The Red Flag Group Privacy Statement
Last updated 16 June 2017 – Applicable to www.integrawatch.com
US-EU SAFE HARBOR RULING
On 6 October 2015, The Court of Justice of the European Union (CJEU) ruled that the EU-US Safe Harbor regime was no longer a valid mechanism to legally transfer personal data from the EU to the United States
The Red Flag Group takes great pride in being The Compliance Firm®. Ensuring our clients are compliant with all applicable laws and regulations is our top priority. With this in mind, we are offering our clients the option of entering into Data Protection Addendums, which will incorporate the European Commission’s Model Contract Clauses into the terms of your existing service agreements with The Red Flag Group.
Please contact your Business Development representative or your Client Services Manager if you wish to receive a Data Protection Addendum for your consideration. Alternately, you may contact our Legal & Compliance Manager directly at email@example.com
OUR COMMITMENT TO PRIVACY
The Red Flag Group (RFG, “We”, “Our”, “Us”) is an independent integrity and compliance risk firm with a distinct focus on integrity & compliance risk management. As part of our business, we collect information about people and companies.
Our headquarters are located in the Cayman Islands, with major offices in Hong Kong, Dubai, the United States, Australia, Poland, Panama, Malaysia, China, and the United Kingdom. Our United Kingdom company is The Red Flag Group (UK) Limited and is registered with the Information Commissioner’s Office under number ZA077245.
The privacy and protection of your data is important to us. This privacy statement applies to www.integrawatch.com, owned and operated by RFG. RFG is providing this statement to describe and explain our information practices and the measures we take to protect your privacy and comply with applicable law and obligations.
SCOPE OF THIS STATEMENT
This statement covers all types of external data that RFG holds as part of www.integrawatch.com, namely:
- Potential future clients and their employees;
- Partners of clients who are involved with our clients’ compliance programmes and their employees;
- Users of www.integrawatch.com; and
- Individuals and companies identified via a government issued list or media reports that may be of interest to RFG’s clients.
RFG collects data from many geographical regions and sources. Our policy is to comply with all legislation, while using an overarching set of principles to guide us, which we set out in further detail below.
A. NOTICE: Where possible and practicable, we notify individuals about the purposes for which we collect and use information about them. This includes information about how individuals can contact us with any inquiries or complaints, the types of third parties to which we disclose the information and the choices and means we offer for limiting its use and disclosure.
B. CHOICE: Where we hold data as a controller, where practicable we give individuals the opportunity to choose whether certain technologies are used (i.e. cookies) and whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected (or subsequently authorised by the individual). Where we hold data as a processor on behalf of a client, we ensure that the data is secure and processed in accordance with our instructions. We also advise our clients of their obligations.
C. ONWARD TRANSFER (TRANSFERS TO THIRD PARTIES): Other than onward transfer to clients (as discussed in this statement), and with the exception of disclosures of facilitating payment, RFG specifically does not share, sell, rent, or trade personally identifiable information with third parties in any way. We will not sell, rent, or lease to others your personal data. We may also disclose Personal Data as required or permitted by law, or when we believe in our sole discretion that disclosure is necessary or appropriate to protect our rights or to comply with a judicial proceeding, court order, law-enforcement request, or other legal process.
D. ACCESS: We provide the ability for subjects to correct, amend, or delete information held about them where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. You may correct, amend or delete your information by contacting us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information for as long as reasonably necessary for the purpose(s) for which the information was collect.
E. SECURITY: We take significant technical, administrative and physical steps to protect against unauthorised access to and disclosure of personally identifiable information, including:
- Employee training and responsibilities. We take certain steps to reduce the risks of human error, theft, fraud, and misuse of our facilities. We train our personnel on our privacy and security policies. We also require our employees to sign confidentiality agreements. We also have assigned to an individual the responsibility to manage our information security program.
- Access control. We limit access to information to only those individuals who have an authorised purpose for accessing that information. We terminate those access privileges following job change or termination.
- Data encryption. All electronic transfers of information are done through encrypted connections via SSL encryption. All data is stored on encrypted servers.
- Review of Vendors. We have internal due diligence procedures to review the vendors we select and use.
F. DATA INTEGRITY: We take reasonable steps to ensure that data we collect is reliable for its intended use, accurate, complete, and current. We do not process personally identifiable information in any way that is incompatible or inconsistent with the purpose for which such information was collected.
