Privacy Policy

Privacy Policy Information

Effective Date: 03 June 2025

Data Controller: ARVOSE Ltd, Registered in England and Wales

Introduction

ARVOSE is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any applicable financial regulations.

What Data We Collect

We collect and process the following types of personal data:

  • Identity data (e.g. name, job title, company details)

  • Contact data (e.g. email address, phone number)

  • Technical data (e.g. IP address, browser type, device ID)

  • Usage data (e.g. interactions with our portal, support logs)

  • Financial data (e.g. payment details, transaction records)

  • Authentication data (e.g. login credentials, API keys)

We may also collect sensitive data where strictly necessary and with your explicit consent.

How We Use Your Data

Your data is used to:

  • Provide access to our services (portal, CRM, APIs)

  • Process payments and manage billing

  • Fulfil legal and regulatory obligations

  • Respond to support requests and technical issues

  • Improve service functionality and security

  • Communicate service updates or legal notices

We do not sell or share your data with third parties for marketing purposes.

Legal Basis for Processing

We process your data based on:

  • Contractual necessity – to deliver services as agreed

  • Legal obligation – to meet regulatory and compliance duties

  • Legitimate interests – to maintain and improve our services

  • Consent – where explicitly required (e.g. cookies or sensitive data)

Data Sharing and Third Parties

We only share your data with:

  • Sub-processors required to deliver our services (e.g. payment gateways, Salesforce)

  • Regulators, law enforcement, or courts when legally obligated

  • IT and infrastructure providers under strict contractual terms

We ensure all third parties adhere to security and data protection obligations.

In certain cases, ARVOSE acts as a data processor on behalf of clients. In these instances, we process personal data strictly under our clients’ written instructions and in accordance with applicable Data Processing Agreements (DPAs).

International Transfers

Where data is transferred outside the UK, we ensure it is protected by:

  • Adequacy decisions by the UK government

  • Standard Contractual Clauses (SCCs) or equivalent safeguards

Data Retention

We retain personal data only as long as necessary for:

  • The purposes outlined in this policy

  • Regulatory or legal obligations

  • Contractual enforcement or dispute resolution

Data may be anonymised or securely deleted once no longer needed.

We regularly review data stored in our systems to ensure it is not kept longer than necessary.

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Correct or update inaccurate data

  • Request deletion of your data

  • Object to or restrict processing

  • Request data portability

  • Withdraw consent where processing is based on it

Requests can be submitted to [email protected]. We will respond within one month.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

Data Security

We employ strong technical and organisational measures, including:

  • End-to-end encryption (in transit and at rest)

  • Role-based access controls

  • Multi-factor authentication

  • Continuous monitoring and logging

We are committed to maintaining PCI DSS and ISO 27001-aligned practices.

In the event of a data breach involving personal data, ARVOSE will:

  • Assess the scope and impact of the breach

  • Notify the Information Commissioner’s Office (ICO) within 72 hours if legally required

  • Notify affected individuals without undue delay where there is a high risk to their rights and freedoms

  • Take immediate steps to mitigate the impact and prevent recurrence

Automated Decisions & Profiling

We do not currently make decisions based solely on automated processing. If this changes, you will be notified and provided with the right to object.

Cookies

Our website and portal may use cookies for:

  • Session management and authentication

  • Analytics and usage tracking (only with consent)

You can manage cookie preferences through your browser or our cookie consent banner.

Changes to This Policy

We may update this policy from time to time. Updates will be published on our website with a revised effective date.

Contact

If you have questions regarding these terms, please contact:

ARVOSE Ltd
Email: [email protected]
Website: https://www.arvose.com

For data protection queries, you may also contact our Data Protection Officer (DPO) at [email protected].