IMPORTANT INFORMATION AND WHO WE ARE
Purpose of this privacy policy
This privacy policy explains how Red Flag Alert Technology Group collects and processes your personal data when you use this website or any of our other online portals, including any information you provide when you sign up for our online services, subscribe to our newsletter, or request a free trial of our services.
This website is not designed for minors, and we do not knowingly gather information about them. It is critical that you read this privacy policy, as well as any other relevant documents that we may provide on specific occasions when we collect or process personal data about you, so that you understand how and why we use your data. This privacy policy is meant to enhance the other policies, not to replace them.
Controller
Red Flag Alert Technology Group is the controller and responsible for your personal data (collectively referred to as Red Flag, we, us or our in this privacy policy).
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, please contact the data privacy manager using the details set out below.
We have notified the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), of our data controller activities and we are registered with number Z3002651.
Contact details
Our full details are:
Full name of legal entity: Red Flag Alert LLP
Data privacy manager: Mark Halstead
Email address: support@redflagalert.com
Postal address: Red Flag Technology Group Ltd 49 Peter Street, Manchester, M2 3NG
Telephone number: 0344 412 6699
Compliance With the Principles of GDPR
Personal data is defined as any information that can be used to identify an individual. Individuals are recognisable when business email addresses take the form of 'name@business.com,' and thus fall under the definition of personal data.
The "legitimate interests" of the data controller or a third party are one legal basis for processing personal data, according to Article 6 of the General Data Protection Regulation (GDPR).
Legitimate Interest refers to our company's interest in running and managing its operations in order to provide you with the finest service and the safest experience possible. Before we treat your personal data for our legitimate interests, we make sure to assess and weigh any potential impact on you (both positive and negative) as well as your rights. We do not utilise your personal data for activities where the impact on you outweighs our interests (unless we have your consent or are otherwise required or permitted to by law). By contacting us, you can learn more about how we weigh our legitimate interests against any potential impact on you in relation to certain activities.
Red Flag Alert’s legitimate interests provide the legal basis for processing the personal data described above, provided that the data subject's interests or fundamental rights and freedoms do not prevail, taking into account data subjects' reasonable expectations based on their connection with the controller.
We use your personal information for the following purposes:
| What we use your personal data for | Our legitimate reasons |
|---|---|
| To provide contractual services to our clients | For the performance of our contract with our clients or to take steps at their / your request before entering into a contract |
| Preventing and detecting fraud against you / our clients or us | For our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for you / our clients and/or us |
| Conducting identity checks to verify the identity of our clients Any other screening necessary Other processing necessary to comply with professional, legal and regulatory or other obligations that apply to our business, e.g. under health and safety regulations or rules issued by our professional regulator or the government | To comply with our legal and regulatory obligations, e.g. our anti-money laundering obligations |
| Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies | To comply with our legal and regulatory obligations |
| Ensuring business policies are adhered to, e.g. policies covering information security | For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures to enable us to deliver the best service to you / our clients |
| Ensuring the confidentiality of commercially sensitive information | For our legitimate interests or those of a third party, i.e. to protect our intellectual property and other commercially valuable information to comply with our legal and regulatory obligations |
| Updating and enhancing our client records | For the performance of our contract with you / our clients or to take steps at your request before entering into a contract to comply with our legal and regulatory obligations |
| Marketing our services to: - existing and former clients - third parties who have previously expressed an interest in our services - third parties with whom we have had no previous dealings | For our legitimate interests or those of a third party, i.e. to promote our business to existing and former clients |
| External audits and quality checks | For our legitimate interests or a those of a third party, i.e. to maintain our accreditations which demonstrates our service is of the best possible quality and standard to comply with our legal and regulatory obligations |
a) Data must be processed lawfully, fairly and in a transparent manner in relation to individuals. Red Flag Alert Technology Group has a legitimate interest in processing personal data on decision-makers and budget holders in medium-to-large businesses in the United Kingdom. The information is acquired from publicly available sources as well as direct contact with the companies in question. As a result, where personal data is processed in situations where data subjects should reasonably expect future processing, the data subject's interests and fundamental rights do not trump the data controller's interest.
b) Data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data is collected solely for the purpose of compiling a database of business contacts to be used by Red Flag Alert Technology Group and its Client’s and Approved Third Parties for business-to-business marketing.
(c ) Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. The data collected is limited to names of senior managers and directors, their job titles, company addresses, company landline telephone numbers and corporate email addresses.
(d) Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Red Flag Alert checks all information to ensure that it is kept accurate and up-to-date.
