Privacy Policy

Summary

Arco Orbis Limited (Arco Orbis) is the Data Controller (ICO registration number ZA430261) for personal data about our client’s.

We may amend this privacy notice from time to time. If we do so, we will supply you with and/or otherwise make available to you a copy of the amended privacy notice.

  • We keep to a minimum the information we hold about you.
  • We use your data to arrange your security services, luxury travel, global tracking, respond to your enquiries, manage our relationship with you and meet our legal obligations.
  • We delete your data when it is no longer needed for these reasons
  • We do not trade your data.
  • We do not give your information to third parties without your consent, but there are three exceptions.
  • You have lots of privacy rights
  • We do not process your data outside of the European Economic Area (EEA) unless necessary for the performance of a contract.
  • We do not use cookies on this website
  • If you call our Dubai office telephone number, you will be speaking to somebody internationally outside of the EEA.

 

Do you want more detail?

To see more about how Arco Orbis uses your personal data, read the notice or notices, which apply best to your relationship with us:

  • I am a client
  • I am a prospective client
  • I am a website visitor
  • I am applying for a job
  • Your privacy rights

 To contact Arco Orbis with a data protection query regarding the processing of your personal data, please use contact us.

This page was last updated on 25th May 2018


Privacy Notice – Client

  • We keep to a minimum the information we hold about you.
  • We use your data to arrange your security services, luxury travel, global tracking, respond to your enquiries, manage our relationship with you and meet our legal obligations.
  • We delete your data when it is no longer needed for these reasons
  • We do not trade your data.
  • We do not give your information to third parties without your consent, but there are three exceptions.
  • You have lots of privacy rights
  • We do not process your data outside of the European Economic Area (EEA) unless necessary for the performance of a contract.
  • We do not use cookies on this website
  • If you call our Dubai office telephone number, you will be speaking to somebody internationally and outside of the EEA

Information we hold about you

As our client, we will hold the following information about you:

  • Your name, identity and contact information
  • Information about your business activities
  • Information and documents about your matter or enquiries, including communications with you
  • Billing and payment information

 

Using your data

 

References to the basis of processing are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

We will collect personal data from you in relation to the provision of our services to you that are necessary, adequate and relevant to the relationship.

Providing you a service

 

We use the information we hold about you and your business — both personal and otherwise ,to give you the best service that we can.

We also use your information to bill you, and keep track of payments that you make.

 

To notify you about changes to our service

 

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you

Our collection methods are:

  • Through engagement (or potential engagement) of our services
  • Enquiries via our office, website or employees’
  • By communications, including email, telephone, post or social media
  • Networking
  • Through engagement of service providers
  • Via third parties and/or publicly available resources

 

(Processing is necessary for the performance of a contract – Basis: Article. 6(b): this is necessary to deliver the service to you.)

 

Data Security

Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis.

Unfortunately, the transmission of information via the internet is not completely secure.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site via third party networks; any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Day to day phone calls are not encrypted.

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees who have a business need to know. Those employees will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

If you have particular security requirements, please contact us to discuss how we can support you.

Your data and the EEA

 

We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, it is necessary to carry out a service you have instructed us to complete or where we are emailing a party to your matter who is based outside the EEA, or because you have chosen to use an email or other communications service which routes data outside the EEA).

 

Your privacy rights

 

You have lots of privacy rights in respect of our processing of your personal data.

You also have the right to lodge a complaint about our processing with a supervisory authority — you probably want the UK’s Information Commissioner’s Office

Third parties

 

We do not trade your personal information and as a general principle, we will not transfer your personal data to third parties without your permission.

There are three exceptions to this:

  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate.
  • We also have a small number of companies providing services to us. Telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address (but not the content of what you send us, if you encrypt it). We also use an external accountancy service but, unless you are a sole trader or a partnership, they are unlikely to see any personal data relating to you.
  • Due to the nature and complexity of services we offer, we may need to share your personal data from time to time with a specialist sub processor to assist us. (Please contact us if you wish to discuss this)

All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data.

We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.

