Privacy Policy

This Privacy Policy sets out to external parties how we process the Personal Data of third parties. If you have any queries about this Privacy Policy, please contact us by e-mail on dpo@arqgroup.com.

 

Preamble

The ARQ Group (hereafter referred to as “ARQ”) is committed to complying with Data Privacy Laws to which it is subject, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”, the Data Protection Act), Chapter 586 of the Laws of Malta and the e-Privacy Directive 2002/58/EC and respects the privacy rights of Data Subject in respect of their Personal Data.

Within this policy the following terms: “Data Subject”, “Data Controller, “Data Processor”, “Personal Data”, “Process” and “Processing” shall have the same meaning as those contained in the (“GDPR”). ARQ will always seek to protect your Personal Data from unauthorised use or disclosure. This external Privacy Policy deals with:

  • Processing of Data of Service Users
  • Processing of Data of Website Users
  • ARQ Security Arrangements
  • Providing Personal Data to Third Parties (including use of third party websites)
  • Your Rights
  • Changes to the Privacy Policy
  • Contacting Us

 

Processing of Data of Service Users

ARQ may collect Personal Data from you as the Data Subject, as a ‘Service User’ when you enter into service agreements with us or sign letters of engagement, through your professional/legal relationship with us, while you are in contact with our staff or at any other stage in the course of business.

Before providing our professional services, we will request and retain Personal Data such as your name, address, email address, date of birth, identification documents and information in relation to your occupation. In the course of providing services to you we may also process data received through your e-mails to us which contains Personal Data (e.g. transactional details, payment instructions etc).

This data processing is generally required for the performance of a contract and/or in order for us to comply with applicable legal obligations such as customer due diligence related to anti-money laundering regulations, applicable in Malta. In view of the strict legal obligations imposed upon us, we may not be able to provide you with our professional services if you do not supply us with requested Personal Data.

We may also use the personal data you provide for marketing of similar services via newsletters and updates (with an opt out from this use of your personal data available at all times).

All e-mail messages from ARQ are sent in good faith. We cannot be held responsible for any modification that happens by any virus, or other third party after they have been sent. All messages are confidential and are intended for the recipient only. If you are not the intended recipient specifically identified as the addressee on it then you should delete the message and all its attachments and are prohibited from using, reading, disclosing to any person or otherwise acting on the information contained in it and/or its contents in any way and should also notify us as soon as possible of this fact.

 

Processing of Data of Website Users

ARQ may collect Personal Data from you as the Data Subject when you provide your Personal Data through our website as a ‘Website User’.

You may visit our website without revealing any information about yourself in which case none of your Personal Data is collected by us. However should you decide to sign up to our newsletter or complete information by completing the form at the “Contact Us” link on our site, we will collect and store the Personal Data which you provide for the purposes of administering your request and communicating with you.

Each time that we contact you by email to provide you with information and updates that might be of interest to you in relating to our professional services and developments in legislation, you are given the choice to request of us to cease similar communication by clicking the “Unsubscribe” link embedded within the email.

You may also communicate your preferences by sending an e-mail to info@arqgroup.com

Our website also uses a technology called “cookies”. A “cookie” is a piece of software, which may be sent to your computer. Cookies enable us to collect information about how our website and services are being used and to manage them more efficiently. The information gathered through cookies may include the date and time when you access our website, the website pages that you view and any download that you may make through such pages, the internet address of the website or the domain name of the computer from which you access our website, the operating system of the machine running your web browser and the type and version of your web browser. Whilst such data can in certain circumstances be considered personal data, in the normal course of business we will not have the means to and will not attempt to use this data to identify individuals.

Should you wish to reject all, or certain cookies used by our website, you may modify your Web browser preferences to do so. If, however, you reject all cookies then you might be unable to use some of the services available on our website. Moreover, you may set your browser to notify you when you receive a cookie, giving you the opportunity to choose whether or not you wish to accept it. In this regard, it is important to note that if you do so, this may materially distort the quality of service and data you receive through our website.

 

ARQ Security Arrangements

ARQ engages all reasonable efforts for the purpose of safeguarding the confidentiality of all Personal Data that it processes and regularly reviews and enhances its technical, physical and managerial procedures so as to ensure that your personal data is protected from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.

To this end we have implemented appropriate organisational and technical measures in the form of security policies, procedures and processes to safeguard the Personal Data which we process. ARQ  policies governing information technology cover areas such as access control, authentication, audit, monitoring, data storage and back up and transmission standards. ARQ staff are subject to a code of conduct which requires them to adhere to privacy principles.

All our employees and any third-party data processors who process  Personal Data on our behalf, are obliged to respect the confidentiality of our visitors’ and clients’ personal data.

Please note that the internet is not a secure medium and data sent via this medium can potentially be subject to unauthorised acts by third parties that are outside of our control. There can be no absolute guarantee in relation to the privacy or confidentiality of any information passing through our website and we shall accept no responsibility or liability whatsoever for the security of your data while in transit through the internet.

