• The Experience
  • Customer Stories
  • LLMs
  • Transfers
  • Mission
  • Company
  • Blog
  • Careers
  • Get in touch
    •

    Privacy Policy

    A policy to inform Scarlet’s Data Subjects of their rights in relation to the personal data we collect. Please also see our Cookies Policy below for information about Scarlet’s use of cookies.

    Scarlet

    The Scarlet Company Group includes Scarlet Global Holdings Ltd, Scarlet NB UK Ltd and Scarlet NB B.V. This Privacy Policy will explain how our organisation uses the personal data we collect from you when you:

    • visit our website;
    • approach Scarlet as a potential customer;
    • use Scarlet’s services as an existing customer; and
    • engage with Scarlet as a potential recruit.

    In all cases, you are a “Data Subject”.

    Topics

    In this Privacy Policy, we cover the following:

    1. What data do we collect from you?
    2. How do we collect your data?
    3. How will we use your data?
    4. What is our legal justification for collecting your data?
    5. How do we store your data?
    6. What are your data protection rights?
    7. What happens if you withdraw your consent?
    8. How do we make changes to this Privacy Policy?
    9. How do you get in touch with us?
    10. How do you contact the appropriate authorities?

    What data do we collect?

    Our website visitors

    There are two general entry forms for visitors to our website.

    Under the “Get in touch” tab, website visitors may enter:

    • your first and last name;
    • your company;
    • your email address;
    • a specific enquiry (which may include, but does not request, personal data).

    Under the “Newsroom” tab, website visitors may enter:

    • your first and last name; and
    • your email address.

    In both tabs, the only field that is “required” is your email address.

    A third entry form is available for those wishing to leave feedback or a complaint.

    Those entering information under the “Complaints and feedback” tab are required to enter:

    • your full name;
    • your email address.

    You may also enter the name of the company that you work for, and any personal data related to your complaint or feedback (although this is not requested or required).

    We also collect cookies. Please see our Cookies Policy below for more information on the cookies we collect.

    For all visitors to our website

    We may use your IP address, solely for the purpose of identifying the company that you work for, and your activity on our website.

    We also use cookies. Please see our Cookies Policy below for more information on the cookies we use.

    Our prospective customers

    Scarlet may collect the following personal information in our early interactions with you, a prospective customer:

    • your full name and contact details (including email address and phone number);
    • your employer, role and job title; and
    • your signature.

    Our existing customers

    In order to provide our services (i.e. conformity assessment activities), Scarlet may also collect the following personal information about you, as an employee or representative of a customer:

    • your full name and contact details (including email address and phone number);
    • your employer, role and job title;
    • your education and training qualifications (including dates);
    • your job history and work experience (including dates); and
    • your signature.

    Customers may also provide aggregated health information about their patients or the users of their medical devices. For example, information on the clinical characteristics of a population involved in a clinical investigation. Customers may also proactively inform us of incidents that concern specific individuals in the open entry fields of Scarlet’s software.

    We do not request any health information. We strongly advise our customers against inputting any specific health information about themselves or their customers in Scarlet’s software.

    Our prospective recruits

    Scarlet may collect the following data from you in the recruitment or onboarding processes:

    • full name, home address, email address, phone number, date of birth;
    • training qualifications, job history, information from referees;
    • details of criminal convictions;
    • information about your identity and right to work, including passport, national insurance number, tax code and bank account details;
    • other personal information that may be required to assess whether you are a good match for the role; and
    • your signature.

    How do we collect your data?

    Our website visitors

    We use a third party provider to collect your IP address, and trace it back to your connected entity, when you visit our website.

    Any other personal data that we collect is provided by you directly when you complete the associated fields on our website.

    Our prospective customers

    We obtain this information directly from you, or representatives at your company.

    Occasionally, in the case of full name and contact details, we might obtain this information from mutual connections (such as investors), who think that we might work well together, or from various tools that scrape publicly available information to identify those who would have a genuine interest in our business-to-business service offering (i.e. if you are or could be a prospective customer).

    You might communicate other personal data to us over email, Slack or phone calls. You may also input it into our customer contract or other legal agreement.

    Our existing customers

    After you have been onboarded as a Scarlet customer, you (or representatives at your company), will continue to provide us with personal data – likely over email, Slack or phone calls.

    You and your colleagues might also communicate the data to us by inputting it into Scarlet’s software.

    Our prospective recruits

    You directly provide most of this information to Scarlet – including over email, Slack or phone calls.

    We also collect the data from third parties such as recruitment agencies, background checking companies or former employers, using the same mediums.

    We may obtain the data from your public profiles available online including, for example, recruitment platforms.

    How will we use your data?

    Our website visitors

    Scarlet collects your data so that we can communicate with you in relation to the services we provide or may provide.

    This may include:

    • responding to your complaint or feedback;
    • sharing updates about our service, such as new markets and jurisdictions;
    • inviting you to events;
    • sharing thought leadership that might be interesting to you (for example, blog posts, articles, or appearances on panels or podcasts).

