Squid


Website and General Data Protection and Privacy Policy

Introduction

We will safeguard and respect your privacy. This Policy explains the ways in which we process or use your personal data and sets out your legal rights in relation to your personal data.

This policy is subject to copyright (ours or our licensor's) and may not be copied or used or adapted for use by anyone else without written licence from us.

This policy is provided in a "layered" manner so that you can click straight through to the specific areas set out below if you wish.

If your visual or other access requirements mean that you need a larger font or other format copy of this policy, please Contact Us.

Introduction

Who We Are and How to Contact Us

Who Must Comply with This Policy

When This Policy Applies

Data Protection Principles

How We Obtain Your Information

What Information We May Collect and Process

On What Basis We Use Your Information

What We Use Your Information for

Sharing Your Information

Cookies, Opt-Outs and Third-Party Links

How We Look After Your Information

How Long We Keep Your Personal Information

International Transfers of Your Information

Your Rights Relating to Your Information

How to Exercise Your Rights

Our Role as a Data Controller or Processor

Changes to This Policy and Your Duty to Inform us of Data Changes

Who We Are and How to Contact Us

"We" "our" or "us" refers to Squid, the business name used by Elise Billy (the Individual) who is registered as an Individual Entrepreneur in Tbilisi, Georgia with registered business address at 41 Zakaria Paliashvili Street, Entrance 1, Tbilisi, Georgia.

We are the data controller responsible for your personal data and this website. You can contact us via Contact Us including for any data protection or privacy related matters. The preferred contact method for any privacy or data protection related matters is by email to our compliance manager via webqueries@squid.ge addressed in the subject matter of the email "To the Compliance Manager".

Contact Us.

Who Must Comply with This Policy

This policy applies to everyone when working for us, with us or on our behalf in any capacity, including employees at all levels, owners, licensees, agency or seconded workers, interns, agents, contractors, consultants, service providers, third-party representatives and business partners.

When This Policy Applies

This policy is mainly aimed at general users of this website or clients. We may have a separate or additional privacy policy for current, potential and past employees or contractors and if so, then this will have been notified to them.

This Policy does not apply to our processing of personal data of anyone with whom we have a specific contract which includes clauses or references to specific privacy policies to the extent that they override this one and in general, this Policy is additional to any other one and does not override it.

We do not knowingly collect or maintain any personal information of children. If you are under the age of 18, please do not access our website or social media pages or communicate with us.

Data Protection Principles

We will comply with data protection law both in Georgia and internationally in countries where we have clients such as the United Kingdom and United Arab Emirates and in the EU. This means that your personal data that we hold must be:

- used lawfully, fairly and in a transparent way

- collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes

- relevant to the purposes we have told you about and limited only to those purposes

- accurate and kept up to date

- kept only as long as necessary for the purposes we have told you about

- kept securely.

How We Obtain Your Information

We may collect any information that you provide to us yourself, for example when you:

- buy or apply for or express an interest in any of our products or services;

- contact us to enter into or enquire about a transaction with a client of ours or with us;

- create an account on our website or in any of our apps or online tools;

- communicate with us for example by email, chat, applications, shared meetings or documents spaces, social media messages, comments or posts, calls, meetings, training, post, webinars or via our websites or apps or online tools;

- make an enquiry, provide feedback, or make a complaint;

- subscribe to any of our marketing, newsletters, articles or mailing lists;

- enter a competition, promotion or survey provided by us or on our behalf;

- register to and/or attend our events in person or online;

- network with us (e.g. at exhibitions, conferences and/or other meetings or events, in person or online) or provide us with any contact details for networking purposes;

- link to or share information with any of our personnel through social media or business forums or groups (for example LinkedIn, business or industry associations or alumni networks);

- submit a CV and/or an application for a job or to become a contractor or service provider of ours and / or attend an interview or assessment with us.

We may also receive information about you from other people. For example:

- Service providers and others: We may collect personal information from or via the people with whom we share data (see Sharing Your Information

- Publicly available sources: We use publicly available sources such as search engines, listings sites, social media, websites, company registers, electoral registers, for instance to carry out identity and compliance checks and to gain background information and research;

- Analytics providers, advertising networks and search information providers: We may collect personal information from external providers of these services (see later sections);

- Employers, recruitment agencies and referees: If you are an applicant for a job with us or to become a service provider or contractor of ours, we may contact your recruiter, current and former employers and/or referees to provide information about you and your application;

- Referrers: We may receive information about you from other people if you communicated to them that you would like to hear from us or from specified categories of business that include us;

- Official Sources: We may receive information about you from government authorities or bodies, police, crime or fraud prevention or other authorised entities;

- Security: We may collect information from our information and cyber security service providers, about any actual or attempted misuse of our website, apps, emails or other communication methods or devices.

