Red Flag Alert Technology Group Privacy Policy


Purpose of this privacy notice

This privacy notice explains how Red Flag Alert Technology Group collects and processes your personal data when you use this website or any of our other online portals, including any information you provide when you sign up for our online services, subscribe to our newsletter, or request a free trial of our services.

This website is not designed for minors, and we do not knowingly gather information about them. It is critical that you read this privacy notice, as well as any other privacy notices or fair processing notices that we may provide on specific occasions when we collect or process personal data about you, so that you understand how and why we use your data. This privacy notice is meant to enhance the other notices, not to replace them.


Red Flag Alert Technology Group Ltd is the controller and responsible for your personal data (collectively referred toas Red Flag, we, us or our in this privacy notice).

We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, please contact the data privacy manager using the details set out below.

We have notified the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (, of our data controller activities and we are registered with number Z3002651.

Contact details

Our full details are:
Full name of legal entity: Red Flag Alert LLP
Data privacy manager:
Email address:
Postal address: Red Flag Technology Group Ltd 49 Peter Street, Manchester, M2 3NG

Telephone number: 0344 412 6699

Compliance with the Principles of the Data Protection Act 2018 (UKGDPR)

Personal data is defined as any information that can be used to identify an individual. Individuals are recognisable when business email addresses take the form of ',' and thus fall under the definition of personal data.

The "legitimate interests" of the data controller or a third party are one legal basis for processing personal data, according to Article 6 of the General Data Protection Regulation (GDPR).

Legitimate Interest refers to our company's interest in running and managing its operations in order to provide you with the finest service and the safest experience possible. Before we treat your personal data for our legitimate interests, we make sure to assess and weigh any potential impact on you (both positive and negative) as well as your rights. We do not utilise your personal data for activities where the impact on you outweighs our interests (unless we have your consent or are otherwise required or permitted to by law). By contacting us, you can learn more about how we weigh our legitimate interests against any potential impact on you in relation to certain activities.

Red Flag Alert’s legitimate interests provide the legal basis for processing the personal data described above, provided that the data subject's interests or fundamental rights and freedoms do not prevail, taking into account data subjects' reasonable expectations based on their connection with the controller.

 We use your personal information for the following purposes:

What we use your personal data for

Our legitimate reasons

To provide contractual services to our clients

For the performance of our contract with our clients or to take steps at their / your request before entering into a contract

Preventing and detecting fraud against you  / our clients or us

For our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for you / our clients and/or us

Conducting identity checks to verify the identity of our clients

Any other screening necessary

Other processing necessary to comply with professional, legal and regulatory or other obligations that apply to our business, e.g. under health and safety regulations or rules issued by our professional regulator or the government


To comply with our legal and regulatory obligations, e.g. our anti-money laundering obligations

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies

To comply with our legal and regulatory obligations

Ensuring business policies are adhered to, e.g. policies covering information security

For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures to enable us to deliver the best service to you / our clients

Ensuring the confidentiality of commercially sensitive information

For our legitimate interests or those of a third party, i.e. to protect our intellectual property and other commercially valuable information

To comply with our legal and regulatory obligations

Updating and enhancing our client records

For the performance of our contract with you / our clients or to take steps at your request before entering into a contract

To comply with our legal and regulatory obligations

Marketing our services to:

- existing and former clients
- third parties who have previously expressed an interest in our services
- third parties with whom we have had no previous dealings

For our legitimate interests or those of a third party, i.e. to promote our business to existing and former clients

External audits and quality checks

For our legitimate interests or a those of a third party, i.e. to maintain our accreditations which demonstrates our service is of the best possible quality and standard

To comply with our legal and regulatory obligations


  1. a) Data must be processed lawfully, fairly and in a transparent manner in relation to individuals.
    Red Flag Alert Technology Group has a legitimate interest in processing personal data on decision-makers and budget holders in medium-to-large businesses in the United Kingdom. The information is acquired from publicly available sources as well as direct contact with the companies in question. As a result, where personal data is processed in situations where data subjects should reasonably expect future processing, the data subject's interests and fundamental rights do not trump the data controller's interest.
  2. b) Data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
    Data is collected solely for the purpose of compiling a database of business contacts to be used by Red Flag Alert Technology Group and its Client’s and Approved Third Parties for business-to-business marketing.

(c) Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The data collected is limited to names of senior managers and directors, their job titles, company addresses, company landline telephone numbers and corporate email addresses.

(d) Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Red Flag Alert checks all information to ensure that it is kept accurate and up-to-date.

