How we use cookies & other similar technologies
We also use cookies and other similar technologies on our Site and Platform. For further information on how and why we use such technologies, please see our Cookie Policy.
Your rights
What are your rights?
The GDPR may give you certain rights regarding your Personal Data and how we process it in certain circumstances, meaning you may ask us to take the following actions in relation to your Personal Data:
- Access. Provide you with information about our processing of your Personal Data and give you access to your Personal Data.
- Correct. Update or correct inaccuracies in your Personal Data.
- Delete. Delete your Personal Data where there is no good reason for us continuing to process it - you also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Transfer. Transfer to you or a third party of your choice a machine-readable copy of your Personal Data which you have provided to us.
- Restrict. Restrict the processing of your Personal Data, for example if you want us to establish its accuracy or the reason for processing it.
- Object. Object to our processing of your Personal Data where we are relying on Legitimate Interests – you also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Withdraw Consent. When we use your Personal Data based on your consent, you have the right to withdraw that consent at any time.
Exercising your rights
To exercise any of the rights described above, please contact us using the contact details shown below.
We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfil any request you make will depend on a number of factors (e.g., why and how we are processing your Personal Data), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions. Typically, you will not have to pay a fee to exercise your rights; however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Timing
We try to respond to all legitimate requests within a month of receipt. It may take us longer than a month if your request is particularly complex or if you have made a number of requests; in this case, we will notify you and keep you updated.
How we share your Personal Data
We may share your Personal Data with the following categories of recipient and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.
Affiliates. Our subsidiaries and affiliates (from time to time).
Customers. We may share certain Personal Data we collect about authorised users of the Platform with the relevant business customer on whose behalf they use the Platform (e.g., where needed to perform our agreement with that customer).
Service providers. Third parties that provide services on our behalf or help us operate parts of the Site or the Platform or our business (such as our hosting providers, information technology/security providers, customer support, email delivery, marketing, research and analytics).
Connected accounts. Where you use our Site or Platform to access your accounts on any third-party websites, platforms, or applications, depending on the nature of the integration and authentication process (at your direction) we may share certain Personal Data with those third parties.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate in the circumstances
Parties to corporate events. We may disclose Personal Data in the context of actual or prospective corporate events (e.g., investments in Red Sift, financing of Red Sift, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain Personal Data with prospective counterparties and their advisers. We may also disclose your Personal Data to an acquirer, successor, or assignee of Red Sift as part of any acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which Personal Data is transferred to one or more third parties as one of our business assets.
Transfers outside Europe
We may share your Personal Data with third parties who are based outside the UK and European Economic Area (“Europe”), including the United States.
Where we share your Personal Data with third parties who are based outside Europe, we try to ensure a similar degree of protection is afforded to it by implementing one of the following mechanisms:
- Transfers to territories with an adequacy decision.
We may transfer your Personal Data to countries or territories whose laws have been deemed to provide an adequate level of protection for Personal Data by the European Commission or UK Government (as and where applicable) (from time to time) or under specific adequacy frameworks approved by the European Commission or UK Government (as and where applicable) (from time to time), such as the EU-U.S. Data Privacy Framework or the UK Extension thereto.
- Transfers to territories without an adequacy decision.
We may transfer your Personal Data to countries or territories whose laws have not been deemed to provide such an adequate level of protection (e.g., the United States).
However, in these cases:
- we may use specific appropriate safeguards, which are designed to give Personal Data effectively the same protection it has in Europe – for example, standard-form contracts approved by relevant authorities for this purpose; or
- in limited circumstances, we may rely on an exception, or ‘derogation’, which permits us to transfer your Personal Data to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – for example, reliance on your explicit consent to that transfer.
You may contact us using the details below if you want further information on the specific mechanism used by us when transferring your Personal Data out of Europe.
Security
We employ technical, organisational and physical safeguards designed to protect the Personal Data we collect. For example:
- Encrypting your Personal Data while it is in transit.
- Where possible, encrypting your Personal Data when it is being stored.
- Yearly independent reviews of our security processes and procedures as part of our ISO-27001 certification and SOC2..
- Limiting access to your Personal Data to those staff who have a business need to have such access, and are subject to a duty of confidentiality.
However, as our Site and Platform are hosted electronically, we can make no guarantees as to the security or privacy of your information.
Retention
We are committed to only keeping your Personal Data for so long as we reasonably need to use it for the purposes set out above. This general rule applies unless a longer retention period is required by law.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the Personal Data that we have collected about you, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
Third party links
This Site and Platform may include links to third-party websites, platforms, plug-ins and applications (including to access and integrate your accounts on those other services). Clicking on those links or enabling those connections may allow third parties to collect or share your Personal Data.
We do not control these third-party websites and are not responsible for their privacy statements or practices. When you leave our Site or Platform, we encourage you to read the privacy policy of every site you visit.
Complaints
If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us using the contact details shown below. We will reply to your complaint as soon as we can.
If you feel that your complaint has not been adequately addressed, please note that data protection laws give you the right to contact the regulator directly:
Contact details
Contact Red Sift
You can contact us directly using the following contact details:
Address: 21A Noel Street, Soho, London, W1F 8GR.1 Norton Folgate, London, United Kingdom, E1 6DB.
Email: privacy@redsift.io
Phone: +44 (0) 208 144 0852
Contact our DPO
We have appointed a ‘Data Protection Officer’. This is a person who is responsible for independently overseeing and advising us in relation to our compliance with the GDPR (including compliance with the practices described in this Privacy Policy). If you want to contact our Data Protection Officer directly, you can use the following details:
Name: DataCo International UK Limited
Address: Suite 1, 7th Floor, 50 Broadway, London, SW1H 0BL (FAO: Red Sift Data Protection Officer)
Email: privacy@dataguard.co.uk (reference: Red Sift)
Phone: +44 (0) 203 514 6557
Contact our EU Representative
If you are based in a country in the European Economic Area you can contact our representative in the European Union, who we have appointed for the purpose of the EU GDPR:
Name: EDPO
Address: Avenue Huart Hamoir 71, 1030 Brussels, Belgium (FAO: Red Sift EU Representative)
Online: EDPO’s Online Request Form
Phone: +44 (0) 208 144 0852
Updates
Any changes will be made available here (or another page we notify to you at a later date) and where applicable we might also notify you via email and/or in our Site or Platform.
LAST UPDATE: August 2024