ARC SOLUTIONS PRIVACY POLICY

This Privacy Policy (the “Privacy Policy”) is intended to clearly express the ongoing commitment of ARC Solutions to protecting privacy rights and to explain how we collect, process, distribute, store and otherwise manage personal information when engaging with clients, partners, suppliers and other relevant relations.

We collect personal information from you in the course of our business, including through your use of our website, when you contact or request information from us when you engage our consulting or other services or as a result of your relationship with our staff, business partners and clients.

For the purpose of this Privacy Policy, ARC Solutions is the responsible party tasked with determining the purpose and means of processing your personal information within the meaning of the Protection of Personal Information Act 4 of 2013 (“POPIA”) Any processing performed by ARC Solutions is made in accordance with applicable data protection laws, including but not limited to POPIA.

In this Privacy Policy, we use the following terms within the meaning of applicable data protection laws:

“personal information” carries the same meaning as in POPIA and refers to any information allowing the direct or indirect identification of an individual;

“processing” carries the same meaning as in POPIA and means any act made in relation to such personal information (e.g. collecting, storing, and disseminating data);

“data subject“, “you” and “your” refer to individuals whose personal information is being processed by ARC Solutions, or to individuals associated with you or our clients, suppliers, business partners, contacts, and any other third party about whom we collect personal information.

1. COLLECTION OF PERSONAL INFORMATION

When do we collect your personal information? We collect, store and otherwise process personal information relating to individuals having interactions with us including through your use of our website; for instance, when you engage with our consulting or administrative staff, when you provide services to us as a supplier, when you request to attend an event, when you contact or request information from us or when we exchange information or interact in any way.

How do we obtain your personal information?

We collect information from you as part of our various onboarding processes as well as information about you as necessary while providing consulting services. We also collect or receive information about you from other sources, most notably publicly available sources. Finally, we collect your personal information while monitoring our technology tools and services, including our websites and email communications sent to and from ARC Solutions.

When we indirectly receive personal information relating to third-party individuals, the persons providing us with such personal information undertake to do so in compliance with the applicable data protection laws and, in particular, to inform such third-party individuals of the processing performed by ARC Solutions and, as the case may be, to provide them with this Privacy Policy.

Update of personal information. As per the requirements of POPIA, we will endeavour to make sure the personal information in our possession or control is accurate and up to date. Data subjects providing personal information are however responsible for promptly informing us of any change to their personal information.

Refusal to provide your personal information. Data subjects maintain the right to refuse to provide us with their personal information but must be aware that not providing certain personal information (e.g. information requested in the course of our business acceptance process) may prevent ARC Solutions from efficiently engaging with, providing services to, entering into or maintaining agreement with such data subjects.

2. TYPES OF PROCESSED PERSONAL INFORMATION

We aim to be transparent about what we process and why. For further information on our processing activities, please review the relevant sections below:

2.1 Clients and individuals associated with clients:

We request that our clients provide us with personal information that is necessary for us to run our client onboarding process and perform our services. We sometimes process personal information regarding clients and individuals related to clients (e.g. their employees, managers, beneficial owners, etc.) that we received from a third party or acquired from public sources, for example, when a request is made on a client’s behalf by its representative or external advisors.

The types of personal information processed are all types included in the definition of “Personal Information” under POPIA including identification information (such as first name, family name, date and place of birth, gender, picture, copy of identity document); contact information (such as phone and fax numbers, email address, country of residence); financial information (such as identification and number of bank account, notably linked to billing); criminal records when required and in accordance with applicable laws (such as anti-money laundering laws or when preparing and defending a case); identification and background information provided by you or collected as part of our business acceptance process (such as information related to KYC); personal information provided to us by or on behalf of our clients or generated by us in the course of providing services to them, which may include special categories of information; references information (such as, as the case may be, your details, the general scope of our mission, the legal services we provide you with and/or the transactions on which we assisted you, when ARC Solutions submits applications to be referenced in leading guides of lawyers worldwide); types of services received or provided; other relevant personal details (such as nationality, citizenship, family-related information, job title, function within a company, preferred language, dietary preferences, license plate); footage from video surveillance cameras; and any other personal information related to the provision of ARC Solutions services to its clients.

