1. Who we are
Redshift Social Limited is a UK company providing websites, custom marketing and engagement solutions, event platform, campaign, reporting and technology services to business clients.
Company: Redshift Social Limited Company number: 8741687
Registered address: 124 City Road, London, England, EC1V 2NX
ICO registration: ZC136004
In this Privacy Policy, “Redshift”, “we”, “us” and “our” mean Redshift Social Limited.
This Privacy Policy was last updated in May 2026.
2. What this policy covers
This Privacy Policy explains how we handle personal data collected through this website and through ordinary business communications, such as enquiries, emails, calls, meetings and client/supplier administration.
This website is primarily a business-to-business marketing website. It is not intended for children and does not provide a public customer account service.
Where Redshift provides hosted platforms, event systems, campaign-mailer services, reporting or support to a client, we may process personal data on that client’s behalf under a separate agreement or data processing agreement. In those cases, the client will normally be the controller for its own customer, event, campaign or end-user data.
This policy does not replace the privacy notice of any Redshift client.
3. Our role as controller or processor
Redshift’s role depends on the context.
For Redshift’s own website, business administration, contracts, finance, supplier records, legal/compliance records, security records and business communications, Redshift normally acts as controller. This means we decide why and how that personal data is used for our own business purposes.
For hosted client platforms and client customer data, Redshift normally acts as processor. This means we process personal data on the client’s documented instructions and under the relevant agreement or data-processing terms.
Where Redshift acts as processor, individuals should usually contact the relevant client/controller in the first instance. Redshift will support the client in responding to data-protection requests where required.
4. Personal data we collect from this website
If you contact us through this website, by email, telephone or another business channel, we may collect and use:
your name;
your business name;
your job title, if provided;
your email address;
your telephone number, if provided;
the content of your message or enquiry;
related correspondence.
We use this information to respond to your enquiry, communicate with you, manage the relationship and keep appropriate business records.
When you visit the website, our server may log technical information such as IP address, browser type, pages requested and approximate timestamp, for security, error-investigation and operational purposes.
5. Personal data we process for business administration
As part of running our business, we may also process limited personal data relating to clients, suppliers, professional contacts and business partners.
This may include contact details, correspondence, contracts, invoices, payment records, supplier-assurance information, legal/compliance records and support-related communications.
We use this information to manage our business, provide services, meet legal and accounting obligations, respond to enquiries, support clients and protect our systems.
6. Client platform and supplier-assurance information
Redshift provides hosted technology services for business clients. These may include event registration, attendance/roll-call, reporting, transactional emails, campaign-mailer functionality, preference/suppression handling, email delivery events and support activities.
For client customer, event or campaign data, Redshift usually acts as processor. Redshift processes that data only to provide the agreed service and on the client’s documented instructions, except where the law requires otherwise.
Redshift does not sell client customer personal data and does not use client customer, event or campaign data for Redshift’s own unrelated marketing, profiling or commercial purposes.
Specific processing details, sub-processors, retention periods and security arrangements for a client service are documented in the relevant client agreement, data processing agreement or supplier-assurance materials.
7. Why we use personal data
We may use personal data for the following purposes:
responding to website, email, telephone or business enquiries;
providing information about our services;
managing client and supplier relationships;
providing and supporting our services;
administering contracts, invoices and payments;
maintaining business, tax and accounting records;
responding to supplier-assurance or due-diligence requests;
protecting our systems, services and data;
investigating faults, support issues or security incidents;
meeting legal, regulatory, insurance and compliance obligations;
sending relevant business-to-business communications;
keeping records of opt-outs or objections.
8. Lawful bases
The lawful basis depends on the purpose and context.
We may rely on:
Contract, where processing is needed to enter into or perform a contract.
Legal obligation, where we need to keep records or comply with legal, tax, accounting, regulatory or other statutory obligations.
Legitimate interests, where processing is necessary for running our business, responding to enquiries, managing client/supplier relationships, securing our systems, keeping records, providing services or sending relevant business-to-business communications, provided those interests are not overridden by individual rights.
Consent, where consent is required, for example for certain types of marketing, optional communications or non-essential cookies.
Where we rely on legitimate interests, we consider the purpose, necessity and any impact on individuals. Individuals can object to processing based on legitimate interests where the right applies.
9. Direct marketing and business communications
Redshift may send limited business-to-business communications to client, supplier or professional contacts where this is relevant to the business relationship or where a person has asked to receive information.
We will not disguise or conceal our identity in marketing communications and will provide a way to opt out where required.
If you ask us not to send you Redshift marketing or business-development communications, we will respect that request.
Client campaign emails sent through a client platform are not Redshift’s own marketing. They are sent on the client’s instructions, and the client is responsible for the customer-facing lawful basis, privacy information and campaign approval.
10. Cookies and website technologies
This website uses two types of cookies and similar technologies.
Strictly necessary cookies. These are required for the website to function, for example, for security, form handling, spam prevention and session management. They do not require consent under PECR.
Analytics cookies. We use Google Analytics 4 (GA4) to understand how visitors use the website in aggregate, so we can improve content and performance. These cookies are only set if you accept them through our cookie banner. We do not use the analytics data for marketing, profiling or any purpose other than website analytics.
