Privacy and Security Policy
On 13th September 2020
Our privacy and security policy (“Policy”) describes how Arc Middle East LLC (“AME” or "we" or "us"), with registered office at P.O. Box 3248, Ras Al Khaimah, United Arab Emirates, in its capacity of data controller, processes internet users’ (“User” or “Users”) personal data.
AME, owner of this website (“Website”), may be required to collect, store and process Users’ personal data as they make use of the Website. This Policy deals exclusively with the processing of data collected directly from the Website.
Users’ data may be transferred to Arc Group entities, meaning any entity of any form whatsoever in which Arc Holdings (registered at the Companies House of Boulogne-sur-Mer, France, under no. 575 680 350), directly or indirectly, holds share capital and/or voting rights (“Arc Group”).
Keen to ensure the best level of protection for your personal data, Arc Group undertakes to take all measures necessary to process your personal data in accordance with the provisions of U.A.E. as regards personal data, and those of Regulation (EU) 2016/679 of 27 April 2016 on data protection, as amended from time to time.
What personal data do we collect and how?
A) AME is likely to collect and process all or some of the following personal data:
- First name(s);
- Telephone number(s);
- Email address(es);
- Billing or delivery address(es);
- Postal address;
- Purchasing and ordering information;
- Information about requests sent using the contact form;
- Electronic identification data available on or from the User's computer such as "cookies" or "IP" addresses.
AME does not process data on racial or ethnic origins, political or religious opinions, philosophical beliefs, trade union membership, genetic or lifestyle data, or on Users’ sexual orientation.
B) User’ personal data is collected when:
- User navigates around the Website;
- User creates his/her customer account on the Website;
- User registers on the Website and gives his/her consent to receive newsletters and commercial communications;
- User places an order on the Website and proceeds to its payment;
- User makes contact with us using the contact form.
- Data about children aged under 16
Our services are intended for adult Users and AME does not wish to collect or process personal data about children under 16 years of age.
If it appears that we have been sent data about a child aged under 16 either online or by telephone, we can only process the request once it has been confirmed by a person holding parental authority.
In any event, parents or persons holding parental authority can block the request made by contacting us at firstname.lastname@example.org.
Our DPO address (email@example.com) must be used to request the deletion of data collected about individuals who were minors at the time it was collected.
Why does AME collect your data, and for what purposes?
A) Processing made for the performance of AME’s contractual obligations:
Processing of personal data is necessary for the execution of the contract between User and AME. Personal data collected for the purposes of distance selling is required for the confirmation and validation of User's order as well as its tracking and shipping; without it, User's order could not be processed. This data may be transmitted to AME's service providers and/or Arc Group for the sole purpose of the proper execution of the order and in particular its payment and delivery.
In summary, the purposes of the processing carried out on the basis of the contract are as follows:
- Management of User information contained in the User account;
- Management of commercial relationship with the User (by phone or email);
- Management of User quotes / orders;
- Management of purchasing and payment operations: Banking transactions are done directly between User and AME's banking provider.
- Management of billing and delivery operations;
- After-sales service follow-up, product returns and refunds.
B) Processing made on the basis of AME's legal obligations:
AME uses User's personal data to meet its legal obligations and/or defend its interests in court, in particular for the purposes of:
- Proof of transactions or operations;
- Legal or administrative requirements incumbent on AME, need of its insurers, or for audit purposes;
- Management of requests to exercise the rights of data subjects.
C) Processing made with User’s consent :
All processing used to send marketing emails to Users is based on User’s consent. Users consequently agree to AME’s processing of their personal data by means of giving an express consent in particular when:
- Agreeing to the installation of cookies for audience measurement and improving the User’s experience on the Website;
- Agreeing to receive targeted offers by email and newsletters.
D) Processing made on the basis of AME’s legitimate interest:
AME has a business interest in processing User's data that is justified, balanced and does not tend to infringe User's privacy. Where AME's processing operations are based on its legitimate interest, User may object to such processing if its interests or fundamental freedoms are found to take precedence over AME's legitimate interests.
Such processing may be carried out from time to time for:
- Fighting against fraud during the payment of the order;
- Managing product reviews to improve our products;
- Statistical analysis for the management and improvement of our services;
- Management of client litigation for the defence of our interests in court.
A cookie is a file installed on your device’s hard drive by the Website server. This cookie, or “tracker”, is used to identify the device on which it is stored, during the consent validity period.
A cookie does not hold or record separate data. It can be read by a server using a web browser, and provides information enabling the Website to better adapt to different Users by saving data including User preferences, by detecting errors, and compiling data for statistical purposes. Information collected in this way is mainly used to track the volume, type and configuration of traffic using the Website.
AME uses two types of cookie on the Website:
- Cookies that are strictly necessary for the Website to work (functional cookies)
These are cookies essential for moving around our Website that enable User to use the Website’s main functions and keep User’s connection secure.
Some parts of the Website might not work if User does not agree to accept cookies, which is why these cookies are not optional.
Functional cookies make it possible for AME to:
- implement security measures on the Website;
- improve User navigation;
- adapt the Website to match the display preferences on the User’s device (language used, display resolution, etc.).
If functional cookies aren’t enabled on your device, it may limit your enjoyment of the Website.
Google Analytics is a service provided by Google that places cookies on your device’s hard drive. These are cookies AME can use to find out how the Website is used and how it performs, to produce statistics, and determine visitor numbers and the use made of various aspects of the Website. These cookies collect data about User behaviour on the Website by analysing URLs (where visitors come from, what banners they click on, how they were directed to the Website), and also the timing of visits. These cookies in particular enable us to:
- produce statistics about Website traffic volume (number of visits and unique visitors, pages viewed, etc.) and to compile reports and statistics on the use of various aspects of the traffic (sections and content viewed, navigation paths taken);
- improve our Website as a consequence;
- better understand the products and services you prefer, and to offer you more customised communication and/or content on our Website;
- detect any navigation issues there might be.