In some instances, certain personal information we collect may be considered special personal information as defined in section 26 of POPIA. This includes personal information relating to religious or philosophical beliefs, race or ethnic origin, trade union membership, health or sex life, biometric information or criminal behaviour. Such personal information will only be processed in accordance with applicable laws, for the establishment, exercise or defence of rights or legal claims or whenever courts are acting in their judicial capacity or for ARC Solutions to meet any legal or regulatory obligations we may have. Moreover, this personal information will be subject to appropriate technical and organizational security measures.

2.2 Business contacts and prospects:

The personal information of business contacts and prospects that are not clients of ARC Solutions and do not provide services to us are stored by ARC Solutions in a database and processed as follows. Most personal information we process with respect to business contacts and prospects is information that is knowingly provided to us by such data subjects (such as when they provide a member of ARC Solutions with a business card or when a contact asks us to call him or her to provide some information about ARC Solutions and our services). However, in some instances, we process personal information received from a third party or accessed from public sources.

The types of personal information processed are those types included in the definition of “Personal Information” under POPIA including identification information (such as first name, family name); business contact information (such as phone and fax numbers, email address); other relevant professional details (such as nationality, preferred language, job title, function within a company); and any other personal information relating to the conduct of ARC Solutions business.

2.3 Suppliers including individual contractors:

We collect personal information from our suppliers and individuals related to our suppliers (e.g. their employees or contact persons) and from individual contractors. Most of the personal information we process with respect to suppliers is information that is knowingly provided to us by them. However, in some instances, we process personal information of individuals related to suppliers (such as when a supplier provides us with the contact details of one of its employees).

The types of personal information processed are all types included in the definition of “Personal Information” under POPIA including identification information (such as surname, family name); business contact information (such as phone and fax numbers, email address); other relevant professional details (such as job title, function within a company); and any other personal information relating to the management by ARC Solutions of its suppliers.

2.4 Users of the ARC Solutions website:

A number of features on our website invite you to provide us with personal information. Most personal information we process of users of the ARC Solutions website is information that is knowingly provided to us by such data subjects (such as when they contact us to obtain some information about ARC Solutions and our services). We also collect technical information, such as information from your visits to our website or in relation to materials and communications we send to you electronically. The collection and processing of such technical information is often made via cookies and is described in more detail in our Cookies Policy.

The types of personal information processed are all types included in the definition of “Personal Information” under POPIA including IT-related information (such as records of your correspondence including e-mail address, terms of search); identification information (such as your name); contact and details information (such as postal addresses, e-mail addresses, phone numbers, country of residence, nationality, job title, function within a company); types of services received or provided; and any other personal information related to the operation of the ARC Solutions’ website and business.

Our Privacy Policy does not apply to information collected on any third-party website that may link to or be accessible from our website.

3. LEGAL BASIS FOR THE PROCESSING OF PERSONAL INFORMATION

We will only process personal information where we have a lawful reason for doing so. The lawful basis for the processing of personal information performed by us will be, depending on the concerned processing, nature of personal information and data subjects, that:

ARC Solutions needs to take measures at your request prior to entering into a contract or for the performance of any contractual obligations towards you;
ARC Solutions needs to be able to comply with legal obligations (including those imposed by virtue of applicable commercial, tax and anti-money laundering laws) as well as any regulatory obligations and to respond to requests and comply with requirements from public authorities and professional supervisory bodies;
for the establishment, exercise or defence of legal claims or proceedings;
for the purposes of the legitimate interests pursued by us or by a third party, such as, for us:
to improve our website, including auditing and monitoring its use;
to provide and improve our services to you and to our clients, including handling the personal information of others on behalf of our clients;
to provide any information requested by you;
to promote our services, including by sending legal updates, publications and details of events;
to manage and administer our relationship with you and our clients (e.g. for billing purposes);
you have given your prior consent to the processing of your personal information for us to contact you and send you commercial communications and your consent has been obtained pursuant to applicable laws.

4.DISCLOSURE OF PERSONAL INFORMATION

To achieve the above-listed purposes, in compliance and to the extent permitted under our ethical obligations (and notably the professional secrecy requirement), we disclose personal information to the various recipients including but not limited to: commercial partners; clients, ARC Solutions’ service providers; subcontractors; third parties to which we provide services; professional advisors; purchasers or sellers of our assets and entities linked to ARC Solutions; members of as well as public organizations, administrative or legal authorities and supervisory bodies, if applicable; professional associations; and professional bodies to which ARC Solutions is subject.