(e) Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
When someone leaves a position, their name and contact information are removed from the database. The data may, however, be utilised for suppression reasons, i.e. to prevent it from being added to the database again.
(f) Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Data is only used by Red Flag Alert to offer legitimate business services that are relevant to the professional role of the data subject. Red Flag Alert operates a rigorous data security environment as part of its Data Governance Framework.
(g) Individuals have the right to see, correct, restrict access to or remove their personal information.
For subject access requests, use the contact details shown above. All requests for data to be removed or amended will be dealt with promptly.
(h) Complaints. Individuals have a right to complain to the Information Commissioner if they believe that there is a problem with the way their data is being used.
Follow this link to contact the ICO
This Website
HOW WE USE YOUR PERSONAL DATA
1. Privacy Protection
We understand the importance of safeguarding personal information collected from our customers, future customers, and website users. In compliance with GDPR, we will only use the information we acquire about you lawfully. This website can be accessed and browsed without revealing any personal information.
2. Data Collection
We collect information about you so that we can send you information about our products and services. All information is collected and used purely for the purpose of providing you with a service, and it is handled and stored in line with GDPR rules.
If you register on our site, if you contact us with comments or particular requests, or if you send a business card or other data to any of our staff, we collect personally identifiable information about you. The elements of your data that we collect may include:
We also collect anonymous information which is not unique to you such as:
3. User Access and Control of Your data
Using the contact information provided above, you may request a copy of the personal information we have about you, as well as the ability to correct it if necessary. If you wish to withdraw your consent to our use of your data at any time, please contact The Data Protection Officer at the address listed above.
4. Data Use
We use your data to provide you with information about our products and services that we believe may be of interest to you.
5. Cookies
Cookies are used to make it easier for you to navigate our website. Cookies are small pieces of data that a website saves on your computer's hard drive, in order for it to know who you are. Cookies are used by the majority of websites. Cookies cannot be used to identify you on their own. Cookies are also used to track how visitors interact with our website. The data is used to create reports and to help us improve the site. The cookies collect anonymous information about site visitors, such as the number of visitors, where they came from, and which pages they visited. By continuing to use our website, you consent to our placing these sorts of cookies on your computer. You may prevent us from storing a cookie on your computer by setting your browser so that it will not accept cookies.
6. Data Disclosure
As detailed in the table below, we may be required to disclose your personal data with our third-party service providers. Your personal information may also be shared with third parties to whom we sell, transfer, or merge parts of our business or assets. Alternatively, we could try to buy or merge with other companies. If our company changes hands, the new owners may continue to use your personal information in the same manner as described in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7. Third-Party Links
Links to third-party websites, plug-ins, and programmes may be found on this website. Third parties may collect or share data about you if you click on those links or enable those connections. These third-party websites are not under our control, and their privacy policies are not our responsibility. We advise you to read the privacy policies of every website you visit after leaving ours.
8. The Data We Collect About You
Personal data, often known as personal information, refers to any information about a person that can be used to identify that person. It excludes data from which the identity has been deleted (anonymous data). Different types of personal data about you may be collected, used, stored, and transferred by us, which we have categorised together as follows:
9. Data from a Third Party.
It is your responsibility to ensure that: you have an appropriate legal basis to share such personal data with us; and (ii) the third-party data subject reads and understands this Privacy Policy when you provide us with a third party's personal data (for example, any personal data relating to your employees, officers, and/or agents). We shall not be held liable to any third parties if you do not follow this rule.
Aggregated Data, such as statistical or demographic data, may be collected, used, and shared for any reason. Aggregated Data may be derived from your personal data, but it is not deemed personal data in the eyes of the law because it does not expose your identity directly or indirectly. We may, for example, aggregate your Usage Data to determine the percentage of people that utilise a certain website feature. However, if we combine or connect Aggregated Data with your personal data in such a way that the combined data can be used to identify you directly or indirectly, we recognise the combined data as personal data and handle it in line with this privacy policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
10. Security
We continue to place a high priority on the security of your data. We've put in place technological and security policies, guidelines, and methods to secure the personal data under our control, whether online and offline, against unauthorised access, improper use, alteration, unlawful or unintentional deletion, and loss. All our "personal user data" is restricted in our offices when we're not online. Only Red Flag Alert workers have access to this information. However, keep in mind that no data transmission via the internet can be guaranteed to be completely safe. While we make every effort to protect your data, we cannot guarantee or promise the security of any information you submit us or that we store.
11. Data Retention
How long will you use my personal data for?
