Privacy Policy

Last updated: February 15, 2026

Who We Are
Information We Collect
How We Use Your Information
Legal Bases for Processing
Information Sharing & Disclosure
International Data Transfers
Data Security
Data Retention
Your Rights
Cookies & Tracking
Third-Party Links
Children’s Privacy
Changes to This Policy
Contact Us

1. Who We Are

Redress Compliance (“Redress,” “we,” “us,” or “our”) is an independent enterprise software advisory firm providing licensing, commercial negotiation, audit defence, and benchmarking services to organisations worldwide. We are committed to protecting the privacy and security of your personal information.

Data Controller: Redress Compliance
Registered Offices: United States (New York), Ireland, and Dubai (UAE)
Contact: | +1 (239) 402-7397

2. Information We Collect

Information You Provide Directly

When you interact with us through our website, contact forms, email, phone, or meetings, we may collect:

Contact information: Name, job title, company name, email address, phone number, and mailing address
Enquiry details: Vendor(s) of interest, service type, contract details, and any information you share about your software estate or licensing situation
Engagement information: Contract inventories, licence entitlements, usage data, spend data, audit correspondence, and other commercial documents shared during the course of an advisory engagement
Scheduling preferences: Preferred meeting dates, times, and communication preferences
NDA and legal documents: Non-disclosure agreements and related correspondence

Information Collected Automatically

When you visit our website, we may automatically collect:

Device and browser information: IP address, browser type and version, operating system, screen resolution, and device type
Usage data: Pages visited, time spent on pages, referring URLs, click patterns, and navigation paths
Cookies and similar technologies: As described in Section 10 below

3. How We Use Your Information

We use your personal information for the following purposes:

Providing advisory services: To deliver the licensing, negotiation, audit defence, and benchmarking services you have engaged us to perform
Responding to enquiries: To reply to your messages, schedule calls, and provide information about our services
Proposals and scoping: To prepare fixed-fee proposals, scope engagements, and assess how we can assist your organisation
Benchmarking: To maintain and improve our anonymised benchmark database of 500+ enterprise deals. All data contributed to benchmarks is fully anonymised — no client is ever identifiable
Website improvement: To understand how visitors use our website and improve its content, functionality, and performance
Legal compliance: To comply with applicable laws, regulations, and legal processes
Business communications: To send relevant updates about our services, white papers, knowledge hub content, and industry insights, where you have opted in or where we have a legitimate interest

4. Legal Bases for Processing

Where the EU/UK General Data Protection Regulation (GDPR) applies, we process your personal data on the following legal bases:

Contractual necessity: Where processing is necessary to perform our advisory services under an engagement agreement
Legitimate interests: Where processing is necessary for our legitimate business interests (such as responding to enquiries, improving our services, and maintaining our benchmark database), provided these interests do not override your rights
Consent: Where you have given explicit consent, such as opting in to receive marketing communications
Legal obligation: Where processing is required to comply with applicable law

We do not sell, rent, or trade your personal information. We do not share client information with any software vendor under any circumstances. Your data is never disclosed to Oracle, Microsoft, SAP, Salesforce, IBM, Broadcom, AWS, ServiceNow, Workday, or any other vendor.

We may share your information only in the following limited circumstances:

Service providers: Trusted third-party providers who assist with website hosting, email delivery, analytics, and IT infrastructure. These providers are contractually bound to protect your data and may only process it on our instructions
Professional advisors: Our legal, accounting, and insurance advisors where necessary for the management of our business
Legal requirements: Where required by law, regulation, court order, or governmental authority
Business transfers: In connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy
With your consent: Where you have given us explicit permission to share information with a specified third party

6. International Data Transfers

As Redress Compliance operates from offices in the United States, Ireland, and Dubai, your personal data may be transferred to and processed in countries outside your country of residence. Where data is transferred outside the European Economic Area (EEA) or the United Kingdom, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Other lawful transfer mechanisms recognised under applicable data protection legislation

7. Data Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Access controls limiting data access to authorised personnel on a need-to-know basis
Secure storage of engagement documents and client materials
Regular security reviews and updates to our systems and processes
Mutual NDA agreements with all clients, signed before engagement commencement

While we take all reasonable precautions, no method of transmission or storage is 100% secure. If you have concerns about the security of your data, please contact us immediately.

8. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including:

Enquiry data: Retained for up to 24 months after your last interaction with us, unless an engagement commences
Engagement data: Retained for the duration of the engagement plus 7 years thereafter, to comply with legal and regulatory obligations and to support ongoing advisory relationships
Benchmark data: Anonymised data (from which you cannot be identified) may be retained indefinitely as part of our benchmark database
Website analytics: Retained for up to 26 months
Marketing preferences: Retained until you withdraw consent

Upon expiry of the retention period, data is securely deleted or irreversibly anonymised.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Rectification: Request correction of inaccurate or incomplete data
Erasure: Request deletion of your personal data (“right to be forgotten”)
Restriction: Request restriction of processing in certain circumstances
Portability: Request transfer of your data to another organisation in a structured, machine-readable format
Objection: Object to processing based on legitimate interests or for direct marketing purposes
Withdraw consent: Where processing is based on consent, withdraw that consent at any time
Lodge a complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at . We will respond within 30 days (or within any shorter period required by applicable law).

For EU/EEA Residents

You have the right to lodge a complaint with your national Data Protection Authority. A list of EEA data protection authorities is available at ec.europa.eu/justice/data-protection.

For California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to request deletion, and the right not to be discriminated against for exercising these rights. We do not sell personal information as defined under the CCPA.

For UAE Residents

We comply with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and applicable DIFC/ADGM data protection regulations where relevant to our Dubai operations.

10. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to improve your browsing experience, analyse site traffic, and understand visitor behaviour.

Types of Cookies We Use

Strictly necessary cookies: Required for the website to function properly (e.g., session management, security). These cannot be disabled
Analytics cookies: Help us understand how visitors use our website (e.g., pages visited, time on site). We use Google Analytics with IP anonymisation enabled
Functional cookies: Remember your preferences and settings to improve your experience
Marketing cookies: Used to deliver relevant content and measure the effectiveness of our communications. Only placed with your consent

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling certain cookies may affect the functionality of our website.

11. Third-Party Links

Our website may contain links to third-party websites, including vendor websites, industry publications, and partner services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Children’s Privacy

Our services are designed for business professionals and organisations. We do not knowingly collect personal information from individuals under the age of 16. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal information, please contact us:

Redress Compliance
Email:
Phone: +1 (239) 402-7397
For NDA-related enquiries:

Offices: New York (US) · Ireland (Europe) · Dubai (Middle East)

Contents