This privacy notice will help you understand how Red Flag Alert Technology Group Limited uses and protects your personal data.
We are Red Flag Alert Technology Group Limited registered at 28 Eaton Avenue Matrix Office Part, Buckshaw Village, Chorley, Lancashire, United Kingdom, PR7 7NA.
Your privacy is protected by law, and it is also protected by our data security and protection policies. This page gives you an idea of how we use your data and the safeguards we put in place to protect it.
You can contact our voluntarily appointed Data Protection Officer at DPO@RedFlagAlert.com if you have any concerns or wish to exercise your rights.
To help you on your journey with us we need data about you. We make the following promises about how we will treat this data:
You have certain rights over any data we hold about you:
You can read more about your rights here.
If you would like to uphold your rights, then please contact our Data Protection Officer at DPO@RedFlagAlert.com
If you are in dissatisfied with our response you also have the right to lodge a complaint with the Data Protection Authority. This can be done at https://ico.org.uk/concerns/.
Typically, the data we process comes from the following sources:
If you belong to an organisation, we may also source your information from public databases and other sources for our Legitimate Interests. If you ask for us to send information to a relative or friend, you warrant you have the consent from them to share their data with us.
We try and minimise the data held and the exact data elements we hold will be dependent on your journey with us. Typically, data elements we collect are detailed in the table below:
Some of this data is called “special category data” because it requires sensitive treatment. We handle this type of data particularly carefully.
If you want to know what data about you, we have and how we obtained your data then please contact us.
Our website and other materials sent to you may contain links to other third-party websites. We may also offer buttons to social media that link to third party services. We’re not responsible for the content or the data privacy these sites provide through their tools or sites.
We use a specific legal basis to process your personal data, detailed in the above table. The legal basis we use depends on the nature of the processing activity we undertake on your personal data.
If we use the lawful basis of legitimate interests, we ensure that our processing is not overridden by your data protection interests or fundamental rights and freedoms.
When our clients provide us information about you, we process this data on the basis they have the right legal basis to share that information with us and we accept no liability for omissions on their part.
The information that we collect is essential for us to be able to carry out the services that you require from us effectively.
We process information about you to provide you with the services for which you, your employee or our clients engages us.
Further information is provided in the table above, which details the purposes or reasons we process your personal data.
All our processes are mapped and are subject to various internal policies, procedures and governance, ensuring your data privacy and security remains central to all we do.
Data is processed/stored locally and on encrypted third party hosted cloud services such as Microsoft 365 and Azure. In addition, we may use Large Language Models (LLM) to help us fulfil some of our services. A full list of these systems can be provided on request. These services all have strong data security at the heart of their systems including ISO27001 and SOC2 certification. We ensure that access to these services is strictly controlled and include strong authentication processes like Multi Factor Authentication.
As part of our services with clients we may use APIs to deliver insights and information from third parties.
Data will be processed in either the UK, EEA/EU data centres or on US based servers that have demonstrated strong Data Security. We may also process your data in countries outside the UK or European Union from time to time in other aspects of our business.
Further to Section 119A of the Data Protection Act 2018 and noting Case C-311/18 in the European Court of Justice, if your data is transferred or processed outside of the UK or EEA we ensure the safeguards of International Data Transfer Agreements (IDTAs) or Addendums are enforced. Where this is not possible, we ensure that European Standard Contractual Clauses are entered.
We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held.
We will never ask you for your username or password for your account or ask you for any credentials for other applications or websites.
As part of our service as a credit reference agency (CRA), we carry out credit and identity checks with our own systems. In some cases, we will use other CRAs to enhance results and ensure accuracy. We may use consumer APIs to connect our clients to these services.
Our clients submit your personal information to CRAs as part of processing your application and will have got your consent to carry out these checks. When your financial data is requested by our clients a hard search against your credit file will be produced.
If you would like to see more information on this, and to understand how the credit reference agencies each use and share rental data as bureau data (including the legitimate interests each pursues) this information is provided in this link: www.equifax.co.uk/crain (Credit Reference Agency Information Notice (CRAIN)).
We will not share your information with third party organisations except as part of providing a product or service to our clients and/or when legally obliged to. It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process your personal information only as instructed by us, and to flow those same obligations down to their sub-processors.
We may also disclose your personal information to law enforcement, regulatory and other government agencies and to professional bodies and other third parties, as required by and/or in accordance with applicable law or regulation including but not limited to prevention of fraud or minimising credit risk.
The types of organisations we share data with include (but not limited to):
We may use marketing services from third parties. These may rely on the use of cookies. You can read more about these in our Cookies Policy.
Red Flag Alert Technology Group Limited uses a Fractional Data Protection Officer (DPO) for compliance purposes. Should you have a data protection query or complaint your details may be passed to them to assist us. In all other cases our DPO does not have access to your data.
Our website and other materials sent to you may contain links to other third-party websites. We may also offer buttons to social media that link to third party services. We’re not responsible for the content or your data privacy these sites provide through their tools or sites.
If Red Flag Alert Technology Group Limited is involved in a merger, acquisition or asset sale, personal data may be transferred between parties, but we will provide notice before personal data is transferred and becomes subject to a different privacy notice.
Where we use or store your personal data, because you have given your consent, you have the right to withdraw your consent at any time.
You can withdraw your consent by:
You can withdraw your explicit consent by writing to us, using the contact details in this Privacy Notice.
Dependant on the data you provide us and for what purpose it is provided we may need to retain your data for up to 6 years following the end of engagement with you or our client. If you wish to find out more about your specific data retention, please contact us.
We seek to uphold our legal obligations as covered by the Data Protection Act 2018, Data Use and Access Act 2025 and the General Data Protection Regulation 2016. Our Data Protection Authority is designated as the Information Commission (IC) formally the Information Commissioners Office (ICO). This Privacy Policy is reviewed on a regular basis and was last reviewed in July 2025.
We retain the right to update this notice at any time. We will always document any changes and will publish the latest version on the company’s intranet.