Privacy Policy

Adaptive Reliable Management Systems Limited (“ARM”) seeks to comply with the Data Protection Act 2018, the UK GDPR and all subsequent and related legislation. We follow strict procedures in the storage and disclosure of personal information so as to prevent unauthorised access by third parties. This privacy policy sets out how ARM uses and protects any information that you disclose to us.

ARM may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy was last updated on 22nd September 2022.

How we use your information

This notice tells you what to expect when the ARM collects personal information. It applies to any information we collect about:

  • Our clients
  • Visitors to our website
  • People who use our services, e.g. who subscribe to our newsletter
  • Event attendees
  • Individuals in relation to data protection or freedom of information complaint or enquiry
  • Job applicants and our current and former employees

Why we collect your information

ARM is committed to ensuring that your privacy is protected. The information which you may provide to us, along with other information relating to you, will be held by ARM and used for the following purposes, and under specific lawful basis.

  • Where processing is necessary for the performance of a contract with you or your employer, or to take steps to enter into a contract
  • Where processing is necessary for compliance with a legal obligation (such as filing at HMRC)
  • Where it is necessary for the purposes of ARM’s legitimate business interests, except where such interests are overridden by the interests, rights or freedoms of the data subject.
  • If we process special categories of data, we do so only with the explicit consent of the data subject, unless reliance on consent is prohibited by EU or Member State law, or where processing is necessary for carrying out obligations under employment, or a collective agreement.
  • Where none of the above applies, or it’s deemed necessary, we shall only process your data with your explicit consent which has been positively and freely given.

Types of data

We may collect the following information:

  • Name, job title and company and/or information required in order carry out services as per our contract with you (or your employer)
  • Financial information (specific to the services being provided)
  • contact information, including email address
  • demographic information, such as postcode
  • other information relevant to our clients and their staff

Our Clients

Our clients’ information, data and intellectual property remains confidential and is only dealt with in the strictest of confidence and security in accordance with ARM’s standard terms and conditions, and only for the purpose of performing the services detailed in our contract.

Our client’s information shall only ever be accessed internally on a “need-to-know” basis by authorised personnel.

We retain personal information only for as long as necessary to manage our contract with our clients’ and in line with our retention schedule or as required by law. This means that information may be retained for up to 7 years. We may retain de-personalised information about organisations for as long as is necessary, but no individuals are identifiable from that data.

The legal basis for processing this data is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

Use of Third Parties

As part of our services to our Clients, we may use some third-party support or software. Before contracting with any supplier, we request detailed information on their data protection policies and processes in order to ensure that your data will be suitably protected when processed by them, and where their data is stored.

The legal basis for processing this data is both our legitimate business interests, namely the proper administration of our business, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

Microsoft 365

We use Microsoft 365 to manage all our email communications and we use sharepoint to store our electronic files and data. You can review their privacy policy here: https://www.microsoft.com/online/legal/v2/?docid=43

Xero Accounting

We use Xero for our own accounting software, as well as for many of our clients. Xero take their responsibilities under GDPR seriously. That’s why they’ve embarked on a programme to identify which measures they need to implement to be compliant with GDPR. You can read more about their privacy processes here: https://www.xero.com/uk/about/terms/privacy/ and https://www.xero.com/uk/gdpr/

Wildix

We use Wildix to manage our internal and external calls. Please note that all our calls are recorded for monitoring and quality purposes. You can review their privacy policy here: https://www.wildix.com/wildix-privacy-cookie-policy

Visitors to our website

If you browse, read pages, or download information from our website, we will gather and store certain limited information about your visit. This information collected or stored is used by us only for the purpose of improving the content of our web services and to help us understand how people are using our services.

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. ('Google'). Google Analytics uses cookies (text files placed on your computer) to help the website operators analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. If you do not wish for your data to be processed this way, please do not enter our website.

Google Analytics automatically collects and stores the following information about your visit:

  • The Internet Protocol (IP) address and domain name used. The IP address is a numerical identifier assigned either to your internet service or directly to your computer. We use the IP address to direct internet traffic to you. This address can be translated to determine the domain name of your service provider (e.g. abccompany.com, xyz-school.edu, and so on)
  • The type of browser and operating system you used
  • The date and time you visited this site
  • The web pages or services you accessed at this site; and
  • The website you visited prior to coming to this site.

The legal basis for processing this data is both our legitimate business interests, namely monitoring and improving our website and services.

