Arqvera

ARQVERA – PRIVACY POLICY (UK GDPR)

Last updated: 3 December 2025

Governing Law: UK GDPR & Data Protection Act 2018

1. Who We Are

Arqvera Ltd (Arqvera, we, us) is a UK-registered company providing professional advisory, assurance and AI-enabled consulting services.

We act as:

  • Controller for website and marketing data
  • Controller or Processor for client data (as defined in each SOW)

2. Personal Data We Collect

We may collect:

2.1 Directly from you

  • Name
  • Email address
  • Company name & role
  • Phone number
  • Enquiry details
  • Meeting notes

2.2 Automatically

  • IP address
  • Device information
  • Cookie data
  • Analytics (page views, interactions, traffic sources)
  • Behaviour patterns
  • AI tool usage metadata

2.3 For service delivery (under MSA/SOW)

  • Stakeholder interview notes
  • Diagnostic input data
  • Organisational charts & role information
  • Operational, delivery or transformation data
  • Optional: limited HR, performance or programme data
  • No special category data unless explicitly agreed

3. How We Use Personal Data

We use data to:

  • Respond to enquiries
  • Provide consulting & assurance services
  • Operate Value Compass™, Trust Arq™, Capability Mirror™, Change Studio™ and AI.ccelerate™ diagnostics
  • Improve our methodologies
  • Conduct workshops, interviews and assessments
  • Maintain business records
  • Comply with legal obligations
  • Analyse website usage
  • Send marketing communications (with consent or legitimate interest)

4. Legal Bases for Processing

We rely on:

  • Contract (when delivering services)
  • Legitimate Interests (B2B relationship management, analytics)
  • Consent (cookies, marketing communications)
  • Legal Obligation (company, tax, regulatory compliance)

5. Sharing Personal Data

We may share personal data with:

  • Subcontractors performing work for Arqvera
  • Professional advisers (legal, financial, insurance)
  • IT service providers
  • Cloud and analytics platforms

All subprocessors must sign UK-GDPR compliant agreements.

We do not sell personal data.

6. International Transfers

Where data is transferred outside the UK, we use:

  • UK Addendum to EU SCCs
  • UK IDTA
  • Adequacy decisions
  • Additional safeguards where required

7. Data Security

We implement:

  • Access controls
  • Encryption where applicable
  • Multi-factor authentication
  • Secure transfer protocols
  • Retention & deletion policies
  • Restricted access to client data
  • Logging & monitoring

8. Retention

We keep data only as long as necessary:

  • Website analytics: 12–26 months
  • Enquiry data: 24 months
  • Client project data: 6 years (contractual + regulatory)
  • Marketing data: until opt-out

9. Your Rights (UK GDPR)

You have the right to:

  • Access your data
  • Rectify inaccuracies
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent
  • Complain to the ICO

ICO Contact: www.ico.org.uk

Phone: 0303 123 1113

10. Contact

For privacy queries or data requests:

privacy@arqvera.com