Legal · Privacy

Privacy notice.

How Admodum Compliance collects, uses, stores and protects personal information from the people who visit this site, request a white paper, subscribe to a newsletter, apply for a role or engage the firm. Plain language. UK GDPR and equivalent provisions across the firm’s four offices.

Effective1 May 2026
Version2.4
JurisdictionUK GDPR, EU GDPR, CCPA, PDPA

Inside this notice

  1. Who we are
  2. What we collect
  3. Why we collect it
  4. Legal basis
  5. Who we share with
  6. International transfers
  7. Retention
  8. Your rights
  9. Cookies and analytics
  10. Contact
Section i

Who we are.

Admodum Compliance is an independent software licensing advisory firm. The data controller responsible for the personal information described in this notice is Admodum Compliance Ltd (the firm), with offices in London (the headquarters and registered office), New York, Singapore and Stockholm. The firm is the controller for personal information collected through this site, through enquiry forms, through engagement workstreams and through the firm’s newsletter subscriptions.

The firm is independent of every software publisher. We are not a partner, reseller, or affiliate of Oracle, Microsoft, SAP, Salesforce, IBM, Broadcom, ServiceNow, Workday, AWS, Google, Cisco, Adobe, Autodesk or any other software vendor. The independence position is the load-bearing commercial position of the firm and is the reason this notice does not describe any data-sharing relationship with a software publisher.

Section ii

What we collect.

The firm collects personal information you provide through the site forms and through the engagement workstreams. The categories are limited and itemised.

Site forms

Engagement workstreams

During an engagement the firm processes additional information necessary to deliver the advisory: contract documents you share with the firm, licensing inventories, audit correspondence and other workstream materials. The engagement personal-information processing is described in the engagement’s data processing addendum and is not described further in this site notice.

Site analytics

The firm processes limited site-analytics information (page views, referring page, browser type, approximate region). The information is processed in aggregate to understand which content is read and is not used to identify any individual visitor. The analytics section below sets out the cookies and the opt-out.

Section iii

Why we collect it.

The firm processes personal information for a narrow set of purposes itemised below.

The firm does not process personal information for advertising targeting, profiling, automated decision-making, third-party marketing distribution or any purpose other than the purposes itemised here.

Section iv

Legal basis.

Where UK GDPR or EU GDPR applies, the firm relies on the following lawful bases.

Where CCPA, PDPA or equivalent applies (for visitors and clients in California, Singapore and other jurisdictions), the firm applies the equivalent provisions of those frameworks.

Section v

Who we share with.

The firm does not sell personal information and does not share it with software publishers, resellers or marketing affiliates. The firm shares personal information only with the limited set of processors necessary to operate the site and the practice.

Each processor is engaged under a data processing addendum that requires the processor to apply at least the protections described in this notice. The firm reviews each processor against its independence and data-handling commitments annually.

Section vi

International transfers.

The firm operates from London, New York, Singapore and Stockholm. Personal information may be transferred between these offices to deliver an engagement, to maintain a consolidated firm record, or to support a client across multiple regions. Each transfer is covered by appropriate safeguards (the UK International Data Transfer Agreement, the EU Standard Contractual Clauses or equivalent, depending on the source and destination jurisdictions).

Where a processor is established outside the United Kingdom or the European Economic Area, the firm applies the same safeguards. The firm does not transfer personal information to any jurisdiction without an adequacy decision or appropriate contractual safeguards in place.

Section vii

Retention periods.

The firm retains personal information only as long as necessary for the purposes itemised in section three, with the following indicative retention windows.

Section viii

Your rights.

Where UK GDPR or EU GDPR applies, you have the rights to access, correct, delete, restrict, port and object to processing of your personal information. You also have the right to lodge a complaint with the Information Commissioner’s Office in the United Kingdom, the supervisory authority in your country, or the equivalent regulator in your jurisdiction.

To exercise any of these rights, write to the firm at privacy@admodumcompliance.com with the request and enough information to verify your identity. The firm responds inside the statutory window (one month under UK GDPR, with a possible extension where the request is complex).

Where CCPA, PDPA or equivalent applies, you may have additional or different rights. The firm applies the equivalent provisions of those frameworks. The firm does not sell personal information; the right-to-opt-out-of-sale provisions therefore have no operational effect on the firm’s practice.

Section ix

Cookies and analytics.

The site uses a minimal cookie set. A first-party session cookie supports site navigation. A first-party analytics cookie supports aggregate analytics. No third-party advertising cookies, no cross-site tracking, no profiling cookies are set by the firm or by any service the firm engages.

You can disable cookies in your browser settings without affecting the readable content of the site. The firm does not respond to a Do Not Track header, because the firm does not perform the tracking the header is designed to disable.

Section x

Contact and complaints.

To exercise a right, ask a question about this notice or raise a concern, write to the firm at privacy@admodumcompliance.com or use the contact form at /contact. The Data Protection Officer responds inside ten business days. Where the response does not resolve a concern, you may escalate to the supervisory authority in your jurisdiction.

The companion terms of use describe the wider terms under which this site is operated. The site sitemap sets out every page on admodumcompliance.com.

Independence
Admodum is not a partner, reseller, or affiliate of any software vendor. Personal information is never shared with a software publisher, a reseller or a marketing affiliate.