ARKK supports clients with regulatory and statutory reporting, using products and services that are designed to simplify the reporting process and simplifying the regulatory filings process. The specialist solutions are underpinned by a dedicated UK-based customer support team, providing excellent customer service, which goes hand in hand with our commitment to privacy and security.
2 Who Are We?
Arkk Consulting Limited (company number 06957576) known as ‘ARKK’ collect, use and are responsible for certain categories of your personal information. When we do this, we are the ‘controller’ of this information for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, including the Data Protection Act 2018.
We also will process data given to us by our clients under their instruction in the course of providing services to them. When we do this, we are a data processor, which accounts for most of our processing activity.
3 Information collected By Us
We may collect personal data about you as follows:
• Identity information such as your name and contact details (including your address, email and phone numbers);
• Information about the business you work at and your role there;
• Information about your regulatory status such as any registration details held by you or your business;
• Information about partnerships and sole practitioner firm details including registration details, address, name and your position;
• Personal information that may be included in communications with us;
• Details of goods and services that we provide to or receive from you, or that we are arranging to provide or receive from you;
• Payment information and financial information that relates to our relationship including bank details, bank account.
• Personal information given to us in relation to working at ARKK such as your CV, answers to any tests or assessments, education, training, employment history and information given in interview and meetings we may have with you.
You may also give us information that is classified as ‘special categories’ under GDPR however we do not routinely do this. We will explain this to you if we need to start processing this type of data, or if we are acting as a Data Processor then the Data Controller will explain this to you. More information about ‘special categories’ can be found here.
4 Information Collected From Other Sources
We may also collect the same categories of information from third parties such as
• Your employer or authorised individuals in a business you work for or own;
• Recruitment companies and public CV publishing companies and websites;
• Information on public record, including professional networking sites;
• Suppliers of goods or services;
• Accountants and other professional advisers;
• Our clients.
5 Cookies/Tracking Technologies
By visiting www.arkksolutions.com (our “Website”), you agree to our Website Terms and Conditions.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. For more information about Cookies please visit www.allaboutcookies.org.
5.2 Cookies We Use
Here are the types of cookies we use on our Website and what they do:
5.2.1 Strictly Necessary Cookies
These are cookies that are required for the operation of our Website.
5.2.2 Analytical Cookies
Analytical cookies allow us to monitor user behaviour on our Website. This enables us to analyse user activity and improve the structure of and content on the Website.
5.2.3 Marketing Cookies
Marketing cookies allow us to interact with you once you have left our Website – by showing you adverts for example.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Website.
6 How We Use Your Personal Information
We use your personal information for the following purposes:
• To arrange the provision of services;
• To comply with our legal responsibilities to regulatory bodies;
• To promote and market the services of ARKK;
• To manage matters relating to our payroll and employment, including our legal responsibilities as an employer and our obligations to HMRC;
• To engage with individuals who want to work at ARKK;
• To engage with partners that supply us with goods and services;
• To manage any queries or complaints you have about the services you receive;
• To train and develop our staff at ARKK;
• To monitor the quality of service we deliver to you, and ensure it meets your expectations;
• To comply with legal obligations to act in the public interest and uphold the rule of law.
7 Legal Reasons We Collect And Use Your Personal Information
We have a legal basis for all the data we process. We rely on a different legal basis depending on the data we are processing and the reason we are processing it. We rely on the following legal basis in these circumstances:
In some cases you will give us consent to use your information in a certain way. If you have given us consent to use your data in a certain way, and we have no other legal basis for doing so, we will rely on your consent. The activities where we rely on your consent are:
• Processing job applications. You can withdraw consent at any time however please be aware we will be unable to process your application if you do so.
• You always have the right to withdraw your consent at any time. If you wish to withdraw your consent then please contact us using any of the details below (‘Get in touch’).
9 Legal Obligations
We will rely on our legal obligations to process information for the following purposes:
- Complying with our responsibilities to regulators and under applicable legislation.
- Complying with our legal obligations as an employer.
- Complying with obligations to HMRC regarding records keeping of our financial activity, including information relating to transactions, billing and payments.
- Complying with obligations to HMRC regarding their requirements relating to fraud prevention.
- Defending a legal claim or upholding the rule of law.
10 Performance Of A Legal Contract
We will process information that relates to the services we are providing you with, or receiving from you, that are bound by our engagement with you (legal contract). The areas where we are processing data to enter into, or fulfil a legal contract are:
• Delivering services to you under contract and keeping you updated with changes or information relating to those services.
• When we are processing information from you to arrange a contract between us, such as when you give us your details to enter into an agreement for services with us.
• Performance of any legal contract as a supplier or customer.
11 Legitimate Interest
We may rely on a legitimate interest to process information. When we do this we will have assessed our legitimate interest to consider the rights and freedoms of the data subject.
We rely on legitimate interest to process personal information for the purposes to train our staff so that they can provide an exceptional service to all of our clients. There may be scenarios relating to their engagement with you which we review with them as part of training and development.
We rely on legitimate interests in some cases. For example, to invite you to certain events such as webinars and seminars. Our legitimate interest is to provide information to our clients and contacts that will support their use of our services, and that could be of benefit to them. We also rely on legitimate interest to send you marketing information, including offers and information about our services, if we believe they will be beneficial to you.
