Service
  • Terms & Conditions
Contact
64 Silvesters
Harlow, CM19 5NW
United Kingdom

+44 7742 808756
tech@clayatech.work

© 2026 CLAYA TECH LTD. All rights reserved. Registered in England & Wales.

Privacy Cookies Terms