IMPORTANT INFORMATION AND WHO WE ARE
Purpose of this privacy notice
This privacy notice explains how Red Flag Alert Technology Group collects and processes your personal data when you use this website or any of our other online portals, including any information you provide when you sign up for our online services, subscribe to our newsletter, or request a free trial of our services.
This website is not designed for minors, and we do not knowingly gather information about them. It is critical that you read this privacy notice, as well as any other privacy notices or fair processing notices that we may provide on specific occasions when we collect or process personal data about you, so that you understand how and why we use your data. This privacy notice is meant to enhance the other notices, not to replace them.
Controller
Red Flag Alert Technology Group Ltd is the controller and responsible for your personal data (collectively referred toas Red Flag, we, us or our in this privacy notice).
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, please contact the data privacy manager using the details set out below.
We have notified the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), of our data controller activities and we are registered with number Z3002651.
Contact details
Our full details are:
Full name of legal entity: Red Flag Alert LLP
Data privacy manager: Dan.Church@redflagalety.com
Email address: helpdesk@redflagalert.com
Postal address: Red Flag Technology Group Ltd 49 Peter Street, Manchester, M2 3NG
Telephone number: 0344 412 6699
Compliance with the Principles of the Data Protection Act 2018 (UKGDPR)
Personal data is defined as any information that can be used to identify an individual. Individuals are recognisable when business email addresses take the form of 'name@business.com,' and thus fall under the definition of personal data.
The "legitimate interests" of the data controller or a third party are one legal basis for processing personal data, according to Article 6 of the General Data Protection Regulation (GDPR).
Legitimate Interest refers to our company's interest in running and managing its operations in order to provide you with the finest service and the safest experience possible. Before we treat your personal data for our legitimate interests, we make sure to assess and weigh any potential impact on you (both positive and negative) as well as your rights. We do not utilise your personal data for activities where the impact on you outweighs our interests (unless we have your consent or are otherwise required or permitted to by law). By contacting us, you can learn more about how we weigh our legitimate interests against any potential impact on you in relation to certain activities.
Red Flag Alert’s legitimate interests provide the legal basis for processing the personal data described above, provided that the data subject's interests or fundamental rights and freedoms do not prevail, taking into account data subjects' reasonable expectations based on their connection with the controller.
We use your personal information for the following purposes:
|
What we use your personal data for |
Our legitimate reasons |
|
To provide contractual services to our clients |
For the performance of our contract with our clients or to take steps at their / your request before entering into a contract |
|
Preventing and detecting fraud against you / our clients or us |
For our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for you / our clients and/or us |
|
Conducting identity checks to verify the identity of our clients Any other screening necessary Other processing necessary to comply with professional, legal and regulatory or other obligations that apply to our business, e.g. under health and safety regulations or rules issued by our professional regulator or the government
|
To comply with our legal and regulatory obligations, e.g. our anti-money laundering obligations |
|
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies |
To comply with our legal and regulatory obligations |
|
Ensuring business policies are adhered to, e.g. policies covering information security |
For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures to enable us to deliver the best service to you / our clients |
|
Ensuring the confidentiality of commercially sensitive information |
For our legitimate interests or those of a third party, i.e. to protect our intellectual property and other commercially valuable information
|
|
Updating and enhancing our client records |
For the performance of our contract with you / our clients or to take steps at your request before entering into a contract
|
|
Marketing our services to: - existing and former clients |
For our legitimate interests or those of a third party, i.e. to promote our business to existing and former clients |
|
External audits and quality checks |
For our legitimate interests or a those of a third party, i.e. to maintain our accreditations which demonstrates our service is of the best possible quality and standard
|
(c) Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The data collected is limited to names of senior managers and directors, their job titles, company addresses, company landline telephone numbers and corporate email addresses.
(d) Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Red Flag Alert checks all information to ensure that it is kept accurate and up-to-date.
(e) Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
When someone leaves a position, their name and contact information are removed from the database. The data may, however, be utilised for suppression reasons, i.e. to prevent it from being added to the database again.
(f) Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Data is only used by Red Flag Alert to offer legitimate business services that are relevant to the professional role of the data subject. Red Flag Alert operates a rigorous data security environment as part of its Data Governance Framework.
(g) Individuals have the right to see, correct, restrict access to or remove their personal information.
For subject access requests, use the contact details shown above. All requests for data to be removed or amended will be dealt with promptly.
(h) Complaints. Individuals have a right to complain to the Information Commissioner if they believe that there is a problem with the way their data is being used.