 

Deletion and retention periods

 

  • Data about clients: duration of your relationship with us, then seven years
  • Data about specific matters: duration of the matter, then seven years
  • Enquiry data: duration of enquiry, then 7 days

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • The requirements of our business and the services provided;
  • Any statutory or legal obligations;
  • The purposes for which we originally collected the personal data;
  • The lawful grounds on which we based our processing;
  • The types of personal data we have collected;
  • The amount and categories of your personal data; and
  • Whether the purpose of the processing could reasonably be fulfilled by other means.

 

Subject Access Requests

 

We strive to be as open as we can be in terms of giving people access to their personal data. A Subject Access Request under the GDPR is your right to request a copy of the information that we hold about you.  Such requests must be in writing to the contact us details provided in this policy. If we do hold your personal data we will respond in writing without undue delay and within one calendar month of your request (where that request was submitted in accordance with this policy).

The information we supply will:

  • Confirm that your data is being processed;
  • Verify the lawfulness and the purpose of the processing;
  • Confirm the categories of personal data being processed;
  • Confirm the type of recipient to whom the personal data have been or will be disclosed, and
  • Let you have a copy of the data in an intelligible form.

Please note that you may need to provide identification in order to prove who you are to access your data.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

 

Privacy Notice – Prospective Client

 

  • We keep to a minimum the information we hold about you.
  • We use your data to arrange your security services, luxury travel, global tracking, respond to your enquiries, manage our relationship with you and meet our legal obligations.
  • We delete your data when it is no longer needed for these reasons
  • We do not trade your data.
  • We do not give your information to third parties without your consent, but there are three exceptions.
  • You have lots of privacy rights
  • We do not process your data outside of the European Economic Area (EEA) unless necessary for the performance of a contract.
  • We do not use cookies on this website
  • If you call our Dubai office telephone number, you will be speaking to somebody internationally and outside of the EEA

Information we hold about you

If you contact us we will hold the following information about you

  • Your name, identity and contact information
  • Information about your business activities
  • Information and documents about your enquiries, including communications with you

 

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

All our client-facing platforms are accessible via Tor, and you can access this site on Tor (v2 or v3). If you do not want us to see your actual IP address, feel free to visit us via Tor.

 

Using your data

 

References to the basis of processing are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

We will collect personal data from you in relation to the provision of our services to you that are necessary, adequate and relevant to the relationship.

 

Dealing with your enquiry

 

If you give call us or make contact via our website or by email, we will follow up on your enquiry and see if there is a way in which we can help you.

We keep a record of enquiries received, to help us plan our business strategy and check that we are offering what potential clients want.

If you call our Dubai office in the United Arab Emirates, your enquiry will be dealt with outside the EAA.

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you

Our collection methods are:

  • Through engagement (or potential engagement) of our services
  • Enquiries via our office, website or employees’
  • By communications, including email, telephone, post or social media
  • Networking
  • Through engagement of service providers
  • Via third parties and/or publicly available resources

(Processing is necessary for the performance of a contract – Basis: Article. 6(b): this is necessary to deliver the service to you.)

 

Data Security

 

Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis.

Unfortunately, the transmission of information via the internet is not completely secure.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site via third party networks; any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Day to day phone calls are not encrypted.

We have put in place commercially reasonable and appropriate security measures to  prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees who have a business need to know.

Those employees will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

If you have particular security requirements, please contact us to discuss how we can support you.

 

Your personal data and the EEA

 

We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, it is necessary to carry out a service you have instructed us to complete or where we are emailing a party to your matter who is based outside the EEA, or because you have chosen to use an email or other communications service which routes data outside the EEA).

 

Your privacy rights

 

You have lots of privacy rights in respect of our processing of your personal data.

You also have the right to lodge a complaint about our processing with a supervisory authority — you probably want the UK’s Information Commissioner’s Office

Third parties

 

We do not trade your personal information and as a general principle, we will not transfer your personal data to third parties without your permission.

There are three exceptions to this:

  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate.
  • We also have a small number of companies providing services to us. Telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address (but not the content of what you send us, if you encrypt it). We also use an external accountancy service but, unless you are a sole trader or a partnership, they are unlikely to see any personal data relating to you.
  • Due to the nature and complexity of services we offer, we may need to share your personal data from time to time with a specialist sub processor to assist us. (Please contact us if you wish to discuss this)

All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data.

