We understand that privacy and the security of your personal information is extremely important. For this reason, this policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
We will comply with data protection law. This says that the personal information we hold about you must be:
Arkessa Limited is a technology leader in the provision of platforms, management tools and connectivity to the IoT and M2M markets.
When we say ‘we’ or ‘us’ in this policy, we’re generally referring to the separate and distinct legal entities that make up Arkessa Limited and Arkessa GmbH (“Arkessa”), although it doesdepend on the context. These include:
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We will collect, store, and use the following categories of personal information about you:
There are “Special Categories” of more sensitive personal data which require a higher levelof protection. We do not usually collect sensitive data about you unless there is a clear and valid reason for doing so and data protection laws allow us to.
We will only use your personal information when the law allows us to. The different legal bases we rely on are:
Where we rely on your consent, you have the right to withdraw such consent at any time. Where you withdraw consent, we will stop using your data for the specific purpose, unless we have an alternative legal basis to use it.
The kind of information we hold about you primarily allows us to perform our contract with you and to enable us to comply with legal obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered with you, or we may be prevented from complying with our legal obligations.
We may use your information in the following ways:
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may pass your information to our third-party service providers, suppliers, agents, sub- contractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf.
We require third-parties to respect the security of your data and to treat it in accordance with the law.
We will share your personal information with third-parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal information with our third-parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
We will not sell your information to third-parties nor will we share your information with third- parties for direct marketing purposes.
We would like to send you information about products and services of ours which may be of interest to you from time to time. If you have consented, we may do this through email, post, text message, online, social media, app notifications or by any other electronic means.
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. The information you provided will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
You have a right at any time to stop us from contacting you for marketing purposes, but we will still need to send you occasional service related messages. You can amend your marketing preference by selecting to un-subscribe from the message.
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.
In addition, we limit access to your personal information to those employees, agents, contractors and other third-parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
The length of time we retain your personal information for is determined by operational and legal considerations. For example, we are legally required to hold some types of information to fulfil our statutory and regulatory obligations e.g. 6 years for accounting purposes.
We review our retention periods on a regular basis.
You have several rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
If you want to review, verify, correct, or request erasure of your personal information, object to the processing of your personal data, or request that transfer a copy of your personal information to another party, please contact us using the details in the ‘How to contact us’section below.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if you request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
As part of the services offered to you, the information which you provide to us may be transferred to countries outside the European Economic Area (“EEA”). For example, this mayhappen if any of our or our supplier servers are from time to time located in a country outside of the EEA. You should be aware that these countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing orprocessing.
If we transfer your information outside of the EEA in this way, your personal information will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by regulators (seehttps://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en), having our third-parties and supplier’s sign-up to an independent privacy scheme approved byregulators, for example the US “Privacy Shield” scheme (see https://www.privacyshield.govor the recipient country being deemed to provide adequate protection by the European Commission (see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers- outside-eu/adequacy-protection-personal-data-non-eu-countries_en ).
Please access the above links for further information or contact us using the details in the ‘How to contact us’ section below.
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer visit, www.arkessa.com/cookies. Turning off cookies may result in a loss of functionality when using our websites.
Our websites may use website recording services. These services may record mouse clicks, mouse movements, page scrolling, and any text entered website forms. The information collected does not include any sensitive personal data.
Data collected is for Arkessa’s internal use only for improving the usability of our services and used for aggregated and statistical reporting.
If you would like to contact us to exercise one of your rights as set out above, or if you have a question or a complaint about this policy, or the way your personal information is processed by Arkessa (or third parties), please contact us via one of the following methods:
You have the right to lodge a complaint directly with the UK supervisory authority, the Information Commissioner. For further information visit www.ico.org/concerns to find out more.