We will only keep your personal data for as long as it is necessary to fulfil the reasons for which it was acquired, including to comply with any legal, accounting, or reporting obligations. We consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements when determining the appropriate retention period for personal data.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
If you fill out a form on our website requesting information or provide details of your business email address, we will typically preserve your Identity, Contact, Marketing, and Communications Data for twelve months after your request, unless you express a desire to hear from us after that time-period has expired or where you have engaged RFA in providing a service to you as a client.
Unless you opt-out of receiving marketing from us, we will generally keep your Marketing and Communications Data for up to twelve months after your service contract finishes or expires (in which case we will keep a record of your opt-out request on our suppression list).
12. Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
Request transfer of your personal data.
Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required
12.1 You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
You will not be charged a price to view your personal information (or to exercise any of the other rights).
If your request is manifestly baseless, recurrent, or exorbitant, we may charge a fair fee. In certain cases, we may also refuse to comply with your request.
12.2 What we may need from you
We may need to ask you for further information to verify your identity and validate your right to access your personal data (or to exercise any of your other rights). This is a security step to ensure that personal information is not shared with anybody who does not have permission to receive it. We may also call you to obtain further information about your request in order to expedite our answer.
12.3 Time limit to respond
Within one month, we aim to respond to all legitimate requests. If your request is extremely difficult or you have made a number of requests, it may take us longer than a month to respond. We will alert you and keep you updated in this case.
12.4 Request that we correct the personal information we have on you. This allows you to change any missing or erroneous information we have about you, albeit we may need to verify the veracity of the new information you submit.
12.5 Request that your personal data be erased. This allows you to request that we erase or remove your personal data if there is no compelling reason for us to keep it. You also have the right to request that we delete or remove your personal data if you have successfully exercised your right to object to processing (see below), if we have unlawfully processed your data, or if we are forced to erase your personal data by local legislation. Please keep in mind that we may not always be able to comply with your request for erasure due to specific legal reasons that will be communicated to you at the time of your request, if relevant.
12.6 Object to the processing of your personal data if we are relying on a legitimate interest (or those of a third party) and there is something about your circumstances that makes you want to object to processing on this ground because you believe it violates your basic rights and freedoms. You also have the right to object if your personal data is being processed for direct marketing purposes. We may be able to show that we have compelling legal grounds to handle your information that outweigh your rights and freedoms in some situations.
12.7 Request that your personal data be restricted from being processed. This allows you to request that we halt the processing of your personal data in the following circumstances: (a) if you want us to verify the data's accuracy; (b) if our use of the data is unlawful but you do not want us to erase it; (c) if you need us to keep the data even if we no longer require it because you need it to establish, exercise, or defend legal claims; or (d) if you have objected to our use of your data but we need to.
12.8 Request that your personal data be transferred to you or a third party. We shall give your personal data in a structured, frequently used, machine-readable manner to you or a third party you specify. This privilege only applies to automated information that you gave us permission to use or if we utilised the information to fulfil a contract with you.
Where we rely on consent to process your personal data, you can withdraw your consent at any time. However, the lawfulness of any processing carried out before you withdraw your consent will not be affected. We may not be able to offer you with some products or services if you withdraw your consent. If this is the case, we will notify you when you withdraw your consent.
13. International Transfers
Except as stated in this policy, we do not transfer your personal data outside the European Economic Area (EEA). Where we transfer personal data outside the EEA we will ensure appropriate safeguards are in place to protect that data. Please ask if you require details of specific safeguards.
14. Third Parties With Whom We May Share Your Data:
We may share your data with third parties who provide services on our behalf.
All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
We may also share your personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property or safety of our site, our users, and others.
Where your data is shared with third parties, we will seek to share the minimum amount necessary.
AIB GB MERCHANT SERVICES
Authenteq Tarbena GmbH
AWS (Amazon Web Services)
Blue Tahiti Software Ltd
CHARGEBEE
Companies House
Connell Data Ltd
Creditsafe
Dun & Bradstreet Ltd
GB Group Ltd (GBG)
Google Ireland Ltd
HUBSPOT
Information Network Services Ltd
KoBolt
Microsoft Ireland Operations Ltd
Microsoft Azure Microsoft Ireland Operations Ltd
Microsoft Ltd
ResponseIQ
Santander Charges
The Compliance Engineers
STRIPE
Tech City Labs Ltd
Tora Digital
Trust Payments Ltd
Vodafone
Xero (UK) Ltd
Zen Internet Ltd
Registry Trust
AHR Consultants
15. Privacy Support
If you have any questions or comments about privacy, please contact us at the above address
Last Modified August 2022