12 Who Will We Share Your Personal Information With?
We take client confidentiality very serious and will not share any information entered into any of our software or platforms unless required to do so by law. Other information we process we may share with:
• Professional advisers, advisers and consultants that help us to manage ARKK and achieve our objectives as a business;
• Training agencies that help us to develop our staff and services;
• Our accountants and solicitors that are engaged by us to provide services required by law, such as filing financial information with HMRC;
• We may use data processors, such as software providers, in the course of running the business including CRM providers, email communication platforms, social media platforms and help desk management systems;
• We will use 3rd party hosting providers to provision and host our software and platforms;
• Storage and archiving providers to ensure your information is protected securely and backed up.
• Any partners, suppliers or third parties we share data with will be bound by strict agreements that meet the requirements of GDPR, and will be monitored for performance with those agreements.
We do use some third-party subprocessors to the extent necessary to process some or all of your personal information. You can view the list of subprocessors we use and the applicable products / operations they relate to here - https://www.arkksolutions.com/privacy-cookies-policy/subprocessors
We will share personal information with official bodies if required by law including the ICO, the police, law enforcement and intelligence agencies.
13 Transfer of Your Information Outside The European Economic Area (EEA)
For some business activities it is necessary for us to transfer your personal information outside the EEA or to an international organisation. In the following cases we share only identity, contact information (e.g. name and email address) and usage information. At no point do we share any corporate confidential data you upload or process on our platform, without your express permission. The providers we use access the data as processors and all are bound by and adhere to GDPR requirements, such as EU – US Privacy Shield, Binding Corporate Rules or EU Standard Contractual Clauses:
1. Email distribution and tracking facilities (for marketing and product updates (including to users of the platform))
2. Billing and invoicing (for calculating your bill and raising an invoice)
3. Contract e-signing (for binding commercial contracts)
Other than the cases above we do not routinely transfer data outside of the EEA, and if we do we will notify you of the reasons, the legal basis for doing so, any relevant risk assessments that we want to make you aware of, and the safeguards in place to protect your rights and freedoms.
Clients can access our systems outside of the EEA by logging in to our portal. In these cases and when we are acting as a data processor, the means and purposes of processing (including transfer outside of the EEA) is decided entirely by our client.
14 How Long Will We Store Your Personal Data?
We will only keep your information for as long as necessary to complete the purposes we have described above. We use the following retention periods and review these periodically to make sure we are only keeping what we need (If information can be kept for two different periods, we will keep it for the longer of those two periods):
• Client Information – We will keep information about you as our client for a period of 3 years after our contract with you ends unless we have another legal basis to process that information;
• System information – Any information you enter into our platforms will be kept for a maximum of 12 months after you stop making use of our services. Depending on the service the retention periods may be shorter than 12 months as stated within the contractual agreement;
• Financial Transactions – Information about you and any financial transactions, including fees paid and payments for services, we will keep for a period of 7 years to comply with HMRC requirements to keep accurate records that can be audited;
• Contact information - Information used in marketing with your consent or to pursue a legitimate interest will be kept for 30 days once you have withdrawn your consent. Otherwise it will be retained for as long as is necessary and relevant to process personal information for the intended purposes.
15 Your Rights
Under the GDPR, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
• Transparency over how we use your personal data and fair processing of your information (which includes the right to be given the information in this policy)
• Access to your personal information and other supplementary information;
• Require us to correct any mistakes or complete missing information we hold on you;
• Require us to erase your personal information in certain circumstances;
• Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
• Object at any time to processing of your personal information for direct marketing;
• Object in certain other situations to the continued processing of your personal information;
• Restrict our processing of your personal information in certain circumstances;
• Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way;
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual's rights under the GDPR.
If you want to exercise any of these rights, please contact us (see ‘get in touch’ for contact details) and let us know who you are and what right you want to exercise. We may need to ask for additional information regarding your identity, and we may also need some information from you on specific categories of data, types of processing activities or periods of processing activities that you wish to focus your request around.
We will respond to you no later than one month from when we receive your request.
16 How To Make A Complaint
If something does go wrong or you are in anyway unhappy with how we have treated your data then please do not hesitate to contact our Data Compliance Officer, Richard Hammond (see below ‘get in touch’).
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority. The UK supervisory authority is the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.
17 Our Security
ARKK, as a software company, puts information security and confidentiality at the core of our business. We have implemented a number of measures to protect your information including:
• Training all of our staff on GDPR and information security;
• Third party security reviews including penetration testing;
• Maintenance of the ISO27001:2013 security standard;
• Policies and procedures that cover information security and data protection legislation;
• Security functions in systems such as IP locks, administration controls and logging;
• Risk management processes that identify and mitigate risks and threats to your information;
• Encrypted backups taken periodically to make sure data is always available,
• Encryption on devices that hold data and ability to remote disable company devices;
For more information regarding the security of your information, review our security statement.
18 Call Recording
There may be occasions when video calls are recorded such as during video presentation. Participants are informed of the recording taking place (via both audio and video when they join Zoom meetings) and have the option to object to the recording or leave the meeting.
We use the recorded calls to train our Sales Representatives and other relevant staff. The calls help us deliver quality services to our customers. In other instances, the recorded video call may also be provided to the participants in the call to review the presentation in the future, especially if there was useful information in the use and operation of ARKK’s products.
The call recordings may be shared with the following recipients:
- ARKK company staff.
- Third parties who help us deliver our services to you.
- Other third parties required by law.
We retain the calls for one year. This retention period will not apply to personal data involved in legal proceedings.
19 Future Processing
This privacy was published in May 2020. It is due for review no later than May 2021. We regularly review our internal security and privacy practices and may change this policy from time to time. When we do, we will inform you by updating our website and informing you in any documentation or messages we send you.
21 Get In Touch