What Information We May Collect and Process

The personal information we collect and process about you may include some or all of the following:

- Identity: including title, names, usernames, passwords, date of birth, company you work for, your title or position, your relationship to other people, your image and / or voice, location, nationality, preferred language, gender, physical characteristics, marital status and others

- Contact information: including email addresses, phone numbers, addresses, social media names or contacts;

- Your communication: including any personal data that you include in any communication by any of the methods referred to How We Obtain Your Information and in any content that you upload on to any of our online tools, websites, apps or shared online environments;

- Identification and background information: including information provided by you if required as part of our client or personnel acceptance or contract processes, for example your government-issued identification information, social security numbers, tax identifiers, passport, utility bills copies or other personal identification documents;

- Transactions and profile data: including details about products and services that you bought from us or enquired about and payments that you made via our payment service providers (who have their own separate privacy policies that you should read), your interests, preferences, feedback and survey responses and your marketing and communication preferences;

- Website, social media and app usage and other technical data: including information about your interactions with our websites, apps or social media pages and the device that you use to access them, which may include information such as IP addresses, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers). This information may be collected by third-party analytics service providers on our behalf and / or may be collected using cookies or similar technologies (see sections below)

- Employment and background data: if you submit a job application to us, you may provide information and details about your academic and work history, qualifications, skills, personal or professional background, references, proof of your entitlement to work in this country, your tax identity, social security identity or other number, your passport or other identity document details, and any other related information that you may provide to us;

Sensitive information such as information about criminal convictions and offences or "special category data" about your race or ethnicity, religious, philosophical or political beliefs or opinions, sex life, sexual orientation, trade union membership or health, generic or biometric data by law require higher levels of protection. We generally do not knowingly store information of this type other than from personnel as required. As an exception, we process this type of information if needed for you to attend our premises or events or for provision of services to or from you or where needed to comply with legal obligations including social protection laws.

We may also collect, use and share aggregated data such as statistical or demographic data. This data may be derived from your personal data but is not considered personal data if it does not directly or indirectly reveal your identity. If we combine or connect this data with your personal data so that it can identify you, we do then treat the combined data as personal data in accordance with this Policy.

On What Basis We Use Your Information

We use your personal information as permitted by law. Most commonly, this will be on the basis of one or more of the following (further detail is given in What We Use Your Information for):

- to enter into or perform a contract with you;

- the legitimate interests of us or a third party as a business;

- to comply with a legal or regulatory obligation;

- your consent (if needed and where we request it), although see below.

Occasionally, we may use your personal information for other reasons permitted by law, especially in an emergency if you are not able to give consent.

Where we use your information for our legitimate interests, we consider any potential impact that such use may have on you. Our legitimate interests do not automatically override yours. We do not use your information if we think your interests should override ours unless we have other grounds to do so. If you are concerned, see Your Rights Relating to Your Information or Contact Us if you want more information about how we balanced your rights and our legitimate interests.

Generally, we do not rely on consent as a legal basis for processing your personal data other than for certain types of marketing where we need your consent (and in those cases, only where you opt in). You have the right to withdraw consent to our marketing at any time by contacting us or clicking to opt out.

There are however instances where we may need your consent to provide services depending on legislation in force at the time, for example under data protection legislation in the United Arab Emirates at the date of this policy.

What We Use Your Information for

We may use your information for the following purposes:

- Response to enquiries: to respond to enquires you make, especially if you ask for information about us providing our services to you (on the basis of our legitimate interest to respond to enquiries from prospective clients and to operate a lawful business and / or on the basis of your consent but only if necessary and if given);

- Our relationship with you: to manage our engagement and our relationship with you, including by maintaining our database of contacts, asking you for feedback, notifying you about changes to our terms of use, and/or privacy policy or other policies (on the basis of performing our contract with you, to comply with our legal obligations and any regulators and on the basis of our legitimate interests to keep our records updated and check on standards);

- Registering you as a client or establishing contracts or terms with you, processing and delivering your orders, including managing (may be via third parties) payments, fees and charges and collecting money owed (on the basis of entering our contract with you, or otherwise on the basis of our legitimate interest to conduct our business)

- Provision of our services: to provide our services to you and update you about our services or instructions, or otherwise take steps as set out in any contract or terms with you and / or to manage payments to or from us or our clients (on the basis of performing our contract with you, or otherwise on the basis of our legitimate interest to conduct our business);

