This privacy notice provides a high-level overview about how we use and share personal data in our Business
This privacy notice provides a high-level overview about how we use and share personal data in our Business
More detailed information can be found in our corresponding specific Privacy Notices.
We provide data, data analytics and services to our clients for a wide range of purposes as detailed in our corresponding specific Privacy Notices
We also conduct evaluations to determine whether data would be beneficial to our clients or ourselves, and we also share data for this purpose.
We also use personal information to assist our regular business operations. This includes managing data for company and consumer relationships, as well as staff personnel.
Personal data is in most cases collected directly from you or generated as part of the use of our services, products and channels. Sometimes additional information is required to keep information up to date or to verify the information that we collect.
We use a wide variety of personal data in our business, and we get it from many different sources.
The categories of personal data that we collect and use are listed below. We have provided examples of the types of personal data that fall within each category. Please note that the list of examples is not exhaustive. The type of personal data that we collect from you will depend on the service or product we are providing to you as a client or customer.
Information Type | Information Description | Information Source |
---|---|---|
Financial and regulatory data | We hold information from Companies House as publicly available data and can be used for a variety of purposes including marketing and reporting and analytical records | Companies House, data is supplied by Businesses across the UK. |
Credit account performance data | We receive data about how Businesses are managing to repay their credit commitments and meet their financial obligations. | This data is provided from a number of third parties and other financial services providers |
Judgment data | We obtain data about court judgments and decrees. This may include, for example, the name of the court, the nature of the judgment, how much money was owed, and whether the judgment has been satisfied. | The government makes court judgments and other decrees and administrative orders publicly available through statutory public registers. These are maintained by Registry Trust Limited, which supplies the data on the registers to us. |
Insolvency data | We obtain data about insolvency-related events. This includes data about bankruptcies, administration orders, individual voluntary arrangements, debt relief orders, sequestrations, trust deeds and debt arrangement schemes. This data includes the start and end dates of the relevant insolvency or arrangements | Business insolvency data is obtained from the London, Belfast and Edinburgh Gazettes. |
We use and otherwise process your personal data on the basis of the legal grounds and purposes described below.
We process personal data and verify the data prior to giving an offer and entering into a contract with you. We also process personal data to document and complete tasks in order to fulfil our contractual obligations towards you, e.g. to provide and administer our products and services to you. Examples of activities necessary to perform an agreement with you:
Our identity verification and fraud protection services involve acquiring personal data from a variety of sources and using it to assist our clients in confirming the identification of the consumers with whom they are dealing. This helps individuals avoid identity theft and other forms of fraud. Other services we provide contribute to reducing the danger of money laundering.
Our data marketing services involve gathering personal data from data suppliers and sharing that data with organisations who use it for marketing and related purposes.
We collect and exchange data for evaluation purposes. This includes determining its applicability for a certain purpose, such as whether it would be beneficial to us as part of a product or service. Sometimes it is important to exchange data with a third party so that they can match it to data they have and return more info to us.
When evaluating data, we use a variety of measures to protect customers' interests. For example, we anonymise or pseudonymize data where possible, protect it with appropriate security measures, and limit data amounts and retention periods.
We use personal information for internal business purposes. For example:
In addition to the performance of contract, processing of personal data also takes place for us to fulfil our obligations under law, other regulations or authority decisions.
Examples of processing due to legal obligations:
We use your personal data where necessary to further our legitimate interests, as long as those legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Examples of our processing based on legitimate interests:
We sometimes rely on consent to process personal data, but this is relatively rare. Again, please refer to the relevant privacy notices for more details.
By subscribing to one of our products or services, you are committing to receiving the services or products described in the applicable website's Terms & Conditions. In order to deliver those services to you, we must collect and utilise some personal information from you.
Some of our employees' data is also processed on this basis.
We may also provide third party service providers access to client information where they support or provide services to us. We will ensure that if we share information with, or provide access to, third party service providers, any such disclosure or access is at all times in compliance with Data Protection Legislation.
