Privacy Policy

1. About this Privacy Policy

This Privacy Policy explains how Aspire CCS collects, uses, shares, and protects personal data in connection with our website at aspireccs.com (the “Website”) and our research, advisory, and intelligence services. It also explains the rights individuals have over the personal data we hold about them.

“Aspire CCS”, “we”, “us” and “our” in this document refer collectively to Aspire CCS Ltd (United Kingdom), Aspire CCS B.V. (Netherlands), and Aspire CCS Inc. (United States), as appropriate to the activity and jurisdiction. Registered offices and company numbers are: Aspire CCS Ltd, Arlington House, Maldon CM9 6FF, United Kingdom, Companies House registration number 09828535; Aspire CCS B.V., Zeverijnstraat 6, 1216 GK Hilversum, The Netherlands, KvK number 76880591; and Aspire CCS Inc., 700 Commerce Drive, Suite 500, Oak Brook, IL 60523, United States, incorporated in Delaware. Where this document refers to a specific entity, that entity is identified by name.

For the purposes of UK data protection law (comprising the UK GDPR and the Data Protection Act 2018) and the EU General Data Protection Regulation (GDPR), the entity acting as data controller in respect of a given activity is the Aspire CCS entity with which you are engaging, identified at the point of collection. The lead entity for the Website is Aspire CCS Ltd (United Kingdom).

2. What Personal Data We Collect

We collect personal data in the following situations:

Website visitors

• Information about your visit collected via cookies and similar technologies (see our Cookie Policy), including IP address, browser type, pages visited, referring URL, and approximate location derived from your IP address.
• Information you submit through forms on the Website, including the Aspire Intelligence lite Maturity Assessment, contact forms, briefing requests, and newsletter sign-ups. This typically includes your name, business email address, job title, organisation name, country, and any free-text content you provide.
• Conversational inputs to our AI assistant (“Aspire Intelligence”), including the questions you type and any business or personal information you choose to share within the conversation. We do not require account creation to use the assistant.

Clients, prospects, and business contacts

• Identification and contact details (name, job title, organisation, work email, work phone) collected when you engage us as a client, are introduced to us through a business contact, attend our events, or correspond with us by email.
• Business correspondence and meeting records, including content shared during advisory engagements, workshops, briefings, and research interviews.
• Commercial information necessary to administer our services, including engagement scope, billing details, and invoice records. We do not collect or store payment card details ourselves — these are handled by our payment providers.

Job applicants

• Information you submit when applying for a role with us, including CV, cover letter, work history, references, and right-to-work information where required.

Information we do not seek

We do not knowingly collect personal data from children under 18. Aspire CCS’s services are aimed at enterprise organisations and the professionals working within them. If you believe a child has provided us with personal data, please contact us so we can delete it.

3. How We Collect Personal Data

• Directly from you, when you complete a form, send us an email, speak with us, or interact with our AI assistant.
• Automatically, through cookies and analytics technologies when you use the Website (see our Cookie Policy).
• From third parties, including HubSpot (our CRM and marketing platform), LinkedIn (where you connect with us professionally), professional networks, and publicly available business directories.
• Through introductions and referrals from existing clients, business contacts, and professional advisors.

4. Legal Bases for Processing

We rely on the following legal bases under UK GDPR, the Data Protection Act 2018, and EU GDPR:

• Consent — for sending marketing communications, for setting non-essential cookies, and for retaining inputs to our AI assistant for product improvement purposes (where applicable). You can withdraw consent at any time.
• Legitimate interests — for the operation, security, and improvement of our Website and services; for managing relationships with prospective and existing business contacts; for direct marketing to existing business contacts in a B2B context; and for research and analytics conducted in support of our intelligence products. Where we rely on legitimate interests, we balance them against your rights and you have the right to object.
• Performance of a contract — to deliver services we have agreed to provide, including responding to briefing and engagement requests, fulfilling research subscriptions, and administering billing.
• Legal obligation — to comply with statutory obligations including accounting and tax record-keeping, response to lawful regulatory requests, and obligations under employment law for our personnel.

5. How We Use Personal Data

• To operate, maintain, and improve the Website and our services.
• To respond to your enquiries, briefing requests, and engagement requests.
• To deliver the Aspire Intelligence AI assistant, including processing your input through our infrastructure provider and AI model provider in order to return a response. Conversation history is held in your browser session only and is not retained by Aspire CCS after your session ends, except where you submit a follow-up form.
• To deliver, administer, and improve our research, advisory, and intelligence products, including the Aspire Leaderboard, Aspire Navigator, and our Market Trend Reports.
• To send marketing communications about our research, events, and services to business contacts who have consented or who have an existing business relationship with us, subject to the right to opt out at any time.
• To analyse aggregated, de-identified Website and service usage in order to improve our products.
• To recruit and assess job applicants, and to manage our personnel.
• To comply with our legal, regulatory, and contractual obligations.

