Skip to content

Square One Privacy Policy

Effective Date: December 2025

Square One Consulting Ltd (“Square One”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal information in a transparent, secure, and lawful manner.  This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you interact with our website, our consultancy services, or any related digital channels.

This Policy applies to www.square-one-consultants.com and any other Square One digital services.

1. Who We Are

Square One is a UK-based strategic consultancy that supports SME business owners with:

  • Value creation & exit planning
  • Mergers & acquisitions
  • Digital transformation and AI adoption
  • Strategic growth and organisational planning

We act as the Data Controller for the personal information you provide to us.
For contact details, see Section 13 below.

2. Information We Collect

We may collect and process the following categories of personal data.

A. Information You Provide Directly

  • Contact Information: Name, job title, company name, email address, telephone number.
  • Business Information: Company size, sector, acquisition interests, digital maturity details, or documents you voluntarily upload or share.
  • Form Submissions: Information provided through HubSpot forms, newsletter sign-ups, downloads, or consultation requests.
  • Communication Records: Emails, calls, meeting notes, or any correspondence with our team.

B. Information Collected Automatically

  • Usage Data: IP address, browser type, device identifiers, pages visited, time spent, referral sources, and interactions with our site.
  • Cookies & Tracking Data: Cookies, pixels, tags, and similar technologies (see our Cookie Policy).

C. Information From Third Parties

  • Lead-generation partners (e.g., HubSpot, LinkedIn)
  • Public business databases (e.g., Companies House)
  • Referral partners or affiliates
  • Social platforms when you interact with our content

We collect only the minimum information necessary to deliver our services and operate our website.

3. How We Use Your Information

We process your information for the following purposes, which are consistent with and expanded from the reference policy.
Privacy Policy

  • To deliver our consultancy services including strategic advisory, M&A support, and digital transformation projects.
  • To respond to enquiries and provide information you request.
  • To personalise your experience on the website and deliver relevant insights or resources.
  • To improve our website, content, and user experience.
  • To send marketing communications such as insights, updates, newsletters, and event invitations (only with your consent or based on legitimate interest when appropriate).
  • To manage relationships, including sales discussions, project onboarding, and account management.
  • To carry out analytics, reporting, and business planning (HubSpot, Google Analytics, LinkedIn Insights, etc.).
  • To protect our systems, detect fraud, and maintain security.
  • To comply with legal obligations, regulatory requirements, and enforce our rights.
  • We never sell your data.

4. Legal Basis for Processing (UK & EU)

Under the UK GDPR and EU GDPR, we rely on the following lawful bases:

  • Consent – e.g., marketing emails, newsletter subscriptions, cookie-based tracking.
  • Contractual Necessity – delivering consultancy services or responding to service enquiries.
  • Legitimate Interests – improving our website, direct B2B communications to relevant professionals, maintaining security, and developing our business strategy.
  • Legal Obligation – complying with tax, regulatory, or statutory requirements.

Where we rely on legitimate interests, we balance this with your privacy rights.

5. Sharing Your Information

We may share your personal data only with trusted partners and only when necessary.

A. Service Providers

Including:

  • HubSpot (CRM, marketing automation, and website hosting)
  • Cloud hosting and IT security providers
  • Professional advisors (legal, financial, compliance)
  • Analytics providers (Google Analytics, LinkedIn, etc.)

B. Consultancy Engagement Partners

Where relevant and agreed, such as:

  • Due diligence partners
  • M&A counterparties
  • Subcontractors under NDA for specialised advisory work

C. Legal or Regulatory Authorities

Where required by law or necessary to protect our rights.

D. Business Transfers

If we undertake a merger, acquisition, restructuring, or sale of assets, data may be transferred to the successor entity.
We do not permit third parties to use your data for their own purposes without your explicit consent.

6. How We Store and Protect Your Information

We implement layered security measures including:

  • Encrypted data transmission (TLS/SSL)
  • Secure hosting environments
  • Access controls and authentication protocols
  • Data minimisation and retention governance
  • HubSpot’s and cloud providers' security standards
  • Despite robust security, no online system can guarantee absolute protection.

7. Data Retention

We keep personal data only for as long as necessary for the purposes listed in this policy, or as required by law.
Typical retention periods include:

  • Sales and enquiry records: up to 3 years
  • Client project files: up to 7 years
  • Marketing lists: until consent is withdrawn or preferences are updated
  • Cookies: varies by cookie type (see Cookie Policy)

8. Your Rights (UK & EU Residents)

You may have the following rights regarding your personal data, consistent with GDPR and the template you provided:
Privacy Policy

  • Right of Access – to request a copy of your personal data
  • Right to Rectification – to correct inaccurate information
  • Right to Erasure (“right to be forgotten”)
  • Right to Restriction of Processing
  • Right to Object – including to direct marketing
  • Right to Data Portability
  • Right to Withdraw Consent at any time
  • Right to Lodge a Complaint with the ICO (UK supervisory authority)

To exercise your rights, contact us using the details below.

9. Cookies and Tracking Technologies

Our website uses cookies, pixels, and similar tracking technologies via HubSpot, Google Analytics, and other tools to:

  • Understand visitor behaviour
  • Improve site performance
  • Support marketing and retargeting
  • Provide personalised experiences

Cookie details, categories, and preference controls are explained in our Cookie Policy.

10. International Data Transfers

If we transfer your information outside the UK or EEA, we ensure appropriate safeguards, such as:

  • UK/EU Standard Contractual Clauses (SCCs)
  • Approved transfer risk assessments
  • Use of providers with robust security frameworks (e.g., HubSpot US)

We take steps to ensure your data remains protected at all times.

11. Automated Decision-Making and Profiling

We do not make automated decisions that produce legal or significant effects on individuals. We may use limited profiling for marketing relevance (e.g., content personalisation), but only within the boundaries of consent and legitimate interest frameworks.

12. Links to Other Websites

Our website may contain links to external sites. We are not responsible for their content or privacy practices. We recommend reviewing their privacy policies.

13. Contact Us

If you have questions, concerns, or wish to exercise your data rights, please contact:
SOC Holdings Ltd T/A Square One 1 Neville Street Embankment Leeds LS1 4DH hello@square-one-consultants.com 03301 339 933
You may also contact the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.

14. Updates to This Privacy Policy

We may update this Policy from time to time to reflect changes in:

  • Legal requirements
  • Our business practices
  • Technology and website functionality

When updated, the latest version will be posted on this page with a revised effective date.