Privacy Policy
RelyComply
Version: 1
Effective date: 19th June 2026
Website Privacy Notice
1. Introduction and scope
This Privacy Notice explains how RelyComply (“RelyComply”, “we”, “us”, “our”), collects and processes the personal information of individuals who visit our websites, subscribe to our newsletter, submit a contact or demonstration request, or otherwise interact with us in connection with our marketing and sales activities.
This Notice applies to the websites at relycomply.com and relycomply.com/en-gb/ (together, the “Website”). It does not govern the processing of personal information that takes place inside the RelyComply AML compliance platform (the authenticated product environment at app.relycomply.com), where RelyComply acts as a processor on behalf of its customers. That processing is governed by the applicable customer agreement and Data Processing Agreement.
RelyComply is a global business. This Notice applies to everyone who interacts with the Website, wherever they are located. Because the largest groups of individuals we deal with are in South Africa, the United Kingdom and the European Union, this Notice addresses in detail our obligations under:
- the Protection of Personal Information Act 4 of 2013 (“POPIA”) in South Africa;
- the UK General Data Protection Regulation and the Data Protection Act 2018 (“UK GDPR”); and
- Regulation (EU) 2016/679 (the “EU GDPR”), together with the ePrivacy rules on cookies and electronic marketing.
Where you are located in another country or region whose data protection laws apply to our processing of your personal information, we will comply with those laws and honour any additional rights they give you. Where a right or obligation applies only under a particular regime, this Notice says so. References to “personal data” (GDPR) and “personal information” (POPIA) are used interchangeably and also cover equivalent terms under other applicable laws.
This Notice also serves as the notification to data subjects that POPIA section 18, GDPR Articles 13 and 14, and equivalent transparency obligations under other applicable laws require us to provide when we collect personal information.
2. Who we are (controller / responsible party)
The controllers (under the UK and EU GDPR) and responsible party (under POPIA) for the processing described in this Notice is:
| Name | Dataseed (Pty) Ltd, trading as RelyComply |
| Company registration no. | 2018/629069/07 |
| Registered office | 146 Campground Road, Newlands, Cape Town, 7700, South Africa |
| General contact | info@relycomply.com |
| Name | RELYCOMPLY (UK) LIMITED |
| ICO registration no. | ZC075901 |
| Registered office | Regent House Allum Gate Theobald Street Bore Hamwood Hertfordshire Wd6 4rs |
| General contact | info@relycomply.com |
3. How to contact us about privacy
We have established a dedicated privacy mailbox, separate from our general enquiries address, for all data protection matters: privacy@relycomply.com
The following roles are responsible for data protection at RelyComply. To protect the individuals concerned, we do not publish their names here; their details are held on file and provided to supervisory authorities and data subjects where required.
| Role | Detail |
|---|---|
| Data Protection Officer (DPO) | RelyComply has appointed an external Data Protection Officer, who can be contacted on any data protection matter via privacy@relycomply.com. |
| UK GDPR Article 27 Representative | As a controller established outside the United Kingdom that offers services to and monitors UK data subjects, we have appointed a representative in the United Kingdom under Article 27 UK GDPR. You may contact our UK representative on UK data protection matters via privacy@relycomply.com. |
| EU GDPR Article 27 Representative | As a controller established outside the EU/EEA that offers services to and monitors EU data subjects, we have appointed a representative in the European Union under Article 27 EU GDPR. You may contact our EU representative on EU data protection matters via privacy@relycomply.com, and, where you prefer, in the official language of your member state. |
4. The personal information we collect
We collect personal information directly from you when you use the forms on our Website, and automatically through cookies and similar technologies. The forms and the data each collects are:
| Source | Personal information collected | Where |
|---|---|---|
| Newsletter subscription | Email address. | Global footer / “Get updates that matter” modal |
| Contact form | Name, surname, work email address, and the content of your message. | /contact-us/ |
| Arrange a demo | First name, last name, business email address, mobile number, location, estimated monthly screening volumes, and company name. | /arrange-a-demo/ |
| Careers | No personal data is collected for recruitment on the relycomply.com domain; applications are handled by our third-party applicant tracking system. See our separate Candidate Privacy Notice. | /careers/ |
| Automatically (cookies / analytics) | Device and browser information, IP address, pages viewed, referral source and similar usage data collected via cookies and tracking technologies. | All pages |
| Sales / prospect records | Information you provide during sales conversations and information we derive about prospect fit (e.g. country, screening volume, company size), held in our customer relationship management (CRM) system. | CRM |
We do not knowingly collect special categories of personal data (GDPR Art. 9) or POPIA “special personal information” through the Website. Please do not include such information in free-text fields such as the contact-form message box.