6. Who We Share Personal Data With

We share personal data only where necessary and only with parties subject to appropriate confidentiality and data-protection obligations:

• Within the Aspire CCS group — between Aspire CCS Ltd, Aspire CCS B.V., and Aspire CCS Inc. for the operational, commercial, and administrative purposes described in this Policy.
• HubSpot, Inc. — our CRM and marketing-automation platform, used for managing business contacts, form submissions, and marketing communications.
• Anthropic, PBC — the provider of the Claude language model that powers the Aspire Intelligence AI assistant. Your inputs to the assistant are processed by Anthropic’s API in order to generate a response. Anthropic acts as our processor for this activity. See anthropic.com/privacy for Anthropic’s privacy practices.
• Cloudflare, Inc. — our infrastructure provider, including the proxy used to route requests to Anthropic’s API.
• Our professional advisors — including accountants, auditors, lawyers, insurers, and bankers, where engagement requires it.
• Other third parties — where required by law, court order, regulatory request, or to defend our legal rights; and in connection with any contemplated or actual sale, merger, reorganisation, or restructuring of Aspire CCS, subject to appropriate confidentiality undertakings.

We do not sell personal data.

7. International Transfers

Aspire CCS operates from the United Kingdom, the Netherlands, and the United States, and uses suppliers based in the United States and elsewhere. As a result, personal data may be transferred outside the UK and EEA.

Where we transfer personal data outside the UK or EEA, we put in place appropriate safeguards as required by UK GDPR, the Data Protection Act 2018, and EU GDPR, including UK International Data Transfer Agreements, EU Standard Contractual Clauses, the UK-US Data Bridge and EU-US Data Privacy Framework where applicable, and supplementary measures where required.

8. How Long We Keep Personal Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, including to meet our legal, regulatory, contractual, and tax obligations. Indicative retention periods are:

• Marketing contacts: until the contact opts out of marketing communications or, if no engagement has occurred, three years from last interaction.
• Client engagement records: seven years from the end of the engagement, in line with UK accounting and tax record-keeping requirements.
• Website analytics data: in aggregated form, indefinitely; in identifiable form, no longer than 26 months.
• Aspire Intelligence chat history: held in your browser session (sessionStorage) only and cleared when you close the browser tab. Not retained by Aspire CCS.
• Job applicant records: 12 months from the conclusion of the recruitment process for unsuccessful candidates, unless we obtain consent to retain them longer for future opportunities.

9. Your Rights

Subject to certain conditions, you have the following rights under UK GDPR, the Data Protection Act 2018, and EU GDPR:

• Right of access — to obtain a copy of the personal data we hold about you.
• Right to rectification — to have inaccurate or incomplete data corrected.
• Right to erasure (“right to be forgotten”) — to have personal data deleted in certain circumstances.
• Right to restriction of processing — to have processing limited in certain circumstances.
• Right to data portability — to receive personal data in a structured, commonly used, machine-readable format.
• Right to object — to processing carried out on the basis of legitimate interests or for direct marketing.
• Right to withdraw consent — where processing is based on consent, you may withdraw consent at any time.
• Right not to be subject to solely automated decisions producing legal or similarly significant effects. We do not make such decisions.

To exercise any of these rights, contact us at info@aspireccs.com or write to us at the registered office identified above. We will respond within one month, extendable by up to two further months for complex requests.

You also have the right to complain to a supervisory authority. In the United Kingdom this is the Information Commissioner’s Office (ICO, ico.org.uk); in the Netherlands the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

10. Cookies

Our use of cookies and similar technologies is described in our separate Cookie Policy. By using the Website you consent to the use of cookies in accordance with that Policy.

11. Security

We take appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include access controls, encryption in transit, segregation of duties, regular review of supplier security, and personnel training.

No internet transmission or storage system is completely secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

12. Changes to this Policy

We may update this Policy from time to time. The current version is identified at the top of this page. Material changes will be communicated through the Website or by direct notification where appropriate.

13. Contact Us

For any question about this Policy or our processing of personal data, please contact info@aspireccs.com. For all other enquiries: info@aspireccs.com.