Privacy and Data Protection Policy

Last updated: 3/29/2025

1. INTRODUCTION

1.1 Important Information and Who We Are

Welcome to Squirrel's Privacy and Data Protection Policy (“Privacy Policy”). At Squirrel (“we,” “us,” or “our”), we are committed to safeguarding your privacy and protecting your Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018, and all other applicable data protection laws and regulations.

The individuals from whom we may gather and use data include:

  • Third parties connected to your customers.
  • Potential or existing candidates for job opportunities at our customers' companies.

1.2 Your Data Controller and Data Protection Officer

Squirrel is your Data Controller and is responsible for your Personal Data.

We have appointed a Data Protection Officer (“DPO”) to oversee questions related to this Privacy Policy:

Name: Will Daubney
Email: will@usesquirrel.com

1.3 Processing Data on Behalf of a Controller

In fulfilling our responsibilities as a Data Controller, we may engage employees or external parties (“Processors”) to process your data on our behalf.

2. LEGAL BASIS FOR DATA COLLECTION

2.1 Types of Data We Collect

Personal Data refers to information that identifies an individual. We may collect:

  • Profile/Identity Data: First name, last name, gender, and date of birth.
  • Contact Data: Phone numbers, addresses, and email addresses.
  • Marketing and Communications Data: Marketing preferences.
  • Prospective Candidate Data: CVs, contact details, and AI conversation data.
  • Aggregated Data: Demographic and usage statistics.

2.2 Legal Bases for Processing Data

Under GDPR, we rely on the following legal bases for collecting and processing Personal Data:

  • Consent: For example, when you opt in to receive newsletters.
  • Contractual Obligations: When data is necessary to fulfill a contract or service.
  • Legal Compliance: When required by law to process data (e.g., fraud prevention).
  • Legitimate Interest: When processing is necessary for our business operations and does not override your rights and freedoms.

3. HOW WE USE YOUR PERSONAL DATA

3.1 Data Usage

We use your Personal Data only as permitted by law. Common examples include:

ActivityType of DataLawful Basis
Candidate data processing for client hiring needsProfile, Contact, Usage DataConsent, Legitimate Interest
Sending marketing communicationsProfile, Contact, Marketing DataConsent, Legitimate Interest

Information We Collect

We collect information that you provide directly to us when you register for an account, use our services, or communicate with us. This may include:

  • Name and contact information
  • Company details
  • Login credentials
  • Payment information
  • Usage data and preferences

How We Use Your Information

We use the information we collect to provide, maintain, and improve our services, including to:

  • Process and manage your account
  • Respond to your requests and inquiries
  • Send you technical notices and updates
  • Prevent fraud and enhance security
  • Comply with legal obligations

Data Security

We implement appropriate technical and organizational measures to maintain the safety of your personal information. However, no Internet-based site can be 100% secure, and we cannot guarantee the absolute security of your information.

4. YOUR RIGHTS AND PROTECTION

4.1 Your Legal Rights

Under GDPR, you have the following rights:

  • Right to Be Informed: About how we process your data.
  • Right of Access: Request a copy of your data.
  • Right to Rectification: Correct inaccuracies in your data.
  • Right to Erasure: Request data deletion in certain circumstances.
  • Right to Object: Stop or restrict data processing in specific cases.
  • Right to Data Portability: Request transfer of your data in a structured format.

4.2 Opting Out of Marketing

You can opt out of marketing communications at any time by clicking “unsubscribe” in our emails or contacting us directly.

4.3 Security Measures

We use encryption, secure protocols, and third-party security providers to protect your Personal Data. While no system is completely secure, we strive to protect your information.

5. THIRD-PARTY DATA SHARING

We may share data with:

  • Subcontractors and affiliates under confidentiality agreements.
  • Third parties in the event of a business sale or acquisition.
  • Authorities or legal entities when required by law.

6. DATA RETENTION

We retain Personal Data only as long as necessary to fulfill its purpose. Longer retention may apply if required by law or in the event of legal claims.

7. AGE LIMIT

Our services are intended for users aged 18 or older. If you are under 18, do not use our services.

8. INTERNATIONAL DATA TRANSFER

Your data may be transferred outside the UK. By using our services, you consent to such transfers, subject to adequate safeguards.

9. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. The latest version will always be available on our website.

10. CONTACT US

For questions or concerns about this Privacy Policy, contact our DPO:
Email: will@usesquirrel.com