Privacy policy

1. What is Personal Data?

Personal Data refers to any information that can be used to personally identify you. This may include, for example, your name, postal address, e-mail address, phone number, date of birth, job title, photographic identification, age or gender, communications with you (including notes from meetings) and financial and payment information.

We collect Personal Data from a range of individuals in the context of our business activities, including:

• representatives of our suppliers, customers and other business contacts
• contractors
• users of our websites
• individuals who contact us by any means
• recording and retaining certain telephone conversations where we are required to do so to comply with our regulatory obligations.

2. What Personal Data we collect?

We process the following Personal Data.

Website users. If you visit our website for informational purposes without providing any information, we collect only the Personal Data that your browser automatically transmits to our server. This data is technically necessary for us to display our website to you and ensure its stability and security. The data we collect includes:

• the fact that you have accessed our website and date, time, and duration of your access;
• the name of your Internet service provider;
• the IP address and operating system of the device (such as a computer or mobile phone) used to access our website;
• the website from which you came to our website;
• the pages of our website that you visit; 
• the browser you used to access our website;
• the transfer protocol used.

Please note that the above data is collected for statistical purposes only.

Clients and business contracts. When entering into a business relationship with you, we collect Personal Data in accordance with applicable data protection laws. The data we collect may include:

•  personal details such as your full name, date of birth, compliance-related documents (such as a copy of your national identity card or passport), phone number, address, and email address;
• financial information, including payment and transaction records;
• professional information, such as your job title and work experience, where relevant;
• interactions with you and the products and services you use;
• identifiers assigned to you, such as client, business relation, contract, partner, or account numbers, including identifiers used for accounting purposes.

3. How is Personal Data collected by us?

We collect Personal Data through the following means:

• Information knowingly and voluntarily disclosed by you, both online and offline. This includes when you visit our websites, complete web forms, visit our premises, or communicate with us via various channels such as telephone, email, or social networking websites.
• Personal Data obtained from third-party sources, such as employers, authorized representatives, agents, or other parties authorized to share Personal Data. We may also collect information from publicly available sources, such as address validation software, telephone directories, or from agents or third parties who have identified you as a potential customer.
• When you access our websites, we process the information mentioned above (see “What Personal Data we collect”).

4. Why do we process Personal Data?

We may collect and process your Personal Data for various purposes, including:
 

• to support our procurement and onboarding processes, including complying with our internal policies (particularly policies designed to prevent money laundering and sanctions violations);
• to provide our products and services to you, or to provide you with a quote or offer for our products and services;
• to communicate with you about a potential or existing engagement with ArrowResources;
• to answer your enquiries and provide any information or documents you ask for;
• to ensure effective presentation of website content for you and your computer, including to conduct analytics on website usage;
• to ensure website security;
• for administrative, planning, product or service development and delivery purposes;
• to comply with our legal and regulatory obligations, which may include the disclosure of certain information and/or recordings of telephone conversations to regulatory authorities;
• for other business-related purposes, including negotiating contracts, managing accounts and records, supporting corporate social responsibility activities, legal, regulatory and internal investigations and debt administration; and
• to update our records and keep your contact details up to date;
• to protect intellectual property rights in any materials displayed on or otherwise available from our websites.

Please note that if you choose not to provide your Personal Data to us, it may limit or prevent us from establishing a business relationship with you, either partially or entirely

5. The legal basis for processing Personal Data

The processing of your Personal Data by us is based on one of the following legal bases, depending on the purposes for which we collect and use your Personal Data:

• Your consent: We may process your Personal Data based on your explicit consent provided to us.
• Contractual necessity: The processing of your Personal Data may be necessary for the performance of a contract we have with you or with other individuals.
• Legitimate interests: We may process your Personal Data based on our legitimate business interests or the legitimate interests of third parties, if these interests are not overridden by your rights and interests.
• Legal obligations: We may process your Personal Data to comply with our legal obligations imposed by applicable laws and regulations.
   

6. To whom do we disclose your Personal Data?

We may share your Personal Data with our affiliated entities, ensuring that they maintain the confidentiality of your Personal Data and use it only for purposes set out in this Privacy Policy.
During the course of business, we may disclose your Personal Data to third parties, including:

• Your authorised representatives, such as agents, consultants, or intermediaries;
• Financial institutions for payment processing;
• Government and regulatory authorities, as required or authorised by law;
• Our service providers, including information technology suppliers, contractors, debt collection agencies, and professional advisors, such as accountants, auditors, and lawyers.

We may also disclose your Personal Data to third parties in the following circumstances:

• In the event of a sale, merger, or acquisition of our business or assets, we may disclose your Personal Data to the prospective seller or buyer;
• If ArrowResources or a substantial portion of its assets are acquired by a third party, Personal Data held by us about our customers may be transferred;
• We may allow website users to share comments, postings, testimonials, or other information. If you choose to submit such information, it may be available to the public and accessed by others.

