Marketing Services Privacy Notice

This privacy notice explains how we use and distribute personal data about customers for our clients' marketing purposes.

This privacy notice explains how we use and distribute personal data about customers for our clients' marketing purposes. It also highlights your data protection rights, including the ability to object to some of the processing that we conduct.

As part of our product and service offerings, we provide clients data and data analytics. Our marketing services include providing our clients with names and addresses from a variety of sources, including publicly available information, for direct marketing purposes.

1. How do we use your data

Product or systems development and testing

 In the course of creating, enhancing, monitoring, maintaining, and testing our systems and products, we may occasionally make use of personally identifiable information. Among these tasks is checking the functionality of our security measures. Before doing this, we will aggregate, pseudonymize, or anonymise the data wherever possible.

Consumer queries; legal and regulatory purposes

 We will typically require your personal data to assist us in addressing your inquiry if you contact us. In some cases, we may also require your personal data for legal and regulatory purposes.

If you object to us processing your personal information for direct marketing purposes, we will put your name to our suppression list and exclude you from future direct marketing operations.

If you file a complaint about us with our regulators, they will often request that we investigate your case. During the inquiry, we will need to access your personal information.

Similarly, if you initiate legal action against us, we will typically need to assess how we utilised your personal information in order to defend ourselves against your claim.

Acting as processors on our clients’ behalf

Some clients give us with their own data about individuals (which is normally gathered under the client's separate privacy policies) and ask us to supplement it with additional information. When this occurs, we can advise the client about the properties or localities in which the relevant individuals reside. In doing so, we function as the client's data processor, which means the client is still responsible for ensuring that the personal data is treated fairly and lawfully. For additional information on what data the client collects, how it is used, and how to exercise your rights, please see the individual client's privacy statements.

2. Where do we get your data from and the purpose of processing

We collect and use information from a variety of sources. These are summarised in the table below.

Type of information Description of Information Source of Information
Contact details We keep names, postal addresses, and, in some situations, sensitive information based on the product or service given. This information can be used to contact individuals. We do not collect or disclose email addresses or phone numbers for the purposes specified in this privacy notice. We obtain postal addresses from the open version of the electoral register (the “open register”), which we get from local authorities across the UK and the Isle of Man.

3. How long do we keep your data for

In most cases this is determined by the agreement between us and our client.

In some circumstances, we may need to store information indefinitely. For example, if you object to us using your data for marketing purposes while exercising your rights, we will need to maintain certain limited information about you, including as your name, address, and date of birth, so that we can erase or suppress your record from any future data that we may receive.

4. What is the lawful basis for processing your data

Legitimate interests

The use of your personal data for legitimate reasons is permitted under UK data protection law, but only if the benefits outweigh the risks to you. The legal requirement for processing personal data is known as the "legitimate interests" condition. The legitimate interests for processing your data are as follows:

Legitimate Interest Explanation
Direct marketing Product and service promotion is important to our clients, and they want us to help them reach new and existing customers.
Ensuring our systems and data are safe and secure The necessity to maintain the security of our systems justifies some of the methods in which we use personal data. To ensure that no unauthorised parties have accessed our databases, for instance, our security professionals may have to keep tabs on them.
Complying with the law and applicable regulations Avoiding penalties and harm to our reputation depends on our meeting all applicable legal and regulatory obligations.
Promoting responsible, effective, and well-informed marketing for the good of both customers and businesses Some of our actions contribute to ensuring that clients' marketing plans are responsible, educated, and effective. This allows them to avoid waste (lowering costs while increasing competition) and delivering improper marketing materials.
Commercial Interests We, like other commercial companies, seek to generate income by providing services to our customers and clients.

5. Who do we share data with for the purposes of this privacy notice

We share personal information with our clients for the purposes outlined above. Our clients will each receive their own privacy notice, which will provide further information about how they (specifically) utilise the data we give.

We may also select data reselling partners to distribute data and other of our products to their clients in the same way that we do.

Service providers

We and our clients may disclose your personal information to third parties who assist us in using it for the purposes indicated above. For example, we may opt to outsource some of our data processing to a third-party data hosting or processing company. Unless you agree differently, these service providers will not be able to use your information for their own or other organisations' benefit.

Regulators and law enforcement

Personal information may be shared with government authorities and/or law enforcement officials if necessary for the objectives listed above, if required by law, or for the legal protection of our legitimate interests in accordance with applicable legislation. For example, we may need to provide personal information to a regulator such as the Information Commissioner's Office or the Financial Conduct Authority.

6. Where we store your data

We use cloud-based SaaS providers such as Microsoft that use Geo-regional back up processes.

While the United Kingdom and other nations in the European Union maintain a high degree of data protection regulation, some regions of the world may not give the same level of legal protection for personal data. As a result, if we move personal data overseas, we ensure that appropriate precautions are in place to protect the information. For instance, these precautions could include:

  • Creating a contract with the beneficiary that includes terms approved by the authorities as providing an adequate level of protection.

7. Use of automated decision making or profiling

When acting as a controller, we do not use personal data to create automated choices or profile you. We do profile when working as a client's processor. For example, we may add information about you to a client's marketing list, which the client can then use to help them make marketing decisions. If you do not wish to receive this marketing, please contact the sender and object.

8. What are your rights

You have many rights in relation to the personal information we hold about you. These are explained here.

  • Access: You have the right to know what personal data we have on you, as well as other information about how we use it.
  • Objection to direct marketing: You have the right to object to us using your personal information for direct marketing purposes, including profiling or similar actions that occur prior to direct marketing. If you do this, we will discontinue using information for those purposes.
  • Rectification: If the information we have about you is inaccurate or out of date, you have the right to request that we update it.
  • Objection to legitimate interests: If you disagree with us using your personal information on the basis of legitimate interests, you have the right to object. We will then reassess the extent to which we can continue to utilise the data given your specific circumstances.
  • Erasure: In certain instances, you may request that we delete your personal information from our systems. However, this normally does not apply to all of your data because we may have a valid purpose for keeping some of it. For example, if you object to us using your data for direct marketing reasons, we must retain a record of that objection so that we do not resume direct marketing activities in connection to you if we acquire your data again.
  • Restriction: In certain cases, you may request that we limit how we use your personal information.
  • Portability: In some cases, you have the right to receive limited types of information in a portable format. However, this does not apply to the data covered by this privacy notice.
  • Withdrawal of permission: Because we do not require your consent to carry out the activities stated in this privacy notice, this right is not applicable.

Please keep in mind that these rights only apply when we serve as a data controller for your personal information. When we process your data on behalf of a specific customer, you will typically need to contact the client to exercise your rights.

Please refer to our Consumer Contact Privacy Notice for information about how we will handle your personal data in connection with complaints and enquiries.

9. Your right to complain

If you have a complaint about our processing of your data, you can contact our Data Protection Officer at iso@redflagert.com

Please see our Consumer Contact Privacy Notice for information on how we will handle your personal information in response to complaints and questions.

You also have the right to file a complaint with the Information Commissioner's Office (ICO), which oversees the processing of personal data in the United Kingdom. You can do this online at www.ico.org.uk or by calling 0303 123 1113, or by writing to the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF.