This document is applicable for all Arηs legal entities composing the Arηs Group (see below)
This document defines how Arηs group entities, acting as data controller, may process, in accordance with the applicable laws, including, the General Data Protection Regulation (the “GDPR“) and for the purposes defined below, information relating to identified or identifiable natural persons (called “data subjects”) collected from time to time (directly or indirectly, on a compulsory or voluntary manner, manually or otherwise) from the data subjects themselves as well as from its clients, third parties (such as potential clients, subcontractors, providers or any stakeholders involved in an engagement with Arηs Group) and/or from publicly available sources where applicable.
Why does Arηs Group process personal data?
Arηs process personal data in accordance with applicable laws and solely for the following purposes (together the “Purpose(s)”) :
- To provide professional services including:
- Analysis, Design, Development, Consultancy, Sales, Delivery, Installation, Services and Support activities related to the provision of IT solutions
- To maintain its administrative and clients/suppliers relationships management systems, including:
- Bid issuance and contract drafting;
- Clients/suppliers/alumni follow up and management;
- Invoicing and payments of invoices;
- Advertising, communication and public relations;
- Event organisation;
- Quality reviews; and
- Client ou user experience improvement and personalisation of services delivery (for example via authentification, monitoring of the performance and use of Arhs Group applications where applicable).
- To apply acceptance and continuance procedures (including anti-money laundering, anti-bribery and counter-terrorist financing);
- To facilitate compliance with its legal, regulatory, professional and/or contractual obligations (including independence and archiving requirements…);
- To maintain and protect its buildings, equipment, IT infrastructure and data (including access management and authentification, security and performance monitoring…);
- To ensure its business continuity;
- To manage risks and litigations;
- To process the data subjects’ requests; and/or
- To manage its websites.
The Purposes above are based on at least one of the following legal basis:
- The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- The processing is necessary for compliance with a legal obligation to which Arηs is subject;
- The processing is necessary for the purposes of the legitimate interests pursued by Arηs or by a third party (such as the protection of Arηs asset, the understanding of its clients’s needs and expectations or the fulfillment of the Arηs’s purpose or social interest); and/or
- The data subject has given consent to the processing for one or more specific purposes
What personal data does Arηs process?
- Depending on, and when necessary for, the Purpose(s) above, Arηs may process the following categories of personal data:
- Identification data (e.g. name, surname, alias…);
- Professional data (e.g. position, company…);
- Administrative data (e.g. proof of identity documents, birthdate, gender, language …);
- Relation data (e.g. relation history, attendance sheets…);
- Environment data (e.g. characteristics, habits, social media information…);
- Financial data (e.g. tax data, transactional data…);
- Numeric data (e.g. logs, IP address…); and
- Biometric data (e.g. picture and/or sound, video…).
Does Arηs share personal data to third parties?
Depending on the Purpose(s) above, and besides the data subjects themselves, Arηs may share the personal data to the following categories of recipients:
- Processors and sub-processors such as IT suppliers (including systems administrators, cloud services providers, hosting providers…);
- Between Arηs entities;
- Arηs external counsels, agents or auditors;
- Entities or individuals in relation with the data subjects (employers, relatives, counsels, business or potential business partners…); and/or
- Oversight bodies or public authorities.
Does Arηs transfer personal data outside the European Union?
Arηs shall not transfer any personal data outside the European Union otherwise that:
- To countries which provide an adequate level of protection for personal data as decided by the European Commission or:
- To recipients under a suitable agreement which contains the legal requirements for such transfer. Copy of the applicable safeguards may be requested to the Data Protection Officer of Arηs.
How long does Arηs keep the personal data?
The personal data will be kept in a form which permits identification of the data subjects for no longer than is necessary for each Purpose for which they have been collected, without prejudice to automatic IT back-ups and Arηs’s legal and regulatory archiving obligations.
What are your rights as data subject?
To the extent permitted by the laws, you may have the right, to:
- request access to and rectification or the erasure of your personal data or restriction of processing concerning them;
- object the processing of your personal data; as well as
- data portability.
Should the processing be exclusively based on your consent, you shall have the right to withdraw it at any time, without affecting the lawfulness of the processing based on your consent before such withdrawal.
To exercise the rights listed above, you are invited to send an email demonstrating your identity and specifying the right you want to exercise to the Data Protection Office of Arηs.
Please note that you shall also have the right to lodge a complaint with the competent supervisory authority, the lead supervisory authority competent for personal data processed by Arηs being the Commission Nationale de Protection des Données (CNPD).
For all question about privacy contact us by-email via: firstname.lastname@example.org
Updates to our Privacy Notice:
We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice, for example the purpose of why we use your personal data, the identity of the Controller or your rights.
Arηs Group composition:
- ARHS Developments Luxembourg S.A
- ARHS Developments Belgium N.V.
- ARHS Consulting S.A.
- ARHS Spikeseed S.A.
- ARHS Cube S.A.
- ARHS Technology N.V.
- ARHS Digital S.A
- ARHS Developments Hellas Information Systems SA
- ARHS Developments Italia SRL