Our Products
PERSONAL DATA PROTECTION POLICY
(PRIVACY NOTICE)
Introduction
This Personal Data Protection Policy (hereinafter referred to as the “POLICY”) sets out the policy which is intended to describe the procedure and conditions for processing information relating to a natural person, which allows or may allow for direct or indirect identification of a person’s identity (hereinafter referred to as the “Personal Data”) (i) received from individuals in connection with the activities of this https://ArctX-solution.com/ (hereinafter referred to as the “Website”) created, owned and used by ArctX Solution LLC (hereinafter referred to as the “ArctX Solution”) or its affiliates, and/or (ii) provided to ArctX Solution on contractual or other basis (including but not limited to by the virtue of employment relationship).
The POLICY is based on principles such as: respect for individuals’ basic rights; lawfulness, fairness and transparency; data minimization; ensuring adequate level of protection; accuracy; storage limitation; integrity and confidentiality.
Under this POLICY “Personal Data” or “data” is defined as any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly.
Under this POLICY “processing” covers any operation or group of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Your Personal Data is collected, inputted, storage, used, altered, restored, transferred, rectificated, blocked and / or destructed in accordance with the applicable legislation and with your consent.
Unless otherwise it is necessary for the employment purposes, ArctX Solution does not aim to collect, or process biometric; special category; publicly available data; and/or data on personal life (“Sensitive Personal Data”) like information on your:
- Racial and / or ethnic origin;
- Political view;
- Religious or philosophical beliefs;
- Trade union membership;
- Physical and / or mental health and / or condition(s);
- Genetic data, and biometric data where;
- Sex life and / or sexual orientation;
- Personal and / or family life;
- Physical, physiological, mental and / or social condition(s).
Data We Process
For the purposes of this Policy only the Personal Data and Sensitive Personal Data (in cases when due and appropriate) you provide is used. That information must be complete, accurate, kept up to date. Thus, ArctX Solution is not responsible for the integrity of the data seen in your personal account.
Under the Policy and within the activities carried out hereunder, ArctX Solution processes the following Personal Data;
- Name and Surname,
- Phone/Telephone Number,
- Email and Residency (Registration) Address,
- Passport Details, ID number,
- Bank Account Number,
- Social Security Number (SSN).
Grounds for Data Processing
Your Personal Data can be processed following consent by you. The declaration of consent must be obtained in writing or electronically for the purposes of documentation. In some circumstances, such as telephone conversations, consent can be given verbally. The granting of consent must be documented.
Personal Data can be processed to register you in the Website and ensure error free and uninterrupted access thereto, and, if it is necessary, to protect legitimate interests of ArctX Solution. Personal Data may not be processed for the purposes of a legitimate interest if, in individual cases, there is evidence that the interests of the data subject merit protection, and that this takes precedence.
The data being processed on the basis of consent will be stored for the period objectively necessary for implementing the purposes of processing data or for the period prescribed by the consent.
You have the following main rights:
1. RIGHT TO BE INFORMED
You shall have the right to information on your Personal Data, processing of data, grounds and purposes for processing, processor of data, the registered office thereof, as well as the scope of persons to whom your Personal Data may be transferred, including on:
- Confirming the fact of processing Personal Data and on the purpose of the processing,
- Ways of processing Personal Data,
- Subjects to whom Personal Data have been provided or may be provided,
- List of Personal Data being processed and the source from which it has been obtained,
- Time limits for processing Personal Data,
- Potential legal consequences for the data subject due to processing Personal Data.
2. RIGHT OF ACCESS
You shall have the right to access your Personal Data and supplementary information. The right of access allows you to be aware of and verify the lawfulness of the processing.
For email subject access valid requests should be addressed to [email protected]. For this issue the information should be provided in a commonly used electronic format validated by an electronic signature. Postal requests should be sent to: area 5, 4/5 Amiryan st. Yerevan, Republic of Armenia.
