Privacy Policy

The Red Flag Group Privacy Statement

Last updated 16 June 2017 – Applicable to


On 6 October 2015, The Court of Justice of the European Union (CJEU) ruled that the EU-US Safe Harbor regime was no longer a valid mechanism to legally transfer personal data from the EU to the United States

The Red Flag Group takes great pride in being The Compliance Firm®. Ensuring our clients are compliant with all applicable laws and regulations is our top priority. With this in mind, we are offering our clients the option of entering into Data Protection Addendums, which will incorporate the European Commission’s Model Contract Clauses into the terms of your existing service agreements with The Red Flag Group.

Please contact your Business Development representative or your Client Services Manager if you wish to receive a Data Protection Addendum for your consideration. Alternately, you may contact our Legal & Compliance Manager directly at


The Red Flag Group (RFG, “We”, “Our”, “Us”) is an independent integrity and compliance risk firm with a distinct focus on integrity & compliance risk management. As part of our business, we collect information about people and companies.

Our headquarters are located in the Cayman Islands, with major offices in Hong Kong, Dubai, the United States, Australia, Poland, Panama, Malaysia, China, and the United Kingdom. Our United Kingdom company is The Red Flag Group (UK) Limited and is registered with the Information Commissioner’s Office under number ZA077245.

The privacy and protection of your data is important to us. This privacy statement applies to, owned and operated by RFG. RFG is providing this statement to describe and explain our information practices and the measures we take to protect your privacy and comply with applicable law and obligations.


This statement covers all types of external data that RFG holds as part of, namely:

  • Potential future clients and their employees;
  • Partners of clients who are involved with our clients’ compliance programmes and their employees;
  • Users of; and
  • Individuals and companies identified via a government issued list or media reports that may be of interest to RFG’s clients.


RFG collects data from many geographical regions and sources. Our policy is to comply with all legislation, while using an overarching set of principles to guide us, which we set out in further detail below.

A. NOTICE: Where possible and practicable, we notify individuals about the purposes for which we collect and use information about them. This includes information about how individuals can contact us with any inquiries or complaints, the types of third parties to which we disclose the information and the choices and means we offer for limiting its use and disclosure.

B. CHOICE: Where we hold data as a controller, where practicable we give individuals the opportunity to choose whether certain technologies are used (i.e. cookies) and whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected (or subsequently authorised by the individual). Where we hold data as a processor on behalf of a client, we ensure that the data is secure and processed in accordance with our instructions. We also advise our clients of their obligations.

C. ONWARD TRANSFER (TRANSFERS TO THIRD PARTIES): Other than onward transfer to clients (as discussed in this statement), and with the exception of disclosures of facilitating payment, RFG specifically does not share, sell, rent, or trade personally identifiable information with third parties in any way. We will not sell, rent, or lease to others your personal data. We may also disclose Personal Data as required or permitted by law, or when we believe in our sole discretion that disclosure is necessary or appropriate to protect our rights or to comply with a judicial proceeding, court order, law-enforcement request, or other legal process.

D. ACCESS: We provide the ability for subjects to correct, amend, or delete information held about them where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. You may correct, amend or delete your information by contacting us at We will respond to your request within a reasonable timeframe.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information for as long as reasonably necessary for the purpose(s) for which the information was collect.

E. SECURITY: We take significant technical, administrative and physical steps to protect against unauthorised access to and disclosure of personally identifiable information, including: 

  • Employee training and responsibilities. We take certain steps to reduce the risks of human error, theft, fraud, and misuse of our facilities. We train our personnel on our privacy and security policies. We also require our employees to sign confidentiality agreements. We also have assigned to an individual the responsibility to manage our information security program.
  • Access control. We limit access to information to only those individuals who have an authorised purpose for accessing that information. We terminate those access privileges following job change or termination.
  • Data encryption. All electronic transfers of information are done through encrypted connections via SSL encryption. All data is stored on encrypted servers.
  • Review of Vendors. We have internal due diligence procedures to review the vendors we select and use.

