Version: 8.0
Issue Date: 24/06/2026
1. INTRODUCTION
This Privacy Notice (“Notice”) – together with any other privacy information we may provide on specific occasions – applies to the processing of personal data by us in the course of providing our assurance and advisory services and carrying out our business operations. The Notice sets out the types of personal data we collect, explains how we collect and process that data, who it is shared with and certain rights and options that you have in this respect.
We recognise that information privacy is an ongoing responsibility, and so we will, from time to time, update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
When we refer to “RED” or “we” in this Notice we mean RED Scientific Reply Limited, a company incorporated in England & Wales with registered number 02462121 and registered address at 38 Grosvenor Gardens, London, England, United Kingdom, SW1W 0EB. We are registered with the Information Commissioner’s Office under registration number Z8002041.
2. PRINCIPLES OF USE
The Privacy Notice explains how RED collects, uses, shares, and protects personal data. We are committed to ensuring that personal information is handled in a fair, lawful, and transparent manner, in line with our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
As part of our activities, we may collect and process personal data relating to individuals including customers, clients, employees, and other stakeholders. Personal data means any information that can identify an individual, either directly or indirectly.
We recognise the importance of protecting individuals’ privacy and maintaining trust.
The Privacy Notice outlines:
- The types of personal data we collect
- How and why, we use this data
- The legal bases for processing
- How we store and protect personal information
- Individuals’ rights in relation to their data
- Who to contact for further information or concerns
We will only collect personal data that is necessary for specified and legitimate purposes, and we will not use it in ways that are incompatible with those purposes. Appropriate technical and organisational measures are in place to ensure that personal data is kept secure.
The Privacy Notice applies to all personal data processed by RED, whether collected through our website, IT systems, business operations, or other interactions.
3. HOW WE COLLECT AND USE (PROCESS) PERSONAL INFORMATION
We collect and process personal data for the following categories of data subjects:
• Job applicants
• Clients
• Business contacts which include suppliers, consultants, advisors
• Visitors to the RED website
• Recipients of our marketing activities
4. JOB APPLICANTS
All of the information you provide during the application process will only be used for the purpose of progressing your application or to fulfil legal or regulatory requirements if necessary.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The approach is completed in 3 stages as follows in the table below
|
Stage |
Activities |
|
Stage 1 – Application stage |
At the application stage, we ask you for
|
| Stage 2 –Selection |
Our hiring managers shortlist applications for interviews.
|
|
Stage 3 – Retain & Close Out stage |
Our operations team manage the retain and close out process on the information collated during the application, interviews, and selection process.
|
5. CLIENTS
We collect personal information about our clients to provide them with our services. We hold the following information about customers:
- Contact details – name, business address, business email address, business phone numbers including mobile numbers.
- Identity data – the username and password to any of our online client portals. This does include the IASME certification portal.
- Transactional data including details about services you have purchased from us. We do not process credit card transactions.
- Video, call and chat recordings may be taken in order to provide you with our service. Your consent will be taken before any recordings are made and these recordings are deleted within 14 days.
We may receive personal information from our clients about other individuals, e.g. their employees, while providing our services. Any such information provided to us is used solely for providing our services and is handled strictly as per client instructions.
We may also receive personal information from third parties including other customers, partners, or 3rd parties that we run partnerships, competitions and events with. Any such information provided to us is used solely for providing our services and is handled strictly as per our data protection procedures.
6. BUSINESS CONTACTS
If you are a supplier, service provider, advisor, or consultant, we may process the following personal data about you:
- Contact details – name, work email address, contact numbers
- Professional details – the name of employer, job role, educational or professional background, all professional qualifications
- Verification of identity details – Passport, driving licence or any other government-issued document, proof of address, professional indemnity insurance,
- Financial and Transactional details – invoices, bank account numbers for payment
- If you have access to any of our internal platforms – username and password
We use this information to enter into and fulfil a contract with you, to administer and manage our relationship with you including accounting, payment processing activities.
7. VISITORS TO THE RED WEBSITE
When you visit our website, we use third-party services (‘cookies’) to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the website. The information is only processed in a way that does not identify any individual.
When you complete a contact form on our website or email info@red-scientific.co.uk we will use the information provided by you only for the purpose of providing you with an appropriate response.
