Privacy policy
Last updated: 16 July 2026
This policy explains how we collect, use, share and protect personal data when you visit onlineoceans.com, contact us, or do business with us, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Online Oceans Robotics Limited (trading as Online Oceans) is the data controller responsible for your personal data. We are a company registered in England and Wales under company number 15290665, with our registered office at 7 Bell Yard, London, WC2A 2JR.
We do not have a statutory data protection officer. For anything relating to this policy or your personal data, contact us at hello@onlineoceans.com or by post to the registered office above, marked for the attention of the directors.
2. Personal data we collect
We collect personal data in the following ways:
- Data you give us: your name, email address, organisation, role and the content of your message when you complete our contact form or correspond with us by email, phone or at events.
- Data collected automatically: technical data such as your IP address, browser type and pages visited, collected through hosting logs and, only where you consent, through the analytics and visitor identification cookies described in our cookie policy.
- Data from other sources: publicly available business information (for example your organisation's website or LinkedIn) that we use to prepare for and follow up business conversations.
Our website and services are aimed at organisations. The personal data we process is almost entirely business contact data relating to people acting in their professional capacity.
3. Purposes and legal bases
UK GDPR requires us to have a lawful basis for each use of personal data. The table below sets out what we do, the data involved and the basis we rely on.
| Purpose | Personal data | Lawful basis |
|---|---|---|
| Responding to enquiries submitted through our contact form or by email | Name, email address, organisation, message content | Legitimate interests (responding to business enquiries about our products and services); where the enquiry leads towards a contract, steps taken at your request before entering a contract |
| Managing customer and prospect relationships in our CRM, including follow-up about our products | Business contact details, correspondence history | Legitimate interests (business development and marketing to business contacts); consent where the law requires it for electronic marketing |
| Identifying the organisations that visit our website (Snitcher) | IP address, pages visited, inferred organisation | Consent, given through our cookie banner and withdrawable at any time |
| Understanding how visitors use our website (Microsoft Clarity) | Usage and interaction data, device information, IP address | Consent, given through our cookie banner and withdrawable at any time |
| Operating, securing and debugging the website | IP address and request data in hosting and content delivery logs | Legitimate interests (running a secure, reliable website) |
| Managing supplier and partner relationships | Business contact details, contract correspondence | Performance of a contract; legitimate interests (administering our business) |
| Complying with legal and regulatory obligations, including accounting, tax and export control | Records we are required to keep by law | Legal obligation |
Where we rely on legitimate interests, we have considered the balance between those interests and your rights, and we do not use your data where our interests are overridden by yours. You can object to any processing based on legitimate interests (see section 8).
4. Who we share personal data with
We do not sell personal data. We share it only with service providers who process it on our instructions under contracts meeting the requirements of Article 28 UK GDPR, and with others where the law requires. Our providers are:
- Pipedrive: our CRM and the provider of the contact form on this site. Data you submit through the form goes directly to Pipedrive.
- Microsoft: provider of the Clarity analytics service, used only with your consent.
- Snitcher B.V.: provider of our visitor identification service, used only with your consent.
- Cloudinary: the content delivery network that serves images and video on this site, which receives your IP address when media loads.
- GitHub: hosts this website, and its servers receive your IP address when you visit.
- Professional advisers, such as our accountants, insurers and lawyers, where necessary.
- Courts, regulators and other authorities where we are legally required to disclose.
5. International transfers
Some of the providers listed above process personal data outside the UK, including in the European Economic Area and the United States. Where personal data leaves the UK, we rely on one of the safeguards recognised by UK GDPR:
- UK adequacy regulations, for transfers to the European Economic Area;
- the UK Extension to the EU-US Data Privacy Framework, for US providers certified under it; or
- the International Data Transfer Agreement or the UK Addendum to the EU standard contractual clauses, in other cases.
You can ask us for details of the safeguard applying to a particular transfer, and where applicable a copy of the relevant agreement, by contacting hello@onlineoceans.com.
6. How long we keep personal data
We keep personal data only for as long as we need it for the purposes above, and then delete or anonymise it. Our standard periods are:
- Enquiries and CRM records: for the duration of our relationship with you or your organisation, and up to 3 years after our last meaningful contact, unless you ask us to delete them sooner.
- Customer and contract records: for the duration of the contract and 7 years after it ends, to meet accounting, tax and legal requirements.
- Website analytics and visitor identification data: for the periods set by the providers listed in our cookie policy.
- Hosting and security logs: for short rolling periods set by our hosting provider.
7. Security
We apply technical and organisational measures appropriate to the risk, including access controls, encryption in transit and reputable cloud providers. No transmission over the internet is completely secure, but we work to protect personal data against loss, misuse and unauthorised access, and we have a documented procedure for responding to any personal data breach.
8. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased in certain circumstances;
- restrict how we use your data in certain circumstances;
- object to processing based on legitimate interests, and to any direct marketing;
- receive the data you provided to us in a portable format; and
- withdraw consent at any time where consent is the basis we rely on, without affecting processing that happened before you withdrew it. For cookies, use the cookie settings link in the footer of any page.
To exercise any of these rights, email hello@onlineoceans.com. We will respond within one month. We may need to verify your identity before acting on a request. These rights are not absolute and exemptions may apply in some cases; if we rely on one, we will tell you why.
9. Complaints
If you are unhappy with how we have handled your personal data, please contact us first at hello@onlineoceans.com and we will try to resolve it.
You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; telephone 0303 123 1113; ico.org.uk/make-a-complaint.
10. Cookies
We use a small number of cookies and similar technologies. Non-essential cookies are set only with your consent, which you can give, refuse or withdraw at any time through the cookie banner or the cookie settings link in the footer. Full details of every cookie, its purpose and how long it lasts are in our cookie policy.
11. Children
Our website and services are aimed at organisations and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
12. Automated decision-making
We do not make any decisions about you based solely on automated processing that produce legal or similarly significant effects.
13. Changes to this policy
We will update this policy when our processing or the law changes, and the date at the top shows when it was last revised. Significant changes will be highlighted on this page.