G. ENFORCEMENT: We have in place a readily available and affordable independent recourse mechanism so that any complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide. RFG has committed to voluntarily and periodically reviewing our privacy and security practices to verify that we are meeting our obligations.
SPECIFIC EXAMPLES OF INFORMATION THAT RFG COLLECTS
A. INFORMATION COLLECTED FOR SALES AND MARKETING PURPOSES
For the purposes of communication and marketing, RFG collects information from our website (www.integrawatch.com) and from third parties.
The information collected may include your personal data, for example contact information such as name, email address, mailing address, phone number and items which you would like to subscribe to. We obtain address information about you from third party sources, such as the US Postal Service, to verify your address so we can properly ship your order to you and to prevent fraud. We purchase marketing data about our customers from third parties and combine it with information we already have about you, to create more tailored advertising and products.
As is the case of most web sites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you.
We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running, but will only do so with your express consent. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or you can contact us at email@example.com.
You may receive information about the data collected on you personally by contacting firstname.lastname@example.org. If the data is incorrect you have the right to ask that it is updated.
The personal data we collect may be used to:
- send you newsletters as part of a regular service;
- respond to your questions and concerns when you use our ‘contact us’ form;
- improve the contents of our website and marketing efforts;
- conduct research and analysis;
- display content based upon your interests;
- allow you to subscribe to our announcements, events or magazines.
We also use the information collected to maintain and upgrade the system. Our technical staff may require periodic access to services data to monitor system performance, test systems, and develop and implement upgrades to systems. Any temporary copies of services data created as a necessary part of this process are only maintained for time periods relevant to those purposes.
You may choose to stop receiving communications from us by following the unsubscribe instructions included in these emails or you can contact us at email@example.com.
You may also receive information about the data collected on you personally by contacting firstname.lastname@example.org. If the data is incorrect you have the right to ask that it is updated.
At the payment page, which is handled by our solutions partner, PayPal, they will ask for your credit card information. The credit card information is not held by The Red Flag Group. It remains within PayPal.
B. COOKIE AND OTHER TRACKING TECHNOLOGY
Technologies such as: cookies, beacons, tags and scripts are used by RFG and our partners, affiliates, or analytics or service providers. These technologies are used in analysing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
We and our partners also use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Various browsers may offer their own management tools for removing HTML5 LSOs.
We partner with a third party to either display advertising on our Web site or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union, click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Where our site includes links to other websites the privacy practices may differ from our own. If you submit personal data to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
In order to opt out of being tracked by Google Analytics across all websites, please visit http://tools.google.com/dlpage/gaoptout.
DISCLOSURE OF PERSONAL INFORMATION
DISCLOSURE TO INDUSTRY BODIES FOR THE PURPOSES OF SALES AND MARKETING
In the interests of further enhancing our services, RFG may share personal information collected for sales and marketing purposes with industry organisations (such as those organisations dedicated to thought leadership in compliance and ethics). In those cases, RFG may provide these organisations with only those elements of your personal information needed to alert you to seminars or events which are directly in line with the services which RFG provides. These organisations and their employees are prohibited from using that personal information for any other purpose. Further, RFG will not disclose any data to industry organisations unless those organisations exhibit privacy and data protection standards on par with those of RFG.
DISCLOSURES IN CONNECTION WITH ACQUISITIONS OR DIVESTITURES
Circumstances may arise where for strategic or other business reasons RFG decides to sell, buy, merge or otherwise reorganise businesses in some countries. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or receiving it from sellers. It is RFG’s practice to seek appropriate protection for information in these types of transactions.
DISCLOSURE FOR OTHER REASONS
We may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal requirements or with legal process served on us, to protect and defend our rights or property, or in urgent circumstances to protect the personal safety of any individual.
CHANGES TO THIS STATEMENT
Should you have any comments or questions about this statement, you may e-mail us at: email@example.com. You may also contact us via postal mail at the following address:
The Red Flag Group
Level 20 Bonham Trade Centre
50 Bonham Strand
Sheung Wan, Hong Kong
If we decide to change our privacy statement, we will post those changes to this privacy statement and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
We reserve the right to modify this statement at any time. When we make only minor modifications, we may do so without notifying you. When we make materials modifications, we will notify you here prior to the change becoming effective.