Privacy Policy

The Red Arrow (Southampton) Group Limited (RAG) is an outsource services provider comprised of Red Arrow Fulfilment Limited, Red Arrow Software Limited, Impact Call Centre Limited, Yellow Bird Direct Limited and 1010 Direct Limited. The privacy of prospective customers and existing clients is important to us and this privacy statement explains what personal data RAG collects and how we use that data.


Data Controller RAG is the data controller.
The point of contact for privacy is [email protected]
RAG may collect and hold information about a prospective, current or former client. The terms shall also include any individual agent, employee or representative of our clients where RAG has obtained his or her Personal Data from such person as part of its business relationship with our clients.
RAG may also collect and hold information about those applying for jobs within the group.
We are registered with the ICO, and we are responsible for protecting this information in accordance with this policy.
Data Subject The data subjects are the individuals whose personal information we deal with such as clients, their employees, prospective clients and those applying for jobs within our organisation.
We also collect customer information on behalf of our clients.
Personal Data Personal information means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, from the information.
Sensitive Data Sensitive information such as medical records, race, religion, sexuality, political or trade union membership is a special category of data that requires sensitive handling.
Third Party Means any individual or entity that is neither RAG, nor an employee, agent, contractor or representative.
Data Processing

Processing means any action performed on personal information, which includes collection, recording, organising, storing, sharing and transmitting. This includes electronic and paper documents containing personal information.

The Red Arrow (Southampton) Group Ltd must comply with the Data Protection Act (DPA) 2018 and the EU General Data Protection Regulation (GDPR).

RAG collects data to operate effectively and provide on-going contractual support to our clients.   We also collect data in order to communicate with prospective employees.   We will only collect the minimum personal information needed to complete a task and will not collect information just in case.   The data we collect can include the following:-

  • Email address
  • Name
  • Home or work address
  • Mobile or landline telephone number
  • Billing information for clients

Information on client computer hardware and software may also be collected and stored.   This information can include an IP address, browser type, domain names, access times and website address.   This information is used by RAG for the operation of our service and to maintain the quality of our service.
We also collect business contact information of our clients and potential clients.

We only process our clients’ customer information in accordance with their written instructions to fulfil the contract between ourselves and the client.
When we market to business customers we do this as a legitimate business interest of growing and maintaining our client base. We will always offer our clients the right to opt-out of further communications. Where a business customer opts-out we will record this and ensure we do not market to that customer again.
When we communicate with prospective employees we do this as a legitimate business interest of increasing our staff numbers.   We will always offer individuals the right to opt-out of further communications and should the individual choose not to be contacted by RAG again, we will record this and ensure we do not communicate with that individual again.
We will not send marketing material to an individual’s personal email address or home address without their consent.
Sensitive Data will not be used without express consent.

The website secures your Personal Data from unauthorised access, use or disclosure. All Personal Data is stored on computers in a controlled, secure environment, protected from unauthorised access, use or disclosure. The storage of electronic data is fully documented in our Information Security Management System (ISMS).

We may use any of the following cookies:

  • Analytical or performance cookies: they allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it.   This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies: These are used to recognise when you return to the website.   This enables us to personalise our content for you.
  • Targeting cookies: These cookies record your visit to the website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed more relevant to your interests.

The Red Arrow (Southampton) Group Limited does not sell, rent or lease client lists to third parties.
We may, from time to time, share your data with contractors who perform tasks required to complete a service.   All such contractors are required to maintain the confidentiality of your information by agreeing to provide adequate protections for Personal Data.
We may disclose your Personal Data to Third Parties in the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets.
Some data may be transferred to or accessed from outside the EEA as instructed by our clients and in accordance with our contract. All transfers and connections will employ the security protocols meeting the standards required by the Payment Card Industry Security Standards Council (PCI SCC) through its prevailing version of its data security standard (PCI DSS).

Clients and individuals have the right to access information held about them to ensure that such Personal Data is accurate and relevant for the business purposes for which it was collected.
To understand what personal information we hold you will need to place a Subject Access Request via [email protected]   We have 28 days in which to provide the information you request.

RAG adheres to applicable data protections laws in the European Economic Area and only stores data within the EU area.
Personal Data is only stored and processed within the European Economic Area.

RAG retains personal data for as long as necessary to provide the support requested in our contracts.   Because these needs can vary for different clients and prospects, actual retention periods can vary significantly.   However, our retention periods will follow statutory guidelines of:

Prospective employee – job application 6 months after unsuccessful job application
Client Financial transaction records 6 years after account is closed
Client Contracts 6 years after account is closed
Client Letters 6 years after account is closed
Client Complaints 6 years after account is closed
Client Enquiries 3 years after account is closed
Client Investigations 10 years after account is closed

We will report all serious data breaches to the ICO within 72 hours which result in the loss, release or corruption of Personal Data.
The definition of a serious breach is where Red Arrow (Southampton) Group’s data security has been compromised resulting in the loss or disclosure of a client’s Personal or Sensitive Data which could prove detrimental to the individual’s financial, physical or emotional well-being. Detrimental effect would include information leading to;

  • Identify theft
  • Financial hardship
  • Insurance exclusion
  • Volume affected – 10 individuals

A non-reportable breach will be the compromise of Red Arrow (Southampton) Group’s data security resulting in the loss or disclosure of staff members’ Personal Data where there is no particular sensitivity and would not result in an individual being adversely affected.

You have the right to ask us not to process your Personal Data for marketing purposes. We will usually inform you, before collecting your data, if we intend to use your data for such purposes. You can exercise your right to prevent such processing by ticking certain boxes on the forms we use to collect your data. Furthermore:

  • If the processing of personal data is based on your consent, you have a right to withdraw consent at any time for future processing;
  • You have a right to request from us, a “data controller” as defined in the law, access to and rectification of your personal data;
  • You have a right to object to the processing of your personal data
  • You have a right to lodge a complaint with a data protection authority which is the Information Commissioner’s Office (ICO)

You can also exercise your right at any time by contacting us at the email address of [email protected]

We will update this privacy statement when necessary to reflect prospect and client feedback as well as regulatory changes.   Individuals should visit this website from time to time to review the latest version.

Registered company
Impact Call Centre Ltd
Registered Office:
Impact House Unit 7
Romsey Industrial Estate
Greatbridge Road, Romsey
Hampshire, SO51 0HR
Registered in England no: 08447477