Data Protection Principles

Schedule 1 of the Data Protection Act lists the data protection principles in the following terms:

  1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless;

    1. At least one of the conditions in Schedule 2 is met, and

    2. In the case of sensitive personal data, at least one of the conditions in schedule three is also met.

  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose for those purposes.

  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

  4. Personal data shall be accurate and, where necessary, kept up to date.

  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose all those purposes.

  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory insures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Cookies Policy

  • Cookies are small pieces of data that websites store on a device. Cookies can improve your visitors’ browsing experience because they help websites remember preferences and understand how people use different features.

  • Squarespace uses some necessary cookies so visitors can navigate and use key features on your site. These cookies vary from site to site depending on the features it uses. For example, functional and required cookies help these features work:

  • Name

    • Purpose

    • Type

    • Duration

    _acloggedin

    • Supports login by Scheduling client if the client has an account

    • Cookie

    • January 1, 2025

    _client_acloggedin

    • Supports login by Scheduling client if the client has an account

    • Cookie

    • January 1, 2025

    _dd_cookie_test

    • Tests if cookies are supported

    • Cookie

    • Expires instantly

    _dd_s

    • Tracks browser errors

    • Cookie

    • Four hours

    _dd_site_test

    • Tests if cookies are supported

    • Cookie

    • Expires instantly

    _grecaptcha

    • Helps reduce space

    • Local storage

    • No expiry

    CART

    • Shows when a visitor adds a product to their cart

    • Cookie

    • Two weeks

    CHECKOUT_WEBSITE

    • Identifies the correct site for checkout when checkout on your domain is disabled

    • Cookie

    • Session

    client_username

    • Remembers a logged in Scheduling client's username between visits

    • Cookie

    • One year

    clientUser

    • Stores the Scheduling client's username, OAuth2 Access Token, and OAuth2 Refresh Token. This cookie is required for functionality of logged-in clients

    • Cookie

    • 30 days

    Commerce-checkout-state

    • Stores state of checkout while the visitor is completing their order in PayPal

    • sessionstorage

    • Session

    Crumb

    • Prevents cross-site request forgery (CSRF)

    • Cookie

    • Session

    RecentRedirect

    • Prevents redirect loops if a site has custom URL redirects. Redirect loops are bad for SEO.

    • Cookie

    • 30 minutes

    siteUserCrumb

    • Prevents cross-site request forgery (CSRF)for logged in site users

    • Cookie

    • Three years

    squarespace-announcement-bar

    • Prevents the announcement bar from displaying if a visitor dismisses it

    • localstorage

    • Persistent

    squarespace-popup-overlay

    • Prevents the promotional pop-up from displaying if a visitor dismisses it

    • localstorage

    • Persistent

    squarespace-video-player-options

    • Remembers video player selected preferences ( volume, playback speed, and quality) for videos uploaded directly to Squarespace

    • localstorage

    • Persistent

    ss_cookieAllowed

    • Remembers if a visitor agreed to placing analytics cookies on their browser if a site is restricting the placement of cookies

    • Cookie

    • 30 days

    ss_sd

    • Ensures that visitors on the Squarespace 5 platform remain authenticated during their sessions

    • Cookie

    • Session

    Test

    • Investigates if the browser supports cookies and prevents errors

    • Cookie

    • Session

    TZ

    • Enables a Scheduling client’s appointments to display correctly based on their time zone preferences.

    • localstorage

    • Persistent

  • Cookie Name

    • Duration

    • Purpose

    ss_cid

    • Two years

    • Identifies unique visitors and tracks a visitor’s sessions on a site

    ss_cpvisit

    • Two years

    • Identifies unique visitors and tracks a visitor’s sessions on a site

    ss_cvisit

    • 30 minutes

    • Identifies unique visitors and tracks a visitor’s sessions on a site

    ss_cvr

    • Two years

    • Identifies unique visitors and tracks a visitor’s sessions on a site

    ss_cvt

    • 30 minutes

    • Identifies unique visitors and tracks a visitor’s sessions on a site

  • CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in.