Follow this link to contact the ICO
This Website
HOW WE USE YOUR PERSONAL DATA
We collect data and process data when you:
If you register to download free content from our site, if you contact us with comments or particular requests, or if you send a business card or other data to any of our staff, we collect personally identifiable information about you. The elements of your data that we collect may include:
We also collect anonymous information which is not unique to you such as:
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
Cookies cannot be used to identify you on their own. Cookies are also used to track how visitors interact with our website. The data is used to create reports and to help us improve the site. The cookies collect anonymous information about site visitors, such as the number of visitors, where they came from, and which pages they visited.
By continuing to use our website, you consent to our placing these sorts of cookies on your computer. You may prevent us from storing a cookie on your computer by setting your browser so that it will not accept cookies.
Our Company uses cookies in a range of ways to improve your experience on our website, including:
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
Functionality – Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
Advertising – Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Links to third-party websites, plug-ins, and programmes may be found on this website. Third parties may collect or share data about you if you click on those links or enable those connections. These third-party websites are not under our control, and their privacy policies are not our responsibility.
Privacy policies of other websites
The Our Company website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
Personal data, often known as personal information, refers to any information about a person that can be used to identify that person. It excludes data from which the identity has been deleted (anonymous data). Different types of personal data about you may be collected, used, stored, and transferred by us, which we have categorised together as follows:
8.1 Identity Data includes first name, last name, username or similar identifier, marital status, title, job title, employer (company name and number).
8.2 Contact Data includes billing address, delivery address, email address, telephone numbers and fax numbers.
8.3 Crime / Offence Data includes information about criminal convictions and offences, for example, fraud or offences committed by a director or officer of a company, or directors’ disqualification information. This is information which is publicly available from official sources such as Companies House, the Insolvency Service and court records.
8.4 Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
8.5 Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
8.6 Usage Data includes information about how you use our website and services.
8.7 Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences (see section 14 below)
Data from a third party. It is your responsibility to ensure that: you have an appropriate legal basis to share such personal data with us; and (ii) the third-party data subject reads and understands this Privacy Policy when you provide us with a third party's personal data (for example, any personal data relating to your employees, officers, and/or agents). We shall not be held liable to any third parties if you do not follow this rule.
Aggregated Data, such as statistical or demographic data, is also collected, used, and shared for any reason. Aggregated Data may be derived from your personal data, but it is not deemed personal data in the eyes of the law because it does not expose your identity directly or indirectly. We may, for example, aggregate your Usage Data to determine the percentage of people that utilise a certain website feature. However, if we combine or connect Aggregated Data with your personal data in such a way that the combined data can be used to identify you directly or indirectly, we recognise the combined data as personal data and handle it in line with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
How long will you use my personal data for?
We will only keep your personal data for as long as it is necessary to fulfil the reasons for which it was acquired, including to comply with any legal, accounting, or reporting obligations. We consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements when determining the appropriate retention period for personal data.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
If you fill out a form on our website requesting information, we will typically preserve your Identity, Contact, Marketing, and Communications Data for twelve months after your request, unless you express a desire to hear from us after that time-period has expired.
Unless you opt-out of receiving marketing from us, we will generally keep your Marketing and Communications Data for up to twelve months after your service contract finishes or expires (in which case we will keep a record of your opt-out request on our suppression list).
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
9.1 Request access to your personal data.
9.2 Request correction of your personal data.
9.3 Request erasure of your personal data.
9.4 Object to processing of your personal data.
9.5 Request restriction of processing your personal data.
9.6 Request transfer of your personal data.
9.7 Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
You will not be charged a price to view your personal information (or to exercise any of the other rights).
If your request is manifestly baseless, recurrent, or exorbitant, we may charge a fair fee. In certain cases, we may also refuse to comply with your request.
What we may need from you
We may need to ask you for further information to verify your identity and validate your right to access your personal data (or to exercise any of your other rights). This is a security step to ensure that personal information is not shared with anybody who does not have permission to receive it. We may also call you to obtain further information about your request in order to expedite our answer.
Time limit to respond
Within one month, we aim to respond to all legitimate requests. If your request is extremely difficult or you have made a number of requests, it may take us longer than a month to respond. We will alert you and keep you updated in this case.
Request that we correct the personal information we have on you. This allows you to change any missing or erroneous information we have about you, albeit we may need to verify the veracity of the new information you submit.
Request that your personal data be erased. This allows you to request that we erase or remove your personal data if there is no compelling reason for us to keep it. You also have the right to request that we delete or remove your personal data if you have successfully exercised your right to object to processing (see below), if we have unlawfully processed your data, or if we are forced to erase your personal data by local legislation. Please keep in mind that we may not always be able to comply with your request for erasure due to specific legal reasons that will be communicated to you at the time of your request, if relevant.