7. International transfers of your Personal Data

The Personal Data we collect about you is generally stored and processed by us within Switzerland, the European Economic Area (EEA), the United Kingdom (UK), or Republic of North Macedonia. Should it be necessary to transfer your Personal Data to a country outside of this area, we can only do so if this is necessary for the data processing described in this privacy notice and is in accordance with the applicable data protection legislation.

Where we transfer your Personal Data outside Switzerland, the EEA or the UK, we will ensure that it is protected in a manner that is consistent with how your Personal Data will be protected by us in Switzerland, the EEA or the UK. This can be done in several ways, for instance: 
 

• The country to which we transfer the data may have been approved by the relevant authority i.e.  Federal Council for data controllers located in Switzerland, the European Commission for data controllers located in the EEA or the UK Secretary of State for data controllers located in the UK as offering an adequate level of protection; 
• The recipient signed up a contract based on the “Standard Contractual Clauses” approved by the European Commission and recognised by the Swiss Data Protection and Information Commissioner respectively the UK’s Information Commissioner’s Office (ICO) and adjusted to comply with Swiss respectively UK data protection regulations.

In other circumstances the law may permit us to otherwise transfer your Personal Data outside Switzerland, the EEA or the UK. In all cases, however, we will ensure that any transfer of your Personal Data is compliant with data protection law.

You acknowledge and understand that the transmission of information via the internet is not completely secure. Although we will take reasonable and appropriate steps to protect your Personal Data once we have received it, we cannot guarantee the security of your data transmitted to our websites; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.

8. Data retention

We will only retain Personal Data for as long as necessary to fulfil the purpose for which it was collect. How long we hold your Personal Data for will vary. The retention period will be determined by the following criteria:

• the purpose for which we are using your Personal Data – we will need to keep the data for as long as is necessary for that purpose;
• legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data; and
• legitimate business interests – these may justify the further retention of Personal Data, if higher ranking business interests are present (e.g., for use in legal proceedings).

9. Your Personal Data rights

You have certain legal rights regarding the Personal Data we hold about you. These rights include:

• Right of access: You have the right to request copies of your personal information held by ArrowResources. This includes information about how we use it, who we share it with, and where we obtained it from.
• Right to rectification: You have the right to request the correction of any inaccurate or incomplete personal information we hold about you.
• Right to erasure: You have the right to request the deletion of your personal information in certain circumstances.
• Right to restriction of processing: You have the right to request the limitation of processing your personal information in certain circumstances.
• Right to object to processing: You have the right to object to the processing of your personal information if it is based on our legitimate interests.
• Right to data portability: If applicable, you have the right to request the transfer of your personal information from ArrowResources to another organization, or to receive it in a structured, commonly used, and machine-readable format.
• Right to reconsideration of automated decisions: If ArrowResources makes automated decisions that may have a legal effect on you, you have the right to request a reconsideration of that decision and to speak with a representative of ArrowResources. 
• Right to lodge a complaint: You have the right to lodge a complaint with the competent data protection authority:
  • For ArrowResources in Switzerland, the relevant authority is the Swiss Federal Data Protection and Information Commissioner (FDPIC) (http://www.edoeb.admin.ch);
  • For ArrowResources group companies in the UK, the relevant authority is the UK Information Commissioner's Office, which can be contacted via telephone at 0303 123 1113 or through their website at https://ico.org.uk/concerns/;
  • For EU-based ArrowResources entities, the relevant authority depends on the specific country and can be found on the website of the European Data Protection Board (EDPB) (https://edpb.europa.eu/about-edpb/board/members_en).

Please note that these rights are subject to certain conditions and exceptions as provided by applicable data protection laws.

10. Third Party Websites

The websites may, from time to time, contain links to and from the websites of our partner networks and affiliates, or of other third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.

11. Cookies

In addition to the data mentioned above, we utilize cookies when you use our website. Cookies are small text files that are stored on your hard drive and associated with the browser you are using. They enable certain information to be transmitted to the entity that sets the cookie. Cookies do not run programs or transmit viruses to your computer. Their purpose is to enhance the user-friendliness and overall effectiveness of the Internet experience.

For more information, please refer to our Cookies Policy here.

12. Contact information and Data Controller

If you have any questions, comments, or complaints or if you would like more information about this Privacy Policy and how we handle your Personal Data, or if you wish to exercise any of the above-mentioned rights, please contact us using the details provided below. We will investigate your inquiry and provide you with a formal response within 30 days.  In case your inquiry involves complex circumstances and we require additional information or time to provide you with a formal response, we will contact you to inform you accordingly.

ArrowResources AG
Hinterbergstrasse 16
6312 Steinhausen
Switzerland
Tel +41 41 544 57 60
dataprotection@arrowresources.com