When you first visit the website, you will see a cookie banner asking you to accept or decline non-essential cookies. You can decline without any loss of website functionality. If you accept, your choice is remembered so you are not asked again on subsequent visits; if you decline, no analytics cookies are set. You can change your choice at any time by clearing the cookies in your browser and revisiting the site, or through your browser's cookie controls.
11. Who we share personal data with
We only share personal data where necessary for the relevant purpose, business operation, service delivery, legal requirement, security purpose or client instruction.
Recipients may include:
cloud hosting, website, email, storage, productivity, monitoring, security and support-service providers;
professional advisers, accountants, legal advisers, auditors, insurers and insurance brokers;
banks, finance and payment providers;
clients, where the information relates to a client service or authorised user;
regulators, public authorities, courts, law-enforcement bodies or HMRC where required by law;
successor organisations or advisers in the event of business restructuring, sale or transfer, subject to appropriate safeguards.
For client services, specific sub-processors are documented in the relevant client agreement, data processing agreement or supplier-assurance materials.
12. International transfers
Redshift is based in the United Kingdom.
Some service providers may operate support, security, administration or resilience arrangements internationally. Where personal data is transferred outside the UK, Redshift relies on appropriate safeguards where required, such as adequacy regulations, the UK International Data Transfer Agreement/Addendum, standard contractual clauses or the provider’s lawful transfer mechanisms.
For client platform processing, transfer arrangements are governed by the relevant client agreement, data processing agreement or documented instructions.
13. How long we keep personal data
We keep personal data only for as long as needed for the relevant purpose, including service delivery, legal, contractual, audit, security, suppression, backup and accountability purposes.
Typical retention approach:
website enquiry and business contact records are kept for as long as needed to respond and manage the relationship;
business contact and correspondence records may then be kept for up to 6 years where needed for contractual, legal, audit or business-record purposes;
contracts, invoices, accounting and tax records are normally kept for at least 6 years where required for accounting, tax, limitation and business-record purposes;
supplier-assurance, legal, security and compliance records are kept for the relevant engagement and then for an appropriate audit/accountability period;
support tickets and operational correspondence are kept only as long as needed for service delivery, issue history, audit, contractual or legal purposes;
marketing opt-out or suppression records may be retained while needed to ensure we do not contact a person again contrary to their preference;
client platform data processed as processor is retained, deleted, anonymised, suppressed or returned according to the relevant client agreement, data processing agreement, documented instructions and retention process;
backups are retained on a rolling basis and overwritten or expired according to the relevant backup schedule.
Where data is no longer required, we delete, anonymise, suppress, overwrite or securely retain it only where there is a lawful reason to do so.
14. Security
Redshift uses technical and organisational measures appropriate to the size and nature of the business and the processing involved.
Measures may include:
role-based access controls and named accounts;
multi-factor authentication for administrative access where applicable;
HTTPS/TLS for web traffic;
cryptographic password hashing where user accounts are provided;
restricted production server and infrastructure access;
secure remote-access controls for administration where used;
firewall controls and restricted administrative ports;
endpoint protection on administrative devices;
encrypted backups and restricted backup locations where applicable;
audit, application, retention and security logs where applicable;
change-management, incident-response, backup/recovery and retention/anonymisation processes;
restricted document storage for client assurance and operational materials.
We maintain controls intended to protect the confidentiality, integrity and availability of personal data and to support detection, response and recovery where needed.
15. Automated decision-making and profiling
Redshift does not use personal data for automated decision-making that produces legal or similarly significant effects on individuals.
Where Redshift processes campaign engagement data on behalf of a client, this is used for delivery, reporting, suppression/list hygiene, security and campaign accountability purposes, unless otherwise instructed by the client.
Redshift does not use client campaign data for Redshift’s own profiling or unrelated marketing purposes.
16. Your rights
Depending on the context and lawful basis, individuals may have rights under UK GDPR, including the right to:
request access to personal data;
request correction of inaccurate data;
request erasure of data;
request restriction of processing;
object to processing;
request data portability where applicable;
withdraw consent where processing is based on consent.
Where Redshift acts as controller, you can contact us using the details in this policy.
Where Redshift acts as processor for a client, Redshift may need to refer the request to the relevant client/controller or act on that client’s documented instructions.
If you object to direct marketing by Redshift, Redshift will stop using your personal data for Redshift direct-marketing purposes.
17. Complaints and contact
If you have any questions about this Privacy Policy or how Redshift handles personal data, please contact us first so that we can try to resolve it.
Privacy contact: privacy@redshiftsocial.com
Address: Redshift Social Limited, 124 City Road, London, England, EC1V 2NX.
Our security procedures mean that we may occasionally request proof of identity before disclosing personal information or acting on a rights request.
You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.
ICO website: www.ico.org.uk
ICO helpline: 0303 123 1113
We would appreciate the chance to deal with your concerns before you approach the regulator, so please contact us in the first instance.
18. Updates to this policy
We may update this Privacy Policy from time to time. The “last updated” date at the top of this policy shows when it was most recently revised. Material changes will be reflected on this page.
Company No. 8741687 – Registered in England and Wales VAT Number 184496172
Copyright © 2023 RedshiftSocial Ltd - All Rights Reserved.