5. Purposes of processing and lawful bases
We process personal information only where we have a lawful basis to do so. The table sets out each purpose, the lawful basis under the UK and EU GDPR (Article 6), and the corresponding justification under POPIA (section 11). Where another country’s law applies, we rely on the equivalent lawful basis under that law.
| Purpose | UK / EU GDPR Art. 6 lawful basis | POPIA s. 11 justification |
|---|---|---|
| Sending the newsletter and marketing updates | Consent — Art. 6(1)(a). You may withdraw consent at any time. | Consent — s. 11(1)(a). |
| Responding to contact-form enquiries | Where you are asking about our services: steps prior to entering a contract — Art. 6(1)(b); otherwise legitimate interests in responding to enquiries — Art. 6(1)(f). | Performance of / steps toward a contract — s. 11(1)(b); or legitimate interests — s. 11(1)(f). |
| Handling demonstration requests and sales follow-up | Steps at your request prior to entering a contract — Art. 6(1)(b); and legitimate interests in business-to-business marketing of relevant services — Art. 6(1)(f). | Steps toward a contract — s. 11(1)(b); legitimate interests — s. 11(1)(f). |
| Operating, securing and improving the Website | Legitimate interests in running a secure and functional website — Art. 6(1)(f). Non-essential cookies are set only with your consent — Art. 6(1)(a). | Legitimate interests — s. 11(1)(f); consent for non-essential cookies — s. 11(1)(a). |
| Analytics and advertising measurement | Consent — Art. 6(1)(a) (set via the cookie banner). | Consent — s. 11(1)(a). |
| Assessing prospect / sales fit (profiling — see section 6) | Legitimate interests in directing sales effort efficiently — Art. 6(1)(f). | Legitimate interests — s. 11(1)(f). |
| Complying with legal and regulatory obligations | Legal obligation — Art. 6(1)(c). | Compliance with an obligation imposed by law — s. 11(1)(c). |
6. Automated decision-making and profiling
When you submit a demonstration request or otherwise engage with our sales team, we use information such as your country, your estimated monthly screening volume and your company size to evaluate how well your requirements fit our services and to prioritise and tailor our sales response.
This does not produce legal effects concerning you or similarly significantly affect you within the meaning of GDPR Article 22 / POPIA section 71: it informs how our staff engage with prospective customers, and a human is always involved.
7. Who we share personal information with
We do not sell personal information. We share it only with the categories of recipients set out below, who act either as our processors (operators, under POPIA) — processing personal information only on our documented instructions — or as independent controllers in their own right. We put a written data processing agreement in place with each processor.
| Category of recipient | Purpose | Role |
|---|---|---|
| Cloud hosting and infrastructure providers | Hosting our Website, data and supporting systems. | Processor / operator |
| CRM and marketing-automation providers | Managing prospect and sales records, sending marketing communications, and related website tracking (see the Cookie Policy). | Processor / operator |
| Website analytics, tag-management and advertising providers | Measuring and improving Website performance and advertising, where set with your consent. | Independent / joint controllers |
| Content delivery network and website-performance providers | Delivering, caching and accelerating Website content. | Processor / operator |
| Applicant-tracking and recruitment providers | Handling job applications (relevant to the Careers page — see the Candidate Privacy Notice). | Processor / independent controller |
| Email and communications providers | Delivering newsletters and enquiry-related and transactional messages. | Processor / operator |
| Professional advisers, auditors, and regulators or other authorities | Legal, accounting, audit and compliance purposes, or where required by law. | Independent controllers |
8. International transfers
Because we operate globally and use service providers that may be located in other countries, personal information is transferred across borders. Depending on the recipient, personal information may be processed in South Africa, the United Kingdom, the European Economic Area, the United States or other countries. The principal flows and the safeguards we rely on are:
| Data flow | Possible destination(s) | Transfer safeguard |
|---|---|---|
| Transfers within our own group, between our South African, UK and EU/EEA operations | South Africa, UK, EU/EEA | Adequacy where available; otherwise UK IDTA, EU Standard Contractual Clauses and POPIA s. 72 |
| Transfers to analytics, advertising and tag-management providers | EU/EEA, UK, United States | EU SCCs and the UK Addendum, and/or the EU-US Data Privacy Framework and its UK extension |
| Transfers to CRM and marketing-automation providers | EU/EEA and/or United States | EU SCCs / UK Addendum, and/or the EU-US Data Privacy Framework |
| Delivery of Website content via the content delivery network | Global edge locations | EU SCCs / UK Addendum |
| Cloud hosting of our infrastructure | EU/EEA, UK and/or other regions used by our hosting provider | EU SCCs / UK Addendum and POPIA s. 72 |
For each transfer to a country not recognised as providing an adequate level of protection, we rely on an Article 46 (UK/EU GDPR) safeguard or a POPIA section 72 basis.