- User support: to provide service and support and deal with enquiries or complaints in relation to your use of our websites, online tools, portals, apps or social media pages or groups (on the basis of our contract with you or on the basis of our legitimate interests to provide you with customer service and to comply with our legal obligations);

- Marketing and Sales: to communicate with you about our news, events and services that we believe may interest you (either on the basis of our legitimate interests to provide you with marketing communications where we may lawfully do so (although you may opt out at any time) or your consent if we have requested it); we will not share your personal data with any third party for marketing purposes unless we have your express opt-in consent;

- Recruitment: to process any applications you send to us as a potential employee, service provider or contractor application, whether directly or via an agent or recruiter (on the basis of our legitimate interest to recruit new employees or contractors);

- Your experience of our website, social media and apps: to provide you with access to our website and / or social media pages or groups or apps in a way that is optimised and convenient which may include personalised content (on the basis of our legitimate interest to ensure our website, social media and apps are presented in an effective manner);

- Analytics: to use data analytics to improve and optimise use of our website, social media, apps, products or services, advertising, marketing, client relationships and experiences (on the basis of our legitimate interests in personalising or modifying the services or communications we provide to you, developing our business, and informing our marketing strategy);

- Fraud and unlawful activity detection: to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud or money laundering (on the basis of our legitimate interests to detect and prevent illegal activities and to operate a safe and lawful business or where we have a legal obligation to do so);

- Compliance: to enable us to comply with any legal or regulators' obligations, policies and procedures and to enforce our legal rights, or to protect the rights, property or safety of our employees or service providers (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).

Sharing Your Information

On the lawful grounds referred to above and connected with the purposes set out, in addition to any recipients of your information described elsewhere in this Policy, we may share your personal information if relevant with third parties such as:

- Group companies and joint venture companies: Any related or group companies or joint venture partners to the extent necessary either because they are providing services or products directly to you or are providing them to us;

- Our service providers: service providers we work with to deliver our business, who act as processors and provide us with services which may include (as examples only) the following:

~ Third party hosting, cloud, technology or AI service providers;

~ Website, email, app, metaverse, software, online tools and social media developers, hosts or content contributors or related service providers;

~ Cloud hosting service providers;

~ Contract management, document management or digital or electronic signature service providers;

~ Online payment gateway or service providers;

~ IT, system administration, analytical or security service providers;

~ Identity verification, credit rating or fraud prevention and detection service providers;

~ Sub-contracted, outsourced or consultancy service providers;

~ Professional advisers or service providers including for legal services, documents, funding, tax advice, accounting, administrative services.

- Regulators and governmental bodies: regulators, governmental bodies, tax authorities and other authorities acting as processors or joint controllers, who require reporting of processing activities in certain circumstances;

- Social media services: We may work with certain third-party social media providers to offer you their social networking services through us or our products or services. They may be able as a result to collect information about you and may notify your friends on their network in accordance with applicable law and their own privacy policies which are not controlled by us;

- Advertisers: We may share some personal information with advertisers, advertising exchanges and marketing agencies that we engage for advertising services for us or through some of our products or services. They may also target advertisements on third party websites based on cookies or other information indicating previous interaction with us or our services.

- Standards and Industry Bodies and Associations: To the extent applicable and necessary and if we are a member of the association or governed by their Code of Conduct, associations or quality standards organisations or similar;

- Referrals and Publicity: any selected third party that you consent to our referring you on to or sharing your information with for marketing, client reference or publicity purposes;

- Buyers of our business: any actual or prospective buyer or transferee of all or part our business or assets, if we decide to sell our business or assets or to merge with them (to the extent necessary and subject to confidentiality obligations);

- Your own organisation and business and professional advisers, contacts and partners: to the extent that others (in your organisation or a third party) in an actual or potential transaction or service with you are copied or forwarded or given personal information, this is also sharing your information with them but will only be done in the usual and normal course of business

- Other external entities (including professional and business advisers and partners): any other third parties (including banks, funders, investors, legal, accountancy, consultancy, tax, business or other advisors, regulatory authorities, land registries, companies registries, free zone registries, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property, or safety of us or our employees, or where such disclosure is required by law or is permitted for them to help us with their services.

We require third parties to have appropriate security to protect your information from unauthorised access or processing and to treat it in accordance with all applicable law. We do not permit third-party service providers to use your personal data for their own purposes, only to process your personal data for the same specified purposes as us and in accordance with our instructions. If you want further information about the third parties with whom we have shared your data and on what basis, please Contact Us.