    Our prospective customers

    As with our website visitors, we collect your data to communicate with you in relation to the services we provide or may provide.

    However, we may also process your data to:

    • give you information about the services we provide or may provide; and
    • determine whether you are eligible to receive Scarlet’s services.

    Our existing customers

    Scarlet collects your data so that we can:

    • conduct conformity assessment activities in relation to your business or your product(s); and
    • ensure that both you and Scarlet comply with the relevant regulations on an ongoing basis.

    We may also process your data to communicate with you as if you were a website user, or prospective customer.

    Our prospective recruits

    Scarlet uses the data we collect in the recruitment and onboarding process to:

    • identify you as a possible new recruit for Scarlet;
    • make an assessment about your eligibility and suitability for the role;
    • communicate with you about the role;
    • agree a contract with you.

    What is our legal justification for collecting your data?

    Our website visitors

    • Legitimate interest: By visiting our website, we understand that you are interested in receiving additional information about Scarlet and its services, which gives us a legitimate interest in processing your personal data for the purpose of doing so. Subscribing to our marketing materials and communications will always be optional.

    Our prospective customers

    • Contract: In seeking the services, you request that we take certain steps prior to entering a customer contract. We collect your personal data in that context.
    • Legitimate interest: You work at a company, in a role that indicates that you may be interested in hearing about our services. We process the information to assess whether you are both eligible and interested and, if so, to sign a contract with you.

    Our existing customers

    • Contract: We collect some of the data to perform the job required of us under the contract.
    • Official authority: As an approved, notified or certification body, Scarlet is required to make assessments about the qualifications of some of our customer’s employees. Scarlet may collect your data to comply with our own regulatory requirements.
    • Legitimate interest: We may collect your data for another legitimate interest, such as to communicate with a colleague about the service we provide.

      Our prospective recruits

      • Contract: In responding to the job application, request that Scarlet take certain steps to enter into an employment agreement. Scarlet collects your data in that context.
      • Legitimate interest: Scarlet requires the information to assess whether you are eligible for the job and, if so, to sign an employment agreement with you.

        How do we store your data?

        Scarlet stores very little of your personal data itself, but instead engages well-known and verifiable third party processors to do so on Scarlet’s behalf.

        In so doing, Scarlet can ensure that your personal data is:

        • encrypted at rest;
        • protected by two factor authentication;
        • backed up regularly; and
        • only held by data storage providers who are compliant with state of the art information security standards and practice.

        The following entities may be involved in the storage and processing of your personal data:

        • Google;
        • Slack;
        • Attio;
        • Github;
        • VS Code;
        • Amazon Web Services;
        • Xero;
        • HSBC;
        • GoCardless;
        • Wise;
        • Zapier;
        • Airfocus;
        • Ashby;
        • Otta;
        • Dockerhub;
        • Dropbox Sign;
        • Intercom;
        • Miro;
        • Monday;
        • Notion;
        • Mailchimp;
        • AirCall;
        • Anthropic;
        • Apollo;
        • Cursor;
        • Fathom;
        • Figma;
        • Granola;
        • Krisp;
        • NordVPN;
        • Employers of record; and
        • Other external advisors (such as lawyers and accountants).

        The information security protections implemented by these entities are reviewed and documented in [Record: Third-Party IT Provider Review].

        We keep your personal information only as long as we need it. In most cases, we deem this to be 7 years from the day that you stop interacting with Scarlet (which may also be the day that you stop using our services).

        In the case of potential recruits, we only store your personal information for 3 years following our last contact with you.

        We will then dispose of your information by deleting it from our systems, or by ensuring that it is sufficiently aggregated or anonymised.

        How do we share your data?

        To the extent that it is relevant and necessary, Scarlet may share the data it collects with Scarlet’s people (that is, its employees, directors, agents and contractors). Scarlet’s people are based in the UK, EU, and US.

        We may also share your data with third parties for the purpose of intra-group financing and administration, which may include our investors (and prospective acquirers), external legal and financial advisors and our Employers of Record.

        Your data may be shared with government authorities, regulators and law enforcement officials if needed for the legal protection of our legitimate interests in compliance with applicable laws.

        What are your data protection rights?

        Scarlet would like to make sure you are fully aware of all of your data protection rights. Every Data Subject is entitled to the following:

        • The right to access: You have the right to request copies of your personal data from Scarlet. We may charge you a small fee for this service.
        • The right to rectification: You have the right to request that Scarlet correct any information you believe is inaccurate. You also have the right to request that Scarlet completes information that you believe is incomplete.
        • The right to erasure: You have the right to request that Scarlet erases your personal data, under certain conditions.
        • The right to restrict processing: You have the right to request that Scarlet restricts the processing of your personal data, under certain conditions.
        • The right to object to processing: You have the right to object to Scarlet’s processing of your personal data, under certain conditions.
        • The right to data portability: You have the right to request that Scarlet transfers the data that we have collected to another organization, or directly to you, under certain conditions.

