ARM may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy was last updated on 1st January 2019.
This notice tells you what to expect when the ARM collects personal information. It applies to any information we collect about:
ARM is committed to ensuring that your privacy is protected. The information which you may provide to us, along with other information relating to you, will be held by ARM and used for the following purposes, and under specific lawful basis.
We may collect the following information:
Our clients’ information, data and intellectual property remains confidential and is only dealt with in the strictest of confidence and security in accordance with ARM’s standard terms and conditions, and only for the purpose of performing the services detailed in our contract.
Our client’s information shall only ever be accessed internally on a “need-to-know” basis by authorised personnel.
We retain personal information only for as long as necessary to manage our contract with our clients’ and in line with our retention schedule or as required by law. This means that information may be retained for up to 7 years. We may retain de-personalised information about organisations for as long as is necessary, but no individuals are identifiable from that data.
The legal basis for processing this data is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
As part of our services to our Clients, we may use some third-party support or software. Before contracting with any supplier, we request detailed information on their data protection policies and processes in order to ensure that your data will be suitably protected when processed by them, and where their data is stored.
The legal basis for processing this data is both our legitimate business interests, namely the proper administration of our business, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We use Xero for our own accounting software, as well as for many of our clients. Xero take their responsibilities under GDPR seriously. That’s why they’ve embarked on a programme to identify which measures they need to implement to be compliant with GDPR. You can read more about their privacy processes here: https://www.xero.com/uk/about/terms/privacy/ and https://www.xero.com/uk/gdpr/
If you browse, read pages, or download information from our website, we will gather and store certain limited information about your visit. This information collected or stored is used by us only for the purpose of improving the content of our web services and to help us understand how people are using our services.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. If you do not wish for your data to be processed this way, please do not enter our website.
Google Analytics automatically collects and stores the following information about your visit:
The legal basis for processing this data is both our legitimate business interests, namely monitoring and improving our website and services.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
We hold the details of the people who have requested our services in order to provide them. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a publication to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.
To those who subscribe to our mailing list (including our clients), we send out regular e-newsletters, details of upcoming events, and other useful local updates and information.
We use a third-party service, MailChimp, to manage this. We may gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletters. For more information, visit www.mailchimp.com/legal/privacy/
We may process the information contained in any enquiry submitted to us regarding our services, and may use that data for the purpose of offering relevant services to you. The legal basis for this processing is consent, and taking steps, at your request, to enter into a contract
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
We use a third-party provider, Mailgun, to manage our email traffic from our website. Mailgun is an American organisation, but Mailgun participates and has certified its compliance with the EU-U.S. Privacy Shield Framework.
If you send us a direct message via the website, the message will be stored by Mailgun temporarily. It will not be shared with any other organisations or third parties.
From time to time we may hold events or webinars. We use a third-party service, Eventbrite, to publish our events and to allow our clients and other interested people to register and, where applicable pay, for them. For more information about how Eventbrite processes data, visit www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and in completing our services to our clients.
We may process any personal data identified in this Policy where it is deemed necessary for the purposes of maintaining insurance coverage, managing risks, obtaining professional advice, or establishing, exercising or defending legal claims, we do this for the proper protection of our business. We may also process such data where processing is required in order to comply with a legal obligation in order to protect your or another person’s vital interests.
ARM tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
ARM tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018 and subsequent legislation. If we do hold information about you, we will:
To make a request to the ARM for any personal information we may hold you need to put the request in writing addressing it to our Data Protection Officer at our registered office or emailing it to the address provided below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
You have specific rights under data protection legislation; these are:
When individuals apply to work at ARM, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with the ARM, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with ARM has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Data Protection Officer
Adaptive Reliable Management
2nd Floor, 19 The Hundred
Or, email our data protection officer directly (with the subject as Data Protection):