Privacy Statement

Last Updated: November 2025

Squid Consultancy Group Ltd, including its subsidiaries, affiliates, and associated operations (collectively referred to as “Squid Consultancy Group”, “SCG”, “we”, “us”, or “our”), is firmly committed to protecting your privacy and safeguarding your personal information.

This Privacy Statement (“Statement”) outlines how SCG collects, uses, discloses, and protects personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable international data protection and privacy laws.

1. Objective

Through this Statement, we aim to provide transparency about:

  • What personal data we collect and how we use it;
  • Who we share it with and for what purposes;
  • The lawful basis on which we process your data;
  • Your rights and choices regarding your personal data; and
  • The security measures we use to safeguard your information.

This Statement applies to information collected through our websites — www.squidconsultancygroup.co.uk, and any associated subdomains (“SCG Websites”) — as well as data collected in connection with our professional, consulting, and digital services.

2. Personal Information We Collect and Use

2.1 Categories of Personal Information

Depending on your relationship with SCG, we may collect and process the following types of personal information:

  • Website & Technical Data: IP address, browser type, device identifiers, operating system, access times, referring URLs, and browsing behaviour.
  • Personal & Contact Details: Name, title, company name, position, business address, email, phone number, and professional profiles (e.g., LinkedIn).
  • Login & Authentication Details: Username, passwords, or credentials for registered SCG portals or services.
  • Event, Media & Communication Data: Photographs, recordings, or images from events, webinars, or conferences hosted by SCG.
  • Marketing & Preference Data: Newsletter subscriptions, consent preferences, marketing interactions, and engagement analytics.
  • Recruitment & Employment Data: CVs, qualifications, employment history, skills, references, and interview notes.

2.2 Sources of Personal Information

  • Direct interactions: forms, emails, phone calls, or event registrations.
  • Automated technologies: cookies, analytics, and website tracking.
  • Public sources: professional platforms (e.g., LinkedIn).
  • Business relationships: partners, vendors, or affiliates.
  • Employment processes: applications, onboarding, and HR systems.

2.3 How We Use Personal Information

  • Deliver, maintain, and improve our services and digital platforms;
  • Create and manage your client or user account;
  • Respond to enquiries, requests, and feedback;
  • Send marketing communications (where consented);
  • Conduct analytics, research, and business development;
  • Manage events, webinars, and promotional campaigns;
  • Ensure security, prevent fraud, and monitor compliance;
  • Fulfil contractual and legal obligations; and
  • Manage recruitment, employment, or internship processes.

2.4 Legal Basis for Processing

  • Performance of a Contract: To provide products or services requested by you or your organisation.
  • Legitimate Interests: To operate efficiently, secure our systems, and maintain client relationships.
  • Consent: For direct marketing, event participation, or other non-essential communications.
  • Legal Obligations: To comply with applicable UK, EU, or international laws or regulatory authorities.

3. Consequences of Not Providing Personal Data

If you fail to provide necessary information, SCG may be unable to deliver certain services, respond to your requests, or complete transactions.

4. Data Sharing and Transfers

4.1 Internal and External Recipients

  • SCG subsidiaries and affiliated entities;
  • Business partners, consultants, and contractors supporting service delivery;
  • IT, analytics, cloud hosting, HR, or marketing service providers;
  • Professional advisers (legal, financial, compliance);
  • Regulatory, governmental, or law enforcement agencies (as required by law).

4.2 International Data Transfers

As a global consultancy, we may transfer data outside the United Kingdom and European Economic Area (EEA). Where such transfers occur, we implement adequate protection mechanisms including:

  • UK International Data Transfer Agreements (IDTAs);
  • Standard Contractual Clauses (SCCs); or
  • Adequacy decisions approved by the UK Information Commissioner’s Office (ICO).

5. Your Data Protection Rights

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): Request deletion of your personal data.
  • Restriction: Request limitations on processing under certain conditions.
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent: Withdraw previously given consent at any time.
  • Complaint: Lodge a complaint with the Information Commissioner’s Office (ICO).

To exercise your rights, please contact: contact@squidconsultancy.com.

6. Data Security

  • Data encryption and secure storage;
  • Role-based access controls;
  • Regular security audits and vulnerability assessments;
  • Employee training and confidentiality agreements;
  • Incident response and breach notification procedures.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this Statement, or as required by law or regulatory standards. Once no longer required, data will be securely deleted, anonymised, or archived in compliance with SCG’s retention policy.

8. Cookies and Tracking Technologies

  • Enhance website performance and usability;
  • Analyse traffic and engagement metrics;
  • Personalise content and advertising.

You can manage or disable cookies through your browser settings. For more details, see our Cookie Policy.

9. Linked Websites

SCG Websites may contain links to third-party websites or platforms. We are not responsible for their content or privacy practices. We recommend reviewing their privacy notices before providing any personal data.

10. Children’s Privacy

Our services and websites are not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors. If such data is found, it will be promptly deleted.

11. Data Subject Categories

(a) Job Applicants and Interns
Purpose: Recruitment, assessment, and onboarding.
Legal Basis: Contract performance; legitimate interest.
Retention: Up to 12 months post-process unless legally required longer.

(b) Employees and Contractors
Purpose: Employment management, compliance, and administration.
Legal Basis: Contract performance; legal obligation; legitimate interest.

(c) Vendors and Suppliers
Purpose: Procurement, contract administration, and financial compliance.
Legal Basis: Performance of contract; legal obligation.

(d) Clients and Business Partners
Purpose: Contract fulfilment, service delivery, and relationship management.
Legal Basis: Performance of contract; legitimate interest.

12. Updates to This Privacy Statement

SCG reserves the right to revise this Privacy Statement periodically to reflect changes in data practices or legal obligations. Updates will appear on this page with the revised “Last Updated” date.

13. Contact Us

Data Privacy Office
Squid Consultancy Group Ltd
8 Cecil Street, Glasgow, Scotland, United Kingdom
Email: contact@squidconsultancy.com
Website: www.squidconsultancygroup.co.uk
Company Registration Number: SC846551

Privacy Statement

Need help? Our team is just a message away