We recognize that when you choose to provide us with information about you, you trust us to act in a responsible manner. This Privacy Notice explains how Arc collects, shares and uses personal information about you, and how you can exercise your privacy rights.
This applies to personal information that we collect through the website and the app or when engaging in our relationship or potential relationship with you (or your organisation) as a supplier, customer or business partner.
What do we do?
Arc is an office space provider, offering co-working memberships, dedicated desks, private offices and other services associated with office space. In order to fulfil these services, Arc must collect and process personal information.
What information do we collect?
Depending on your relationship with Arc, we may collect personal information about you that broadly falls into the following categories:
Information that you provide voluntarily
- Website and app information: You can visit our website without telling us anything about yourself. However, in some situations we may ask you to voluntarily provide us with some personal information, notably when using the app which you can download to get information about events. For example, this might be if you are interested in signing up to receive emails from us, reading some research, attending an event, participating in any online forum provided by us from time to time, if you register for any online account made available by us, or contact us via the website or app (in which cases we will collect information such as name, email address, organisation, country, zip code/postal code, job title, telephone number(s), details of your comment or query and username/password). When we do receive your personal information, we will treat it securely, lawfully and fairly.
- Information we collect when you do business with us: We may collect and process information relating to you as an individual (whether as a website/app user, visitor to the premises, or tenant in the premises) when you conduct business with Arc as, or on behalf of, a customer or prospective customer, or as, or on behalf of, a vendor, supplier, consultant, professional adviser or other third party (“Customer, Vendor or Business Partner Data”). Examples of customer, vendor or business partner data include:
- Contact details of a point of contact for Arc, customers, vendors or business partners (such as name, business phone numbers, business address, photograph) including for the purposes of attendance at or participation in any promotional or other Arc event or competition;
- Role-related information about customers, vendors or business partners or their representatives (such as job title, responsibilities, department, work history, qualifications and experience);
- Financial information (such as financial account information about individuals connected to a business or visitors attending events) or property ownership information relating to such individuals if needed to take payment or fulfil contractual obligations or for due diligence or related purposes;
- Customer contracts entered between Arc and customers (paper or digital) may include information such as name, contact details, bank details, ID on file, signatures;
- Site access related information: user lists (customers and their employees/ subcontractors) for facilitating access to the building or technical systems (IT/ Infrastructure/ telecommunications) and supporting health and safety requirements/compliance checks;
- On site information: Arc will collect and process information from visitors and tenants /customers for meeting room bookings, visitor logs, and event attendee lists.
- CCTV images/Building access control: We may deploy CCTV and/or building access control procedures at Arc premises (which involve the processing of CCTV images of visitors and/or personal information such as name, organization represented and time of access) for security and law enforcement purposes, to exercise establish or defend or legal rights or to protect the vital interests of any person.
Information that we collect automatically
When you visit our website or use our app, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, cookie ID, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our website, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality, relevance and experience of our Website for our visitors. Some of this information may be collected using cookies and similar tracking technology, including web beacons. For further information about the types of cookies we use, why, and how you can control cookies, please see our cookies notice.
Information that we obtain from third party sources
In order to comply with various regulations, or to conduct background checks in accordance with our internal requirements (where permissible and in accordance with applicable law), sometimes we may receive personal information about you from third party sources such as credit check databases, politically exposed persons databases, government denied parties, sanctions and watch lists, your employer, other parties in retail such as agents, purchasers, vendors, borrowers, lenders, architects, engineers, surveyors, developers, landlords, tenants and financial institutions , as well as online sources databases and public registries. We will only obtain this information where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. The types of information we collect from third parties include, for example, information about whether you have been subject to any regulatory action or legal proceedings. We use the information we receive to maintain and improve the accuracy of the records we hold about you and assess any risks arising from any relationship or prospective relationship with you and/or your organisation.
Another person or company may provide us with your personal information as they are acting on your behalf for the purposes of receiving services from Arc. We will process your information as set out in this Privacy Notice.
If you provide us with information about another person, you confirm that they have appointed you to act for them, that you have informed them of our identity and the purposes (as set out in this Privacy Notice) for which their information will be processed and that you have obtained any necessary consents to the processing of their personal information. When we first contact them, we may tell them where we got the information from.
Sensitive personal information
Some of the information you provide or that we obtain from third party sources (where permitted by, and in accordance with, applicable law) in connection with conducting due diligence on you or your organisation may be sensitive, such as any criminal convictions you have received or details of your political activities or religious affiliations (e.g. in the context of establishing whether you are a politically exposed person). We need this information for the purposes of conducting “know your counterparty” checks and to otherwise assess risk in accordance with applicable law in the context of engaging with you/your organisation as a prospective customer or supplier.
You may also provide us with information about a health condition to facilitate us making adjustments to ensure accessibility to premises and/or events.
How do we use your personal information?
