Home
/
Privacy Centre
/
Privacy Notice – Identity Verification Services

Privacy Notice – Identity Verification Services

Our contact details

Name of processor: Red Flag Alert Technology Group Ltd

Address: 49 Peter Street, Manchester, M2 3NG

Phone Number: 0330 460 9877

General Email: suppoprt@redflagalert.com

Data Protection Email: iso@redflag alert.com

Our data protection officer (DPO): RFA’s Information Security Office

Red Flag Alert processes personal data to the extent strictly necessary for the provision of the service to our Clients. Service means Identity Proofing platform to help the Customer in its anti-money laundering, ID verification and its financing activities, in accordance with the written instructions of the Client.

The type of personal information we collect

We need to collect a range of information to provide our identity document checking services to our customers. For the purposes of the UK General Data Protection Regulation and the Data Protection Act 2018 (UKGDPR), our Clients are the controllers of your information and we are processors of that data. The information we need to collect depends on the service that is provided to the Client. The basis of each check is the image of an identity document, and we check this is genuine either as a service in itself, or then use to perform follow-on checks. We may also be asked to perform an address verification check, and to do so we will check whether there are records of the identity document holder living at a specified address as well as any other requests determined by our Clients as part of the service.

We therefore may process the following information depending on the service being accessed:

  • Contact information
    • Name
    • Email address
    • Job title
    • Street address
  • General identifiers
    • ID document photo
    • Sex
    • Date of birth
    • Nationality
    • Passport number
    • Driving licence number
    • Identity card number
  • Location Data
    • IP Address
  • HR information
    • Employer
  • Credit and anti-fraud
    • PEP & Sanctions information
  • Biometric data (Special Category Data)
    • Electronic comparison of selfie and ID document photo

How we get the personal information and why we have it

Red Flag Alert Clients will either pass your information to Red Flag Alert for the purposes they have agreed with you, or they will send you a link to enable you to upload your information to Red Flag Alert directly. We use the information that you have given us or our Client to perform the checks the Client has contracted us to perform

We may then process the information for one of the following reasons:

  • Right to work checks
  • AML checks
  • Customer screening
  • Address verification
  • Politically Exposed Person (PEP) & Sanction checks

Depending on the service our Client has requested, we will share your information with the relevant third-processors necessary to carry out the data processing as listed below. We will also share your information and the results of the check with our Client.

Name Purpose of Processing Location of Processing
Microsoft Azure Cloud hosting and data storage UK, South
IDVerse (formerly OCR Labs Global Ltd) Document image capture and quality control, extraction of data from images United Kingdom

Regardless of data origin, Red Flag Alert will perform the required checks and communicate the results back to our Client only. The Clint then decides whether they want to proceed with your application.

Under the UJGDPR, we rely on “Contractual Obligation” as the lawful basis for processing this information. For biometric Special Category Data, the following exception which applies is that you have explicitly consented to the processing. Please refer to the Controller’s relevant Privacy Policy.

How we store your personal information

Your information is securely processed and stored in the United Kingdom with some processing taking place as listed in the above table.

We keep the information you provide for as long as we are contractually obliged to by the Client. After this point your information is permanently and irretrievably deleted. The default retention period is 7 days. Our Client may extend the retention period so Data Subjects should contact our Client (i.e. the organisation requesting the checks on your data) directly to confirm the retention period, because they are the controllers of your data.

Your data protection rights

Under data protection law, you have rights including right of access, right to rectification, right to erasure, right to restriction of processing, right to object to processing and right to data portability. If you would like to access a copy of, delete or otherwise exercise control over your personal information, contact Red Flag Alert using the details below. Please be aware that for most requests, Red Flag Alert, noting our default retention period, will need to notify our Client as it is likely that the Client not Red Flag Alert will need to fulfil the request. This is necessary where Red Flag Alert is acting on our Client’s behalf.

You are not required to pay any charge for exercising your rights. If you make a request, the controller has one month to respond to you

Please email iso@redflagalert.com if you wish to make a request.

We will record any data subject rights request received from you indefinitely on a log containing your name, details of your request and how it was handled by us. We will hold your original request for no longer than 3 months after closure on our data subject rights request log.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at iso@redflagalert.com

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

This privacy notice and is dated 20th November 2024. We keep this privacy notice under review and update it as necessary.