Legal

Data Protection Rights

Last updated: 2026-05-15

This page summarises Redcliffe's data protection roles, your rights under the UK and EU General Data Protection Regulations (GDPR), and how to exercise them.

1. Data controller

For personal data submitted directly by users (e.g., account information, beta-access requests), REDCLIFFE CONTENT PARTNERS LTD acts as the data controller. REDCLIFFE CONTENT PARTNERS LTD is registered in England and Wales under company number 15880789; our registered office is 21 Dwyer House, 2 Townmead Road, London, England, SW6 2NZ. The controller's contact email is hello@redcliffe.ai.

2. Data processor

For content that customers submit through the Service for compliance analysis, Redcliffe generally acts as a data processor. We process that content only on the documented instructions of the customer (the controller), subject to any data processing agreement or customer terms in place.

3. Your rights under GDPR

If you are located in the UK or EEA, you have the following rights with respect to your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) — ask us to delete your data, subject to legal exceptions.
  • Right to restrict processing — ask us to limit how we use your data while a query is being resolved.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
  • Right to lodge a complaint — with the UK Information Commissioner's Office (ICO) at ico.org.uk, or your local EU supervisory authority.

4. How to exercise your rights

Send a request to hello@redcliffe.ai with the subject “GDPR Request”. We will respond without undue delay and within one month where required by law. For complex requests, or where you make a number of requests, we may extend the response period by up to two further months where permitted. We may need to verify your identity before processing your request.

5. Lawful bases for processing

Performance of a contract

Processing necessary to provide the Service you have signed up for — for example, hosting your project data and running compliance reviews on content you submit.

Legitimate interests

Processing necessary for our legitimate interests in operating, securing, and improving the Service, balanced against your rights and freedoms.

Consent

Where required by law, we ask for your consent before processing personal data — for example, for non-essential cookies or marketing communications.

Legal obligation

Processing necessary to comply with legal obligations to which we are subject.

6. Sub-processors

The categories of processors we use are described in the Privacy Policy and summarised on our Subprocessors page. Where required by customer agreement or data protection law, we will provide reasonable notice of new sub-processors before they begin processing customer personal data. Named provider details can be made available to customers under a data processing agreement, security review, or confidentiality arrangement.

7. International transfers

Where personal data is transferred outside the UK or EEA, we rely on the UK International Data Transfer Addendum and EU Standard Contractual Clauses, supplemented by additional safeguards as appropriate.

8. Data Protection contact

For all GDPR-related matters, contact us at hello@redcliffe.ai. We have not appointed a Data Protection Officer (DPO) at this stage. If our processing activities require one, or if we appoint one voluntarily, we will publish the appropriate contact details.