(e) Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
When someone leaves a position, their name and contact information are removed from the database. The data may, however, be utilised for suppression reasons, i.e. to prevent it from being added to the database again.

(f) Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Data is only used by Red Flag Alert to offer legitimate business services that are relevant to the professional role of the data subject. Red Flag Alert operates a rigorous data security environment
as part of its Data Governance Framework.

(g) Individuals have the right to see, correct, restrict access to or remove their personal information.
For subject access requests, use the contact details shown above. All requests for data to be removed or amended will be dealt with promptly.

(h) Complaints. Individuals have a right to complain to the Information Commissioner if they believe that there is a problem with the way their data is being used.
Follow this link to contact the ICO

This Website


  • We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
  • Where we need to perform the contract, we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.
  • Where you have given your explicit consent to receive marketing communications from us
  1. Privacy Protection
    We understand the importance of safeguarding personal information collected from our customers, future customers, and website users. In compliance with GDPR, we will only use the information we acquire about you lawfully. This website can be accessed and browsed without revealing any personal information.
  2. Data collection
    We collect information about you so that we can send you information about our products and services. All information is collected and used purely for the purpose of providing you with a service, and it is handled and stored in line with GDPR rules.

We collect data and process data when you:

  • Register online or place an order for any of our products or services.
  • Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
  • Use or view our website via your browser’s cookies.

If you register to download free content from our site, if you contact us with comments or particular requests, or if you send a business card or other data to any of our staff, we collect personally identifiable information about you. The elements of your data that we collect may include:

  • forename and surname
  • title
  • company name
  • company address, phone and/or fax number
  • corporate email address
  • other information specific to the nature of our interaction

We also collect anonymous information which is not unique to you such as:

  • IP address
  • Browser Type
  • Access times
  • Referring URL
  1. User access and control of your data
    Using the contact information provided above, you may request a copy of the personal information we have about you, as well as the ability to correct it if necessary. If you wish to withdraw your consent to our use of your data at any time, please contact The Data Protection Officer at the address listed above.
  2. Data use
    We use your data to provide you with information about our products and services that we believe may be of interest to you.
  3. Cookies
    Cookies are used to make it easier for you to navigate our website. Cookies are small pieces of data that a website saves on your computer's hard drive, in order for it to know who you are. Cookies are used by the majority of websites.

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

Cookies cannot be used to identify you on their own. Cookies are also used to track how visitors interact with our website. The data is used to create reports and to help us improve the site. The cookies collect anonymous information about site visitors, such as the number of visitors, where they came from, and which pages they visited.

By continuing to use our website, you consent to our placing these sorts of cookies on your computer. You may prevent us from storing a cookie on your computer by setting your browser so that it will not accept cookies.

Our Company uses cookies in a range of ways to improve your experience on our website, including:

  • Keeping you signed in
  • Understanding how you use our website

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

Functionality – Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.

Advertising – Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

How to manage cookies

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

  1. Data disclosure
    As detailed in the table below, we may be required to disclose your personal data with our third-party service providers. Your personal information may also be shared with third parties to whom we sell, transfer, or merge parts of our business or assets. Alternatively, we could try to buy or merge with other companies. If our company changes hands, the new owners may continue to use your personal information in the same manner as described in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

  1. Third-party links

Links to third-party websites, plug-ins, and programmes may be found on this website. Third parties may collect or share data about you if you click on those links or enable those connections. These third-party websites are not under our control, and their privacy policies are not our responsibility.

Privacy policies of other websites

The Our Company website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

  1. The Data we collect about you

Personal data, often known as personal information, refers to any information about a person that can be used to identify that person. It excludes data from which the identity has been deleted (anonymous data). Different types of personal data about you may be collected, used, stored, and transferred by us, which we have categorised together as follows:

8.1 Identity Data includes first name, last name, username or similar identifier, marital status, title, job title, employer (company name and number).

8.2 Contact Data includes billing address, delivery address, email address, telephone numbers and fax numbers.

8.3 Crime / Offence Data includes information about criminal convictions and offences, for example, fraud or offences committed by a director or officer of a company, or directors’ disqualification information. This is information which is publicly available from official sources such as Companies House, the Insolvency Service and court records.

8.4 Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

8.5 Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.

8.6 Usage Data includes information about how you use our website and services.

8.7 Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences (see section 14 below)

Data from a third party. It is your responsibility to ensure that:  you have an appropriate legal basis to share such personal data with us; and (ii) the third-party data subject reads and understands this Privacy Policy when you provide us with a third party's personal data (for example, any personal data relating to your employees, officers, and/or agents). We shall not be held liable to any third parties if you do not follow this rule.