We use your personal information for the following purposes (or otherwise described at the point of collection):
- to create and administer records about your online account (if any), to provide online services to you, including facilitating your participation in any discussion forum, and for Website and system administration;
- to improve our website(s), apps, and our products and services;
- for due diligence purposes, in accordance with applicable law, to assess financial, reputational, credit or insurance risks arising from any relationship or prospective relationship with you/your organisation and/or to carry out any necessary anti-money laundering checks;
- to provide you/your organisation with information or products and services that you have requested and deal with invoicing and payment;
- to send you service-related communications, to deal with communications you send us and request feedback;
- to facilitate your participation in events or competitions for which you have registered/which you have entered;
- to ensure that the content, services and advertising that we offer are tailored to your needs and interests (or those of your organisation) and for business development purposes;
- to contact you directly or via our agents by mail, telephone, fax, email, SMS or other electronic messaging service with offers of goods and services or information that may be of interest to you (including information about other organizations’ goods and services). If you do not wish to receive marketing information from us, please indicate this to us. We will obtain your consent to the provision of direct marketing material to you, if required to do so by law.
Who do we share your personal information with?
We may disclose your personal information to our group companies or affiliated entities, third party services providers and partners:
- who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our website, app, premises or other IT infrastructure, to assist us with carrying out due diligence checks, to carry out marketing, analytics or research on our behalf or to support the delivery of services to our clients in general or pursuant to a particular engagement);
- with whom we arrange joint promotional events (for the purposes of ensuring that you do not receive direct marketing information about the event from multiple sources); or
- in the case of group companies or affiliated entities, who otherwise process personal information for purposes that are described in this privacy notice or notified to you when we collect your personal information.
- payment data may be transferred, processed and stored outside of United Kingdom and, as set forth in our privacy notice, may be subject to disclosure as required by applicable Laws, and to obtain from your customers all necessary consents under applicable Laws in relation to the foregoing.
Further information about our group companies, affiliated entities and the third-party service providers that may process your personal information (including their location) can be provided on request by contacting us using the details in the How to Contact Us section below.
Legal basis for processing personal information
Under European Union data protection law, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only (i) where we need the personal information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
Where we process your sensitive personal information, we do so: (i) in the context of know-your-counterparty checks as required by applicable law; (ii) on the basis that the processing is necessary for reasons of substantial public interest; (iii) on the basis of your explicit consent; or (iv) to establish, exercise or defend legal claims.
You can choose not to provide personal information to us. However, unless otherwise indicated, the information that we request is necessary for the purposes of entering into and performing a contract with you or your organisation and/or providing services to you or your organisation and failure to provide it will impede the contracting process and/or the provision of the relevant services.
If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), these interests will normally be: to provide our services to you, respond to your queries, improve our website(s) and/or app(s), undertake marketing, or for the purposes of detecting or preventing illegal activities.
Given the business-to-business context in which we undertake the processing of your personal information, and the safeguards that we take to protect your personal information (including as outlined under the How Do We Protect Your Information section below), our legitimate interests are not outweighed by any prejudice to your individual rights and freedoms. We may have other legitimate interests and, if appropriate, we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the How To Contact Us section below.
How do we protect your information?
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. We take care to allow access to personal information only to those who require such access to perform their tasks and duties, and to third parties who provide services to us or otherwise have a legitimate purpose for accessing it (see the Who Do We Share Your Personal Information With? section above). Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this privacy notice and that the security and confidentiality of the information is maintained.
International data transfers
Our website and app servers are located in the European Economic Area (EEA), but our group companies, affiliated companies and third party service providers operate around the world. This means that when we collect your personal information we may process it outside of the EEA.
If we process your personal information outside of the EEA, we take appropriate steps to safeguard your personal information in accordance with this Privacy Notice and relevant data protection laws, such as the General Data Protection Regulation (GDPR).
We retain personal information we collect from you where we have an ongoing legitimate business need to do so. If you are a client or vendor (or a representative of a client or vendor) then the information will be retained for a period of time to allow us to provide our services, to comply with applicable legal, tax or accounting requirements and, if necessary, for the establishment, exercise or defence of legal claims.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Your data protection rights
If European data protection laws apply, you have the following rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the How to Contact Us section below. Please note that in certain circumstances we may not be able to carry out your deletion request. This may be because we must retain your personal information for compliance, legal or regulatory reasons, or in defence of legal claims.
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the How To Contact Us section below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or contact us using the contact details provided under the How to Contact Us section below. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the How to Contact Us section below.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Links to other websites
We link to other websites. We are not responsible for the content or privacy policies of these websites for the way in which information about their users is treated. In particular, unless expressly stated, we are not agents for these websites or advertisers nor are we authorized to make representations on their behalf. In any event, you should explore the privacy practices of those third parties.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our privacy notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material privacy notice changes if and where this is required by applicable data protection laws.
This privacy notice was last updated 6th December 2019.
How to contact us
If you have received an e-mail or e-mails from Arc that you no longer wish to receive, or if you have any questions or concerns about our use of your personal information, please contact us at firstname.lastname@example.org or in writing at the address in the Data Controller section below.
Arc Portfolio Management Co. Limited and Cushman & Wakefield Debenham Tie Leung Limited are the joint data controllers. They can be contacted at:
Attention: The Operations Director
Arc Portfolio Management
Arc Business Park
Berkshire RG7 4SA
Attention: Operations Director, Flexible Workspace EMEA
Cushman & Wakefield
125 Old Broad Street