Privacy Policy
A policy to inform Scarlet’s Data Subjects of their rights in relation to the personal data we collect. Please also see our Cookies Policy below for information about Scarlet’s use of cookies.
Scarlet
The Scarlet Company Group includes Scarlet Global Holdings Ltd, Scarlet NB UK Ltd and Scarlet NB B.V. This Privacy Policy will explain how our organisation uses the personal data we collect from you when you:
- visit our website;
- approach Scarlet as a potential customer;
- use Scarlet’s services as an existing customer; and
- engage with Scarlet as a potential recruit.
In all cases, you are a “Data Subject”.
Topics
In this Privacy Policy, we cover the following:
- What data do we collect from you?
- How do we collect your data?
- How will we use your data?
- What is our legal justification for collecting your data?
- How do we store your data?
- What are your data protection rights?
- What happens if you withdraw your consent?
- How do we make changes to this Privacy Policy?
- How do you get in touch with us?
- How do you contact the appropriate authorities?
What data do we collect?
Our website visitors
There are two entry forms for general visitors to our website.
Under the “Get in touch” tab, website visitors may enter:
- your first and last name;
- your company;
- your email address;
- a specific enquiry (which may include, but does not request, personal data).
Under the “Newsroom” tab, website visitors may enter:
- your first and last name; and
- your email address.
In both tabs, the only field that is “required” is your email address.
A third entry form is available for those wishing to leave feedback or a complaint.
Those entering information under the “Complaints and feedback” tab are required to enter:
- your full name;
- your email address.
You may also enter the name of the company that you work for, and any personal data related to your complaint or feedback (although this is not requested or required).
We also collect cookies. Please see our Cookies Policy below for more information on the cookies we collect.
Our prospective customers
Scarlet may collect the following personal information in our early interactions with you, a prospective customer:
- your full name and contact details (including email address and phone number);
- your employer, role and job title; and
- your signature.
Our existing customers
In order to provide our services (i.e. conformity assessment activities), Scarlet may also collect the following personal information about you, as an employee or representative of a customer:
- your full name and contact details (including email address and phone number);
- your employer, role and job title;
- your education and training qualifications (including dates);
- your job history and work experience (including dates); and
- your signature.
Customers may also provide aggregated health information about their patients or the users of their medical devices. For example, information on the clinical characteristics of a population involved in a clinical investigation. Customers may also proactively inform us of incidents that concern specific individuals in the open entry fields of Scarlet’s software.
We do not request any health information. We strongly advise our customers against inputting any specific health information about themselves or their customers in Scarlet’s software.
Our prospective recruits
Scarlet may collect the following data from you in the recruitment or onboarding processes:
- full name, home address, email address, phone number, date of birth;
- training qualifications, job history, information from referees;
- details of criminal convictions;
- information about your identity and right to work, including passport, national insurance number, tax code and bank account details;
- other personal information that may be required to assess whether you are a good match for the role; and
- your signature.
How do we collect your data?
Our website visitors
You directly provide Scarlet with your contact details when you complete the fields on our website.
Our prospective customers
We obtain this information directly from you, or representatives at your company. Occasionally, in the case of full name and contact details, we might obtain this information from mutual connections (such as investors), who think that we might work well together.
You might communicate the data to us over email, Slack or phone calls. You may also input it into our customer contract or other legal agreement.
Our existing customers
After you have been onboarded as a Scarlet customer, you (or representatives at your company), will continue to provide us with personal data – likely over email, Slack or phone calls.
You and your colleagues might also communicate the data to us by inputting it into Scarlet’s software.
Our prospective recruits
You directly provide most of this information to Scarlet – including over email, Slack or phone calls.
We also collect the data from third parties such as recruitment agencies, background checking companies or former employers, using the same mediums.
We may obtain the data from your public profiles available online including, for example, recruitment platforms.
How will we use your data?
Our website visitors
Scarlet collects your data so that we can communicate with you in relation to the services we provide or may provide.
