In this privacy notice, we detail the ways in which we collect, use, and disclose information about customers who send us enquiries, requests, or complaints.
In order to better react to your requests, complaints, or enquiries, we may collect and use the personal information you provide when you contact us.
We will use your personal information to address any issue or enquiry you have raised with us (referred to as a "enquiry" below). For example, this could entail investigating the topic internally or with external agencies and contacting you to request additional information or to tell you of the conclusion of your inquiry.
The types of enquiries that we generally handle include:
Some of our products and services require identity verification in line with our client’s own privacy policies.
When you contact us eg with a SAR, we may need to confirm that you are who you say you are. This is required to ensure that your personal information is not shared with anyone who should not have it.
In order to help us improve our services, we may ask you to rate and review our work. We value your opinion and use it to enhance our offerings.
The personal information that we use in our products and services may be altered as a consequence of certain sorts of enquiries that you may submit regarding our products and services.
After receiving a complaint or request, we review the data to determine what went wrong, address the issues we discovered, and enhance our response to future requests or complaints of a similar nature. In order to better manage our services and spot possible issues, we use aggregated statistics about the queries, requests, and complaints that we receive.
To comply with applicable laws and regulations, we may use the information you provide. This may involve, for instance, addressing concerns or questions raised by you or a regulatory body regarding our handling of your inquiry or the use of your personal information.
We collect and use information from a variety of sources. These are summarised in the table below.
| Type of information gathered | Description of Information gathered | Where we get the information |
|---|---|---|
| Basic information about you and how to reach you | These details include your name, address, past addresses, birthdate, email address, phone number. These are used to handle your request and interact with you on it. | This information is given to us by you when you make your request or afterward. |
| Your request | This is the subject or action you have requested from us. | This information is given to us by you when you make your request or afterward. |
| Additional information you provide us about yourself | During your interactions with us, you have the option to disclose additional personal information. For instance, you might want to provide us more information about your request's context, or you might want to let us know about a disability or vulnerability so that we can keep it in mind when we talk to you. | This information is given to us by you when you make your request or afterward. |
| Identification documents, official paperwork, and other forms of proof | In order to verify your identification, we may request certain documents or information from you that serve as proof of identity. Proof of legal capacity, such as a power of attorney or letter of authority, may also be required if you are requesting something on someone else's behalf. | This information is given to us by you when you make your request or afterward. |
| Details acquired while fulfilling your request | In order to address your request, we will typically need to gather more information regarding the specifics of your inquiry. The data we collect as a result of this is as follows. What you have requested will determine the type of information that is collected. | We get this information from our own records and records kept by outside groups, like clients and vendors. |
| Our response and other correspondence | We have reviewed your inquiry and any previous correspondence regarding your request, and here is our reply. | This is produced by us |
| Details on your browsing of our websites | If you use our website to do something or send us information, we may keep track of your IP address, running system, and browser type. Cookies may be linked to this information. You can read about cookies in the cookie warning on the website in question. | We gather this ourselves through the website. |
You don't have to give us your personal information. But if you don't give us the documents or information we need, we might not be able to do what you want or answer your question correctly.
We will retain your personal data for the duration of the request and for an additional period of time after it has been resolved. This is three years for data disputes or three months for call recordings; however, the duration may be extended for certain categories of data. The purpose for which the personal data may be required determines the additional period, which may include:
The UK's data protection law permits us to use your personal data as necessary to comply with our legal duties. This means that if you make a request to which we are legally obligated to answer, we will use your personal information to comply with that requirement.
The UK's data protection law enables the use of your personal data for lawful reasons as long as it does not outweigh the impact on you. The law refers to this as the "legitimate interests" criterion for processing personal data. The legitimate interests that we pursue are:
| Legitimate Interest | Explanation |
|---|---|
| Security | We are interested in keeping your personal information secure. This means that when we get a request from you (for example, for a copy of any data we hold on you), we must authenticate your identity to ensure that you are the person making the request. |
| Reputation and service improvement | We want to respond to questions swiftly and efficiently, as well as improve our services, in order to improve our company's reputation and avoid regulatory action. |
We may share your information with third parties that assist us utilise it for the purposes indicated.
If your request relates to data provided to us by third parties, we may need to share your personal information to those third parties in order to properly address your request.
We may occasionally need to verify the information you supply with other third parties.
We may need to disclose personal information to a regulator, such as the Information Commissioner's Office or the Financial Conduct Authority.
We only process your data in the UK.
We use cloud-based SaaS providers such as Microsoft that use Geo-regional back up processes.
While the United Kingdom and other nations in the European Union maintain a high degree of data protection regulation, some regions of the world may not give the same level of legal protection for personal data. As a result, if we move personal data overseas, we ensure that appropriate precautions are in place to protect the information. For instance, these precautions could include:
We do not use automated decision-making or profiling to make important choices about you in connection with the activities specified in this privacy notice.
If you have a complaint about our processing of your data, you can contact our Data Protection Officer at iso@redflagert.com
Please see our Consumer Contact Privacy Notice for information on how we will handle your personal information in response to complaints and questions.
You also have the right to file a complaint with the Information Commissioner's Office (ICO), which oversees the processing of personal data in the United Kingdom. You can do this online at www.ico.org.uk or by calling 0303 123 1113, or by writing to the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.