Privacy Policy

1. Introduction

This Privacy Policy explains how ReloOps ("we", "us", or "our") collects, uses, stores, and protects personal data when you use our customs declaration management platform. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

For detailed information about our security measures, please see our Security & GDPR page.

2. Our Role: Data Controller vs Data Processor

ReloOps operates in two capacities depending on the data involved:

3. Information We Collect

From Subscribers (Removal Companies)

• Business name, registration details, and contact information
• Account administrator name, email, and phone number
• Billing and payment information
• Platform usage and activity logs

From End-Users (Clients of Subscribers)

When end-users complete customs declarations, we collect on behalf of the Subscriber:

• Full legal name, date of birth, nationality
• Passport or national ID details
• Current and previous addresses (for residency verification)
• EORI numbers and existing ToR reference numbers (if applicable)
• Household goods inventory and estimated values
• Supporting documents (utility bills, bank statements, ID copies)

4. How We Use Personal Data

For Subscribers

• Provide access to and support for the ReloOps platform
• Process subscription payments and manage billing
• Send service updates, security alerts, and product announcements
• Improve our platform based on usage patterns
• Comply with legal and regulatory obligations

For End-User Data (as Data Processor)

• Generate and submit Transfer of Residence customs declarations
• Verify identity and residency through AI-powered document analysis
• Calculate commodity codes and declaration values
• Transmit declaration data to HMRC CDS or Irish Revenue AIS
• Provide declaration status and tracking to Subscribers

5. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract Performance: Processing necessary to provide our services to Subscribers
• Legal Obligation: Compliance with customs, tax, and data protection laws
• Legitimate Interests: Platform security, fraud prevention, and service improvement
• Consent: Where specifically required, such as for marketing communications

6. Data Sharing & Third Parties

We share personal data only in the following circumstances:

• Customs Authorities: Declaration data is transmitted to HMRC (UK) and/or Irish Revenue as required for customs clearance
• Infrastructure Providers: Secure cloud hosting (UK-based data centres) and database services
• Payment Processors: Billing information is processed by PCI-DSS compliant payment providers
• Legal Requirements: Where required by law, court order, or regulatory authority

We do not sell personal data to third parties. We do not use end-user declaration data for marketing purposes.

7. Data Security

We implement robust security measures including:

• AES-256 encryption for data at rest and TLS 1.3 for data in transit
• UK-based data centres with ISO 27001 certification
• Role-based access controls and multi-factor authentication
• Regular security audits and penetration testing
• Comprehensive audit logging of all data access

See our Security & GDPR page for full details.

8. Data Retention

We retain personal data for the following periods:

• Subscriber Account Data: Duration of subscription plus 7 years (legal/tax requirements)
• Declaration Data: 6 years from submission date (HMRC record-keeping requirements)
• Uploaded Documents: Deleted within 90 days of declaration completion unless longer retention is requested
• Platform Logs: 12 months for security and debugging purposes

After retention periods expire, data is securely deleted using industry-standard methods.

9. International Data Transfers

All primary data storage occurs within UK-based data centres. Where data is transferred to customs authorities in Ireland or the EU, such transfers are necessary for the performance of customs declarations and are protected by appropriate safeguards under UK and EU data protection law.

10. Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Where processing is based on consent

For End-Users: As we process your data on behalf of the Subscriber (your removal company), please direct rights requests to them in the first instance. They will coordinate with us to fulfil your request.

11. Cookies & Analytics

We use essential cookies required for platform functionality. We may also use analytics cookies to understand how our platform is used. You can manage cookie preferences through your browser settings. Essential cookies cannot be disabled as they are necessary for the platform to function.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email to Subscribers and posted on our platform. We encourage you to review this page periodically.

13. Complaints

If you have concerns about how we handle your personal data, please contact us first. You also have the right to lodge a complaint with a supervisory authority:

• UK: Information Commissioner's Office (ICO) - ico.org.uk
• Ireland: Data Protection Commission - dataprotection.ie

14. Contact Us

For privacy-related enquiries, data subject access requests, or to exercise your rights:

Data Protection Enquiries: privacy@reloops.co
Security Concerns: security@reloops.co
General Enquiries: hello@reloops.co