F. DATA INTEGRITY: We take reasonable steps to ensure that data we collect is reliable for its intended use, accurate, complete, and current. We do not process personally identifiable information in any way that is incompatible or inconsistent with the purpose for which such information was collected.

G. ENFORCEMENT: We have in place a readily available and affordable independent recourse mechanism so that any complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide. RFG has committed to voluntarily and periodically reviewing our privacy and security practices to verify that we are meeting our obligations.



For the purposes of communication and marketing, RFG collects information from our website ( and from third parties.

The information collected may include your personal data, for example contact information such as name, email address, mailing address, phone number and items which you would like to subscribe to. We obtain address information about you from third party sources, such as the US Postal Service, to verify your address so we can properly ship your order to you and to prevent fraud. We purchase marketing data about our customers from third parties and combine it with information we already have about you, to create more tailored advertising and products.

As is the case of most web sites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you.

We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running, but will only do so with your express consent. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.

You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or you can contact us at

You may receive information about the data collected on you personally by contacting If the data is incorrect you have the right to ask that it is updated.

The personal data we collect may be used to:

  • send you newsletters as part of a regular service;
  • respond to your questions and concerns when you use our ‘contact us’ form;
  • improve the contents of our website and marketing efforts;
  • conduct research and analysis;
  • display content based upon your interests;
  • allow you to subscribe to our announcements, events or magazines.

We also use the information collected to maintain and upgrade the system. Our technical staff may require periodic access to services data to monitor system performance, test systems, and develop and implement upgrades to systems. Any temporary copies of services data created as a necessary part of this process are only maintained for time periods relevant to those purposes.

You may choose to stop receiving communications from us by following the unsubscribe instructions included in these emails or you can contact us at

You may also receive information about the data collected on you personally by contacting If the data is incorrect you have the right to ask that it is updated.

At the payment page, which is handled by our solutions partner, PayPal, they will ask for your credit card information. The credit card information is not held by The Red Flag Group. It remains within PayPal.


On our website, we use cookies which, for example, make it easier for you to navigate our site and store your password and email address, so you do not have to enter it more than once. We will explicitly request your consent to use cookies on our site. Cookies are also used to collect general usage and volume statistics.

Technologies such as: cookies, beacons, tags and scripts are used by RFG and our partners, affiliates, or analytics or service providers. These technologies are used in analysing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We and our partners also use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Various browsers may offer their own management tools for removing HTML5 LSOs.

We partner with a third party to either display advertising on our Web site or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union, click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.

Where our site includes links to other websites the privacy practices may differ from our own. If you submit personal data to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.

Our site may also include Social Media Features, such as the Facebook and Twitter buttons and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit or

In order to opt out of being tracked by Google Analytics across all websites, please visit


We will share your personal information with third parties only in the ways that are described in this Privacy Policy.


In the interests of further enhancing our services, RFG may share personal information collected for sales and marketing purposes with industry organisations (such as those organisations dedicated to thought leadership in compliance and ethics). In those cases, RFG may provide these organisations with only those elements of your personal information needed to alert you to seminars or events which are directly in line with the services which RFG provides. These organisations and their employees are prohibited from using that personal information for any other purpose. Further, RFG will not disclose any data to industry organisations unless those organisations exhibit privacy and data protection standards on par with those of RFG.


Circumstances may arise where for strategic or other business reasons RFG decides to sell, buy, merge or otherwise reorganise businesses in some countries. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or receiving it from sellers. It is RFG’s practice to seek appropriate protection for information in these types of transactions.


We may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal requirements or with legal process served on us, to protect and defend our rights or property, or in urgent circumstances to protect the personal safety of any individual.


Should you have any comments or questions about this statement, you may e-mail us at: You may also contact us via postal mail at the following address:

The Red Flag Group

Level 20 Bonham Trade Centre

50 Bonham Strand

Sheung Wan, Hong Kong

If we decide to change our privacy statement, we will post those changes to this privacy statement and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

We reserve the right to modify this statement at any time. When we make only minor modifications, we may do so without notifying you. When we make materials modifications, we will notify you here prior to the change becoming effective.