Privacy policy

Claros DD Privacy Policy

Last updated: December 15, 2025

This Privacy Policy explains how Claros DD LLC (“Claros DD,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data. It also explains your rights under the EU and UK General Data Protection Regulation (GDPR/UK GDPR) and how to contact us. 

This policy applies to personal data we process about:

• Individuals we identify and contact as potential research sources or participants. 

• Visitors to our website at www.clarosdd.com.

• Individuals who communicate with us by email, phone, SMS, or other channels.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), this policy provides the information required by Articles 13 and 14 GDPR/UK GDPR.

1) Who we are and how to contact us

Controller: Claros DD LLC

Email: liz@clarosdd.com

General inquiries: liz@clarosdd.com

Data Protection Officer: We have not appointed a Data Protection Officer. You may contact us at the details above with any privacy questions.

2) What personal data we collect

We collect and process the following categories of personal data:

• Contact and professional details: name, employer, job title, role, industry expertise, business email, business phone number, and similar professional profile information. 

• Communications: content of emails, calls, messages (including SMS), scheduling information, and related metadata. 

• Research-related information: information you choose to share when considering or participating in our research; permissions to attribute or include your information in research reports. 

• Website and device data: basic traffic logs, IP address, browser and device information, pages visited, and timestamps. We do not track users’ online activities across third-party websites over time.

• Source and referral information: the source from which we obtained your details (for example, publicly available websites, directories, data vendors such as LinkedIn, RocketReach, Kaspr, or referrals from contacts or clients). 

3) Where we get your data

We obtain personal data:

• Directly from you when you contact us or participate in our research.

• From clients and third parties, including data vendors and publicly available sources (e.g., LinkedIn, RocketReach, Kaspr, industry directories, trade publications, websites). 

• Through referrals from individuals we speak with, or incidental information found in professional publications and online sources. 

If we did not obtain your data directly from you, this policy serves as our notice to you under Article 14 GDPR/UK GDPR. We will provide this information at the time of first contact or within one month, whichever comes first, unless an exemption applies. 

4) Why we use your data and our legal bases

We process personal data for the following purposes and on these legal bases:

• Identifying, contacting, and evaluating prospective research sources; inviting participation; scheduling and conducting interviews; and managing research output. Legal basis: our legitimate interests in running and improving our research services and delivering insights to clients, balanced with your rights and freedoms. Where required by law, we will obtain your consent. 

• Preparing and delivering research reports to clients, including including your information with your permission. Legal basis: legitimate interests and, when we attribute or include your personal data in a report provided to a client, consent where required. 

• Communicating with you, including via email, phone, or SMS for research outreach and coordination. Legal basis: legitimate interests to communicate efficiently about research opportunities; consent where required by electronic communications laws. 

• Operating and improving our website, ensuring security, and generating aggregated analytics. Legal basis: legitimate interests in running a secure and effective website; consent for non-essential cookies where applicable. 

• Compliance and legal obligations, including responding to lawful requests, record keeping, and enforcing our agreements. Legal basis: compliance with legal obligations and legitimate interests. 

You may withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

5) SMS communications

From time to time, we may contact prospective participants or sources via SMS to request collaboration on projects. Messages are individualized and limited in frequency. Contact details may come from publicly available sources or data vendors (e.g., LinkedIn, RocketReach, Kaspr). You can opt out at any time by replying STOP or contacting us at liz@clarosdd.com

6) Who we share your data with

We share personal data only as needed for the purposes described above:

• Clients: We provide research reports to a single client for each project. These reports are proprietary and confidential. We include personal data in a report only with your permission and limit access to the receiving client. We do not sell personal data.

• Service providers: We use trusted vendors to support our operations (e.g., email, scheduling, conferencing, CRM, secure file storage, website hosting, and analytics). These providers act under our instructions and are bound by confidentiality and data protection obligations. 

• Professional advisers and legal authorities: We may share data when necessary to comply with law, enforce our rights, or protect our users and services. 

We do not sell or rent personal data to third parties for their independent marketing purposes.

7) International data transfers

Claros DD LLC is based in the United States. If you are in the EEA or UK, your personal data may be transferred to countries outside the EEA/UK, including the United States, that may not provide the same level of data protection. 

When we transfer personal data internationally, we use appropriate safeguards, including additional technical and organizational measures to protect the data.

8) How long we keep your data

We keep personal data only as long as necessary for the purposes described in this policy, including to contact prospective sources, conduct research, deliver reports, comply with legal obligations, and resolve disputes. We will delete or anonymize data when it is no longer needed or as you request.

9) Your rights

Depending on your location, you may have the following rights under GDPR/UK GDPR:

1. Access. Obtain confirmation of whether we process your personal data and receive a copy.

2. Rectification. Request correction of inaccurate or incomplete data.

3. Erasure. Request deletion of your data in certain circumstances.

4. Restriction. Ask us to limit processing in certain circumstances.

5. Objection. Object to processing based on our legitimate interests, including for outreach, and we will stop unless we have compelling legitimate grounds. You may opt out of SMS or email at any time.

6. Portability. Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller, where applicable.

7. Withdraw consent. Where processing is based on consent, you may withdraw it at any time.

8. Lodge a complaint. If you are in the EEA or UK, you can complain to your local supervisory authority. You may also contact us, and we will try to resolve your concern. 

To exercise your rights, contact privacy@clarosdd.com. We may ask for information to verify your identity. We will respond within the timeframes required by law.

10) Our legitimate interests

We rely on legitimate interests to identify and contact potential research sources, manage research processes, deliver insight to clients, operate our website, and protect our business. We have assessed these interests and implemented measures to minimize privacy impact, including limited contact frequency, professional-only contact details where possible, clear opt-out options, secure systems, and limited, permission-based inclusion of personal data in client reports. You can object to processing based on legitimate interests at any time.

11) Cookies and similar technologies

We collect basic traffic information on our website. We do not track users’ activities across third-party websites over time. If we use cookies or similar technologies that are not strictly necessary, we will request your consent through a cookie banner and provide more details in our cookie notice. You can manage preferences through your browser or our cookie tools. 

12) Security

We use appropriate technical and organizational measures to protect personal data, including access controls, encryption in transit where appropriate, secure storage, and internal policies limiting access to personal data to personnel with a legitimate need to know. No system is perfectly secure, but we work to prevent unauthorized access, use, or disclosure.

13) Children

Our services are intended for adults in a professional context. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact us and we will take appropriate steps.

14) Changes to this policy

We may update this policy from time to time. We will post updates on this page and indicate the “Last updated” date. Material changes will be communicated as appropriate.

15) How to contact us and complaints

If you have questions or concerns about this policy or how we handle your personal data, contact liz@clarosdd.com. If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority. We would appreciate the chance to address your concerns first.