For reasons of security, for detection and prevention of crime and to identify correct recipients or to make sure mail is dealt with during staff absence, ARQ may intercept some mail and e-mail addressed to individuals within ARQ. In the case of e-mails, we may reject, delay or remove content from e-mails whose nature, content or attachments which may disrupt our systems or because they may pose security issues, possibly through viruses. We may also filter out e-mails which contain certain content on the basis that content is offensive or the e-mail is unwanted or spam. In certain circumstances this may affect unnecessarily certain e-mails containing legitimate content, but we do try and reduce such occurrences.

All e-mail messages sent from ARQ are routinely scanned for viruses and as such should be free from any virus, malicious code, script or other executable attachment. The accuracy of scanning products is not guaranteed. The recipient(s) should therefore carry out any checks that they deem to be appropriate in this respect. ARQ cannot be held responsible for loss of or damage to data or other damages, resulting from such actions out of its control, howsoever incurred.

 

Providing Personal Data to Third Parties (including use of Third Party Websites)

Without prejudice to anything contained in this Privacy Policy, it is pertinent to point out that we are obliged to disclose personal data relating to you to any third party if such disclosure is necessary inter alia for the following purposes:

  • for the purpose of preventing, detecting or suppressing fraud or any other criminal offence;
  • where it is necessary as a matter of national or public security;
  • in the interest of national budgetary, monetary or taxation matters that can arise;
  • to protect and defend our rights and property or that of users of our website;
  • to protect against abuse, misuse or unauthorised use of our website;
  • to protect the personal safety or property of users of our website (e.g. if you provide false or deceptive information about yourself or attempt to pose as someone else, we shall disclose any information we may have about you in our possession so as to assist any type of investigation into your actions);
  • for any purpose that may be necessary for the performance of any agreement you may have entered into with us; or
  • as may be allowed or required by or under any law.

Personal Data, once obtained from you, may be transmitted to third parties in those situations where any one of the exceptional instances indicated above arises.

There may be instances where we may transfer your Personal Data to other service providers, acting as Data Processors, who process data for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. Data Processors, include service providers which supply us with services globally such as information technology system providers.

Please be aware that data sent through the internet may potentially, for reasons beyond our control that are solely of a technical nature, be transmitted across international borders even where sender and receiver of information are located in the same country. Consequently, Personal Data relating to you may be transmitted via a country having a lower level of data protection than that existing in your country of residence.

The ARQ website may from time to time contain links to both local and/or international third-party websites after obtaining permission from them. Any such links are not an endorsement by us of any information in such websites or products and/or services offered through the same. We shall not accept any responsibility whatsoever for the content, use, availability, privacy practices or the content of any such websites. Please note that upon accessing such other websites, you become subject to the Privacy Policy of such other sites. No third party is permitted to link any other website to our website without obtaining our prior written consent.

We do not transfer your Personal Data to any third parties for marketing purposes.

 

Your Rights

As a Data Subjects you have certain rights at law. The core Data Subject rights within the GDPR are set out below as follows.  The right to:

  • access*
  • rectification*
  • be forgotten*
  • restriction of processing**
  • object**
  • withdraw your consent**
  • complain to the supervisory authority ***
  • data portability ****

*You have a right to request access to and/or correct personal data processed by ARQ. Please note that the right to be forgotten may be limited depending on our business interests and legal obligations. Any such request should be made in writing to Data Protection Officer using the ARQ address indicated on the homepage of the website or via email to dpo@arqgroup.com. In order to authenticate such requests so as to avoid unauthorised disclosure, we may need to verify your identity. Such requests will be handled by the DPO on a case by case basis.

** You may object to / withdraw consent from direct marketing communication at any time by pressing the unsubscribe button on marketing material. Please contact the DPO in relation to other types of requests to restrict processing.

*** ARQ is registered with Malta’s Office of the Information & Data Protection Commissioner (IDPC), located at Floor 2, Airways House, Triq Il-Kbira, Tas-Sliema SLM 1549 Malta. Complaints can be lodged at their website.

**** The right to data portability is to allow secure handover between data controllers (e.g. mobile phone providers). We do not consider this right to be relevant to ARQ’s external data subjects.

 

Changes to the Privacy Policy

This Privacy Policy may be modified at any given time, particularly where statutory obligations so require, or where the interest of our users’ security so requires. Any such changes will be posted here so that you are always kept informed of how and why we process your Personal Data.

It is therefore in your own interest to check this Privacy Policy page from time to time so as to familiarise yourself with any changes. The date when this Policy was last updated is January 2020.

 

Contacting Us

The ARQ Group’s DPO is Mr Kai Walter Kleingunther. If you have any questions about ARQ’s privacy / data protection policy, wish to make a complaint, report a breach or are seeking to exercise your statutory rights, you should contact him in writing at dpo@arqgroup.com.