We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.

 

Deletion and retention periods

 

  • Data about clients: duration of your relationship with us, then seven years
  • Enquiry data: duration of enquiry, then 7 days
  • Data about specific matters: duration of the matter, then seven years

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • The requirements of our business and the services provided;
  • Any statutory or legal obligations;
  • The purposes for which we originally collected the personal data;
  • The lawful grounds on which we based our processing;
  • The types of personal data we have collected;
  • The amount and categories of your personal data; and
  • Whether the purpose of the processing could reasonably be fulfilled by other means.

 

Subject Access Requests

 

We strive to be as open as we can be in terms of giving people access to their personal data. A Subject Access Request under the GDPR is your right to request a copy of the information that we hold about you.  Such requests must be in writing to the contact us details provided in this policy. If we do hold your personal data we will respond in writing without undue delay and within one calendar month of your request (where that request was submitted in accordance with this policy).

The information we supply will:

  • Confirm that your data is being processed;
  • Verify the lawfulness and the purpose of the processing;
  • Confirm the categories of personal data being processed;
  • Confirm the type of recipient to whom the personal data have been or will be disclosed, and
  • Let you have a copy of the data in an intelligible form.

Please note that you may need to provide identification in order to prove who you are to access your data.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

Website Visitor

 

  • We do not conduct any tracking or profiling on our website
  • Your IP address will be logged by our web server, it is not used to identify you and unlikely to unless you use the contact us enquiry form
  • We delete the contact us form data (enquiry/quote) after 7 days
  • We do not trade your data.

 

Cookies

We do not use cookies on our website

 

Data Security

 

Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Unfortunately, the transmission of information via the internet is not completely secure.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site via third party networks; any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Day to day phone calls are not encrypted.

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees who have a business need to know. Those employees will only process your personal data on our instructions and they are  subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

If you have particular security requirements, please contact us to discuss how we can support you

 

Privacy Notice – Applying  for a job

 

Recruitment – Consent

 

To the extent that we are processing your Curriculum Vitae (CV) based on your consent, you have the right to withdraw your consent at any time.

 

Curriculum Vitae

 

We give you the option of submitting your CV via email. You can do this either to apply for a specific advertised job or for consideration for positions as they come up.

Your CV will be stored in our database, and will be accessible by management.

  • We keep to a minimum the information we hold about you.
  • We use your CV to assess your suitability for job vacancies, respond to your enquiries and meet our legal obligations.
  • We delete your CV when it is no longer needed for these reasons
  • We do not trade your data or share with other companies.
  • You have lots of privacy rights
  • Your CV does not leave the European Economic Area (EEA) when emailed to our company
  • We will not process your personal data outside of the EAA without your explicit consent. From time to time this may be necessary for overseas deployments.

You can update your CV at any time, simply by following the same procedure to submit a new CV. Your old CV will automatically be archived providing the submission details remain the same (for example you submit both CVs using the same email address or you advise the relevant contact of your new submission).

 

Equal Opportunities

 

Arco Orbis is an equal opportunities employer and a company committed to diversity. This means that all job applicants and members of staff will receive equal treatment and that we will not discriminate on grounds of gender, marital status, race, ethnic origin, colour, nationality, national origin, disability, sexual orientation, religion or age.

 

Information we hold about you

 

If you contact us we will hold the following information about you

  • Your name, identity and contact information
  • Information about your business activities
  • Information and documents about your enquiries, including communications with you
  • The information supplied in your CV

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

All our client-facing platforms are accessible via Tor, and you can access this site on Tor (v2 or v3). If you do not want us to see your actual IP address, feel free to visit us via Tor.

 

Using your data

 

References to the basis of processing are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

 

Dealing with your CV submission

 

If you send us your CV via our website or by email, we will follow up your submission and let you know if we have any suitable vacancies. We will only keep successful applicants data.

(You the data subject have given us consent to process your personal data for one or more specific purposes ie Apply for a job – Basis Article. 6.(a): this is necessary to assess your application and suitability)

 

Data Security

 

Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis.