Use of cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit  www.aboutcookies.org  or  www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

People who use our services

We hold the details of the people who have requested our services in order to provide them. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a publication to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.

Electronic Communications

To those who subscribe to our mailing list (including our clients), we send out regular e-newsletters, details of upcoming events, and other useful local updates and information.

We use a third-party service, MailChimp, to manage this. We may gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletters. For more information, visit www.mailchimp.com/legal/privacy/

We may process the information contained in any enquiry submitted to us regarding our services, and may use that data for the purpose of offering relevant services to you. The legal basis for this processing is consent, and taking steps, at your request, to enter into a contract

People who contact us via social media

We manage our social media interactions via Facebook and Linkedin. If you send us a private or direct message via social media the message may be stored by the social media website as per their privacy policy. It will not be shared with any other organisations. To view their privacy policies, visit: www.en-gb.facebook.com/full_data_use_policy and www.linkedin.com/legal/privacy-policy

People who email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy.  Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

People of contact us via our Website’s contact form

We use a third-party provider, Mailgun, to manage our email traffic from our website. Mailgun is an American organisation, but Mailgun participates and has certified its compliance with the EU-U.S. Privacy Shield Framework.

If you send us a direct message via the website, the message will be stored by Mailgun temporarily. It will not be shared with any other organisations or third parties.

For more information about how Mailgun processes data, please see their Privacy Policy here: https://www.mailgun.com/privacy-policy

Events

From time to time we may hold events or webinars. We use a third-party service, Eventbrite, to publish our events and to allow our clients and other interested people to register and, where applicable pay, for them. For more information about how Eventbrite processes data, visit www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB 

Security and performance

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and in completing our services to our clients.

We may process any personal data identified in this Policy where it is deemed necessary for the purposes of maintaining insurance coverage, managing risks, obtaining professional advice, or establishing, exercising or defending legal claims, we do this for the proper protection of our business. We may also process such data where processing is required in order to comply with a legal obligation in order to protect your or another person’s vital interests.

CCTV

Our office building is monitored by CCTV. CCTV will capture images in real time wherever the cameras are pointed. These cameras may capture footage of you whilst you are on the premises. Cameras have been situated both inside the entrance area and outside the building, including the car parking area.

Sirus Telecom (2nd Floor, 132 Winchester Road, Chandlers Ford, Hampshire, SO53 2DS) are the Data Controller and Data Processor for the CCTV footage captured. ARM do not have any access to the camera’s or the CCTV footage. The types of data being recorded include static and moving images of people entering and exiting the building, and in the car parking area and vehicle registration numbers. Please note, that the CCTV footage may be used as evidence regarding criminal offences or related security measures, and may be shared if required by law to do so. Sirus Telecoms may be asked to provide footage to assist the police with any criminal damage or their investigations. Or may also be asked for footage from insurance companies should there be an incident involving car accidents, property damage, or damage to cars parked on building premises.  

The use of CCTV does not deliberately set out to capture any special category personal data. However, cameras may incidentally record information which falls within these categories.

The legal basis for processing your personal data is:

  • that it is necessary to meet a legal obligation
  • that it is necessary to perform tasks in the public interest
  • that there is a legitimate interest in processing this information

The basis for processing special category personal data is:

  • there is a substantial public interest in processing this information, for the purposes of detecting and preventing crime

CCTV footage will only be processed internally by Sirus Telecoms staff who are authorised to do so and any other departments where there is a legitimate and lawful reason for their involvement, such as HR colleagues in the event of an investigation.

The CCTV data is stored on site and kept for a maximum of 1 month.

Complaints and queries

ARM tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of ARM’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

Access to personal information

ARM tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018 and subsequent legislation. If we do hold information about you, we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to the ARM for any personal information we may hold you need to put the request in writing addressing it to our Data Protection Officer at our registered office or emailing it to the address provided below.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

Your rights

You have specific rights under data protection legislation; these are:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erase
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Controlling your personal information

  • We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
  • You may request details of personal information which we hold about you under the Data Protection Act 2018.
  • If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

Job applicants, current and former ARM employees

When individuals apply to work at ARM, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with the ARM, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with ARM has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 22nd September 2022

How to contact us

If you want to request information about our privacy policy you can email us or write to:

Data Protection Officer
Adaptive Reliable Management Systems
Suite A, 1st Floor, 132 Winchester Road
Chandlers Ford
Hampshire
SO53 2DS

Or, email our data protection officer directly (with the subject as Data Protection):

dataprotection@armanagement.co.uk