Privacy Policy

Committed to protecting your privacy

Down Arrow Icon

3squared Privacy Policy

Your personal information is being processed by 3SQUARED LTD of Fountain Precinct, Balm Green, Sheffield, S1 2JA.  We can be contacted by email [email protected].


  • We only seek personal information that is relevant to the recruitment decision to be made.
  • The only information we require on a candidate’s CV in the first instance is their name, a telephone number and an email address in order for us to contact them. We do not require a DOB, Address or National Insurance Number.
  • We may process the following information about you including information you provide:
    • by filling in ‘contact us’ forms on our web sites;
    • at the time of registering to use our sites;
    • when subscribing to our services;
    • when posting material or requesting further services;
    • when you enter a competition or promotion;
    • when you report a problem with our sites;
    • when you complete surveys for example for research purposes;
    • when you to sign up for our RailSmart communications to provide essential updates on maintenance and deployments, progress updates and team availability etc.
    • If you request a demo of our software.
    • From time to time, we purchase 3rd party data, including professional email address, company name and job title.
  • If you apply for a job and send in your application, CV and or covering letter these documents will contain your personal information and we need this to determine if you are suitable for a job with us or to record that you have applied for a position and determine if you are eligible for any future positions;
  • Details of your visits to our sites including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing to manage and improve our site;
  • IP addresses and cookies.  Cookies contain information that is transferred to your computer’s hard drive which may contain information about your computer, including where available your IP address, operating system and browser type, for system administration. They help us to improve our sites and to deliver a better and more personalised service.


The data that we collect from you is currently all stored within the European Economic Area (“EEA”). It is also processed by staff operating within the EEA who work for us or one of our suppliers.

By submitting your personal data, you agree to this processing for the reason we have stated in this notice and any future reason we give you notice of from time to time. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Unfortunately, the transmission of information via the internet is not completely secure. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, however, any transmission is at your own risk.


We use information held about you in the following ways as both a data processor and a data controller:

  • To ensure that content from our sites is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you explicitly requested.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To notify you about changes to our service.
  • To further your application if you have applied for a position with us.
  • To allow you to use the RailSmart applications as a driver, manager or other user.
  • To provide information on products that we believe may be of legitimate interest to you.  You have the option to unsubscribe at any time.

Candidate recruitment records are submitted to an email address [email protected]. This is a restricted access inbox. All information is restricted to being available to the Office Manager and the hiring manager and not passed elsewhere. We have a strict data retention policy we adhere to as listed in this document.

Under our work as a Data Processor and Controller we do not perform any automated decision making and profiling for any purpose.


We follow a physical and electronic data storage retention and termination process in line with the Employment Practices code as outlined by the Information Commissioner and our Retention Policy

No paper copies of CV’s are kept, nor records in inboxes, which are regularly deleted. CV’s are kept in a restricted access folder on our server where we can ensure our data retention policy is adhered to.

CV’s will be kept for 6 months automatically and then deleted. The Office Manager may contact a candidate and ask their permission to keep their details for longer in case any future vacancies become available that the candidate is suitable for. The length of time requested will be specified but may be between 6 and 12 months.

A feedback spreadsheet containing only a candidate’s name will be kept for up to 9 months in case a candidate contacts the hiring manager to request full feedback, however, this contains no other information other than a candidate’s name and the notes on their application.


We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

  • We may disclose your personal information to third parties when asking for references.
  • Only successful candidates have references requested and only parties listed as a referee will be contacted.
  • References are completed by Office Manager or one of the Directors, however, a personal reference can be given if needed and permission is gained in the exit interview if references are to be provided once employee has left business.
  • If 3SQUARED LTD or substantial amounts of its assets are acquired by a third party, in which case personal data held by it about its customers/staff may be transferred, however, this would be done securely and only for the purposes agreed beforehand.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of 3SQUARED LTD, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • Currently no third parties except a preferred list of recruitment agencies and listed referees are involved in our recruitment process. There are no medical or CRB check performed nor recruitment CRM systems used.


  • Below are your rights as a data subject. This policy addresses each of these issues.
  • Right to know why and how 3Squared is processing information.
  • Know who will have access to it.
  • Have access to the information.
  • Have any incorrect information corrected.
  • The right to erasure and removal.
  • Be informed of any automated decision making and profiling that our systems may do.
  • The right to restrict processing.
  • The right to data portability.
  • The right to withdraw consent at any time, where relevant.
  • The right to lodge a complaint with a supervisory authority such as ICO.
  • You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
  • You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
  • Please note if you follow a link to any websites from our own websites that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Should you wish to exercise any of these rights please email the GDPR team at 3Squared at [email protected]


Data Subject Rights and Access Requests

Data subject right of access will be free of charge except where the request is ‘excessive’ in which case we reserve our right to charge a ‘reasonable fee’ to cover our administration in which case the fee will be given beforehand.