        If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: ops@scarletcomply.com.

        What happens if you withdraw your consent?

        In the circumstances where you have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

        When we have received notice from you that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.

        How do we make changes to this Privacy Policy?

        Scarlet keeps its Privacy Policy under regular review and places any updates on this page. This Privacy Policy was last updated in December 2025.

        How do you get in touch with us?

        If you have any questions about this Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at ops@scarletcomply.com.

        How do you contact the appropriate authorities?

        Should you wish to report a complaint or if you feel that Scarlet has not addressed your concern in a satisfactory manner, you may contact:

        Cookies Policy

        Scarlet

        The Scarlet Company Group includes Scarlet Global Holdings Ltd, Scarlet NB UK Ltd and Scarlet NB B.V. This Cookies Policy explains why we use cookies, and your rights in relation to that use.

        Topics

        In this Cookies Policy, we cover the following:

        1. What are cookies?
        2. What cookies do we collect from you and how do we use them?
        3. Are cookies shared with third parties?
        4. What are your rights in relation to those cookies?
        5. How do you change your cookie preferences?
        6. How do we make changes to this Cookies Policy?
        7. How do you get in touch with us?
        8. How do you contact the appropriate authorities?

        What are cookies?

        A cookie is a small text file which may be downloaded to your device when you visit our website. We use cookies to make our website work and collect information about your visits.

        Which cookies do we collect from you and how do we use them?

        Scarlet collects both necessary and performance cookies. 

        Necessary

        Necessary cookies are used for activities that are strictly necessary to operate or deliver the service you requested from us and, therefore, do not require you to consent.

        Scarlet collects the following necessary cookies:

        Name  Provider Expiry Description Applicable to
        intercom-device-id Intercom Messenger 9 months To store a unique user ID Scarlet customers
        intercom-id- Intercom  Messenger 270 days To store anonymous visitor identifier cookie Scarlet customers
        intercom-session- Intercom Messenger 1 week To facilitate Intercom’s messenger (chat bubble) service Scarlet customers
        cf-bm CloudFlare 30 minutes To read and filter requests from bots All website visitors
        _cfuvid CloudFlare session To enforce rate-limiting rules All website visitors
        cf_clearance CloudFlare 7 days To defend against bots All website visitors
        _auth Scarlet 30 days To authenticate users Scarlet customers
        identity Scarlet 1 hour To authenticate users Scarlet customers
        session Scarlet session To support logins Scarlet customers
        sid Scarlet session To support logins Scarlet customers
        login-hint Scarlet 30 days To suggest the same provider for your next login Scarlet customers

        Note: Certain cookies, as marked above, are only collected from customers who have signed a contract with Scarlet and are accessing Scarlet’s submission and assessment software, or knowledge base.

        Performance

        Performance cookies allow us to count the number of people visiting the pages on our website, and see where they’re coming from.

        This helps us to measure and improve the performance of our website, and ensure that we’re reaching out to businesses that are most likely to be actually interested in our services.

        Name  Provider Expiry Description Applicable to
        apollo_visitor_id Apollo.io 12 months To recognise returning visitors and associate visits across sessions. Those who visit Scarlet’s website and consent to performance cookies.
        apollo_session_id Apollo.io session Tracks a single browsing session to analyse page views and navigation during that visit. Those who visit Scarlet’s website and consent to performance cookies.
        Apollo_device_info  Apollo.io 12 months Stores device and browser metadata to support traffic analysis and de-duplication Those who visit Scarlet’s website and consent to performance cookies.
        apollo_company_match Apollo.io Variable (controlled by Apollo) Uses IP address and visit metadata to identify the organisation associated with a visit. This is processed server-side by Apollo rather than stored directly in a cookie. Those who visit Scarlet’s website and consent to performance cookies.

        Are cookies shared with third parties?

        Where third party cookies are used (including, for example, from Intercom, CloudFlare, and Apollo), they may share the information collected by their cookies with third parties for the purposes of targeted advertising. Please visit their privacy notices for more information.

        What are your rights?

        You have the right to be informed of the cookies we collect, which is the purpose of this policy. We will only collect performance cookies if you have given your prior consent.

        How do you change your cookie preferences?

        You can allow or block cookies by activating the setting on your browser that permits you to change the setting of all or some cookies. Please note that disabling cookies may affect the availability or functionality of our website.

        How do we make changes to this Cookies Policy?

        Scarlet keeps its Cookies Policy under regular review and places any updates on this page. This Cookies Policy was last updated in December 2025.

        How do you get in touch with us?

        If you have any questions in relation to this policy, or our use of cookies, please contact us using the details set out in our Privacy Policy.

        How do you contact the appropriate authorities?

        Links are provided in our Privacy Policy.