The specific section that your customers might want to read about their data is here:
As a user of Squeegee, you will also collect information from others, which is stored on your account. It is your responsibility to ensure that you are authorised to disclose that information to us. This means that you must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Policy, including:
This will shortly be made very easy for you, with the customer portal that will be released soon.
Where requested to do so by us, You must also assist Squeegee with any requests by the individual to access or update the personal information you have collected from them and entered into the service.
An interesting article we found on GDPR compliance (or lack of in some cases) states that
"Many firms have the required consent already; others don’t have consent to send a request"
Toni Vitale, the head of regulation, data and information at the law firm Winckworth Sherwood, said many of those requests would be needless paperwork, and some that were not would be illegal.
“Businesses are not required to automatically ‘repaper’ or refresh all existing 1998 Act consents in preparation for the GDPR,” Vitale said. “The first question to ask is: which of the six legal grounds under the GDPR should you rely on to process personal data? Consent is only one ground. The others are contract, legal obligation, vital interests, public interest and legitimate interests.
“Even if you are relying on consent, that still does not mean you have to ask for consent again. Recital 171 of the GDPR makes clear you can continue to rely on any existing consent that was given in line with the GDPR requirements, and there’s no need to seek fresh consent. Just make sure that your consent met the GDPR standard and that consents are properly documented.”