To get an official respond your valid request will have the following requisites: a description in writing of the Personal Data you wish to receive, including the relevant dates, a copy of identification material such as a passport, and if you are an authorized person a document confirming your appropriate right to receive that particular information
Information must be provided within five working days upon receipt of the written request. A copy of the information will be provided free of charge and in an accessible manner. However, ArctX Solution may charge a ‘reasonable fee’ based on the administrative cost of providing the information, or refuse to respond when a request is manifestly unfounded with a written reasoned decision by making a reference to the provisions of the applicable law which served as a ground for delivering a decision.
3. RIGHTS TO RECTIFICATION AND TO BE FORGOTTEN
You shall have the right to require from the processor to rectify, block or destruct your Personal Data, where the Personal Data are not complete or accurate or are outdated or have been obtained unlawfully or are not necessary for achieving the purposes of the processing.
You shall have the right to require from the processor to erase your Personal Data (“right to be forgotten”) and to prevent processing in specific circumstances:
- Where the Personal Data is no longer necessary in relation to the purpose for which it was originally collected and / or processed,
- When the purpose of the processing of Personal Data is achieved,
- When you withdraw your consent,
- When there is no overriding legitimate interest for continuing the processing.
In case of doubts with regard to the rectification, blocking or destruction of Personal Data by ArctX Solution, you shall have the right to apply to the authorised body to make clear the fact of your Personal Data being rectified, blocked or destructed and by the request to be provided with information.
In such circumstances we will be obliged to immediately or, where there is no such an opportunity, within three working days, carry out necessary operations for completing, updating, rectifying, blocking or destructing tour Personal Data.
4. RIGHTS TO DECLINE
You shall have the right to withdraw your valid consent when you consider that:
- Your Personal Data is carried out in violation of the requirements of the applicable law,
- Processing of your Personal Data violates your basic rights and freedoms,
- Amendments of our Website are not acceptable for you.
You should withdraw your valid consent in writing, validated by signature, or electronically, validated by electronic digital signature. In case we accept your withdrawal, you will be informed on the destruction of Personal Data within three working days upon destruction.
5. RIGHT TO APPEAL ACTIONS OR INACTION OF PROCESSOR
Where you consider that the processing of your Personal Data is carried out in violation of the requirements of the applicable legislation or otherwise violates your rights and freedoms, you shall have the right to appeal our actions or inaction before an authorised state body for the protection of Personal Data or through judicial procedure.
If the authorised or judicial body considers the grounds for rejecting the provision, rectification, blocking or destruction of Personal Data unjustified, we will be obliged to immediately provide, rectify, block or destruct your Personal Data.
Our Obligations
Our principal obligations under the applicable legislation include:
- Respect individuals’ rights,
- Process Personal Data lawfully, fairly and in a transparent manner in relation to you
- Collect Personal Data for specified, explicit and legitimate purposes and not further process in a manner that is incompatible with those purposes,
- Ensure that Personal Data are adequate, relevant, limited and kept in a form which permits your identification for no longer than is necessary in relation to the purposes for which they are processed,
- Take every reasonable step to ensure that Personal Data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay,
- Terminate the processing of your Personal Data in case of valid withdrawal of your consent and destruct it,
- Ensure that your Personal Data are processed in a manner that provides appropriate security of the Personal Data, including protection against unauthorised and / or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and / or organisational measures,
- Ensure that processors of your Personal Data maintain confidentiality both in the course of performing official and / or employment duties concerning the processing of Personal Data and after completing thereof,
- Immediately inform you on your Personal Data breaches,
- Respond appropriately when you seek to exercise your statutory rights of access, correction and / or objection,
- Do not transfer your Personal Data to the third parties without your prior written consent, except for the cases provided by the applicable law.
Transfer of Your Personal Data to the Third Parties
ArctX Solution may use trusted third parties, who, including but not limited to assist us in operating our Website, conducting our business, or servicing our customers, so long as those parties agree to keep the information on your Personal Data confidential. We may also disclose such information when we believe disclosure is appropriate to comply with the applicable legislation, enforce our policies, or protect ours or others’ rights and freedoms, property, and/or safety.
