Privacy Policy

Privacy Policy Rules

The following privacy policies set out how Rubus RMI Ltd (“Rubus Group”) uses and protects any personal information that you give Rubus Group.

  • Data Subject Privacy Policy

Rubus Group respects the privacy and legal rights of the individuals and organisations we deal with. A copy of our Privacy Policy is available on request to the Data Protection Officer (DPO) at data(at)

  • Postal & Email Marketing – Privacy Notice (see more detail below)

This Privacy Notice set outs details about the personal information we collect, process and hold in relation to our marketing activities.

  • Website Privacy Policy (see more detail below)

Rubus Group is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this Site, then you can be assured that it will only be used in accordance with this privacy policy.

Postal & Email Marketing – Privacy Notice

Rubus RMI Ltd (“Rubus Group”) respects the privacy and legal rights of the individuals and organisations we deal with.

Rubus RMI Ltd is a private company incorporated in England and Wales with company registration number 06689630 and registered address at 118 Pall Mall, London SW1Y 5ED and acts as the holding company for inter alia Rubus Information Services Ltd, also a private company incorporated in England and Wales with company registration number 08304631and registered address at 118 Pall Mall, London SW1Y 5ED. Rubus Information Services Ltd integrates corporate intelligence and related consultancy services to help corporate clients manage risk more effectively.

Under the General Data Protection Regulation (“GDPR”) and Data Protection Act 2018 (“DPA 2018“), we now supply data subjects with Privacy Notices. This is in order to meet new requirements about being transparent and providing accessible information to customers / individuals about how we are going to use their personal data so that they are fully informed and are aware of how they can exercise their rights under the DPA 2018/GDPR.

Privacy Notice

This Privacy Notice set outs details about the personal information we collect, process and hold in relation to our marketing activities.

What personal information do we need?
Rubus Group will only collect basic personal data about you, which does not include any special categories of personal data (often referred to as ‘sensitive personal data’) or criminal conviction data.

The personal information we may collect, process and hold include your name, job title, work address, work contact details and email address.

We will not collect, process or hold any personal data about you that we do not need for our marketing activities.

Why do we need this personal information – legal basis of processing

Marketing by email (Clients, contacts & subscribers)

We may use your information to further discuss your interest in the services and to send you information regarding Rubus Group and its group companies such as information about newsletter, events, products or services. You can withdraw your consent or opt out of receiving our marketing communications at any time. You may opt-out of receiving marketing communications and updates at any time. You can manage your receipt of marketing communications by unsubscribe details located on the bottom of Rubus Group’s emails. Additionally, you may send a request to

Of course, you have a right at any time to stop us from sending you marketing information. If you no longer wish to be contacted for marketing purposes, you can let us know by sending an email to data(at)

What do we do with the personal information?
All the personal information we hold about you will be processed by our staff in the United Kingdom. Rubus Group will not pass on your personal information to any third parties and no third parties will have access to your personal data unless there is a legal obligation for us to provide them with this. Your information may be stored on a cloud-based system whose servers are located within the European Union. We take all reasonable steps to ensure that your personal data is processed securely.

Retention period?
Any personal information we use for purposes of direct marketing by post will be kept with us until you notify us that you no longer wish to receive such marketing information.

For further information about our data retention policy and schedule, please contact

Your rights as a data subject

At any point, while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you free of charge. However, please note that we may charge a reasonable fee when your request is manifestly unfounded, excessive or repetitive.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

In the event that Rubus Group refuses your request under rights of access, we will provide you with a reason as to why, which you will have a right to legally challenge.

Rubus Group at your request can confirm what information it holds about you and how it is processed.

You can request the following information:

  • Identity and the contact details of the person or organisation that has determined how and why to process your data.
  • Contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • If the processing is based on the legitimate interests of Rubus Group or a third party, information about those interests.
  • The categories of personal data collected, stored and processed.
  • Recipient(s) or categories of recipients that the data is/will be disclosed to.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • How to lodge a complaint with the supervisory authority (ICO)
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data
  • The source of personal data if it wasn’t collected directly from you.
  • To access what personal data is held, identification will be required

Rubus Group will accept the following forms of ID when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Rubus Group is dissatisfied with the quality, further information may be sought before personal data can be released.