Unfortunately, the transmission of information via the internet is not completely secure.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site via third party networks; any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Day to day phone calls are not encrypted.

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees who have a business need to know.

Those employees will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

If you have particular security requirements, please contact us to discuss how we can support you.

 

Your personal data and the EEA

 

We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, it is necessary for the role you are performing, to carry out a service you have instructed us to complete or where we are emailing a party to your matter who is based outside the EEA, or because you have chosen to use an email or other communications service which routes data outside the EEA).

 

Your privacy rights

 

You have lots of privacy rights in respect of our processing of your personal data.

The relevant rights are:

  • Get access to your personal data and information about our processing of it
  • Right to erasure
  • Right to rectify
  • Right to restriction
  • Object to our processing for strategy planning purposes
  • If you want to exercise any of these rights, please just contact us

You also have the right to lodge a complaint about our processing with a supervisory authority — you probably want the UK’s Information Commissioner’s Office

 

Third parties

 

We do not trade your personal information and as a general principle, we will not transfer your personal data to third parties without your permission.

There are three exceptions to this:

  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate.
  • We also have a small number of companies providing services to us. Telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address (but not the content of what you send us, if you encrypt it). We also use an external accountancy service but, unless you are a sole trader or a partnership, they are unlikely to see any personal data relating to you.
  • Due to the nature and confidentiality of our services, clients under contract may ask to see CV’s of staff that have been chosen to work for them. (Please contact us if you wish to discuss this)

 

Deletion and retention periods

 

  • Data about successful applicants: duration of your relationship with us, then seven Years
  • Enquiry data: duration of enquiry, then 7 days
  • Data about unsuccessful applicants: duration of application, then 7 days
  • Data about specific matters: duration of the matter, then seven years

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • The requirements of our business and the services provided;
  • Any statutory or legal obligations;
  • The purposes for which we originally collected the personal data;
  • The lawful grounds on which we based our processing;
  • The types of personal data we have collected;
  • The amount and categories of your personal data; and
  • Whether the purpose of the processing could reasonably be fulfilled by other means.

 

Subject Access Requests

 

We strive to be as open as we can be in terms of giving people access to their personal data. A Subject Access Request under the GDPR is your right to request a copy of the information that we hold about you.  Such requests must be in writing to the contact us details provided in this policy. If we do hold your personal data we will respond in writing without undue delay and within one calendar month of your request (where that request was submitted in accordance with this policy).

The information we supply will:

  • Confirm that your data is being processed;
  • Verify the lawfulness and the purpose of the processing;
  • Confirm the categories of personal data being processed;
  • Confirm the type of recipient to whom the personal data have been or will be disclosed, and
  • Let you have a copy of the data in an intelligible form.

Please note that you may need to provide identification in order to prove who you are to access your data.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

 

Your privacy rights

 

  • The right to be informed – which is what this privacy notice is about
  • The right to access the data we hold about you
  • The right to object to direct marketing (We do not carry out direct marketing)
  • The right to object to processing carried out on the legal basis of Legitimate Interest
  • The right to erasure (exceptions may apply)
  • The right to data portability
  • The right to have your data rectified if it is inaccurate
  • The right to have your data restricted from processing

To exercise any of these rights, please contact us

 

Subject Access Requests

 

We strive to be as open as we can be in terms of giving people access to their personal data. A Subject Access Request under the GDPR is your right to request a copy of the information that we hold about you.  Such requests must be in writing to the contact us details provided in this policy. If we do hold your personal data we will respond in writing without undue delay and within one calendar month of your request (where that request was submitted in accordance with this policy).

The information we supply will:

  • Confirm that your data is being processed;
  • Verify the lawfulness and the purpose of the processing;
  • Confirm the categories of personal data being processed;
  • Confirm the type of recipient to whom the personal data have been or will be disclosed, and
  • Let you have a copy of the data in an intelligible form.

Please note that you may need to provide identification in order to prove who you are to access your data.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

Call us to find out how we can help you

+44 333 987 5152
Get in touch for more information
For more information fill out the form below and we’ll get back to you as soon as possible!
  • This field is for validation purposes and should be left unchanged.