Privacy Policy

Version 1.0 - Last update: 1 January 2023
Background


‍Please read this Privacy Policy carefully and ensure that you understand it. This Privacy Policy is intended to give you a better understanding of the personal data we collect, the reason why we collect such data, the manner in which we process this data, the entities with whom we share the said personal data, your rights in relation to the collection, processing and sharing of such data and any other pertinent matter relating to privacy and security of your personal data. 

We understand that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits our Website and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under national and international laws and regulations.

Under the applicable laws, we are required to comply with personal data protection and processing procedures to ensure that your data is at all times stored and processed securely and that your rights as a data subject are observed and protected. We take these obligations very seriously and have implemented adequate technical and organizational measures to ensure protection of your privacy.All processing of your personal data performed by us as envisaged in this Privacy Policy shall be carried out in line with:

– the Cypriot Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018), (hereinafter – the “DPA”) as well as any other subsidiary legislation issued under the DPA as may be amended from time to time; and
– Regulation (EU) 2016/679  of The European  Parliament And of The Council of 27 April 2016  On The Protection of Natural Persons With Regard to The Processing of Personal Data And On The Free Movement of Such Data, And Repealing Directive 95/46/EC (General Data Protection  Regulation), (hereinafter – the “Regulation” or the “GDPR”).The DPA and the GDPR shall hereafter be collectively referred to as the “Data Protection Laws”.

Information About Us

‍Our Website is operated by Arriwo Limited, a Cypriot company with its registered address at 7, Othellou st, 1st floor, 1065, Limassol, Cyprus.

Arriwo Limited determines the means and purposes of the processing of your personal data and therefore acts as the “Data Controller” in terms of the applicable Data Protection Laws.  Our Data Protection Officer can be contacted by email at [email protected] or by post to 7, Othellou st, 1st floor, 1065, Limassol, Cyprus or 11, Kaya Klei st, 3rd floor, Curacao

What Does This Policy Cover?

‍This Privacy Policy applies to the processing of your personal data by us, primarily in connection to your use of this Website. Our Website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before any data is provided.

This Policy also applies to our processing of your personal data in connection to our communication with you, our processing of your queries and/or job applications, your use of our products and/or services, and any other relationship with you that is not covered by a separate privacy policy. 

What Does This Policy Cover?

‍This Privacy Policy applies to the processing of your personal data by us, primarily in connection to your use of this Website. Our Website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before any data is provided.This Policy also applies to our processing of your personal data in connection to our communication with you, our processing of your queries and/or job applications, your use of our products and/or services, and any other relationship with you that is not covered by a separate privacy policy. 

‍Legal Basis for Processing

‍We may process your personal data on several legal grounds. Please see the below section “Which Data We Process” for the legal grounds applicable to each category of your personal data that we process. 

Legal Requirement

We may process your personal data as required under the European Union or a Member State law applicable to us.

Contractual Necessity

We may process your personal data as required to fulfill a legally binding contract between you and us.

Legitimate Interest

A legitimate interest exists when we have a business or commercial reason upon which personal data will be processed. Before relying on our legitimate interest, we balance it against your interests and ensure that our interest is compelling enough and that pursuing such legitimate interest will not cause any disproportional risks to your rights and interests.

In particular, our legitimate interests are listed in the “Which Data We Process” section below. You have the right to object against our processing of your personal data on the basis of legitimate interest by contacting us at [email protected]. We will do our best to meet your request, but in certain cases were we will not be in a position to meet your request, you will be informed appropriately. Note that we will always honour your objection with regards to any processing for marketing purposes.

Legal claims

We may process your personal data as required for the establishment or defense of legal claims.

Consent

We may process your personal data when you give us your consent to do so. We will only process your personal data on the basis of your consent, where we cannot or otherwise choose not to rely on any other legal grounds as previously mentioned. Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. Should you wish to withdraw your consent please contact us at [email protected]. Any such withdrawal of your consent will not invalidate any processing operations carried out prior to you having withdrawn your consent.

Which Data We Process

‍The table below outlines the categories of personal data which we process, the purpose for which we process such personal data as well as the corresponding legal basis used for such processing. Note that some categories of personal data may be processed on several legal grounds and/or for several purposes.

 
 

We do not perform any automated decision making or profiling using your personal data.

Your Rights

As a data subject, you have the following rights under the GDPR, which this Privacy Policy and our use of personal data have been designed to uphold. Please contact us at [email protected] for more information, or to exercise these rights.