The recipients, or categories of recipients, of your information, or information relating to your Client Business Personnel, may be:
The applicable Privacy Notices detail the particular reasons for which we disclose personal data to our clients. Each of our clients will have their own privacy notice that explains how they utilise the data we provide in further detail. The following industries are typical ones in which our clients operate:
We and our clients may provide your information to third parties who help us use it for the purposes described in this notice:
Typically, these service providers aren't permitted to exploit customer data for their personal gain or to benefit other companies.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
We disclose personal data to external business partners with your consent or if this is permitted pursuant to applicable legislation or legitimate interests prevail. External business partners include for example vendor partners. See our list of Vendors, suppliers and partners.
We have entered into agreements with selected suppliers, which include processing of personal data on behalf of us. This can be suppliers of IT development, maintenance, hosting and support.
We only process your data in the UK.
We use cloud-based SaaS providers such as Microsoft that use Geo-regional back up processes.
While the United Kingdom and other nations in the European Union maintain a high degree of data protection regulation, some regions of the world may not give the same level of legal protection for personal data. As a result, if we move personal data overseas, we ensure that appropriate precautions are in place to protect the information. For instance, these precautions could include:
Please refer to the specific data notices.
We keep your personal data for as long as necessary for the performance of a contract and as required by retention requirements in laws and regulations. Where we keep your personal data for other purposes than those of the performance of a contract, such as for anti-money laundering we keep the personal data only if necessary and/or mandated by laws and regulations for the respective purpose.
In general, we will store customer data for a maximum 7 years after the end of the customer relationship to establish, exercise and defend against legal claims, for debt collection/claims handling and to demonstrate compliance with legal and regulatory obligations upon request by authorities. However, the retention period applied to the personal data in a specific case depends on the purpose of processing as outlined in the specific Privacy Notices accompanying this General Privacy Notice.
Examples of data retention periods:
While you are a registered user of our products, we will retain your personal data. After your account is terminated, we may retain it for an additional period of time. For these extra reasons, including but not limited to: troubleshooting data supply, restoring systems after a data loss incident, and responding to complaints, claims, and enquiries from you, your employer (or its affiliates), or our regulators, we retain the data for that additional period of time only.
Where applicable and under the accompanying specific Data Privacy Notices, we use your personal information to carry out the automated decision-making and profiling activities described within those notices. Generally however we do not use automated decision making or profiling.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
Your request to exercise your rights as listed above will be assessed given the circumstances in each individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
Any request for access to or a copy of personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards any individual’s rights as a data subject.
We use cookies and similar technology to differentiate you from other website visitors. This allows us to offer you with a decent browsing experience while also personalising and improving the website.
A cookie is a tiny file containing letters and numbers that we store on your device. Similar technology is any other technology that stores or accesses data from your device. We use the following types of cookies and related technologies (referred to here as 'cookies'):
Cookies that are strictly necessary. These cookies are essential for the website to function properly.
Cookies used for analytics and performance purposes. These cookies allow us to detect and count the number of visits to the website, as well as track how visitors move around it while they are using it. This allows us to improve how our website works.
Our browser settings may allow you to refuse the setting of certain cookies. The "Help" or "Internet Settings" functions within your browser should tell you how. For information on how to manage cookies on popular browsers please see the following links:
Alternatively, you may wish to visit http://www.allaboutcookies.org/ which contains detailed information on cookies and how to delete, restrict or block them on a wide variety of browsers. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
To opt out of being tracked by Google Analytics across all websites, you may be able to use the tool provided by Google available at: http://tools.google.com/dlpage/gaoptout.
Please be aware that if you select to refuse or restrict cookies, the full functionality of the Site may no longer be available.
If you have a complaint about our processing of your data, you can contact our Data Protection Officer at iso@redflagert.com
Please see our Consumer Contact Privacy Notice for information on how we will handle your personal information in response to complaints and questions.
You also have the right to file a complaint with the Information Commissioner's Office (ICO), which oversees the processing of personal data in the United Kingdom. You can do this online at www.ico.org.uk or by calling 0303 123 1113, or by writing to the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.