Aggregated Data, such as statistical or demographic data, is also collected, used, and shared for any reason. Aggregated Data may be derived from your personal data, but it is not deemed personal data in the eyes of the law because it does not expose your identity directly or indirectly. We may, for example, aggregate your Usage Data to determine the percentage of people that utilise a certain website feature. However, if we combine or connect Aggregated Data with your personal data in such a way that the combined data can be used to identify you directly or indirectly, we recognise the combined data as personal data and handle it in line with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

  1. Security
    We continue to place a high priority on the security of your data. We've put in place technological and security policies, guidelines, and methods to secure the personal data under our control, whether online and offline, against unauthorised access, improper use, alteration, unlawful or unintentional deletion, and loss. All our "personal user data" is restricted in our offices when we're not online. Only Red Flag Alert workers have access to this information. However, keep in mind that no data transmission via the internet can be guaranteed to be completely safe. While we make every effort to protect your data, we cannot guarantee or promise the security of any information you submit us or that we store.
  2. Data Retention

How long will you use my personal data for?

We will only keep your personal data for as long as it is necessary to fulfil the reasons for which it was acquired, including to comply with any legal, accounting, or reporting obligations. We consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements when determining the appropriate retention period for personal data.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

If you fill out a form on our website requesting information, we will typically preserve your Identity, Contact, Marketing, and Communications Data for twelve months after your request, unless you express a desire to hear from us after that time-period has expired.

Unless you opt-out of receiving marketing from us, we will generally keep your Marketing and Communications Data for up to twelve months after your service contract finishes or expires (in which case we will keep a record of your opt-out request on our suppression list).

  1. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

9.1 Request access to your personal data.
9.2 Request correction of your personal data.
9.3 Request erasure of your personal data.
9.4 Object to processing of your personal data.
9.5 Request restriction of processing your personal data.
9.6 Request transfer of your personal data.
9.7 Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

You will not be charged a price to view your personal information (or to exercise any of the other rights).

If your request is manifestly baseless, recurrent, or exorbitant, we may charge a fair fee. In certain cases, we may also refuse to comply with your request.

What we may need from you

We may need to ask you for further information to verify your identity and validate your right to access your personal data (or to exercise any of your other rights). This is a security step to ensure that personal information is not shared with anybody who does not have permission to receive it. We may also call you to obtain further information about your request in order to expedite our answer.

Time limit to respond

Within one month, we aim to respond to all legitimate requests. If your request is extremely difficult or you have made a number of requests, it may take us longer than a month to respond. We will alert you and keep you updated in this case.

Request that we correct the personal information we have on you. This allows you to change any missing or erroneous information we have about you, albeit we may need to verify the veracity of the new information you submit.

Request that your personal data be erased. This allows you to request that we erase or remove your personal data if there is no compelling reason for us to keep it. You also have the right to request that we delete or remove your personal data if you have successfully exercised your right to object to processing (see below), if we have unlawfully processed your data, or if we are forced to erase your personal data by local legislation. Please keep in mind that we may not always be able to comply with your request for erasure due to specific legal reasons that will be communicated to you at the time of your request, if relevant.

Object to the processing of your personal data if we are relying on a legitimate interest (or those of a third party) and there is something about your circumstances that makes you want to object to processing on this ground because you believe it violates your basic rights and freedoms. You also have the right to object if your personal data is being processed for direct marketing purposes. We may be able to show that we have compelling legal grounds to handle your information that outweigh your rights and freedoms in some situations.

Request that your personal data be restricted from being processed. This allows you to request that we halt the processing of your personal data in the following circumstances: (a) if you want us to verify the data's accuracy; (b) if our use of the data is unlawful but you do not want us to erase it; (c) if you need us to keep the data even if we no longer require it because you need it to establish, exercise, or defend legal claims; or (d) if you have objected to our use of your data but we need to.

Request that your personal data be transferred to you or a third party. We shall give your personal data in a structured, frequently used, machine-readable manner to you or a third party you specify. This privilege only applies to automated information that you gave us permission to use or if we utilised the information to fulfil a contract with you.

Where we rely on consent to process your personal data, you can withdraw your consent at any time. However, the lawfulness of any processing carried out before you withdraw your consent will not be affected. We may not be able to offer you with some products or services if you withdraw your consent. If this is the case, we will notify you when you withdraw your consent.

