Privacy Policy

Your privacy matters.

How we collect, use, store and protect your personal information.

Version: 3.0

Effective Date: 1 June 2026

Next Scheduled Review: May 2027

RMB&Co is committed to protecting your privacy and ensuring that your personal information is handled responsibly, securely and transparently.

This Privacy Policy explains how we collect, use, store and protect personal information when you interact with us, whether through our website, client portal, email, telephone, social media or whilst receiving any of our services.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and all other applicable data protection legislation.

This policy applies to all personal information processed by RMB&Co, including information relating to website visitors, prospective clients, existing clients, supplier representatives, business partners, professional advisers and individuals involved in commercial claims or procurement activities.

Our services include, but are not limited to: Managed Procurement, Contract Management and Governance, Business Energy Procurement, Water Procurement, Waste Management, Telecommunications, Merchant Services, Hospitality Linen, Facilities Management, Payroll Services, HR Support Services, Cyber Security Services, Commercial Redress and Claims Management, and Client Portal and Account Management Services.

By using our website, engaging our services or communicating with us, you acknowledge that your personal information will be processed in accordance with this Privacy Policy.

Section 1

Who We Are

RMB&Co is the trading name of Reduce My Bills Ltd, a company providing managed procurement, commercial management and business support services throughout the United Kingdom.

For the purposes of UK GDPR, Reduce My Bills Ltd is the Data Controller where we determine the purposes and means of processing your personal information. In certain circumstances, where we process information solely on behalf of our clients, we act as a Data Processor.

Company details, including our registered office, company registration number and ICO registration details, are available upon request or via our website.

Section 2

Information We Collect

Depending on the services you receive, we may collect and process the following categories of personal information:

Identity Information

  • Name
  • Job title
  • Company name
  • Business address
  • Date of birth (where required)
  • Identification documents where legally necessary

Contact Information

  • Telephone numbers
  • Email addresses
  • Postal addresses

Financial Information

  • Billing information
  • Bank account details
  • Payment history
  • VAT information
  • Credit information where required

Contract Information

  • Supplier contracts
  • Renewal dates
  • Procurement documentation
  • Utility consumption data
  • Supplier correspondence
  • Service agreements

Technical Information

  • IP address
  • Browser type
  • Device identifiers
  • Operating system
  • Website usage statistics
  • Cookie preferences

Communications

  • Emails
  • Telephone calls
  • Meeting notes
  • Support enquiries
  • Consultation records

Claims Information

Where we provide Commercial Redress or Claims Management services, we may also collect historical supplier contracts, utility invoices, Letters of Authority, legal documentation, settlement information and supporting evidence provided by clients.

Section 3

How We Collect Information

Information may be collected:

  • Directly from you
  • Through our website
  • Via our client portal
  • During consultations
  • During procurement exercises
  • Through supplier engagement
  • From publicly available sources
  • From professional advisers acting on your behalf
  • From third-party service providers where appropriate

Section 4

How We Use Your Information

We only process personal information where there is a lawful basis for doing so. Our lawful bases include:

  • Performance of a Contract
  • Legitimate Interests
  • Legal Obligation
  • Consent (where required)

We use personal information to:

  • Deliver our services
  • Obtain quotations
  • Negotiate supplier contracts
  • Manage supplier relationships
  • Administer client accounts
  • Process invoices
  • Manage commercial claims
  • Respond to enquiries
  • Improve our services
  • Meet legal and regulatory obligations
  • Protect our legitimate business interests

We will never sell your personal information to third parties.

Section 5

Sharing Your Information

Where necessary, we may share information with carefully selected third parties including:

  • Utility suppliers
  • Waste contractors
  • Telecommunications providers
  • Merchant service providers
  • Linen providers
  • Facilities Management providers
  • Payroll providers
  • HR advisers
  • Solicitors
  • Barristers
  • Insurance providers
  • Software providers
  • Cloud hosting providers
  • CRM providers
  • Payment processors
  • Professional advisers
  • Regulatory authorities where required by law

All third parties are required to process your information securely and only for the purposes instructed.

Section 6

Cookies and Website Analytics

Our website uses cookies and similar technologies to improve your browsing experience and understand how our website is used.

These may include:

  • Essential Cookies
  • Functional Cookies
  • Analytics Cookies
  • Performance Cookies
  • Marketing Cookies (where consent has been provided)

You can manage your cookie preferences at any time using our Cookie Settings.

Section 7

Data Security

We employ appropriate technical and organisational measures to safeguard personal information. These include:

  • Secure cloud hosting
  • Multi-factor authentication
  • Encryption
  • Firewalls
  • Access controls
  • Regular security monitoring
  • Staff training
  • Secure document management

Although no online system can ever be guaranteed completely secure, we continually review our security measures to minimise risk.

Section 8

Data Retention

We only retain information for as long as necessary. Typical retention periods include:

Record TypeRetention Period
Customer Contracts7 years after contract completion
Financial Records7 years
Commercial ClaimsUp to 10 years
Call Recordings6 months unless required longer
Marketing Enquiries24 months
Website Enquiries24 months
CRM Backups35 days

Where legislation requires longer retention periods, those requirements will take precedence.

Section 9

Your Rights

Under UK GDPR you have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion where appropriate
  • Restrict processing
  • Object to processing
  • Receive a copy of your information
  • Withdraw consent where processing relies upon consent
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

We aim to respond to all requests within one calendar month.

Section 10

International Transfers

Where personal information is transferred outside the United Kingdom, we will ensure appropriate safeguards are in place to maintain the same level of protection required under UK GDPR.

Section 11

Artificial Intelligence

RMB&Co may utilise approved artificial intelligence technologies to improve operational efficiency, document preparation and service delivery.

Where AI-assisted technologies are used, appropriate human oversight remains in place and personal information is only processed using secure systems that comply with applicable data protection requirements.

Section 12

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legislation, technology or our business operations.

The latest version will always be available on our website.

Section 13

Contact Us

If you have any questions regarding this Privacy Policy or how we process your personal information, please contact:

Data Protection Officer

Reduce My Bills Ltd trading as RMB&Co.

dataprotection@rmbco.uk

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).