This may include:
- responding to your complaint or feedback;
- sharing updates about our service, such as new markets and jurisdictions;
- inviting you to events;
- sharing thought leadership that might be interesting to you (for example, blog posts, articles, or appearances on panels or podcasts).
Our prospective customers
As with our website visitors, we collect your data to communicate with you in relation to the services we provide or may provide.
However, we may also process your data to:
- give you information about the services we provide or may provide; and
- determine whether you are eligible to receive Scarlet’s services.
Our existing customers
Scarlet collects your data so that we can:
- conduct conformity assessment activities in relation to your business or your product(s); and
- ensure that both you and Scarlet comply with the relevant regulations on an ongoing basis.
We may also process your data to communicate with you as if you were a website user, or prospective customer.
Our prospective recruits
Scarlet uses the data we collect in the recruitment and onboarding process to:
- identify you as a possible new recruit for Scarlet;
- make an assessment about your eligibility and suitability for the role;
- communicate with you about the role;
- agree a contract with you.
What is our legal justification for collecting your data?
Our website visitors
Legitimate interest: By visiting the website and entering your email address, we understand that you are interested in receiving additional information about Scarlet and its services, which gives us a legitimate interest in processing your personal data for the purpose of doing so. Subscribing to our marketing materials and communications will always be optional.
Our prospective customers
Contract: In seeking the services, you request that we take certain steps prior to entering a customer contract. We collect your personal data in that context. Legitimate interest: We require the information to assess whether you are eligible for our services and, if so, to sign a contract with you.
Our existing customers
- Contract: We collect some of the data to perform the job required of us under the contract.
- Official authority: As an approved, notified or certification body, Scarlet is required to make assessments about the qualifications of some of our customer’s employees. Scarlet may collect your data to comply with our own regulatory requirements.
- Legitimate interest: We may collect your data for another legitimate interest, such as to communicate with a colleague about the service we provide.
Our prospective recruits
- Contract: In responding to the job application, request that Scarlet take certain steps to enter into an employment agreement. Scarlet collects your data in that context.
- Legitimate interest: Scarlet requires the information to assess whether you are eligible for the job and, if so, to sign an employment agreement with you.
How do we store your data?
Scarlet stores very little of your personal data itself, but instead engages well-known and verifiable third party processors to do so on Scarlet’s behalf.
In so doing, Scarlet can ensure that your personal data is:
- encrypted at rest;
- protected by two factor authentication;
- backed up regularly; and
- only held by data storage providers who are compliant with state of the art information security standards and practice.
The following entities may be involved in the storage and processing of your personal data:
- Google;
- Slack;
- Attio;
- Github;
- VS Code;
- Amazon Web Services;
- Xero;
- HSBC;
- GoCardless;
- Wise;
- Zapier;
- Airfocus;
- Ashby;
- Otta;
- Dockerhub;
- Dropbox Sign;
- Intercom;
- Miro;
- Monday;
- Notion;
- Mailchimp;
- Employers of record; and
- Other external advisors (such as lawyers and accountants).
The information security protections implemented by these entities are reviewed and documented in [Record: Third-Party IT Provider Review].
We keep your personal information only as long as we need it. In most cases, we deem this to be 7 years from the day that you stop interacting with Scarlet (which may also be the day that you stop using our services).
In the case of potential recruits, we only store your personal information for 3 years following our last contact with you.
We will then dispose of your information by deleting it from our systems, or by ensuring that it is sufficiently aggregated or anonymised.
How do we share your data?
To the extent that it is relevant and necessary, Scarlet may share the data it collects with Scarlet’s people (that is, its employees, directors, agents and contractors). Scarlet’s people are based in the UK, EU, and US.
We may also share your data with third parties for the purpose of intra-group financing and administration, which may include our investors (and prospective acquirers), external legal and financial advisors and our Employers of Record.
Your data may be shared with government authorities, regulators and law enforcement officials if needed for the legal protection of our legitimate interests in compliance with applicable laws.
