General Privacy Notice

This privacy notice provides a high-level overview about how we use and share personal data in our Business

This privacy notice provides a high-level overview about how we use and share personal data in our Business

More detailed information can be found in our corresponding specific Privacy Notices.

We provide data, data analytics and services to our clients for a wide range of purposes as detailed in our corresponding specific Privacy Notices

We also conduct evaluations to determine whether data would be beneficial to our clients or ourselves, and we also share data for this purpose.

We also use personal information to assist our regular business operations. This includes managing data for company and consumer relationships, as well as staff personnel.

1. What data do we collect

Personal data is in most cases collected directly from you or generated as part of the use of our services, products and channels. Sometimes additional information is required to keep information up to date or to verify the information that we collect.

We use a wide variety of personal data in our business, and we get it from many different sources.

The categories of personal data that we collect and use are listed below. We have provided examples of the types of personal data that fall within each category. Please note that the list of examples is not exhaustive. The type of personal data that we collect from you will depend on the service or product we are providing to you as a client or customer.

Information Type Information Description Information Source
Financial and regulatory data We hold information from Companies House as publicly available data and can be used for a variety of purposes including marketing and reporting and analytical records Companies House, data is supplied by Businesses across the UK.
Credit account performance data We receive data about how Businesses are managing to repay their credit commitments and meet their financial obligations. This data is provided from a number of third parties and other financial services providers
Judgment data We obtain data about court judgments and decrees. This may include, for example, the name of the court, the nature of the judgment, how much money was owed, and whether the judgment has been satisfied. The government makes court judgments and other decrees and administrative orders publicly available through statutory public registers. These are maintained by Registry Trust Limited, which supplies the data on the registers to us.
Insolvency data We obtain data about insolvency-related events. This includes data about bankruptcies, administration orders, individual voluntary arrangements, debt relief orders, sequestrations, trust deeds and debt arrangement schemes. This data includes the start and end dates of the relevant insolvency or arrangements Business insolvency data is obtained from the London, Belfast and Edinburgh Gazettes.

2. How we use your personal data

We use and otherwise process your personal data on the basis of the legal grounds and purposes described below.

We process personal data and verify the data prior to giving an offer and entering into a contract with you. We also process personal data to document and complete tasks in order to fulfil our contractual obligations towards you, e.g. to provide and administer our products and services to you. Examples of activities necessary to perform an agreement with you: 

Our identity verification and fraud protection services involve acquiring personal data from a variety of sources and using it to assist our clients in confirming the identification of the consumers with whom they are dealing. This helps individuals avoid identity theft and other forms of fraud. Other services we provide contribute to reducing the danger of money laundering.

Our data marketing services involve gathering personal data from data suppliers and sharing that data with organisations who use it for marketing and related purposes.

Data evaluations

 We collect and exchange data for evaluation purposes. This includes determining its applicability for a certain purpose, such as whether it would be beneficial to us as part of a product or service. Sometimes it is important to exchange data with a third party so that they can match it to data they have and return more info to us.

When evaluating data, we use a variety of measures to protect customers' interests. For example, we anonymise or pseudonymize data where possible, protect it with appropriate security measures, and limit data amounts and retention periods.

Operating our business

We use personal information for internal business purposes. For example:

  • We keep names, job titles, and contact information from our business contacts (such as client and supplier representatives), which we use to manage our connection with them as well as for marketing purposes. Please see our Business Contact Data Privacy Notice for more information.
  • We collect names, contact information, and other information from customers who contact us, and we use that information to respond to their questions. See our Consumer Contact Data Privacy Notice for more information.
  • We collect information on our employees and use it to manage our working relationships with them. The information includes work and educational histories, as well as background checks and performance evaluations. Employees can discover more information on the staff intranet.
  • We use personal information for legal and regulatory reasons. This could include responding to complaints or questions from consumers or regulators regarding how we have utilised personal information.

Legal Obligations

In addition to the performance of contract, processing of personal data also takes place for us to fulfil our obligations under law, other regulations or authority decisions. 