All requests should be made to data(at) or by phoning +44 (0) 20 7125 0278 or writing to us at The Data Protection Officer, Rubus RMI Ltd, 118 Pall Mall, London SW1Y 5ED.


If you wish to raise a complaint about how we have handled your personal data, including in relation to any of the rights outlined above, you can contact our Data Protection Officer at data(at) or by phoning +44 (0) 20 7125 0278 or by post at The Data Protection Officer, Rubus RMI Ltd, 118 Pall Mall, London SW1Y 5ED., who will investigate your concerns.

If you do not get a response within 30 days, or if you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Information Commissioner’s Office (ICO) at 0303 123 1113. You can find further information about the ICO and their complaints procedure here: // 

Website Privacy Policy

This privacy policy sets out how Rubus RMI Ltd (“Rubus Group”) uses and protects any personal information that you give Rubus Group when you use this website, (“this Site”).

Rubus Group is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this Site, then you can be assured that it will only be used in accordance with this privacy statement.

Rubus Group may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from February 2021.

What we collect?

We may collect the following personal information; your name, company name, job title, physical mailing address, your email address and phone numbers.

What we do with the information we gather?

We collect this information to understand your needs and/or provide you with our services as effectively as possible.

In particular, personal information we collect from you via this Site may be used as follows:

1. Where you submit an enquiry about our services, we may use the information submitted to respond to your enquiry. If you decide to engage us to provide services to you, your personal information will be held in accordance with our data protection policies and procedures for clients. If you do not subsequently engage us for the provision of services, we may hold your personal information for purposes of sending you promotional materials about our services, seminars and bulletins. You can at any time object to us sending you such materials by emailing data(at)
2. If you submit your personal information via the Site in relation to any job advertisement, application or enquiry, we may use the information to assess and process your application. Any information so submitted will be retained irrespective of the outcome of your application or enquiry, unless you request us not to retain your information. Should an offer of employment be made to and accepted by you, your information will be held in accordance with our data protection policies and procedures for employees.

In general, we may hold your information submitted via this Site for any purpose for which you give us express consent, or for any other purpose permitted under the Data Protection Act 2018 or GDPR.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies?

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve this Site in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

This Site may contain links to other websites of interest. However, once you have used these links to leave this Site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Disclosure of your personal information

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

Control of your personal information

You may request details of personal information which we hold about you under the Data Protection 2018. You may also request that we amend or remove the personal information we hold about you. If you would like to make such a request please write to data(at) or Rubus RMI Ltd, 118 Pall Mall, London SW1Y 5ED, United Kingdom (+44 20 7125 0278) Please note that we reserve the right to take reasonable steps to confirm your identity before making any disclosure of information held by us.

Data Protection Policy & GDPR Compliance Statement

Our Commitment

Rubus RMI Ltd (‘Rubus Group’) are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection.

We seek to maintain a robust and effective data protection program in place which complies with existing law and abides by the data protection principles.

We are serious about safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.


We are a controller of the personal data we collect, process and hold either directly from data subjects or via our clients, agents or sub-contractors. Although in certain circumstances we may only act as a processor for our clients, we have resolved to apply the higher threshold of a “joint controller” to all personal data processing activities we perform.

Our data is processed in the United Kingdom (UK), and we are registered as a Data Controller with the Information Commissioner’s Office in the UK under Registration reference: ZA016209

Description of Services – Reason for processing Personal Data

Non-Contentious Services:

• Due Diligence & Compliance and related Consultancy: Rubus Group provides overt due diligence, including pre-employment screening and vetting of individuals conducted with their written consent, corporate due diligence, and country review assignments.

