This privacy notice explains how we use and distribute personal data about customers for our clients' marketing purposes.
This privacy notice explains how we use and distribute personal data about customers for our clients' marketing purposes. It also highlights your data protection rights, including the ability to object to some of the processing that we conduct.
As part of our product and service offerings, we provide clients data and data analytics. Our marketing services include providing our clients with names and addresses from a variety of sources, including publicly available information, for direct marketing purposes.
In the course of creating, enhancing, monitoring, maintaining, and testing our systems and products, we may occasionally make use of personally identifiable information. Among these tasks is checking the functionality of our security measures. Before doing this, we will aggregate, pseudonymize, or anonymise the data wherever possible.
We will typically require your personal data to assist us in addressing your inquiry if you contact us. In some cases, we may also require your personal data for legal and regulatory purposes.
If you object to us processing your personal information for direct marketing purposes, we will put your name to our suppression list and exclude you from future direct marketing operations.
If you file a complaint about us with our regulators, they will often request that we investigate your case. During the inquiry, we will need to access your personal information.
Similarly, if you initiate legal action against us, we will typically need to assess how we utilised your personal information in order to defend ourselves against your claim.
Some clients give us with their own data about individuals (which is normally gathered under the client's separate privacy policies) and ask us to supplement it with additional information. When this occurs, we can advise the client about the properties or localities in which the relevant individuals reside. In doing so, we function as the client's data processor, which means the client is still responsible for ensuring that the personal data is treated fairly and lawfully. For additional information on what data the client collects, how it is used, and how to exercise your rights, please see the individual client's privacy statements.
We collect and use information from a variety of sources. These are summarised in the table below.
| Type of information | Description of Information | Source of Information |
|---|---|---|
| Contact details | We keep names, postal addresses, and, in some situations, sensitive information based on the product or service given. This information can be used to contact individuals. We do not collect or disclose email addresses or phone numbers for the purposes specified in this privacy notice. | We obtain postal addresses from the open version of the electoral register (the “open register”), which we get from local authorities across the UK and the Isle of Man. |
In most cases this is determined by the agreement between us and our client.
In some circumstances, we may need to store information indefinitely. For example, if you object to us using your data for marketing purposes while exercising your rights, we will need to maintain certain limited information about you, including as your name, address, and date of birth, so that we can erase or suppress your record from any future data that we may receive.
Legitimate interests
The use of your personal data for legitimate reasons is permitted under UK data protection law, but only if the benefits outweigh the risks to you. The legal requirement for processing personal data is known as the "legitimate interests" condition. The legitimate interests for processing your data are as follows:
| Legitimate Interest | Explanation |
|---|---|
| Direct marketing | Product and service promotion is important to our clients, and they want us to help them reach new and existing customers. |
| Ensuring our systems and data are safe and secure | The necessity to maintain the security of our systems justifies some of the methods in which we use personal data. To ensure that no unauthorised parties have accessed our databases, for instance, our security professionals may have to keep tabs on them. |
| Complying with the law and applicable regulations | Avoiding penalties and harm to our reputation depends on our meeting all applicable legal and regulatory obligations. |
| Promoting responsible, effective, and well-informed marketing for the good of both customers and businesses | Some of our actions contribute to ensuring that clients' marketing plans are responsible, educated, and effective. This allows them to avoid waste (lowering costs while increasing competition) and delivering improper marketing materials. |
| Commercial Interests | We, like other commercial companies, seek to generate income by providing services to our customers and clients. |
We share personal information with our clients for the purposes outlined above. Our clients will each receive their own privacy notice, which will provide further information about how they (specifically) utilise the data we give.
We may also select data reselling partners to distribute data and other of our products to their clients in the same way that we do.
We and our clients may disclose your personal information to third parties who assist us in using it for the purposes indicated above. For example, we may opt to outsource some of our data processing to a third-party data hosting or processing company. Unless you agree differently, these service providers will not be able to use your information for their own or other organisations' benefit.
Personal information may be shared with government authorities and/or law enforcement officials if necessary for the objectives listed above, if required by law, or for the legal protection of our legitimate interests in accordance with applicable legislation. For example, we may need to provide personal information to a regulator such as the Information Commissioner's Office or the Financial Conduct Authority.
We use cloud-based SaaS providers such as Microsoft that use Geo-regional back up processes.
While the United Kingdom and other nations in the European Union maintain a high degree of data protection regulation, some regions of the world may not give the same level of legal protection for personal data. As a result, if we move personal data overseas, we ensure that appropriate precautions are in place to protect the information. For instance, these precautions could include:
When acting as a controller, we do not use personal data to create automated choices or profile you. We do profile when working as a client's processor. For example, we may add information about you to a client's marketing list, which the client can then use to help them make marketing decisions. If you do not wish to receive this marketing, please contact the sender and object.
You have many rights in relation to the personal information we hold about you. These are explained here.
Please keep in mind that these rights only apply when we serve as a data controller for your personal information. When we process your data on behalf of a specific customer, you will typically need to contact the client to exercise your rights.
Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.
If you have a complaint about our processing of your data, you can contact our Data Protection Officer at iso@redflagert.com
Please see our Consumer Contact Privacy Notice for information on how we will handle your personal information in response to complaints and questions.
You also have the right to file a complaint with the Information Commissioner's Office (ICO), which oversees the processing of personal data in the United Kingdom. You can do this online at www.ico.org.uk or by calling 0303 123 1113, or by writing to the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.