Cookies, Opt-Outs and Third-Party Links

We may use cookies to ensure that you get the most out of our website. Cookies are small amounts of information in text files which we store on the device you use to access our website, social media or app. Cookies allow us to monitor and simplify your use of the website, social media or app. For further details on our cookies and how to opt out, please see our separate Cookies Policy.

You can opt out of any direct marketing communications that come from us at any time by contacting us or following links in the communication to opt out or unsubscribe.

Our website, social media pages and groups or apps may contain content, adverts and links to external websites, plug-ins and applications that are operated by third parties that may also operate cookies and collect personal data. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control them, are not responsible for their privacy statements, and this Policy does not apply to them, so you should check their own privacy policies.

How We Look After Your Information

We have security procedures and policies as to how your personal information is stored and used and who has access to it. We use appropriate security features to help prevent any unauthorised person gaining access to it. Sending information via the internet, although useful and essential, is always insecure to some extent. Although we take appropriate measures to protect your personal data, we cannot guarantee its security, especially if you send or receive it via a device, method or connection that is not secured.

We aim to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and of personal information that we hold.

We operate a policy of "privacy by design", with our systems and policies designed to take account of information security. We try to minimise the amount of personal information we hold and how long we hold it for. We use appropriate technological and operational security measures to protect your information against unauthorised access or unlawful use, which may include the following:

- physical: ensuring the physical security of our offices, equipment and devices;

- technical: ensuring the physical and digital security of our equipment and devices by using appropriate firewalls, password protection, pseudonymisation, encryption and other security;

- procedural: maintaining a privacy / data protection / information security policy for our personnel and contractors and providing them with related training.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator or data protection authority of a breach where legally required to do so.

How Long We Keep Your Personal Information

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for or to satisfy any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation or legal disputes in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of it, the purposes for which we process it, whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Please contact us if you would like more information about how long we keep your information for. In general terms:

- by law we have to keep basic information about certain people including our clients, suppliers, employees or contractors (including Contact, Identity, Financial and Transaction Data) for six years after they cease paying or being paid for tax purposes where applicable.

- in some circumstances you can ask us to delete your data: see Your Rights Relating to Your Information.

If we anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, we may use this information indefinitely without further notice to you.

International Transfers of Your Information

We are registered in the country of Georgia. We comply with the data protection and privacy legislation applicable, including in relation to international transfers of personal data. Our personnel and service providers and joint venture partners may be based in other countries.

We do not transfer your personal data internationally unless you instruct us to do so or the transfer is necessary to provide the services you requested from us or is otherwise required or permitted by law or as set out in this Policy (for example in relation to the joint venture collaboration companies or to cloud or technical service providers). If we transfer your personal data internationally, we ensure a similar degree of protection is in place by ensuring that a measure that is legally valid at the time is implemented, depending on the countries involved. Unfortunately, at the date of this policy the measures and validity of international transfers has been uncertain and changing for a number of years due to legal cases and the United Kingdom leaving the EU. In addition, at this date the United Arab Emirates has yet to publish its own data protection regulations.

Measures that may be used or valid may include:

- Your personal data is transferred to a country that the government or relevant authority has deemed to provide an adequate level of protection for personal data;

- Your personal data is transferred to recipients subject to specific contracts approved by the government or relevant authority giving protection to personal data (for example at the date of this policy the UK's "IDTA" International Data Transfer Agreement where relevant);

- Your personal data is transferred to recipients based in countries that have specific schemes in place (an example at one stage was the US Privacy Shield);

- Your personal data is transferred to recipients under any other basis legally permitted at the time under the legislation applicable to us.

On request and if required under applicable legislation we will supply you with further details on the protections for any of your personal data that is transferred or processed in another country.

Your Rights Relating to Your Information

We do not sell your personal data on to anyone else for their own use (this is relevant for example if you reside in California or Nevada or any other location that restricts or prohibits the sale of personal data for others' use). Other rights that you have under your privacy legislation are also covered by the rights referred to in this policy, which also covers the rights under UK and European legislation.

You may also have the right to complain to a data protection authority about our collection and use of your Personal Information. Depending on the country in which you reside, you may have some or all of the following data protection rights in respect of the information that we hold about you, including the following (subject to exceptions that would be notified to you at the time if applicable):

- the right to be informed of the ways in which we use your information: you are informed by this Policy, but contact us if you want more details;

- the right to ask us not to process your personal data for marketing purposes: we will comply if so requested as soon as possible;

- the right to request access to the information that we hold about you: this is commonly known as a "data subject access request" and enables you to receive a copy of personal data that we hold about you (to the extent that we are required to provide it) and to check that we are lawfully processing it. It will be helpful and faster if you could be as specific as possible about the data that you would like a copy of (including dates where possible).