RED uses a third-party service to host its website (www.red-scientific.co.uk). Additionally, RED uses Google Analytics to collect standard internet log information and details of visitor behaviour patterns. This is used to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. RED does not make, and does not allow Google to make, any attempt to find out the identities of those visiting the website.
8. USE OF COOKIES
These cookies are used to collect information about how visitors use RED’s website.
| Cookie | Name | Purpose |
| Universal Analytics (Google) | _ga | These cookies are used to collect information about how visitors use RED’s website. The information is used to compile reports and to help improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.More information about Google Analytics cookies can be found here. |
| _gat | ||
| _gid | ||
| Hosting | DYNSRV | DYNSRV is used by RED’s hosting provider to help manage website traffic. |
9.TELPHONE CALLS TO RED OFFICES
RED does not use an automated telephone system. However, all calls are routed via a single operator who will seek identity information as part of the call-routing function. Information requested will include, but not limited to, the following:
- Name
- Employing Company
- Person being contacted
- Reason for the call
- Contact details of caller if person being contacted is unavailable
RED does not retain any information once it has reached the person being contacted.
People who Email RED
RED operates and maintains its own internal network. All emails sent to RED are held within its own Mail Server. Any email, including attachments, sent to RED may be monitored for reasons of security and for monitoring compliance with RED internal security policy. Email blocking software may also be used. RED ensures that any email being sent is within the bounds of the law.
10. MANAGING PRIVACY ACROSS THE RED NETWORK
Managing the RED Network covers both RED Staff and RED’s Associates. Each person is required to provide personal details and contractual information covered by the privacy policy. The privacy policy covers Associate Applicants, Current and Former RED Employees, and their Security Clearance Information
RED Associates
When individuals register to join RED’s Associate network, the information supplied, typically in the form of a full CV, will only be used to search, identify and bid for relevant contractual opportunities that are visible to RED via its various routes to market.
Associates will
- Be actively involved in any bidding process that they are linked to and will have full control over what personal information is provided in any bid submission.
- have the right to amend personal data held by RED or have it removed whenever they want. Requests to amend data may need to be supported by evidence i.e. proof of academic qualifications, residential address.
- when requested personal data will be removed. However, RED will retain pseudonymised information about the individual, indicating date information was received, what processing was undertaken, where it was stored and when it was deleted for GDPR accountability purposes.
Working with RED
- Associates will have a file relating to their registration, employment and use. This information will be kept secure and will only be used for the purposes directly relevant to that individual’s registration, employment or use.
- Once the Associate ceases to be registered for whatever reason, RED will retain the file in accordance with the requirements of the retention policy and any other associated legal requirements and then delete it on completion.
- Where retention relates to information regarding financial payments requested by/made to the Associate, then retention will be in line with HMRC requirements, which is currently 7 years.
- Where retention relates to legal contracts and Purchase Orders between RED and the Associate, then retention will be in line with Law Society guidelines for England which is currently 10 years.
RED Employees
When individuals apply for an employed post, RED will only use the information supplied to process the application. Where RED may wish to disclose information to a third party (i.e. for a reference or security check) the individual will be informed beforehand.
- Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed. It will then be destroyed or deleted. RED will retain pseudonymised information about the individual, indicating date information was received, what processing was undertaken, where it was stored and when it was deleted.
- During employment with RED, individuals will have a file relating to their employment. This information will be kept secure and will only be used for the purposes directly relevant to that individual’s employment.
- Once employment has ended, RED will retain the file in accordance with the requirements of the retention policy and any other associated legal requirements and then delete it on completion. The retention period is currently 7 years for financial information and 10 years for contracts.
RED Security Clearance Information
RED undertakes classified work for UK Government and as such employees and many Associates need to hold a Security Clearance. Where a Security Clearance is sponsored/held by RED additional personal information for that individual will also need to be held.
When individuals cease to be employed or Associates choose to leave RED’s Associate network then RED will either cancel the clearance or transfer it to a new sponsor. The information relating to RED having held the clearance and any supporting personal data currently has a retention period of 12 months.
11. ACCESS TO PERSONAL INFORMATION
RED will be as open as possible regarding staff and associates having access to their own personal information. Individuals can find out if RED holds any personal information by making a ‘subject access request’ under the GDPR. If information is held on the requesting individual ,RED will:
- give a description of it;
- explain why RED is holding it;
- advise who it has been disclosed to; and
- provide a copy of the information in an intelligible form.