Deleting analytics cookies does not prevent navigation on the Website.
For more detailed information about analytics cookies, see https://support.google.com/analytics/answer/6004245
To enable cookies:
- For PCs: click on 'Help' at the top of your browser window and select the 'About' option;
- For Macs: with the browser window open, click on the Apple menu and select the 'About' option;
- If you'd like to learn more about cookies in general and how to manage them, visit aboutcookies.org (opens in a new window).
Who receives Users’ personal data?
AME undertakes not to sell Users’ personal data to partner brands for commercial purposes. Users’ personal data is for the sole use of AME.
However, to fulfil the aforementioned purposes, AME does disclose personal data, only to:
User’s personal data are only available to authorised Arc Group personnel whose duties justify access to such data, for internal audit and administration purposes, but also for ensuring that Users receive the same quality of service regardless of their country.
Service providers and subcontractors supplying services following instructions given by AME, in particular in the context of payment, delivery of the order and hosting of the Website. User’s data might be temporarily and securely sent to them, such as:
- Subcontractors assisting us in providing IT services, to maintain our database, software and related applications, where such services might have access to your data to carry out the tasks requested;
- Companies such as payment service providers;
- Subcontractors in charge of routing emails containing newsletters and marketing material;
- Subcontractors responsible for hosting the Website.
- Third parties (outside Arc Group):
- as part of a restructuring, reorganisation or transfer, in any way and in any respect whatsoever (including business disposal, dissolution, winding up, merger, etc.) involving Arc Group entities;
- as part of a request from a User concerning Arc Group product resellers and distributors. Depending on the User’s request, the User might be put into direct contact with Arc Group third party distributors and resellers to obtain information about Arc Group products and the nearest sales outlets.
- Other third parties:
- AME shares User’s personal data with other third parties only if (i) AME is obliged to do so by virtue of its legal obligations (e.g. at the request of the competent courts) or (ii) if sharing data is lawful under the applicable law.
- Certain regulated professions such as lawyers, notaries, auditors in the performance of an assignment or directly to legal or governmental authorities pursuant to legal provisions.
Protection of data transfer
AME stores all personal data on a secure server, through secured third-party hosting service from Shopify and seek to use procedures designed to protect personal data from accidental or unauthorised access, destruction, use, modification or disclosure. AME will seek to ensure that User’s personal information is kept confidential and secure in accordance with this Policy, and that the appropriate technical and organisational measures to prevent unlawful or accidental destruction, accidental loss, unauthorised disclosure or access or other unlawful forms of processing are implemented.
User personal data retention period
AME keep User’s personal data for the time strictly necessary to achieve the purposes for which data has been collected and to comply with applicable law and regulations.
Time for which we will keep User data will depend on the purposes for which we process them, as explained below:
Time for which the data are kept
A) Processing made on the basis of the performance of AME’s contractual obligations:
We will process User’s data for the time necessary to manage the purchase of the products that User buy, including potential returns, complaints or claims related to the purchase of the product or service in question.
B) Processing made on the basis of AME's legal obligations:
We will keep User’s data duly stored and protected for the time during which liability may arise for their processing, in compliance with legislation in force from time to time. Once each of the potential actions is time-barred we will proceed to delete the personal data.
We will also keep User’s data for the time requested by legal or administrative requirements incumbent on AME, as well as for any need of AME’s insurers, or for audit purposes.
C) Processing made with User’s consent :
We will process User’s data until User withdraw his consent, unsubscribe or cancel his subscription to the newsletter.
- Users’ rights
User has the following rights which may be exercised by sending us an e-mail at: firstname.lastname@example.org, simply informing AME of the reason for the request and the right that User wishes to exercise.
If we consider this necessary to be able to identify User, we may request User to provide a copy of a document evidencing his/her identity.
Notwithstanding the purpose or legal basis AME uses to process User data, User has the following rights:
The right to access data: Users are entitled to information concerning the processing of their personal data and a copy of the personal data held by Arc Group;
The right to correct data: a User who believes his/her personal data is inaccurate or incomplete can require it to be amended accordingly;
The right to erase data: Users can require their personal data to be deleted, subject always to regulatory limits;
The right to restrict processing: Users can request that the processing of their personal data is restricted;
The right to oppose processing: Users can oppose the processing of their personal data, for reasons connected to a particular situation. Users have an absolute right to oppose the processing of their personal data for marketing purposes; including profiling associated with lead prospection activities;
Right to stipulate directives relating to storage, erasure or disclosure of personal data, applicable after death;
Right to withdraw consent: Users who have agreed to the processing of their personal data have the right to withdraw that consent at any time using the unsubscribe link; doing so does not affect the legitimacy of processing carried out before consent was withdrawn.
Pursuant to the applicable regulations, Users are able to submit complaints to the competent supervisory authority concerning data protection.
Data protection officer
Users may exercise the above rights at any time by sending a request to Arc Group Data Protection Officer by email at email@example.com
Or by mail to the following address:
Arc Management & Services
Attn: The Data Protection Officer
104 avenue du Général de Gaulle
Changes to the Policy
This Policy may be amended from time to time including to reflect any changes in how AME processes and collects Users’ data on the Website. Users can keep abreast of updates to the Policy by reading it on the Website (the first page shows the date of the most recent update).