Object to the processing of your personal data if we are relying on a legitimate interest (or those of a third party) and there is something about your circumstances that makes you want to object to processing on this ground because you believe it violates your basic rights and freedoms. You also have the right to object if your personal data is being processed for direct marketing purposes. We may be able to show that we have compelling legal grounds to handle your information that outweigh your rights and freedoms in some situations.
Request that your personal data be restricted from being processed. This allows you to request that we halt the processing of your personal data in the following circumstances: (a) if you want us to verify the data's accuracy; (b) if our use of the data is unlawful but you do not want us to erase it; (c) if you need us to keep the data even if we no longer require it because you need it to establish, exercise, or defend legal claims; or (d) if you have objected to our use of your data but we need to.
Request that your personal data be transferred to you or a third party. We shall give your personal data in a structured, frequently used, machine-readable manner to you or a third party you specify. This privilege only applies to automated information that you gave us permission to use or if we utilised the information to fulfil a contract with you.
Where we rely on consent to process your personal data, you can withdraw your consent at any time. However, the lawfulness of any processing carried out before you withdraw your consent will not be affected. We may not be able to offer you with some products or services if you withdraw your consent. If this is the case, we will notify you when you withdraw your consent.
Except as stated in this policy, we do not transfer your personal data outside the European Economic Area (EEA). Where we transfer personal data outside the EEA we will ensure appropriate safeguards are in place to protect that data. Please ask if you require details of specific safeguards.
We may share your data with third parties who provide services on our behalf.
All our third-party service providers are required to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
We may also share your personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property or safety of our site, our users, and others.
Where your data is shared with third parties, we will seek to share the minimum amount necessary.
AIB GB MERCHANT SERVICES
Authenteq Tarbena GmbH HUBSPOT Tech City Labs Ltd
AWS (Amazon Web Services) Information Network Services Ltd Tora Digital
Blue Tahiti Software Ltd KoBolt Trust Payments Ltd
CHARGEBEE Microsoft Ireland Operations Ltd Vodafone
Companies House Microsoft Azure Microsoft Ireland Operations Ltd
Connell Data Ltd Microsoft Ltd Xero (UK) Ltd
Creditsafe ResponseIQ Zen Internet Ltd
Dun & Bradstreet Ltd Santander Charges Registry Trust
GB Group Ltd (GBG) The Compliance Engineers AHR Consultants
Google Ireland Ltd STRIPE
At Red Flag Alert we collect and use professional business contact information for marketing, data management purposes and commercial purposes. We also use such contact information to send direct marketing communications about our products and services.
Our marketing data originates from:
Grounds of Processing
We collect and process business and professional contact data for marketing and sales and marketing solutions on the basis that it is needed to fulfil “legitimate interests” of RFA. RFA’s legitimate business interests reside in customer relationships, direct marketing and improving the accuracy of our professional contact data and marketing information. This processing also enables RFA to promote its own products and services including our existing customers.
Where required by applicable laws, we will only use your professional contact details to send direct marketing communications where you have consented to receive it.
Data Subject Rights
You have rights in relation to the marketing data we hold about you:
Deletion: In certain situations (e.g., if you have objected to us using your data for direct marketing purposes or if you have withdrawn your consent), you will have the right to request that we erase your marketing data from our systems.
Please note that if you have objected to us using your marketing data, withdrawn your consent to receiving direct marketing communications or requested the erasure of your data from our database, we then need to keep a record of that objection or withdrawal or erasure request, so that we do not subsequently reintroduce your data into our direct marketing database again. This ensures your aim of not receiving direct marketing and/or not being featured in our database is met.
Rectification: If any of your marketing data is inaccurate you have a right to request rectification.
Withdrawal of consent: Where we process your data on the basis of your consent, you have the right to withdraw your consent at any time. Should you choose to exercise this right, this will not affect the lawfulness of the processing we carried out prior to the withdrawal of your consent.
Restriction of processing: Where provided by applicable laws, you may have the right to restrict our processing of your marketing data.
Portability: Subject to applicable laws, you may have a right to request that we provide your marketing data in a structured, commonly used and machine-readable format and transmit it to another controller.
For this purpose, it can also be determined whether different end devices belong to you or your household. With “Remarketing”, users of our website can be re-identified and recognized on other websites within the Google advertising network (e.g. in Google Search or on YouTube) and advertisements tailored to their interests can be displayed to them.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Under European law, the US does not guarantee an adequate level of data protection. State authorities may have access to this data due to mass surveillance laws. Once your personal data has been disclosed, it will not enjoy the same level of protection and you may not be able to exercise your rights in relation to the data.
By allowing cookies on the Henkel-website you agree to the use of the above-mentioned data and the previously described processing by Google.
You find more information about privacy in Google services here: www.google.de/intl/de/policies/privacy
We will inform you of any changes in this notice that affect your privacy.
Last Modified January 2024