Examples of processing due to legal obligations:

  • Know Your Customer (KYC) requirements
  • Prevention of money laundering and terrorist financing
  • Sanctions screening
  • Reporting to tax authorities, police authorities, enforcements authorities, and supervisory authorities 
  • Payment service requirements and obligations, such as fraud monitoring and reporting 
  • Other obligations related to service or product specific legislations

3. What is the lawful basis for processing your information

Legitimate interests

We use your personal data where necessary to further our legitimate interests, as long as those legitimate interests are not overridden by your interests or fundamental rights and freedoms.

Examples of our processing based on legitimate interests:

  • Marketing, product and customer analyses. This processing forms the basis for marketing, process-, business- and system development, including testing. This is to improve our product range and to optimize our customer offerings. In some situations we collect your consent for marketing related activities as described below.
  • Profiling, for example when conducting customer analysis for marketing purposes or when monitoring transactions in order to detect frauds.
  • Improving, developing and testing our products and services. If we want our services to handle data correctly and keep up with the competition, we need to invest in product development, testing, and improvement. For example, we need to make sure our products can give our clients accurate results, and we can increase the accuracy of our outcomes by using more data in our processes.
  • Helping prevent and detect crime and fraud; anti-money laundering; and identity verification
  • Complying with and supporting compliance with legal and regulatory requirements
  • Providing support services. In order to comply with audit requirements, we must offer supplementary and support services to our clients. This includes responding to technical questions you may have regarding the Service and providing reports on the services we have rendered.
  • Performance Monitoring. Monitoring the performance of our services is something that we are interested in doing because it can assist us in locating any technical issues or areas that could use improvement.

Consent

We sometimes rely on consent to process personal data, but this is relatively rare. Again, please refer to the relevant privacy notices for more details.

Performance of our contract with you

By subscribing to one of our products or services, you are committing to receiving the services or products described in the applicable website's Terms & Conditions. In order to deliver those services to you, we must collect and utilise some personal information from you.

Some of our employees' data is also processed on this basis.

4. Who do we share your data with

We may also provide third party service providers access to client information where they support or provide services to us. We will ensure that if we share information with, or provide access to, third party service providers, any such disclosure or access is at all times in compliance with Data Protection Legislation.

The recipients, or categories of recipients, of your information, or information relating to your Client Business Personnel, may be:

  • UK regulators, courts and authorities in connection with their duties (such as crime prevention);
  • fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your information to detect, investigate and prevent crime;
  • third party service providers who support or provide services to us;

Our clients

The applicable Privacy Notices detail the particular reasons for which we disclose personal data to our clients. Each of our clients will have their own privacy notice that explains how they utilise the data we provide in further detail. The following industries are typical ones in which our clients operate:

  • financial services
  • telecoms and utilities
  • professional services (such as legal and accountancy firms)
  • manufacturing and distribution

Service providers

We and our clients may provide your information to third parties who help us use it for the purposes described in this notice:

  • Our databases of personal data may be hosted by third parties on our behalf such as HubSpot
  • Some of our products and services rely on us sending personal data to third parties who then analyse or enhance it and return the results to us.
  • We use cloud-based technologies such as Microsoft Office 365 in the course of our ordinary business operations

Typically, these service providers aren't permitted to exploit customer data for their personal gain or to benefit other companies.

Regulators

 We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

External business partners

We disclose personal data to external business partners with your consent or if this is permitted pursuant to applicable legislation or legitimate interests prevail. External business partners include for example vendor partners. See our list of Vendors, suppliers and partners.

Suppliers

We have entered into agreements with selected suppliers, which include processing of personal data on behalf of us. This can be suppliers of IT development, maintenance, hosting and support.

5. Where we store and process your data

We only process your data in the UK.

We use cloud-based SaaS providers such as Microsoft that use Geo-regional back up processes.

While the United Kingdom and other nations in the European Union maintain a high degree of data protection regulation, some regions of the world may not give the same level of legal protection for personal data. As a result, if we move personal data overseas, we ensure that appropriate precautions are in place to protect the information. For instance, these precautions could include:

  • Creating a contract with the beneficiary that includes terms approved by the authorities as providing an adequate level of protection.

6. How long to we keep your data for

Please refer to the specific data notices.

