NC Squared Limited Privacy Policy

Updated

November 17, 2025

Contents

1. Introduction

NC Squared is committed to safeguarding the privacy of our website users, users of our Booking Engine and Distribution Engine software, and the personnel of our customers, prospective customers and suppliers.

For users of our Booking Engine software, this policy should be read alongside our supplemental privacy policy for Booking Engine, available here: https://nc-squared.com/privacy/booking-engine-privacy-policy

In addition, you can find information about the cookies and similar systems used on our website and by our applications here: https://nc-squared.com/privacy/nc-squared-limited-cookies-policy

In this policy, “we”, “us” and “our” refer to NC Squared Limited, NC Squared, Inc and our other group companies from time to time. Information about our group companies is set out at the end of this policy.

This policy applies where we act as a “controller” of personal data. In most cases, we act as a controller.

However, with respect to the personal data supplied to us under a support ticket, we do not act as a controller; instead, we act as a processor. Our legal obligations as a processor are set out in the contracts between us and our customers, and this policy does not apply with respect to our handling of that data.

2. The personal data we collect

In this table, we have set out the general categories of personal data that we process and information about the source and specific categories of that data.

If you contact us via an online form, then metadata relating to that contact may be generated automatically by our systems. This could include the date and time of your contact, and associated usage and analytics data.

3. Purposes of processing and legal basis

In this table, we have set out the purposes for which we may process personal data and the legal bases of the processing under UK and EU data protection laws.

Calendar, availability and booking data may be used in accordance with the privacy policy at: https://nc-squared.com/privacy/booking-engine-privacy-policy

Occasionally, we may process your personal data for a different purpose, but only where that purpose is compatible with the original purpose for which the data was collected, and subject always to applicable law.

Where we rely on legitimate interests to process personal data, we will ensure that those legitimate interests are recognised in law, or that we balance our interests with your own interests, rights and freedoms, ensuring that we protect these as required by law.

4. Providing your personal data to others

Our group companies (listed at the end of this policy) act as joint controllers of your personal data with respect to the processing described in this policy and may share personal data insofar as reasonably necessary for internal administrative purposes (this sharing is on the basis of our legitimate interests).

We may share your personal data with our services providers and providers of integrated services, as detailed at: https://nc-squared.com/privacy/service-providers

Where that data is gathered by means of cookies and similar systems, our cookies policy explains the purposes for which those systems are used: https://nc-squared.com/privacy/nc-squared-limited-cookies-policy

When you use Booking Engine, we may share limited calendar, availability and booking data with our integrated calendar services providers, but only insofar as necessary to enable make Booking Engine work. For more details, see: https://nc-squared.com/privacy/booking-engine-privacy-policy

We may also disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.

We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

We may disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claim

5. International transfers of your personal data

We and our other group companies have offices in the UK and USA. Transfers to the USA will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the competent data protection authorities.

In addition, we may transfer your personal data to our services providers, and permit those services providers to transfer your personal data, in those jurisdictions detailed in the pages linked to in Section 4 above, subject to the specified safeguards.

6. Retaining and deleting of personal data

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

This table sets out our maximum data retention periods – in each case following the specified reference date.

Notwithstanding the foregoing, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.

7. Your rights

In this table, we have listed the key rights of individuals under UK and EU data protection law.

These rights are available where UK and/or EU data protection laws apply but are subject to certain limitations and exceptions. You can learn more about the rights of data subjects, from a UK perspective, by visiting: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

You may exercise any of your rights in relation to your personal data by written policy to us, using the contact details set out below.

You also have the right under California Civil Code Section 1798.83 (the Shine the Light Law) to request certain information regarding the disclosure of your personal data to third parties for such third parties’ direct marketing purposes. We do not share your personal information with third parties for such purposes.

8. Third party websites

Our website includes hyperlinks to, and details of, third party websites. In general, we have no control over, and are not responsible for, the privacy policies and practices of third parties. The applicable privacy notice of the relevant third party will govern.

9. Children’s privacy

Our website is not intended for use by children and we do not knowingly collect personal data from children. If you have reason to believe that we may have accidentally received personal data from an individual under the age of majority, please contact us using the contact details set out below.

10. Updating information

Please let us know if the personal information that we hold about you needs to be corrected or updated – see below for contact details.

11. Amendments

We may update this policy from time to time by publishing a new version on our website. Any use of our website or applications after a new version of this policy has been published will be subject to that version. You should check this page occasionally to ensure you are happy with any changes to this policy.

12. Our details

Details of our group companies are set out in this table.

13. Personal data manager and registration

Our personal data manager with respect to our obligations under data protection law can contacted by writing to privacy@nc-squared.com.

If you have any complaints regarding our handling of personal data, please address them to the data protection manager.

We are registered as a data controller with the UK Information Commissioner’s Office. Our data protection registration number is ZB941157.

If you are unsatisfied with how your data has been processed, you may also lodge a complaint at the Information Commissioner’s Office.

Contact details for the Information Commissioner’s Office can be found at: https://ico.org.uk/global/contact-us/contact-us-public/