Privacy Policy

1. Who we are

Redress Compliance LLC (“Redress Compliance”, “we”, “us”, or “our”) is an independent enterprise software licensing and commercial negotiation advisory firm. Our headquarters is at 1314 E Las Olas Blvd, Fort Lauderdale, FL 33301, United States, with additional operations in Ireland and the United Arab Emirates.

This Privacy Policy describes how we handle personal information across redresscompliance.com, our newsletter, our downloadable resources, and the advisory services we deliver to clients.

2. Information we collect

We only collect information that is necessary to run our business, deliver the services you request, and improve the content we publish. Specifically:

2.1 Information you give us directly

• Contact & business details — name, business email, phone number, job title, and company name when you use our contact form, book a call, request a white paper, or engage us as a client.
• Newsletter data — email address and any preferences you share when you subscribe.
• Engagement information — during a consulting engagement, we process information you provide about your software estate, contracts, licences, usage data, and internal stakeholders. Engagement data is always handled under a written agreement and in line with your instructions.
• Communications — emails, meeting notes, and materials you share with us.

2.2 Information collected automatically

• Usage data — pages visited, referring URL, device type, browser, approximate location (country/region level), and time on site.
• Cookies & similar technologies — see section 5.
• Server logs — IP address and request metadata, used for security, fraud prevention, and diagnostics.

2.3 Information from third parties

• Publicly available business information (e.g. LinkedIn profile, company registry).
• Marketing and analytics providers who help us understand aggregate campaign performance.

We do not knowingly collect special category personal data (such as health, race, religion, biometric, or political information). Please do not share that type of information with us.

3. How we use information

We use personal information for clearly defined business purposes:

• To respond to enquiries and deliver advisory services.
• To send the Redress Compliance newsletter and operational emails (booking confirmations, document delivery).
• To send occasional updates about relevant research, events, and services — only where we have a lawful basis to do so.
• To improve the website, our content, and our advisory methodology.
• To protect the security and integrity of our systems, detect abuse, and prevent fraud.
• To comply with legal, tax, accounting, regulatory, and contractual obligations.

We do not sell personal information. We do not use personal information for automated decision-making that produces legal or similarly significant effects without human review.

4. Legal basis for processing (GDPR / UK GDPR)

Where the EU General Data Protection Regulation or UK GDPR applies, we rely on the following legal bases:

• Performance of a contract — to deliver the advisory services you or your employer have engaged us to provide.
• Legitimate interests — to operate and market a B2B advisory business to professionals who have shown interest in our services, protect our systems, and improve our content. We have balanced these interests against your rights and keep the scope minimal.
• Consent — for newsletter subscriptions and certain non-essential cookies. You can withdraw consent at any time.
• Legal obligation — where we must keep or disclose records under applicable law.

5. Cookies & similar technologies

Our website uses a small number of cookies and similar technologies:

• Strictly necessary — for core site functionality (e.g. navigation, security).
• Analytics — privacy-respecting analytics that help us understand which pages are useful. We aggregate data and do not use it to build individual advertising profiles.
• Functional — to remember preferences such as cookie choices.

You can control cookies through your browser settings. Blocking cookies may affect certain site features.

6. Information sharing & disclosure

We share personal information only when necessary, and only with parties that protect it at a standard consistent with this policy:

• Service providers — cloud hosting, email delivery, CRM, document storage, analytics, and payment processing. We require these providers to act only on our instructions and to safeguard the data.
• Professional advisors — our auditors, accountants, and lawyers where strictly necessary.
• Legal & regulatory disclosures — when required by law, court order, or to protect the rights, property, or safety of Redress Compliance, our clients, or the public.
• Corporate transactions — in connection with a merger, acquisition, or financing, subject to standard confidentiality protections.

We never share client engagement data with software vendors. Independence from vendors is the foundation of our advisory model and an explicit contractual commitment.

7. Data retention

We retain personal information only for as long as needed to fulfil the purposes described in this policy, meet our legal and contractual obligations, or resolve disputes. Typical retention periods:

• Newsletter subscribers — until you unsubscribe, then a short suppression list to honour your choice.
• Prospect contact data — up to 24 months after last meaningful interaction.
• Client engagement records — for the duration of the engagement plus the period required by applicable law (typically 6–7 years for financial records).
• Website logs — rotated on a short cycle, typically 30–90 days.

8. Your rights

Depending on where you live, you may have some or all of the following rights:

• Access — receive a copy of the personal information we hold about you.
• Correction — ask us to fix data that is inaccurate or incomplete.
• Deletion — ask us to erase your data, subject to legal exceptions.
• Restriction & objection — ask us to pause processing or object to processing based on legitimate interests.
• Portability — receive a machine-readable copy of data you provided, where applicable.
• Withdraw consent — at any time, without affecting the lawfulness of earlier processing.
• California residents (CCPA/CPRA) — the right to know what personal information we collect, to request deletion, to correct inaccurate data, and to opt out of any “sale” or “sharing” of personal information. We do not sell personal information as defined under California law.
• Lodge a complaint — with a supervisory authority in your jurisdiction (e.g. the Irish Data Protection Commission for EU users, the ICO in the UK).

To exercise any of these rights, contact us using the details in section 13. We will verify your identity and respond within the timeframes required by applicable law.

9. International transfers

We operate globally. Personal information may be transferred to, and processed in, the United States, Ireland, the United Arab Emirates, and other countries where our service providers are located. Where we transfer personal information out of the European Economic Area or the UK, we rely on appropriate safeguards such as European Commission adequacy decisions or Standard Contractual Clauses.

10. Security

We use a combination of organisational, administrative, and technical safeguards to protect personal information, including encrypted transport (HTTPS/TLS), access controls, least-privilege permissioning, vendor due diligence, and regular security reviews. No system is perfectly secure. If we become aware of a personal data breach that affects you, we will notify you in line with applicable law.

11. Children’s privacy

Our services are intended for business professionals and are not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, provide a more prominent notice. Your continued use of our website or services after changes take effect constitutes acceptance of the updated policy.

13. Contact us