For the majority of Data Access requests the information will be provided within 1 month, 3  months for unusually complex matters. If this is the case, we will inform the individual within one month of the receipt of the request and explain why the extension is necessary.

All attempts to identify the person making the request will be made.

If the request is made electronically the information will usually follow in a secure, encrypted format.


Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.


Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to 3Squared Ltd, Fountain Precinct, Balm Green, Sheffield, S1 2JA OR [email protected].


This acceptable use policy sets out the terms between you and us under which you may access our Sites. This acceptable use policy applies to all users of, and visitors to, our sites.

Your use of our sites means that you accept, and agree to abide by, all the policies in this acceptable use policy, which supplement our terms of websites use.

Our sites are operated by 3 Squared Ltd (we or us). We are registered in England and Wales under company number 07207988 and we have our registered office at Fountain Precinct, Balm Green, Sheffield, S1 2JA. Our VAT number is 441 4744 05.


  • You may use our sites only for lawful purposes. You may not use our sites:
    In any way that breaches any applicable local, national or international law or regulation.
  • In any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect.
  • For the purpose of harming or attempting to harm minors in any way.
  • To send, knowingly receive, upload, download, use or re-use any material which does not comply with our content standards.
  • To transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam).
  • To knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.

You also agree:

  • Not to reproduce, duplicate, copy or re-sell any part of our sites in contravention of the provisions of our terms of websites use.
  • Not to access without authority, interfere with, damage or disrupt:
    • any part of our sites;
    • any equipment or network on which our sites is stored;
    • any software used in the provision of our sites; or
    • any equipment or network or software owned or used by any third party.


We may from time to time provide interactive services on our sites, including, without limitation:

  • Chat rooms.
  • Bulletin boards.

Where we do provide any interactive service, we will provide clear information to you about the kind of service offered, if it is moderated and what form of moderation is used (including whether it is human or technical).

We will do our best to assess any possible risks for users (and in particular, for children) from third parties when they use any interactive service provided on our sites, and we will decide in each case whether it is appropriate to use moderation of the relevant service (including what kind of moderation to use) in the light of those risks. However, we are under no obligation to oversee, monitor or moderate any interactive service we provide on our sites, and we expressly exclude our liability for any loss or damage arising from the use of any interactive service by a user in contravention of our content standards, whether the service is moderated or not.

The use of any of our interactive services by a minor is subject to the consent of their parent or guardian. We advise parents who permit their children to use an interactive service that it is important that they communicate with their children about their safety online, as moderation is not foolproof. Minors who are using any interactive service should be made aware of the potential risks to them.

Where we do moderate an interactive service, we will normally provide you with a means of contacting the moderator, should a concern or difficulty arise.


These content standards apply to any and all material which you contribute to our sites (contributions), and to any interactive services associated with it.

You must comply with the spirit of the following standards as well as the letter. The standards apply to each part of any contribution as well as to its whole.

Contributions must:

  • Be accurate (where they state facts).
  • Be genuinely held (where they state opinions).
  • Comply with applicable law in the UK and in any country from which they are posted.

Contributions must not:

  • Contain any material which is defamatory of any person.
  • Contain any material which is obscene, offensive, hateful or inflammatory.
  • Promote sexually explicit material.
  • Promote violence.
  • Promote discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.
  • Infringe any copyright, database right or trade mark of any other person.
  • Be likely to deceive any person.
  • Be made in breach of any legal duty owed to a third party, such as a contractual duty or a duty of confidence.
  • Promote any illegal activity.
  • Be threatening, abuse or invade another’s privacy, or cause annoyance, inconvenience or needless anxiety.
  • Be likely to harass, upset, embarrass, alarm or annoy any other person.
  • Be used to impersonate any person, or to misrepresent your identity or affiliation with any person.
  • Give the impression that they emanate from us, if this is not the case.
  • Advocate, promote or assist any unlawful act such as (by way of example only) copyright infringement or computer misuse.


We will determine, in our discretion, whether there has been a breach of this acceptable use policy through your use of our sites. When a breach of this policy has occurred, we may take such action as we deem appropriate.

Failure to comply with this acceptable use policy constitutes a material breach of the terms of use upon which you are permitted to use our sites, and may result in our taking all or any of the following actions:

  • Immediate, temporary or permanent withdrawal of your right to use our sites.
  • Immediate, temporary or permanent removal of any posting or material uploaded by you to our sites.
  • Issue of a warning to you.
  • Legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach.
  • Further legal action against you.
  • Disclosure of such information to law enforcement authorities as we reasonably feel is necessary.

We exclude liability for actions taken in response to breaches of this acceptable use policy. The responses described in this policy are not limited, and we may take any other action we reasonably deem appropriate.


We may revise this acceptable use policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we make, as they are legally binding on you. Some of the provisions contained in this acceptable use policy may also be superseded by provisions or notices published elsewhere on our sites.