Ethiclear Policies
Privacy policy
Version: 1.2
Last reviewed: November 17th 2025


Ethiclear (the “service”, etc.) is a service operated and provided by Seastorm Limited.

Seastorm Limited ("Seastorm", "we", "us", etc.) considers your privacy to be very important. We will therefore process and use your data in a secure manner in accordance with the UK General Data Protection Regulations (GDPR) and other applicable laws and regulation. In this document we set out how and why we use your information.

Seastorm is a limited company registered in England and Wales, with company number 11867862. You can contact us on hello@seastorm.co with any questions or concerns.


Scope of this Policy

This policy applies to all users and visitors of Ethiclear websites and services. This includes visiting our sites (https://ethiclear.com and its subdomains, together our “website”), processing project proposals and other areas as described below in the section “What Data do we Process?”.

Broader processing activities, such as those related to email and communication, payment and contracts are covered by Seastorm Limited’s primary Privacy Policy, which is available at https://www.seastorm.co/privacy and should be read in conjunction with this policy.

Unless otherwise stated, Seastorm acts as Data Controller over the primary data processing described in this policy. We have a Data Protection Officer, who can be reached by emailing dpo@seastorm.co.


Cookies

Our website places functional and essential cookies on your device. Such cookies enable us to provide our applications service to you (e.g. on our applications portal) and are not used to track you externally or for marketing or other purposes. You can use your browser’s settings to disable our use of cookies, however areas of our website may not work correctly in such cases.


What Data do we Process?

In this section we identify the key points at which we collect and process data, and the purpose for such processing.


When you visit our website(s)

When you visit our website(s) using a web browser, we collect some data about your computer and the way our services are used by you, even if you don't have an account. We do not collect your name or other personal details about you at this stage, but we may process information such as your computing device’s information (including your OS and IP address) and details about your browser and where you arrived from. We do this for observing aggregated usage of our services, so that we can better understand how to improve our services for their audiences. The legal basis for processing this data is a legitimate interest in recording aggregated analytics data for improvement purposes and to see how often people visit our website.


When you submit a project proposal to us

When you submit a project to us for ethical review (e.g. through our applications portal or via email), we will process your personal data, such as your name, email address, professional information, and any other data submitted directly to us or in files that you send us (which could include the personal data of other people, such as your colleagues or others you work with). This is processed in order to enable us to fully review your project, to maintain communication with you, and to provide you with the review outcome.

The legal basis for such processing is consent (provided at the point you submit your proposal), contractual obligation (where relevant), and legitimate interest in providing services to you (where you are consenting on someone else’s behalf – for example, where their data is included in your project proposal).


Subprocessors

We work with selected subprocessors to help run our service, as described below.

Google: We use Google services for our mail and office software and as a cloud provider. Your information and project proposals may be stored on Google systems for the duration of the processing.

Amazon Web Services (AWS): We use AWS to host and run many of our services.

Committee members: Ethiclear committee members are not employed by Seastorm, and thus are independent subprocessors. These members operate as individuals, and process your data in accordance with industry standard security practices.

Please note that this list of subprocessors may change from time to time.


Who can Access your Data?

Seastorm staff (including employees, contractors and sub-processors) relevant to your engagement with us, project or communication may have access to your personal data (including your name and email address) as required or appropriate to their own role.

We may be required to provide data to legal authorities if we receive such a request or warrant. If Seastorm is purchased or otherwise has its control transferred to another organisation or body, then data we hold will also be transferred to the new business controller. However your data will still only be used for the same purpose for which it was originally supplied to us. In any case, we act and will take steps with the aim of ensuring your privacy is protected.


How Long do we Keep Data for?

We keep data for as long as is required in order to deliver a project, handle communications, deliver and maintain contracts, or as required for legal or other purposes. When there is no longer a legal basis to maintain such data, it will be securely deleted according to our security policies.


Where is your Data Stored and Processed?
Data is stored on our own devices and servers, or those of our subprocessors, as outlined above. Our own servers are based in the UK.


How do we Protect your Data?

Your data is well-protected. We use industry grade business practices to help prevent against unauthorised access and staff are trained to be secure in their day-to-day work. This includes encryption of your data in-transit and at-rest.

We carefully check and vet subprocessors in order to ensure that their own data protection processes are sufficient, and maintain a range of security policies that apply to staff and contractors.


Child Safety

Children under the age of 16 are not allowed to use our services or to directly provide us with personal data. As such, we do not knowingly store or process personal data relating to children under the age of 16.


Your rights

As an individual, you have rights with regard to personal data processed by us. Should you wish to exercise any of these rights then please get in touch with the email address shown on this policy. We will endeavour to action any rights within one business week.


Right to access

At any time you have the right to know about any personal data we hold about you.


Right to correct

You have the right to have your personal data corrected or updated or deleted.


Right to object

You have the right to object to us processing your data.


Right to data transfer

You have the right to request your data in a sensible format such that it can be transferred to a different provider or system.


Rights relating to automated processing

We do not use automated decision making in a way that can adversely affect an individual.


Withdrawal of consent

If you have provided consent for us to process your data, you can withdraw this consent at any time by emailing us.


Complaints

If you would like to complain about the way in which we have handled your personal data, or about this policy, then please get in touch with us using the details in this policy.

You may also get in touch with the Information Commissioner's Office (https://ico.org.uk) to raise a complaint.
hello@ethiclear.com
About Us
Members
Process
Ethics
Pricing
Applications
New Application
Contact Us
FAQs
Docs and Info
Ethics Policy
Privacy Policy
Terms of Use
Blog
©2025 Seastorm Limited (Company number 11867862).
Registered in England and Wales. All rights reserved.