Privacy Policy
Your privacy matters.
How we collect, use, store and protect your personal information.
Version: 3.0
Effective Date: 1 June 2026
Next Scheduled Review: May 2027
RMB&Co is committed to protecting your privacy and ensuring that your personal information is handled responsibly, securely and transparently.
This Privacy Policy explains how we collect, use, store and protect personal information when you interact with us, whether through our website, client portal, email, telephone, social media or whilst receiving any of our services.
We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and all other applicable data protection legislation.
This policy applies to all personal information processed by RMB&Co, including information relating to website visitors, prospective clients, existing clients, supplier representatives, business partners, professional advisers and individuals involved in commercial claims or procurement activities.
Our services include, but are not limited to: Managed Procurement, Contract Management and Governance, Business Energy Procurement, Water Procurement, Waste Management, Telecommunications, Merchant Services, Hospitality Linen, Facilities Management, Payroll Services, HR Support Services, Cyber Security Services, Commercial Redress and Claims Management, and Client Portal and Account Management Services.
By using our website, engaging our services or communicating with us, you acknowledge that your personal information will be processed in accordance with this Privacy Policy.
Section 1
Who We Are
RMB&Co is the trading name of Reduce My Bills Ltd, a company providing managed procurement, commercial management and business support services throughout the United Kingdom.
For the purposes of UK GDPR, Reduce My Bills Ltd is the Data Controller where we determine the purposes and means of processing your personal information. In certain circumstances, where we process information solely on behalf of our clients, we act as a Data Processor.
Company details, including our registered office, company registration number and ICO registration details, are available upon request or via our website.
Section 2
Information We Collect
Depending on the services you receive, we may collect and process the following categories of personal information:
Identity Information
- Name
- Job title
- Company name
- Business address
- Date of birth (where required)
- Identification documents where legally necessary
Contact Information
- Telephone numbers
- Email addresses
- Postal addresses
Financial Information
- Billing information
- Bank account details
- Payment history
- VAT information
- Credit information where required
Contract Information
- Supplier contracts
- Renewal dates
- Procurement documentation
- Utility consumption data
- Supplier correspondence
- Service agreements
Technical Information
- IP address
- Browser type
- Device identifiers
- Operating system
- Website usage statistics
- Cookie preferences
Communications
- Emails
- Telephone calls
- Meeting notes
- Support enquiries
- Consultation records
Claims Information
Where we provide Commercial Redress or Claims Management services, we may also collect historical supplier contracts, utility invoices, Letters of Authority, legal documentation, settlement information and supporting evidence provided by clients.
Section 3
How We Collect Information
Information may be collected:
- Directly from you
- Through our website
- Via our client portal
- During consultations
- During procurement exercises
- Through supplier engagement
- From publicly available sources
- From professional advisers acting on your behalf
- From third-party service providers where appropriate
Section 4
How We Use Your Information
We only process personal information where there is a lawful basis for doing so. Our lawful bases include:
- Performance of a Contract
- Legitimate Interests
- Legal Obligation
- Consent (where required)
We use personal information to:
- Deliver our services
- Obtain quotations
- Negotiate supplier contracts
- Manage supplier relationships
- Administer client accounts
- Process invoices
- Manage commercial claims
- Respond to enquiries
- Improve our services
- Meet legal and regulatory obligations
- Protect our legitimate business interests
We will never sell your personal information to third parties.
Section 5
Sharing Your Information
Where necessary, we may share information with carefully selected third parties including:
- Utility suppliers
- Waste contractors
- Telecommunications providers
- Merchant service providers
- Linen providers
- Facilities Management providers
- Payroll providers
- HR advisers
- Solicitors
- Barristers
- Insurance providers
- Software providers
- Cloud hosting providers
- CRM providers
- Payment processors
- Professional advisers
- Regulatory authorities where required by law
All third parties are required to process your information securely and only for the purposes instructed.
Section 6
Cookies and Website Analytics
Our website uses cookies and similar technologies to improve your browsing experience and understand how our website is used.
These may include:
- Essential Cookies
- Functional Cookies
- Analytics Cookies
- Performance Cookies
- Marketing Cookies (where consent has been provided)
You can manage your cookie preferences at any time using our Cookie Settings.
Section 7
Data Security
We employ appropriate technical and organisational measures to safeguard personal information. These include:
- Secure cloud hosting
- Multi-factor authentication
- Encryption
- Firewalls
- Access controls
- Regular security monitoring
- Staff training
- Secure document management
Although no online system can ever be guaranteed completely secure, we continually review our security measures to minimise risk.
Section 8
Data Retention
We only retain information for as long as necessary. Typical retention periods include:
| Record Type | Retention Period |
|---|---|
| Customer Contracts | 7 years after contract completion |
| Financial Records | 7 years |
| Commercial Claims | Up to 10 years |
| Call Recordings | 6 months unless required longer |
| Marketing Enquiries | 24 months |
| Website Enquiries | 24 months |
| CRM Backups | 35 days |
Where legislation requires longer retention periods, those requirements will take precedence.
Section 9
Your Rights
Under UK GDPR you have the right to:
- Access your personal information
- Correct inaccurate information
- Request deletion where appropriate
- Restrict processing
- Object to processing
- Receive a copy of your information
- Withdraw consent where processing relies upon consent
- Lodge a complaint with the Information Commissioner’s Office (ICO)
We aim to respond to all requests within one calendar month.
Section 10
International Transfers
Where personal information is transferred outside the United Kingdom, we will ensure appropriate safeguards are in place to maintain the same level of protection required under UK GDPR.
Section 11
Artificial Intelligence
RMB&Co may utilise approved artificial intelligence technologies to improve operational efficiency, document preparation and service delivery.
Where AI-assisted technologies are used, appropriate human oversight remains in place and personal information is only processed using secure systems that comply with applicable data protection requirements.
Section 12
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legislation, technology or our business operations.
The latest version will always be available on our website.
Section 13
Contact Us
If you have any questions regarding this Privacy Policy or how we process your personal information, please contact:
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