  1. International Transfers

Except as stated in this policy, we do not transfer your personal data outside the European Economic Area (EEA). Where we transfer personal data outside the EEA we will ensure appropriate safeguards are in place to protect that data. Please ask if you require details of specific safeguards.

  1. Third Parties with whom we may share your data:

We may share your data with third parties who provide services on our behalf.

All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.

We may also share your personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property or safety of our site, our users, and others.

Where your data is shared with third parties, we will seek to share the minimum amount necessary.

AIB GB MERCHANT SERVICES                                  

Authenteq Tarbena GmbH                         HUBSPOT                                                                  Tech City Labs Ltd

AWS (Amazon Web Services)                   Information Network Services Ltd       Tora Digital

Blue Tahiti Software Ltd                               KoBolt                                                                          Trust Payments Ltd

CHARGEBEE                                                           Microsoft Ireland Operations Ltd         Vodafone

Companies House                                            Microsoft Azure Microsoft Ireland Operations Ltd

Connell Data Ltd                                                Microsoft Ltd                                                         Xero (UK) Ltd

Creditsafe                                                                ResponseIQ                                                            Zen Internet Ltd

Dun & Bradstreet Ltd                                      Santander Charges                                          Registry Trust

GB Group Ltd (GBG)                                         The Compliance Engineers                        AHR Consultants

Google Ireland Ltd                                            STRIPE


  1. Marketing and your Privacy

At Red Flag Alert we collect and use professional business contact information for marketing, data management purposes and commercial purposes. We also use such contact information to send direct marketing communications about our products and services.

Our marketing data originates from:

  • Individuals within organisations providing information directly to us about their contacts
  • Third Party Data suppliers
  • Press releases
  • Our websites
  • Professional social media websites

Grounds of Processing

We collect and process business and professional contact data for marketing and sales and marketing solutions on the basis that it is needed to fulfil “legitimate interests” of RFA. RFA’s legitimate business interests reside in customer relationships, direct marketing and improving the accuracy of our professional contact data and marketing information. This processing also enables RFA to promote its own products and services including our existing customers.

Where required by applicable laws, we will only use your professional contact details to send direct marketing communications where you have consented to receive it.

Data Subject Rights

You have rights in relation to the marketing data we hold about you:

Deletion: In certain situations (e.g., if you have objected to us using your data for direct marketing purposes or if you have withdrawn your consent), you will have the right to request that we erase your marketing data from our systems.
Please note that if you have objected to us using your marketing data, withdrawn your consent to receiving direct marketing communications or requested the erasure of your data from our database, we then need to keep a record of that objection or withdrawal or erasure request, so that we do not subsequently reintroduce your data into our direct marketing database again. This ensures your aim of not receiving direct marketing and/or not being featured in our database is met.

Rectification: If any of your marketing data is inaccurate you have a right to request rectification.

Withdrawal of consent: Where we process your data on the basis of your consent, you have the right to withdraw your consent at any time. Should you choose to exercise this right, this will not affect the lawfulness of the processing we carried out prior to the withdrawal of your consent.

Restriction of processing: Where provided by applicable laws, you may have the right to restrict our processing of your marketing data. 

Portability: Subject to applicable laws, you may have a right to request that we provide your marketing data in a structured, commonly used and machine-readable format and transmit it to another controller.


  1. Google Ads

    Provided you have consented, this website uses "Google Ads", a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), for the purposes of evaluating the effectiveness of advertising measures and to address you again. When you visit our website, “Google Ads” installs a cookie on your device. With that cookie, Google processes the information generated by your device about the use of our website, interactions with our website and advertising measures as well as your IP address, browser information, your previously visited websites and the date and time of access for the purposes of analysing and visualising the reach measurement of our advertisements and to display personalized advertisements.

For this purpose, it can also be determined whether different end devices belong to you or your household. With “Remarketing”, users of our website can be re-identified and recognized on other websites within the Google advertising network (e.g. in Google Search or on YouTube) and advertisements tailored to their interests can be displayed to them. 

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Under European law, the US does not guarantee an adequate level of data protection. State authorities may have access to this data due to mass surveillance laws. Once your personal data has been disclosed, it will not enjoy the same level of protection and you may not be able to exercise your rights in relation to the data.
By allowing cookies on the Henkel-website you agree to the use of the above-mentioned data and the previously described processing by Google.

You find more information about privacy in Google services here:


  1. Privacy support
    If you have any questions or comments about privacy, please contact us at the above address


 We will inform you of any changes in this notice that affect your privacy.


Last Modified January 2024