Consumer Contact Privacy Notice

In this privacy notice, we detail the ways in which we collect, use, and disclose information about customers who send us enquiries, requests, or complaints.

In order to better react to your requests, complaints, or enquiries, we may collect and use the personal information you provide when you contact us.

1. What your personal data is used for

Dealing with your enquiry, request or complaint

We will use your personal information to address any issue or enquiry you have raised with us (referred to as a "enquiry" below). For example, this could entail investigating the topic internally or with external agencies and contacting you to request additional information or to tell you of the conclusion of your inquiry.

The types of enquiries that we generally handle include:

  • requests for access to personal data, or to contest the correctness of personal data that we have, or to request the erasure of personal data
  • Support queries about our consumer products
  • Complaints
  • General enquiries

Identity Verification

Some of our products and services require identity verification in line with our client’s own privacy policies.

When you contact us eg with a SAR, we may need to confirm that you are who you say you are. This is required to ensure that your personal information is not shared with anyone who should not have it.

Asking for your feedback

In order to help us improve our services, we may ask you to rate and review our work. We value your opinion and use it to enhance our offerings.

Products and services

The personal information that we use in our products and services may be altered as a consequence of certain sorts of enquiries that you may submit regarding our products and services.

Improving systems and processes; internal reporting

After receiving a complaint or request, we review the data to determine what went wrong, address the issues we discovered, and enhance our response to future requests or complaints of a similar nature. In order to better manage our services and spot possible issues, we use aggregated statistics about the queries, requests, and complaints that we receive.

Legal and regulatory purposes

To comply with applicable laws and regulations, we may use the information you provide. This may involve, for instance, addressing concerns or questions raised by you or a regulatory body regarding our handling of your inquiry or the use of your personal information.

2. How do we use your data and where do we get it from

We collect and use information from a variety of sources. These are summarised in the table below.

Type of information gathered Description of Information gathered Where we get the information
Basic information about you and how to reach you These details include your name, address, past addresses, birthdate, email address, phone number. These are used to handle your request and interact with you on it. This information is given to us by you when you make your request or afterward.
Your request This is the subject or action you have requested from us. This information is given to us by you when you make your request or afterward.
Additional information you provide us about yourself During your interactions with us, you have the option to disclose additional personal information. For instance, you might want to provide us more information about your request's context, or you might want to let us know about a disability or vulnerability so that we can keep it in mind when we talk to you. This information is given to us by you when you make your request or afterward.
Identification documents, official paperwork, and other forms of proof In order to verify your identification, we may request certain documents or information from you that serve as proof of identity. Proof of legal capacity, such as a power of attorney or letter of authority, may also be required if you are requesting something on someone else's behalf. This information is given to us by you when you make your request or afterward.
Details acquired while fulfilling your request In order to address your request, we will typically need to gather more information regarding the specifics of your inquiry. The data we collect as a result of this is as follows. What you have requested will determine the type of information that is collected. We get this information from our own records and records kept by outside groups, like clients and vendors.
Our response and other correspondence We have reviewed your inquiry and any previous correspondence regarding your request, and here is our reply. This is produced by us
Details on your browsing of our websites If you use our website to do something or send us information, we may keep track of your IP address, running system, and browser type. Cookies may be linked to this information. You can read about cookies in the cookie warning on the website in question. We gather this ourselves through the website.

You don't have to give us your personal information. But if you don't give us the documents or information we need, we might not be able to do what you want or answer your question correctly.

3. How long do we keep your data for

We will retain your personal data for the duration of the request and for an additional period of time after it has been resolved. This is three years for data disputes or three months for call recordings; however, the duration may be extended for certain categories of data. The purpose for which the personal data may be required determines the additional period, which may include:

  • demonstrating that we have implemented suitable procedures to address enquiries, requests, and complaints, and that we are conducting these activities in a fair and compliant manner with our regulatory obligations;
  • responding to any enquiries from you or a regulator regarding the manner in which we have addressed your request, and to demonstrate that we have appropriately addressed it;
  • defending against any potential legal claims or regulatory action that may arise as a consequence of the request.

4. What is the legal basis for handling your personal data

Compliance with a legal obligation

The UK's data protection law permits us to use your personal data as necessary to comply with our legal duties. This means that if you make a request to which we are legally obligated to answer, we will use your personal information to comply with that requirement.

Legitimate interests

The UK's data protection law enables the use of your personal data for lawful reasons as long as it does not outweigh the impact on you. The law refers to this as the "legitimate interests" criterion for processing personal data. The legitimate interests that we pursue are:

Legitimate Interest Explanation
Security We are interested in keeping your personal information secure. This means that when we get a request from you (for example, for a copy of any data we hold on you), we must authenticate your identity to ensure that you are the person making the request.
Reputation and service improvement We want to respond to questions swiftly and efficiently, as well as improve our services, in order to improve our company's reputation and avoid regulatory action.

5. Who do we share personal data with

Service Providers

We may share your information with third parties that assist us utilise it for the purposes indicated.

Data suppliers and other third parties

If your request relates to data provided to us by third parties, we may need to share your personal information to those third parties in order to properly address your request.

We may occasionally need to verify the information you supply with other third parties.

Regulators

We may need to disclose personal information to a regulator, such as the Information Commissioner's Office or the Financial Conduct Authority.

6. Where we store your data

We only process your data in the UK.

We use cloud-based SaaS providers such as Microsoft that use Geo-regional back up processes.

While the United Kingdom and other nations in the European Union maintain a high degree of data protection regulation, some regions of the world may not give the same level of legal protection for personal data. As a result, if we move personal data overseas, we ensure that appropriate precautions are in place to protect the information. For instance, these precautions could include:

  • Creating a contract with the beneficiary that includes terms approved by the authorities as providing an adequate level of protection.

7. Use of automated decision making or profiling

We do not use automated decision-making or profiling to make important choices about you in connection with the activities specified in this privacy notice.

8. Your rights in relation to the data processing we carry out

  • Access: You have the right to know what personal data we have on you, as well as other information about how we use it.
  • Rectification: If the information we have about you is inaccurate or out of date, you have the right to request that we update it.
  • Objection to legitimate interests: If you disagree with us using your personal information on the basis of legitimate interests, you have the right to object. We will then reassess the extent to which we can continue to utilise the data given your specific circumstances.
  • Erasure: In certain instances, you may request that we delete your personal information from our systems. However, this normally does not apply to all of your data because we may have a valid purpose for keeping some of it.
  • Withdrawal of consent: Because we do not rely on your approval to use your personal data, you do not have the right to withdraw it.
  • Objection to direct marketing: We do not use your personal data for direct marketing purposes, but you have the right to object if we do in the future.
  • Restriction: In certain cases, you may request that we limit how we use your personal information.

9. Your right to complain

If you have a complaint about our processing of your data, you can contact our Data Protection Officer at iso@redflagert.com

Please see our Consumer Contact Privacy Notice for information on how we will handle your personal information in response to complaints and questions.

You also have the right to file a complaint with the Information Commissioner's Office (ICO), which oversees the processing of personal data in the United Kingdom. You can do this online at www.ico.org.uk or by calling 0303 123 1113, or by writing to the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.