  • You have the right to be informed about our processing and use of your personal data and the right to access your personal data we process; 
  • You have the right of rectification if any of your personal data we process is inaccurate or incomplete;
  • You have the right to be forgotten – i.e. the right to ask us to delete your personal data we process;
  • You have the right to restrict the processing of your personal data, and the right to object to us using your personal data for particular purposes, e.g. for marketing purposes;
  • You have the right to data portability (obtaining a copy of your personal data to re-use with another service or organization). We will provide such copy free of charge unless the request is manifestly unfounded or excessive, where in such case a reasonable fee for administration costs may be charged;
  • You have the right to lodge a complaint with any relevant Data Protection Supervisory Authority should you feel that any of your rights have been impinged by us. Without limiting this right, we kindly ask you to attempt to resolve any issues you may have with us directly, prior to lodging a complaint;
  • You have certain rights with respect to automated decision making and profiling. You have the right to obtain human intervention in the process of automated decision making, to express your point of view and to contest the decision.

Personal Data Storage, Security and Retention

Our commitment to protect personal data is not merely through quality and high standards but also through the best and most efficient application of the law. Personal data processed by us is protected using the highest industry standard security processes and systems. We store your personal data within the European Union, on encrypted hard drives and/or with certified data centers. Both our storage environment and those of the data centers we employ are compliant with the “ISO/IEC 27001 – Information security management” standard. We use secured https protocol for communication between the Website and your browser. In addition, our secure servers protect all information information using advanced firewall technology. 

Despite the best practices we employ, neither party can warrant absolute security of your Internet connection. Any data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done with your personal data before such personal data reaches us. We do not process your personal data for any longer than is necessary for the purposes of processing for which it was first collected. Your personal data will be retained for as long as we have a relationship with you (for example, evaluating employment opportunity or answering your queries) and up to one (1) year thereafter. With regards to your personal data used to provide you with information on our offers, industry events and other news and products of ours and of our affiliates that may be of interest, such data will be processed until you indicate that you no longer wish to receive such information from us. 

Sharing your Personal Data

We may share your personal data with competent authorities having jurisdiction over us. Such disclosures will only be made when permitted or required pursuant to the Data Protection Laws and/or other legislation applicable to us. 

We may share your personal data with other companies in our corporate group – our parent companies, subsidiaries, and sister companies. These companies, as our processors, will process your personal data on our behalf on the grounds and for the purposes listed in this Privacy Policy.We may share your personal data with other selected third parties:

  • IT and related services’ providers and their sub-processors, engaged in operating our Website, such as service providers contracted to store your personal data (Amazon Web Services);
  • analytics, business intelligence partners and search engine providers and their sub-processors;
  • our lawyers, advisors, auditors, consultants who we may engage from time to time to advise on any matter which requires them to gain access to personal data. 

Your personal data will only be transferred outside of the EEA when such transfer meet the requirements of the Data Protection Laws. Your Personal Data will never be shared with third parties for their own marketing purposes (unless you give your consent thereto).

Our Use of Cookies

A Cookie is a piece of information in the form of a very small text file that is placed on an internet user’s hard drive. It is generated by a web page server, which is basically the computer that operates a web site. The information the Cookie contains is set by the server and it can be used by that server whenever the user visits the site. 

Our Website does not place or access any cookies on your computer or device.

Contacting Us

If you have any questions about the Website or this Privacy Policy, please contact Our Data Protection Officer, by email at [email protected] or by post at 7, Othellou st, 1st floor, 1065, Limassol, Cyprus. Please ensure that your query is clear, particularly if it is a request for information about the data we process.

Changes to Our Privacy Policy

We may change this Privacy Policy from time to time. Changes will be immediately posted on the Website and will be deemed to have been accepted on your first use of the Website following the alterations in the Privacy Policy. We recommend that you check this page regularly to remain up to date with any changes. Where appropriate, we will also notify you by e-mail. In the event that you do not agree with any changes, you must stop using the Website.

Definitions

In this Policy, the following terms shall have the following meanings:  

“personal data” means any information that identifies you individually or relates to
an identified or identifiable natural person which can also be
defined as data subject;
“data controller” means the natural or legal person, public authority, agency or
other body which, alone or jointly with others, determines the
purposes and means of the processing of personal data; where the
purposes and means of such processing are determined by
European Union or Member State law, the controller or the
specific criteria for its nomination may be provided for by the
European Union or Member State law;
“data processor” means a natural or legal person, public authority, agency or other
body which processes personal data on behalf of the controller;
“processing” means any operation or set of operations which is performed on
personal data or on sets of personal data, whether or not by
automated means, such as collection, recording, organization,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;
“GDPR” means EU Regulation 2016/679 – the General Data Protection Regulation;
“personal data” means any and all data that relates to you as an identifiable
person who can be directly or indirectly identified from that data.
In this case, it means personal data that you give to us via the
Website or that we collect via the Website. This definition shall,
where applicable, incorporate the definitions provided in the
GDPR;
“we/us/our” and similar means the company described in the “Information About Us”
section above;
“Website” means this website https://www.arriwo.io;
“you/your” and similar means you, the individual using the Website;