General Data Protection Regulation (GDPR)

We follow privacy-by-design principles, implement secure development standards, and maintain transparent data handling practices across all engagements.

Your trust matters. Your data stays secure.

Your Data is Always Protected and In Safe Hands

At Square Root, we are committed to protecting personal data and maintaining the highest standards of data privacy, security, and regulatory compliance. As a UK-based organisation, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that all personal data is processed lawfully, fairly, and transparently.

Our Data protection policy is not only a regulatory requirement, but also a fundamental to building trust with our clients, partners, and website users.

Our Commitment to UK GDPR Compliance

Square Root processes personal data in accordance with the core principles defined under Article 5 of the UK GDPR:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

We ensure that personal data is collected only for legitimate business purposes and is never retained longer than necessary.

Lawful Basis for Processing

Under UK GDPR, organisations must establish a lawful basis before processing personal data. Square Root processes data under one or more of the following lawful bases:

  • Contractual necessity
  • Legitimate interests
  • Legal obligations
  • Consent (where required)

Where consent is relied upon, individuals are provided with clear options to withdraw consent at any time.

Types of Personal Data We May Collect

Depending on the nature of engagement, we may collect:

  • Contact information, such as names, email addresses, and phone numbers
  • Business details such as company name, role, and organisation data
  • Technical information like the IP addresses, browser types, and cookies
  • Communication records
  • Service-related project information

We do not collect special category data unless strictly necessary and lawfully justified.

Data Subject Rights Under UK GDPR

Individuals whose data we process are entitled to the following rights:

  • Right to access personal data
  • Right to rectification
  • Right to erasure or Right to be forgotten
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights relating to automated decision-making and profiling

Requests to exercise these rights can be submitted via our contact details provided below. We respond within statutory timeframes as required by UK law.

Data Security Measures

Square Root implements appropriate technical and organisational measures to safeguard personal data, including:

  • Secure hosting infrastructure
  • Encryption protocols
  • Access controls and role-based permissions
  • Secure development practices
  • Regular system monitoring and risk assessments

We maintain internal data governance processes to ensure ongoing compliance with relevant regulations.

International Data Transfers

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

  • UK-approved International Data Transfer Agreements (IDTAs)
  • Adequacy regulations
  • Standard contractual clauses where applicable

All cross-border transfers are conducted in compliance with UK GDPR requirements.

Data Retention

Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, including satisfying legal, accounting, or reporting obligations. Once no longer required, data is securely deleted or anonymised.

For full details, please review our Privacy Policy or contact our team directly.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience, analyse website performance, and improve services. Users are provided with clear information and consent options in line with UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

For detailed information, please refer to our Cookie Policy.

Reporting Concerns

If you have concerns about how your personal data is handled, you may contact us directly. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent authority for data protection:

Information Commissioner's Office
www.ico.org.uk

Contact Us

If you have any questions regarding this GDPR statement or wish to exercise your data rights, please contact:

Square Root
Website: https://square-root.co.uk
Email: info@square-root.co.uk