Privacy Policy

REDUNDLY Privacy Policy

Last updated: June 2025

Version 1.0

Important

This Privacy Policy explains how Redundly collects, uses, stores, and protects your personal data when you use our website at redundly.co.uk and our redundancy process service. Please read it carefully before using our service.

Redundly collects sensitive information about you and your employees as part of generating your redundancy pack. We take our obligations under UK data protection law seriously.

1. Who We Are

Redundly is operated by Redundly Ltd, a company registered in England and Wales.

• Company name: Redundly Ltd
• Registered address: [Insert registered address]
• Companies House number: [Insert company number]
• Email: support@redundly.co.uk
• Website: redundly.co.uk

For the purposes of UK data protection law, Redundly Ltd is the data controller in respect of the personal data we collect through this service.

2. What Data We Collect

We collect two categories of data when you use Redundly.

2.1 Your personal data (data about you as the employer)

• Your full name and job title
• Your email address and telephone number
• Your company name and company registration number
• Your company address
• Payment information (processed securely by Stripe — we do not store card details)
• Your IP address and browser information collected automatically when you visit our website

2.2 Third party personal data (data about your employees)

As part of generating your redundancy process pack, you will provide us with personal information about the employees being made redundant. This is likely to include:

• Employee full name and job title
• Employee work location
• Employee start date and length of service
• Employee salary and weekly pay
• Employee contracted hours
• Notice period and holiday entitlement
• Information about protected characteristics where disclosed (for example pregnancy, disability, or maternity leave status)
• Details of any grievances raised or whistleblowing activity

This employee data is special category data or sensitive personal data under UK GDPR. We handle it with additional care and it is used solely for the purpose of generating your redundancy process pack.

Your responsibility as employer: You are entering employee personal data into our service as a data controller in your own right. You must ensure you have a lawful basis for sharing this data with us. By using our service, you confirm that you are authorised to process this employee data for the purpose of managing a redundancy process.

3. How We Use Your Data

We use the data you provide for the following purposes:

• Generating your personalised redundancy process pack: Performance of a contract (Article 6(1)(b))
• Processing your payment: Performance of a contract (Article 6(1)(b))
• Sending your pack and follow-up emails: Performance of a contract (Article 6(1)(b))
• Maintaining records of your order in our admin system: Legitimate interests (Article 6(1)(f)) — maintaining business records
• Improving our service and fixing technical issues: Legitimate interests (Article 6(1)(f))
• Complying with legal obligations: Legal obligation (Article 6(1)(c))
• Sending you information about our services where you have consented: Consent (Article 6(1)(a))

For special category employee data (such as information about pregnancy, disability, or other protected characteristics), we process this data on the basis of Article 9(2)(b) (employment law obligations) and Article 9(2)(f) (legal claims).

4. How Long We Keep Your Data

We retain your data for as long as necessary to fulfil the purposes for which it was collected:

• Order records and payment information: 7 years (required for tax and accounting)
• Your personal data (name, email, phone): 3 years from last interaction
• Employee personal data entered into the form: 3 years from the date the pack was generated
• Generated documents: 3 years from the date of generation
• Website analytics and page view data: 26 months

After the applicable retention period, your data is securely deleted.

5. Who We Share Your Data With

We share data only with the following trusted service providers:

• Supabase: Secure database storage (EU - Ireland)
• Stripe: Payment processing (UK / EU / US)
• Resend: Email delivery (US - SCCs in place)
• Calendly: Booking consultations (US - SCCs in place)

We may also disclose your data where required to do so by law, court order, or regulatory authority.

6. Security

We take the security of your data seriously, including sensitive employee data. Our measures include:

• All data is encrypted in transit using TLS (HTTPS)
• All data stored in Supabase is encrypted at rest
• Access to our admin systems is restricted to authorised personnel only
• Payment card data is never stored by us — handled directly by Stripe
• Our systems are hosted in the EU (Ireland)

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

• Right of access: Request a copy of your data.
• Right to rectification: Correct inaccurate or incomplete data.
• Right to erasure: Ask us to delete your personal data.
• Right to restrict processing: Limit how we use your data.
• Right to data portability: Request your data in a machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Withdraw consent at any time.
• Right to complain: Complain to the ICO (ico.org.uk).

8. Cookies

We use strictly necessary cookies for website function, analytics cookies for improvement, and functional cookies for preference/session progress. We do not use advertising cookies or sell browsing data.

9. International Data Transfers

Resend and Calendly are US-based. We use Standard Contractual Clauses (SCCs) and the ICO International Data Transfer Agreement (IDTA) where applicable to ensure adequate protection.

10. Employee Data: A Note for Users

You are the data controller for employee data. We are the processor. Ensure you have a lawful basis for sharing this data and only provide what is necessary.

11. Children

Our service is intended for business owners and HR professionals, not children under 18.

12. Changes to This Privacy Policy

We may update this policy. Material changes will be noted by updating the date at the top and, where appropriate, via email.

13. How to Contact Us

Email: support@redundly.co.uk

Post: Redundly Ltd, [Insert registered address]

We aim to respond to all data-related enquiries within one calendar month.

Redundly Ltd | redundly.co.uk | support@redundly.co.uk

This document should be reviewed by a qualified solicitor or data protection specialist before publication.