- the right to request that we correct or rectify any information that we hold about you which is outdated or incorrect: we may need to verify the accuracy of the new data that you provide;

- the right to withdraw your consent for our use of your information if we are using it only in reliance of your consent: see On What Basis We Use Your Information;

- the right to object to our using your information on the basis of our legitimate interests: this right applies if there is something about your particular situation which makes you want to object to our processing on this ground (see On What Basis We Use Your Information) and if your rights override our own legitimate grounds to process your information;

- the right to request the transfer of your personal data to you or to someone else like a new replacement service provider: where possible, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;

- in certain circumstances, the right to ask us to delete information we hold about you: this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it or where you have successfully exercised your right to object to processing (see above), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. We may not always comply with your request of erasure for specific reasons which will be notified to you, if applicable, at the time;

- in certain circumstances, the right to request restriction of processing of your personal data: this enables you to ask us to suspend the processing of your personal data in the following scenarios: (i) if you want us to establish the data's accuracy; (ii) where our use of the data is unlawful, but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; (iv) if you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

- the right to complain about us: you may have to right to complain about us in relation to your data protection and / or privacy to the data protection authority in the region and country where our business is based (see Who We Are and How to Contact Us as well as a right to complain to the relevant authority in your country of work or residence if different. For more information, please contact your local data protection authority. We would, however, appreciate the chance to deal with your concerns ourselves before you approach any data protection authority, so please Contact Us first.

We may need to retain certain information for legal and record-keeping purposes. We may also need to send you service-related communications even if you opt not to receive marketing communications.

How to Exercise Your Rights

You may exercise your rights using the contact details referred to in Who We Are and How to Contact Us. We will comply with your request unless we have a lawful reason not to do so. It will help to get your request dealt with promptly and correctly if you could please clearly mark it in the subject matter with "Information Privacy Request" or "Data Protection Request" or similar wording and be as specific as you can in your request in relation to what you want.

Note that your objection to processing (or withdrawal of any previously given consent) could mean that we are unable to provide you with our services or otherwise perform the actions necessary to achieve the purposes set out above (see What We Use Your Information for). We may still be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal or regulatory obligations.

You may request us to cease sending you any marketing information at any time by notifying us as set out in Who We Are and How to Contact Us. Each marketing email sent to you will contain an easy, automated way for you to "opt out" and cease receiving marketing emails from us. If you have received unwanted, unsolicited marketing from us or claiming to be from us, you should please forward a copy of it with your comments to us for review.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any unauthorised person. We may also contact you to ask you for further information in relation to your request.

We will generally not charge any fee for you to access your personal data or exercise your other rights referred to. However, if your request is clearly unfounded, repetitive or excessive, we have the right to and may charge a reasonable fee or refuse to comply with your request.

Timing of our response to your requests: We will try to respond to all legitimate requests within one month. Sometimes it may take us longer if your request is particularly complex or you have made more than one request. If so, we will notify you and keep you updated.

Our Role as a Data Controller or Processor

We are the controller and responsible for your personal data where we collected that data for our own business purposes or where we are the person who controls and decides about its processing.

Where we perform services for someone else such as a client of ours who originally collected your personal data, we are the "processor" of that data. If so, you should also check the privacy policy of whoever you gave your data to because they will be the "controller" of that data. From our side as a processor, we will comply with all requirements on data processors in applicable data protection legislation. If we are the data processor rather than the data controller then we will:

- process the personal data only on the documented instructions of the controller;

- enter into a written contract or undertake to comply with written contractual clauses with the controller with regard to the data processing;

- only use staff and other persons who have a duty of confidentiality with regard to the data;

- comply with security obligations equivalent to those imposed on the controller by law;

- notify the controller of any breach in relation to the personal data shared by the controller;

- enlist a sub-processor only with the prior permission of the controller.

Changes to This Policy and Your Duty to Inform us of Data Changes

It is important that the personal information that we hold about you is accurate and current. Please let us know as soon as possible if any of it changes during your relationship with us.

We will, where appropriate, notify you (this may be by changing this Policy on our website) of any material changes, for example if there is a change in the processing purpose for your data, or a change in identity of controller. If we change the purpose for which we use your personal data from the purpose for which we collected it, we will on request give you further information about how the new purpose is compatible with the original purpose or the legal basis for the new purpose.

We keep this Policy under review. The date that it was last updated is set out below.

As a result of our reviews, we reserve the right to make changes to this Policy from time to time. The current version of this Policy is the one published at the relevant time on our website.

© Elise Billy t/a Squid 2024 - no copying permitted

Version Date: 01.02.24