ARA Europe is committed to being transparent about how it collects and uses the personal data of the clients and business partners we engage with. This notice sets out the basis on which we collect, process and store the personal data of our stakeholders, in line with our obligations under the General Data Protection Regulation and any other applicable data protection laws. The privacy of our clients’ information is paramount to us, and we take a range of steps to maintain the security of that data, and to ensure that clients are fully informed about the controls we have in place, along with their rights.
Where a client engages with us through one of our subsidiaries, we may provide an additional Privacy Notice that specifically considers the types of data processing we perform through that entity. Regardless of which Privacy Notice a client is covered under, we implement consistent protections for the data we process.
Types of personal data
As part of our engagement with clients and business partners, ARA Europe may collect the following personal data:
- Name, address, contact numbers and email addresses;
- Date and place of birth;
- Marital status;
- Copies of identity documents (including passports, national ID cards, and driving licences);
- Employment details and history;
- Business interests;
- Sources of wealth (including property and other assets);
- Utility bills and bank statements;
- Tax residency particulars; and
- Bank account and payment details.
In relation to our websites, we may collect technical information from any person or system connecting to our web servers, including: source IP addresses; browser types, settings and plugins; and operating system settings and versions.
Collection of personal data
Personal data relating to clients and business partners is collected directly from them, but may be obtained through third parties, such as their employer or company. Personal data may also be obtained from unconnected third parties, including but not limited to, credit reference agencies, vetting agencies, and public and commercial registers.
Use of personal data
We primarily collect personal data in order to facilitate or fulfil a contract in which ARA Europe provides services to clients and business partners. Data will be processed as part of our legitimate interests, in order to better provide services to our clients, and to allow for the smooth operation of our company. Examples of where data could be used would be customer due diligence checks, or making payments to clients and business partners, where necessary.
Personal data may also be used for informational and marketing purposes, in which we inform prospective and existing clients about developments in the offerings of ARA Europe. This will only take place where we have obtained your consent to receive such communications, noting that your consent may be withdrawn at any time.
Furthermore, there may be occasions on which we have to use personal data to fulfil a legal obligation imposed on us.
In the case of our website, the collection of data is required for the proper functioning of the service.
Redistributing personal data
Personal data may be disclosed with any of our subsidiaries, and to any subcontractor that is involved in the delivery of our service to our clients. Where we use a subcontractor, we will have entered into a data processing agreement that stipulates the use for the personal data, while providing assurances around the security and integrity of that data.
International transfers and storage of personal data
ARA Europe does not directly transfer data outside of the European Economic Area (EEA), as part of its processing of personal and identifiable information. All data is located in physical form within the company’s offices, or on dedicated servers hosted within the United Kingdom. Where subcontractors transfer data outside of the EEA, we will consider the safeguards they have in place for the transfer and processing of that data.
Retention of personal data
Data obtained to fulfil a contract is retained for the duration of the contract. This may be extended if further processing is required in order to comply with a legal obligation or to defend a legal claim. Thereafter, personal data will be securely destroyed, in line with company policy.
In the case of direct marketing, your details will be retained for a duration that is the shorter of the time that ARA Europe offers services that it reasonably expects to be of interest to you, or until you withdraw your consent for us to communicate with you in that manner.
Data obtained through our website logging is retained for no more than 14 months.
Under data protection legislation, you have a number of rights in relation to the data that we hold about you, which may be freely exercised at a time of your choosing. You may write to us by post or by email to request us to:
- send you a copy of the data we hold about you;
- correct any incorrect data we hold about you;
- delete any data we hold about you; or
- restrict the processing of your data.
You may also object to us processing your data at any time. For the avoidance of doubt, we do not use profiling or employ automated decision making.
We will respond to you in a timely manner, confirming that your request has been carried out and supplying you with any relevant documentation, or we will notify you with a reason as to why we have not followed your request.
Should you believe that your request has not been adequately addressed by ARA Europe, you can notify the Information Commissioner’s Office within the United Kingdom, the details of which are at the foot of this notice.
Protection of personal data
ARA Europe has a range of organisational controls and technical solutions in place to protect the confidentiality, integrity and availability of data. Privacy is built into our processing activities by design. Details on the protection of data are contained within our Data Security Policy.
We also undertake regular training and awareness sessions with our personnel, to ensure they are fully versed with the company’s procedures for handling personal data.
Changes to this notice
The latest version of this notice will always be visible on our website. A paper or electronic copy may also be requested by post and/or email.
If you have any questions or concerns in relation to the processing of your personal data, you can contact our appointed data protection representative by email using the address email@example.com, or by sending us post to:
First Floor, 10 Cork Street
London W1S 3LW
We will aim to respond on the next business day. You also have the right to approach the United Kingdom’s Information Commissioner, whose office is at:
Information Commissioner’s Office
For reference, our Data Protection No is ZA835785.
When you visit the ARA Europe website, we may download cookies to assist us with the monitoring and maintenance of our site. A cookie is a small file consisting of letters and numbers that is stored by your web browser or on the hard drive of your computer, if you agree.
The cookies we download are part of Google Analytics, and allow us to improve our website by providing analysis and trends around how you interact with the site. Further information on how these cookies are used is available from: https://support.google.com/analytics/answer/6004245
Further information on cookies in general is available at: http://www.aboutcookies.org/.