In some ArctX Solution can transfer your Personal Data to the third countries which ensure an adequate level of protection and provide for such safeguards with regard to the preservation of that information with your valid consent.
We may transfer Personal Data to the certain scope of persons without your valid consent, where the transfer of data stems from the purposes of processing Personal Data and/or is necessary for the implementation of these purposes or it is provided for by the applicable legislation and has an adequate level of protection.
Personal Data Breaches
A Personal Data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your Personal Data transmitted, stored or otherwise processed.
Your Personal Data breach is a security incident and can concern a breach of confidentiality, integrity or availability of Personal Data, as well as any combination of these.
- Breach of confidentiality: this occurs when unauthorised parties, or parties who have no lawful reason to access the information, do so. The severity of the loss of confidentiality varies according to the extent of the disclosure. That is, the potential number and type of parties who could have unlawfully accessed the information.
- Breach of integrity: occurs when the original information is altered and the amended data could be prejudicial for the individual. The most serious scenario is when there is a serious possibility that the altered data have been used in a manner that could harm the individual.
- Breach of availability: the consequence of this is that the original data cannot be accessed when necessary. This could be temporary (the data are recoverable but it will take time, which could be prejudicial to the individual), or permanent (the data cannot be recovered).
In the case of a Personal Data breach, ArctX Solution shall without undue delay and, where feasible, not later than within three working days after having become aware of it, notify you on the Personal Data breach via e-mail or phone call and with your valid consent[1] take the following steps:
- Block Personal Data,
- Eliminate the consequences of Personal Data breach,
- Check the integrity of all Personal Data,
- Provide specific advice to you to protect yourself from possible adverse consequences of the breach, such as resetting passwords in the case where their access credentials have been compromised;
- Unblock Personal Data.
Protection of Personal Data
We follow legal and technical rules determined by the RA laws, EU regulations, GDPR recommendations and other highly recommended sources to provide efficient and necessary protection for your Personal Data. For this purpose, we
- Ensure that Personal Data can be accessed only by authorised personnel for legally authorised purposes;
- Protect Personal Data stored or transmitted against accidental or unlawful destruction, accidental loss and / or alteration, and unauthorised and /or unlawful storage, processing, access and /or disclosure, and
- Ensure the implementation of a security policy with respect to the processing of Personal Data.
We use a set of standards and technologies that protect data from intentional and / or accidental destruction, modification and / or disclosure. Data security is applied using a range of techniques and technologies, including administrative controls, physical security, logical controls, organizational standards, and other safeguarding techniques that limit access to unauthorized or malicious users or processes.
- Data encryption: Data encryption applies a code to every individual piece of data and will not grant access to encrypted data without an authorized key being given,
- Data masking: Masking specific areas of data can protect it from disclosure to external malicious sources, and also internal personnel who could potentially use the data,
- Data erasure: There are times when data that is no longer active or used needs to be erased from all systems. For example, if a customer has requested for their name to be removed from a mailing list, the details should be deleted permanently
1 Please not if it is not possible to get in touch with you within a day, we will take the necessary action without your valid consent.
- Data resilience: By creating backup copies of data, ArctX Solution can recover data should it be erased or corrupted accidentally or stolen during a data breach.
Notification
We will notify you (electronically, by calling or in other reasonable and adequate way) on the following changes to get your valid consent if at any time ArctX Solution will need to:
- Process additional Personal Data (e.g. a home address; an identification card number; location data; an Internet Protocol (IP) address; a cookie ID),
- Process Sensitive Personal Data,
- Transfer your Personal Data to the trusted third parties.
Additionally, we will promptly notify you (electronically, by calling or in other reasonable and adequate way) about:
- any legally binding requests for disclosure of your Personal Data by a law enforcement authority unless otherwise prohibited,
- Your Personal Data breaches.
These notifications will be sent from [email protected]