We keep your personal data for as long as necessary for the performance of a contract and as required by retention requirements in laws and regulations. Where we keep your personal data for other purposes than those of the performance of a contract, such as for anti-money laundering we keep the personal data only if necessary and/or mandated by laws and regulations for the respective purpose.

In general, we will store customer data for a maximum 7 years after the end of the customer relationship to establish, exercise and defend against legal claims, for debt collection/claims handling and to demonstrate compliance with legal and regulatory obligations upon request by authorities. However, the retention period applied to the personal data in a specific case depends on the purpose of processing as outlined in the specific Privacy Notices accompanying this General Privacy Notice.

Examples of data retention  periods:

  • Customer relationships not established: up to 24 months from last point of contact
  • Preventing and detection of money laundering and terrorist financing, and fraud: storing of Know Your Customer (KYC) information for a minimum of five years after termination of the business relationships or the performance of the individual transaction
  • Details on performance of an agreement: storing information related to your agreement with us for up to seven years after end of customer relationship

While you are a registered user of our products, we will retain your personal data. After your account is terminated, we may retain it for an additional period of time. For these extra reasons, including but not limited to: troubleshooting data supply, restoring systems after a data loss incident, and responding to complaints, claims, and enquiries from you, your employer (or its affiliates), or our regulators, we retain the data for that additional period of time only.

7. Use of automated decision making or profiling

Where applicable and under the accompanying specific Data Privacy Notices, we use your personal information to carry out the automated decision-making and profiling activities described within those notices. Generally however we do not use automated decision making or profiling.

8. Your rights in relation to the data processing we carry out

  • Access: You have the right to know what personal data we have on you, as well as other information about how we use it.
  • Rectification: If the information we have about you is inaccurate or out of date, you have the right to request that we update it.
  • Objection to legitimate interests: If you disagree with us using your personal information on the basis of legitimate interests, you have the right to object. We will then reassess the extent to which we can continue to utilise the data given your specific circumstances.
  • Erasure: In certain instances, you may request that we delete your personal information from our systems. However, this normally does not apply to all of your data because we may have a valid purpose for keeping some of it.
  • Withdrawal of consent: Because we do not rely on your approval to use your personal data, you do not have the right to withdraw it.
  • Objection to direct marketing: We do not use your personal data for direct marketing purposes, but you have the right to object if we do in the future.
  • Restriction: In certain cases, you may request that we limit how we use your personal information.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

Your request to exercise your rights as listed above will be assessed given the circumstances in each individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Any request for access to or a copy of personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards any individual’s rights as a data subject.

9. Web site cookies

We use cookies and similar technology to differentiate you from other website visitors. This allows us to offer you with a decent browsing experience while also personalising and improving the website.

A cookie is a tiny file containing letters and numbers that we store on your device. Similar technology is any other technology that stores or accesses data from your device. We use the following types of cookies and related technologies (referred to here as 'cookies'):

Cookies that are strictly necessary. These cookies are essential for the website to function properly.

Cookies used for analytics and performance purposes. These cookies allow us to detect and count the number of visits to the website, as well as track how visitors move around it while they are using it. This allows us to improve how our website works.

Our browser settings may allow you to refuse the setting of certain cookies. The "Help" or "Internet Settings" functions within your browser should tell you how. For information on how to manage cookies on popular browsers please see the following links:

Alternatively, you may wish to visit http://www.allaboutcookies.org/ which contains detailed information on cookies and how to delete, restrict or block them on a wide variety of browsers. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.

To opt out of being tracked by Google Analytics across all websites, you may be able to use the tool provided by Google available at: http://tools.google.com/dlpage/gaoptout.

Please be aware that if you select to refuse or restrict cookies, the full functionality of the Site may no longer be available.

10. Your right to complain

If you have a complaint about our processing of your data, you can contact our Data Protection Officer at iso@redflagert.com

Please see our Consumer Contact Privacy Notice for information on how we will handle your personal information in response to complaints and questions.

You also have the right to file a complaint with the Information Commissioner's Office (ICO), which oversees the processing of personal data in the United Kingdom. You can do this online at www.ico.org.uk or by calling 0303 123 1113, or by writing to the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.