To make a ‘subject access request’ to RED for any personal information that may be held you will need to put the request in writing emailing it to RED’s Operations Department, or writing to the address provided (on the public facing RED website). Details of the procedure are documented in 106-GDPR-08 SAR Procedure.
If agreeable, RED will try to deal with any request informally, for example by providing specific information that may be requested over the telephone.
If RED does hold personal information, a request can be made to have any mistakes corrected by, once again, contacting the Operations Department.
12. MARKETING DATA
We hold name and contact details of individuals who have expressed interest in hearing from us about our services or have engaged with us for supply of our services in the past. All direct marketing activities to such individuals shall comply with relevant privacy and regulatory requirements.
How is your personal data collected?
You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- Engage us to provide services
- Subscribe to our publications
- Request marketing material to be sent to you
- Complete one of our enquiry forms
- Provide us with feedback
Apart from receiving personal data directly from you when you engage us to provide services, we may receive personal data from our partners and associates, for example our accreditation bodies.
When and how do we share your personal data?
We may share your personal data in the following circumstances:
- Internally with staff members who require your information to provide our services and who have received training in data protection
- Our accreditation bodies where this is a requirement for delivering our services
- With our professional advisors, including our legal advisors, financial advisors, insurers, accountants, auditors or other consultants to the extent they require this information to provide their services to us
- With sub-contracts, consultants or associates who are asked by RED to deliver all or some of the services
- With courts, law enforcement authorities, regulators or government officials where it is legally required
- With third parties providing IT support and maintenance services, marketing and client support services, data storage services, and checks for credit risk reduction and other fraud and crime prevention purposes; and other financial institutions and credit reference agencies providing services to us
- Any third parties with whom you require or permit us to correspond
We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services and communications.
Transfer of personal data outside of the UK
There may be occasions where we will need to share your data with entities in third countries, such as when we are using cloud software providers or outsourced contractors which enable us to provide you with the services. We verify that any data transfer outside of EEA is subject to EU adequacy requirements, Standard Contractual Clauses or other transfer tools which comply with data protection legislation.
Automated decision making
We do not use automated decision-making in relation to your personal data.
Security of your personal information
To help protect the privacy of data and personally identifiable information you provide to us, we maintain physical, technical and organisational controls. We update and test our security technology and controls on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you.
In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
We are certified to the Cyber Essentials Plus standards which demonstrates our commitment to the security and privacy of your personal information.
Data storage and retention
Your personal data is stored by RED on the servers of the cloud-based services and IT service providers we engage, as well as in physical forms in our office and at backup and archive facilities.
We retain data as per our data retention policy and regulatory data retention requirements.
For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at info@red-scientific.co.uk
Data subject rights
We have appointed a Data Protection Officer for you to contact if you have any questions or concerns about our personal data policies or practices. If you are concerned about an alleged breach of privacy law or any other regulation by us, please contact our Data Protection Officer at who will ensure that your complaint is investigated.
You have the right to ask if RED is processing your personal data, and to have access to the personal data we may have about you.
Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent, this will not affect any processing which has already taken place.
You also have a right to request correction of inaccurate information, deletion of information in certain circumstances, and to instruct us to stop processing your information. We are obliged to honour such requests as per the regulatory requirements unless we are unable to do so for legal reasons. If you’d like more information or would like to make such a request, please contact our Data Protection Officer stated above.
13. COMPLAINTS AND QUERIES
RED maintains the highest standards when collecting and using personal information.
For this reason, RED takes any complaint received about this very seriously. RED encourages people to highlight if they think that the collection or use of personal information is unfair, misleading or inappropriate. Any suggestions are welcomed that may lead to improving procedures.
This privacy notice was drafted with accuracy, brevity and clarity in mind. It does not provide exhaustive detail of all aspects of RED’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you are not satisfied with our handling of your queries or complaints on data protection, you can contact the Information Commissioner’s Office (UK data protection authority) on 0303 123 1113 or at https://ico.org.uk/make-a-complaint/
14. CHANGES TO THIS NOTICE
RED keeps its privacy notice under regular review. This privacy notice was last updated on the date shown at the top of the page.