• Related services include anti-fraud and regulatory due diligence designed to help clients meet compliance obligations e.g. Enhanced KYC, Fit & Proper Person Reviews, Anti-Money Laundering and Anti-Bribery including Corruption checks, Sanction Checks, Influence Reviews.

• Execution: Non-Contentious: Partnering with Rubus Law, and interfacing with a range of reputable, professional services providers (such as law firms accountancy firms, valuation agents, information technology specialists) to exploit our due diligence to inform the execution of transactions, ranging the structuring of market entry, selection of local partners, framing of the contracts that form the foundation of new business relations.

• Fraud Investigation and Litigation Iligence: We conduct fraud investigations, and may extend from the platform built by forensic data analysis into iligence driven data gathering; including but not limited to covert profiling of individuals, surveillance and asset tracing. We may support lawyers acting for our clients by gathering iligence and evidence that develops a more robust legal case.

Contentious Services

• Threat Iligence and related Consultancy: We participate in corporate Incidence Response Teams/ Crisis Response Teams to supply urgent and real-time iligence on threat events impacting our clients for the purposes of providing management teams with greater visibility of the nature of this threat, to exploit this iligence to formulate the client’s best strategic response. These threats range from threats to persons, property, business model, brands and reputations, and may originate from a variety of vectors.

• Execution: Contentious: Partnering with Rubus Law, and interfacing with a range of reputable, professional services providers (such as law firms, accountancy firms, public relations firms, valuation agents, information technology and physical security specialists) to execute the client’s best strategic response to a threat.

Our Clients:

We do not publish research data, which is typically commissioned by a client and is shared exclusively with said client and their advisors. Our clients include (without limitation) multinational companies, ultra-high net worth (UHNW) investors and entrepreneurs, family offices, law firms, and regulated financial services companies nominated advisors, immigration consultancy companies, investigation and iligence firms as well as individuals’ future and/or current employers.

We restrict our services to understanding business opportunities or resolving business pathologies, and do not act for national governments in matters of national interest or in personal disputes. Our clients typically commission our research for the purposes of prudent management of business risks, regulatory compliance, investigation of suspected crime and to make their best defence to threats to persons, property, business model, brands or reputations.

Research Scope and Methodologies viz a viz natural persons as research subjects:

  • Almost all our services have at their foundation searches carried out on individuals, whether as principals, directors (or other fiduciary role). This is because individuals ultimately control and have beneficial interest in juristic entities, and this control directs the activities of juristic entities.
  • Research methods include publicly available data (PAI), commercially available data (CAI), official and private registries and records (both digital and hardcopy archives) maintained for the purposes of investigation/due diligence, and human iligence. We do not access official and private registries and records without the written consent of research subject, where research is conducted without consent we are restricted to open source information.
  • We have proprietary analytical tools and models to extrapolate research information, and employ technologies to map and visualise relationships, geography and timeline of research information.
  • Our research scope viz a vis individuals may include verification of identity, use of aliases, consumer trace, address verification and land registry searches, verification of education, professional licences and employment history, directorships and corporate registry records, financial checks (source of wealth). Reputation enquiries may be conducted, from both industry sources and from official records criminal record checks, insolvency, civil and criminal litigation searches as well as blacklists, watch-lists and sanctions database checks). We also conduct social media and general media searches.
  • Research is not geographically constrained, and we will conduct searches internationally based on the geographic footprint of the research subject(s)

Data Subject Rights

In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our privacy notices and/or website of an individual’s right to access any personal information that we process about them and to request information about: –

  • What personal data we hold about them
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from them, information about the source
  • The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
  • The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
  • The right to lodge a complaint or seek judicial remedy and who to contact in such instancesInformation Security & Technical and Organisational Measures

We take the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures. For further information about our security policy and management framework, please contact the Data Protection Officer (DPO) at data(at)

GDPR Roles and Employees

We have appointed a Data Protection Officer (DPO) take responsibility for ensuring compliance with the new data protection regulation. If you have any questions about data protection at Rubus Group, please contact the DPO at data(at)



Scroll to Top