You are informed that certain of the above-listed recipients may be located outside the territory of the Republic of South Africa in countries that do not offer a level of protection equivalent to the one granted in South Africa. Any personal information transfer to such recipients will, depending on the nature of the transfer, be covered by appropriate safeguards such as standard contractual clauses; or be otherwise authorised under applicable data protection laws, as the case may be, as such transfer is necessary for the performance or execution of a contract concluded in your interest between us and a third party or for the establishment, exercise or defence of legal claims or for the performance of a contract between you and us.

5. RETENTION

In line with POPIA, ARC Solutions will store your personal information only for as long as necessary for the relevant processing activity to be completed and/or for the retention period permitted or required under applicable laws.

6. YOUR RIGHTS

In relation to your personal information, you have the right to:

access the personal information held about you and receive additional information about how it is processed;
rectify or complete any inaccurate or incomplete personal information about you;
seek the deletion of your personal information when its processing is no longer necessary for the purposes you had intended; when the processing is not or no longer lawful for any reasons; when you have withdrawn your consent to the processing according to applicable laws; when the deletion is necessary to comply with applicable laws or when you object to the processing in the absence of any overriding legitimate ground for such processing;
object, on grounds relating to your particular situation, to any processing based on ARC Solutions’ legitimate interests;
receive your personal information and transmit it to another responsible party to the extent that the legitimacy of the processing lies on contractual performance and is carried out by automated means;
withdraw any consent given to the processing at any time to the extent that your consent justified such processing;
seek the restriction of the processing, for instance, when you contest the accuracy of the personal information.

We will only be able to answer favourably to any of the above requests related to the right to oppose, the right of deletion and the right of restriction if it does not interfere with or contradict a legal obligation of ARC Solutions (e.g. a legal obligation to keep the related personal information) or any other issue justifies that ARC Solutions cannot fulfil such requests. ARC Solutions undertakes to handle each request free of charge and within a reasonable timeframe.

ARC Solutions will respond to individual complaints and questions relating to privacy and will investigate and attempt to resolve all complaints.

You may also lodge a complaint with the Information Regulator:

enquiries@inforegulator.org.za – For General enquiries

POPIAComplaints@inforegulator.org.za – should you feel that your personal information has been violated, you may use this e-mail address to lodge a complaint.

PAIAComplaints@inforegulator.org.za – should your PAIA request be denied or there is no response from a public or private bodies for access to records you may use this email address to lodge a complaint.

7. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

Informational safety and autonomy is a top priority for ARC Solutions. We implement robust technical and organizational security measures, such as, depending on the equipment, password protection, physical locks, etc., to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal information to be protected.

Access to personal information is permitted to employees for the sole purpose of performing their professional duties. They are subject to a confidentiality obligation and are notably provided with training and documentation in order to improve their practical skills and knowledge on data protection issues.

8. LIMIT OF LIABILITY

We undertake to safeguard your information through a committed adherence to the Protection of Personal Information Act 4 of 2013. However, by using the Site, you acknowledge and agree that Internet transmissions are never completely private or secure. You acknowledge that any message or information you send to the Site may be read or intercepted by others, even where ARC Solutions has taken the necessary steps to implement all reasonable security measures and where there is a special notice that a particular transmission (for example, credit card information) is encrypted.

Consequently, to the maximum extent permitted by law, in no event shall ARC Solutions or any affiliated firm, or any of their respective partners, principals, agents or employees, be liable for any direct, indirect, incidental, special, exemplary, punitive, consequential or other damages (including but not limited to, liability for loss of use, data or profits), as part of any action, including but not limited to, contractual, or delictual actions, arising out of or in connection with any compromises of privacy through use of our services.

9. AMENDMENT

ARC Solutions reserves the right to change, supplement and/or amend this Privacy Policy at any time. In this event, notifications will be sent to all affected parties electronically, or by any other adequate and appropriate methods permitted under applicable law.

10. CONTACT AND EXERCISE OF YOUR RIGHTS

ARC Solutions has appointed an Information Officer in order to manage and monitor our compliance. You can contact our Information Officer for any question or for exercising your rights by email at: info-officer@www.arc-solutions.global

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.