Privacy Policy

Arras Services Ltd (“Arras” or “we”) is committed to implementing measures designed to protect the privacy of those using our web site in accordance with the UK Data Protection Acts 1984 and 1998 and latterly (25th May 2018) the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

By visiting the web site you agree that Arras may make use of information that is collected as described herein. Please see our Terms of Use for more information about our on-line policies in general. Arras reviews its privacy practices from time to time, and as such they are subject to change. We ask that you bookmark and periodically review this page to ensure continuing familiarity with the most current version of our Privacy Policy. To contact Arras about privacy issues, to report a violation of our Privacy Policy or to raise any other issue, please contact us.

Arras has implemented generally accepted standards of technology and operational security in order to protect Personal Information from loss, misuse, alteration, or destruction. Only authorised Arras personnel are provided access to Personal Information, and these employees are required to treat this information as confidential. Despite these precautions, Arras cannot guarantee that unauthorised persons will not obtain access to your Personal Information.

The Information We Gather

Arras may gather two types of information from users of our web site:

  • Non-personally identifiable information: When visitors come to our web site, we collect and aggregate information indicating, among other things, which pages of the web site were visited, the order in which they were visited and which hyperlinks were “clicked.” Collecting such information involves the logging of the IP addresses, operating system and browser software used by each visitor to the Arras web site. Although such information is not personally identifiable, we can determine from an IP address a visitor’s Internet Service Provider and the geographic location of the point of connectivity.
  • Personally identifiable information (1): Arras will hold personally identifiable information when you complete and submit any form on the web site. Arras will not release or share any personally identifiable information regarding you to any third party without your prior consent.

What is the purpose and legal basis of the processing?

Arras will only collect and process personally identifiable information through this web site that is provided by the data subject. The subject will have freely provided any such personally identifiable information as part of a transaction that gives them access to a service offering from Arras. Personal information provided by you to Arras may be used for the purposes connected with relevant communications and updates regarding our products and services.

Arras do not collect and process any personally identifiable information through this web site without the data subjects knowledge.

The following lawful bases have been identified by Arras for processing data within the business as set out in Article 6 of the GDPR. At least one of these will apply whenever we process personal data:

  • Contract: the processing is necessary for the execution of a contract Arras have with the individual, or because we are taking specific steps before entering into a contract,
  • Legal obligation: the processing is necessary for Arras to comply with the law.
  • Legitimate interests: the processing is necessary for our mutual legitimate interests (unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests) and allows Arras to provide its business services.

Who will have access to the data?

  • The employees of Arras will have access to personally identifiable information which is required for them to execute their specific roles within the business.
  • Only with the individuals permission, we will share the required personally identifiable information with a third party involved in an identified process.
  • Arras will not share or disclose any personally identifiable information with any other party for any other reason other than as set out on this website without your prior consent. Except to the extent Arras are required by law.

How long will the data be kept for?

  • The general retention period for personal data is 5 years from the last recorded activity; exception being where Arras are required by law to retain the data for a longer period.
  • Arras will be required to deactivate personal data after the relevant retention period, or when they are in receipt of a data subjects request to do so, whichever is the earlier and subject to legal requirements. The data subject has the right to change their mind and request erasure at any point during the retention period.

Arras acknowledges the following rights to each Data Subject:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

Who controls my personal data?

  • The Data Controller is Arras Services Limited, a company registered in England with the Company Number 4346971
  • Contact by post at Arras House, 47 York Street, Heywood, Greater Manchester. OL10 4NN
  • Contact through the website is here contact us
  • Contact on the telephone at 01706 366444
  • Arras Services Limited is registered as a Data Controller with the Information Commissioner’s Office Certificate Number Z7170715

 

Updated February 2022