What are your data protection rights?
Scarlet would like to make sure you are fully aware of all of your data protection rights. Every Data Subject is entitled to the following:
- The right to access: You have the right to request copies of your personal data from Scarlet. We may charge you a small fee for this service.
- The right to rectification: You have the right to request that Scarlet correct any information you believe is inaccurate. You also have the right to request that Scarlet completes information that you believe is incomplete.
- The right to erasure: You have the right to request that Scarlet erases your personal data, under certain conditions.
- The right to restrict processing: You have the right to request that Scarlet restricts the processing of your personal data, under certain conditions.
- The right to object to processing: You have the right to object to Scarlet’s processing of your personal data, under certain conditions.
- The right to data portability: You have the right to request that Scarlet transfers the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: ops@scarletcomply.com.
What happens if you withdraw your consent?
In the circumstances where you have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
When we have received notice from you that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.
How do we make changes to this Privacy Policy?
Scarlet keeps its Privacy Policy under regular review and places any updates on this page. This Privacy Policy was last updated in January 2025.
How do you get in touch with us?
If you have any questions about this Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at ops@scarletcomply.com.
How do you contact the appropriate authorities?
Should you wish to report a complaint or if you feel that Scarlet has not addressed your concern in a satisfactory manner, you may contact:
Cookies Policy
Scarlet
The Scarlet Company Group includes Scarlet Global Holdings Ltd, Scarlet NB UK Ltd and Scarlet NB B.V. This Cookies Policy explains why we use cookies, and your rights in relation to that use.
Topics
In this Cookies Policy, we cover the following:
- What are cookies?
- What cookies do we collect from you and how do we use them?
- Are cookies shared with third parties?
- What are your rights in relation to those cookies?
- How do you change your cookie preferences?
- How do we make changes to this Cookies Policy?
- How do you get in touch with us?
- How do you contact the appropriate authorities?
What are cookies?
A cookie is a small text file which may be downloaded to your device when you visit our website. We use cookies to make our website work and collect information about your visits.
What cookies do we collect from you and how do we use them?
Scarlet uses Plausible Analytics for data insights, and therefore does not collect analytics cookies. More on that here.
Scarlet collects necessary cookies. Necessary cookies are used for activities that are strictly necessary to operate or deliver the service you requested from us and, therefore, do not require you to consent.
Scarlet collects the following necessary cookies (displayed as follows: | Name | Provider | Expiry | Description |):
| intercom-device-id- | Intercom Messenger | 9 months | To store a unique user ID |
| intercom-id- | Intercom Messenger | 270 days | To store anonymous visitor identifier cookie |
| intercom-session- | Intercom Messenger | 1 week | To facilitate Intercom’s messenger (chat bubble) service |
| cf_bm | CloudFlare | 30 minutes | To read and filter requests from bots |
Note: Intercom cookies are only collected from customers who have signed a contract with Scarlet and are communicating with Scarlet through the third party, Intercom.
Are cookies shared with third parties?
Where third party cookies are used (including both Intercom and CloudFlare), they may share the information collected by their cookies with third parties for the purposes of targeted advertising. Please visit their privacy notices for more information.
What are your rights?
You have the right to be informed of the cookies we collect, which is the purpose of this policy. Given that we don’t use any analytics cookies, we don’t ask for your express consent. But if you have any objections to our collection of strictly necessary cookies, please reach out.
How do you change your cookie preferences?
You can allow or block cookies by activating the setting on your browser that permits you to change the setting of all or some cookies. Please note that disabling cookies may affect the availability or functionality of our website.
How do we make changes to this Cookies Policy?
Scarlet keeps its Cookies Policy under regular review and places any updates on this page. This Cookies Policy was last updated in January 2025.
How do you get in touch with us?
If you have any questions in relation to this policy, or our use of cookies, please contact us using the details set out in our Privacy Policy.
How do you contact the appropriate authorities?
Links are provided in our Privacy Policy.