1. Why use personal data
Arachnys only holds and processes personal data where necessary to provide services to existing and potential customers and is at all times held and processed in line with the General Data Protection Regulation:
- Marketing: We may use your personal data to contact you with specific, relevant content. We will only ever contact you with content and information if you have either a) given express consent to receive such communications, or b) you are engaged in discussions with Arachnys and there is bespoke, informative content that may aid the engagement.
- Sales: If you have submitted your details to seek further information or to book a demo, your personal data will be used to fulfill your request. If anyone at Arachnys has reached out to you proactively, your information will only be used to facilitate a conversation between both parties to demonstrate the commercial benefit of Arachnys services. Such use of personal information is used for this legitimate interest only.
- User details: If you are a user of an Arachnys service or product, details to distinguish you as a user will be Held and processed by the Arachnys platform and backend system infrastructure to enable use of the service by customers.
- Service specific data: Arachnys also processes a range of public open source information in order to facilitate the services provided to clients. From time to time, this may include personal data.
2. How we might communicate
Arachnys will only ever use your personal data in order to contact you where there is a lawful basis to do so, in line with the General Data Protection Regulation.
- Express consent: If you have actively granted consent to Arachnys to contact you with marketing and communication information.
- Existing customer: If you are an existing customer of Arachnys, we will be required to contact you to facilitate your use of Arachnys services. Arachnys may also contact you from time to time with relevant information and communication that may benefit you as an existing customer. If you don’t want to receive such communication, you can change your communication preferences at any time.
- Potential customer: Arachnys may contact you from time to time if you are a potential customer and there is a legitimate interest in doing so due to the potential benefit to you as a customer. If you do not wish to receive communications from Arachnys to support these discussions as a potential customer, you can opt out at any time, or contact Arachnys at email@example.com .
3. Adjusting your preferences
Arachnys understands that preferences change. All communication from Arachnys now includes a clear link to enable you to either adjust your preferences, or opt out of marketing communications completely. Any change or opt-out will be logged securely to ensure that you only receive the communications that you desire.
4. Subject access requests
You may request information regarding the personal information Arachnys holds about you at any time by emailing firstname.lastname@example.org. Arachnys reserves the right to request identification to ensure that requests come from the data subject only.
On the basis that the subject access request is valid and appropriate, Arachnys will respond to the subject access request within 28 days, providing such information in an intelligible form that is understandable to the receiver. Arachnys is not obligated to provide the information in the format it is held, but must provide a comprehensive response of all ways in which such data is held or processed.
5.Keeping your personal data Secure
Arachnys has a zero tolerance approach to insecure / inappropriate use of personal data. Arachnys keeps data safe and secure in the following way:
- Personal data is held on secure hosting services which meet the highest security standards.
- Access to personal data is restricted to those who need such access in order to function in their role or meet an obligation to a customer
- In order to provide an additional layer of security, Arachnys obliges all employees to use Two-Factor Authentication for all services which offer such additional protection
- Employees must have individual, audit-able credentials to access systems where personal data is stored. Logins are never shared with colleagues or any other person.
- All employees computers and servers used by Arachnys are centrally managed for security and privacy purposes. All such resources are encrypted and can be killed remotely should there be any misuse of sensitive data.
- Employees must not access or process personal data from any personal device.
6. Data deletion requests
You may request that your data is deleted at any time by emailing email@example.com . Any request for deletion of data will be responded to within 28 days. Arachnys reserves the right to request identification to ensure that requests for deletion of data come from the data subject only.
Such a request will be adhered to where possible but may depend on a) the need for Arachnys to hold or process said personal data for the reason which it was originally required , (for example to satisfy a contractual commitment), or b) any other legal obligation which Arachnys has to retain said data.
7. Data breaches
In the highly unlikely event of a data breach, Arachnys will notify the affected parties as soon as reasonably possible, and in no case more than 72 hours after the event.
Such communication will include a) the facts relating to the breach, b) impact of the breach, and c) the actions taken to remediate the breach.