9. How long we keep personal information
We keep personal information only for as long as we need it for the purposes set out in this Notice, after which it is securely deleted or anonymised. We do not keep personal information in a form that identifies you for longer than is necessary. We do not set a single fixed period for all data; instead, how long we keep each type of information depends on the criteria described below.
| Category | How long we keep it |
|---|---|
| Newsletter subscriber email | Until you unsubscribe or withdraw consent, after which it is removed from active marketing lists and suppressed from re-contact. |
| Contact-form submissions | For as long as we need it to deal with your enquiry and any related follow-up, unless the enquiry becomes a sales record (below). |
| Demonstration requests and CRM sales records | For the duration of our relationship with you as a prospect and for a reasonable period afterwards, reflecting the length of typical sales cycles in our industry and the period in which a new opportunity may arise. |
| Records of consent and processing history | For as long as we need to be able to demonstrate our compliance with data protection law after the relevant processing has ended. |
| Cookie / analytics data | As stated in the Cookie Policy. |
| Records kept for legal / tax reasons | For as long as the applicable law requires us to keep them, and for as long as a related legal claim could still be brought. |
When we decide how long to keep personal information, we take into account the purpose for which we hold it and whether we still need it, any legal, accounting, tax or regulatory retention obligations that apply to us, the period during which a legal claim could be brought, and whether you have asked us to delete the information or have withdrawn your consent. The specific periods that result from these criteria are recorded in our internal retention schedule and Records of Processing Activities, which we keep under review and can make available to a supervisory authority on request.
10. Your rights
Subject to the conditions and exemptions in the applicable law, you have rights over your personal information. Under the UK and EU GDPR, you may:
- request access to the personal data we hold about you;
- request rectification of inaccurate or incomplete data;
- request erasure (the “right to be forgotten”);
- request restriction of processing;
- object to processing based on our legitimate interests, and to direct marketing at any time;
- request data portability;
- not be subject to a decision based solely on automated processing that produces legal or similarly significant effects; and
- withdraw consent at any time, without affecting processing carried out before withdrawal.
Under POPIA you have corresponding rights, including the right to be notified of the collection of your information, to request access and correction or deletion, to object to processing, and not to be subject to a decision based solely on automated processing (POPIA sections 23–25 and 71).
If you are located in another jurisdiction, you may have equivalent or additional rights under your local law — for example, rights to access, correct or delete your information, or to opt out of certain processing. We will give effect to those rights to the extent they apply to our processing.
To exercise any right, contact privacy@relycomply.com. We will respond within the time limits set by the applicable law (one month under the UK/EU GDPR; a reasonable time under POPIA; and the period required by any other applicable law) and will not charge a fee except where permitted.
11. Complaints and supervisory authorities
If you have a concern about how we handle your personal information, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with your supervisory authority:
| Jurisdiction | Authority |
|---|---|
| South Africa | Information Regulator (South Africa) — inforegulator.org.za |
| United Kingdom | Information Commissioner’s Office (ICO) — ico.org.uk. |
| European Union | The data protection authority of the EU/EEA member state where you live, work, or where the alleged infringement took place. |
| Other jurisdictions | Where you are located elsewhere, you may also have the right to complain to the data protection or privacy authority in your country. |
12. Cookies and similar technologies
We use cookies and similar technologies on the Website. Non-essential cookies (including analytics and advertising) are set only after you give consent through our cookie banner. Full details — including the name, purpose, duration, party and recipient of each cookie and tracker — are set out in our separate Cookie Policy.
13. How we protect personal information
We maintain appropriate technical and organisational measures to protect personal information against unauthorised or unlawful processing and against accidental loss, destruction or damage, considering the nature of the data and the risks involved. Where a security compromise affects personal information, we will notify the relevant supervisory authority and affected data subjects as required by the applicable law (including POPIA section 22 and GDPR Articles 33–34).
14. Children
The Website and our services are directed at businesses and their professional staff, not at children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.
15. Changes to this Notice
We may update this Notice. The current version, with its effective date, is published on the Website. Where changes are material, we will take reasonable steps to bring them to your attention.
16. Contact us
For any question about this Notice or about how we handle your personal information, contact our Data Protection Officer via privacy@relycomply.com.