Privacy policy

1. Who we are
Cambridge GaN Devices Ltd ("CGD", "we", "us" or "our") is a company registered in England and Wales (company number 10430656). Our registered office is Jeffreys Building, Suite 8, Cowley Road, Cambridge, CB4 0DS.

We are the data controller for the personal data described in this privacy policy.

How to contact us

• Telephone: 01223 425185
• Email: [email protected]
• Post: Jeffreys Building, Suite 8, Cowley Road, Cambridge, CB4 0DS

We have appointed our Chief Financial Officer as our Data Protection Officer (DPO). You can contact the DPO using the details above.

2. Purpose of this privacy policy
This privacy policy explains how we collect, use, store, share and protect personal data when you interact with us, including through our website, business communications, marketing activities and recruitment processes.

We are committed to handling personal data responsibly, transparently and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. Changes to this policy
We may update this privacy policy from time to time to reflect legal, regulatory or operational changes. The most recent version will always be published on our website. Where changes are material, we will take reasonable steps to notify you.

Last updated: February 2026

4. Personal data we collect
Business and general enquiries
When you contact us by telephone, email, post or via our website forms, we may collect and process the following categories of personal data:

• Identity and contact details: name, job title, company name, business address, work email address and telephone number;
• Communication records: details of your enquiries and our correspondence with you;
• Business-related information: information relevant to your enquiry, product interest or commercial relationship;
• Website usage data: information collected automatically through cookies and similar technologies, such as pages viewed, navigation patterns and referring sources.

Most of this information is provided directly by you. In some circumstances, we may receive limited information about you from third parties, such as colleagues, professional contacts or business intelligence providers.

You may opt out of receiving marketing communications at any time by contacting us at [email protected] or by clicking the unsubscribe button on our emails.

5. Recruitment data
When you apply for a role with CGD, we collect and process personal data to manage the recruitment process and assess your suitability for employment. This may include: contact details;

• CV and employment history;
• qualifications and skills;
• right-to-work documentation;
• references (obtained after an offer is made); and
• limited health or equality information where required to make reasonable adjustments or meet legal obligations.

Recruitment data is collected directly from candidates and, where applicable, from referees or recruitment agencies. Access is restricted to those involved in the recruitment process and appropriate technical and organisational safeguards are applied.

If your application is unsuccessful, we will retain your data for up to 24 months for future recruitment opportunities, with limited data retained for a further 12 months where there is a legitimate business need. You may request deletion of your data at any time, subject to legal requirements.

6. Lawful bases for processing
Under UK GDPR, we must have a lawful basis to process your personal data. Depending on the circumstances, we rely on one or more of the following:

• Contract – where processing is necessary to perform a contract with you or take steps at your request prior to entering into a contract;
• Legitimate interests – where processing is necessary for our legitimate business interests, provided those interests do not override your rights and freedoms;
• Legal obligation – where processing is required to comply with a legal or regulatory obligation; and
• Consent – where you have given clear consent for a specific purpose (for example, certain marketing activities or non-essential cookies).

7. How we use personal data
We use personal data for the following purposes:

• to provide and receive goods and services;
• to respond to enquiries and manage business relationships;
• to identify and explore potential commercial opportunities;
• to administer recruitment and employment processes;
• to operate, maintain and improve our website;
• to analyse trends and improve user experience;
• to send marketing communications, where permitted by law; and
• to comply with legal, regulatory and governance requirements.

8. Sharing personal data
We may share personal data with:

• trusted service providers (such as IT, hosting, analytics, marketing or event management providers);
• professional advisers (such as legal, financial or audit advisers);
• regulators, courts or law enforcement authorities where required by law; and
• third parties where you have provided consent or where it is otherwise lawful to do so.

We may also share aggregated or anonymised statistical data that does not identify individuals.

If CGD is subject to a merger, acquisition or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

9. International transfers
Some of our service providers may process personal data outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:

• transfers to countries recognised as providing an adequate level of protection;
• use of UK-approved International Data Transfer Agreements or Standard Contractual Clauses; and
• additional technical and organisational measures where required.

We no longer rely on the EU–US Privacy Shield.

10. Data security
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, destruction, alteration, unauthorised disclosure or access. Personal data is stored on secure systems operated by us or our approved service providers.

11. Cookies and similar technologies
Our website uses cookies and similar technologies to ensure functionality, analyse performance and support marketing activities.
Types of cookies
Strictly necessary cookies
Required for the operation of our website, including storing cookie preferences and enabling secure access.
Analytics and performance cookies
Used to understand how visitors interact with our website. We use Google Analytics with Consent Mode v2, meaning analytics cookies are only activated once consent is given.
Advertising and marketing cookies
Used to deliver relevant advertising and measure campaign effectiveness. We use services including Google Ads, LinkedIn Advertising and Salesforce Marketing Cloud. These cookies are only set with your consent.
Managing cookies
You can manage or withdraw your cookie consent at any time via our cookie banner. Cookie preferences are retained for 12 months. You may also control cookies through your browser settings, although disabling essential cookies may affect website functionality.

12. Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting or reporting requirements.

Where you opt out of marketing communications, we retain minimal information to ensure your preferences are respected.

You may request deletion of your personal data by contacting [email protected], subject to legal obligations.

13. Your rights
Under UK data protection law, you have the right to:

• access your personal data;
• request correction of inaccurate or incomplete data;
• request erasure of your data;
• object to processing based on legitimate interests or for direct marketing;
• request restriction of processing;
• request data portability; and
• withdraw consent at any time, where processing is based on consent.

These rights are not absolute and may depend on the circumstances. To exercise your rights, please contact us using the details above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

14. Contact us
If you have any questions, concerns or feedback about this privacy policy or how we handle personal data, please contact us at [email protected] or via the contact form on our website.