GDPR Privacy Policy
ARC Electrical Contractors ("we", "our" or "us") value your privacy and are committed to protecting your personal data. This GDPR Privacy Policy explains in detail how we collect, process, store, and safeguard your personal information when you visit our website https://www.arcje.com (the "Website"). It also sets out your rights regarding your personal data under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. By using the Website, you confirm that you have read and understood this policy and consent to our data practices as described herein.
1. Introduction
ARC Electrical Contractors, owned by Antonio Romao, is an electrical contracting service provider that uses the Website to offer a channel for enquiries and the arrangement of services. We collect personal data only when necessary to facilitate communication with you and to ensure the smooth delivery of our services. This Privacy Policy explains the scope and purpose of our data processing activities and the measures we have implemented to protect your data.
2. Scope of This Policy
This policy applies to all personal data processed by ARC Electrical Contractors in connection with your use of the Website. It covers:
Data you provide directly via our contact forms, email, or other interactions on the Website.
Data that is automatically collected when you visit or use the Website.
Data obtained from third-party sources where applicable.
Our aim is to be as transparent as possible about our data processing practices and to ensure that you are fully informed of your rights and our obligations under the GDPR.
3. Information We Collect
We categorise the information we collect into three main types:
3.1 Directly Provided Information
When you interact with the Website—for example, by filling out a contact form or signing up for communications—you may provide us with personal information such as:
Contact Details: Your name, email address, telephone number, and any other contact details you choose to provide.
Service-Related Information: Details relating to the electrical contracting services you are interested in, including any specific requirements or queries.
Correspondence Content: Any additional information you include in messages or attachments submitted via our Website.
3.2 Automatically Collected Information
During your visit to our Website, we collect certain technical and usage data automatically. This includes:
Usage Data: Information about your interaction with the Website, such as pages viewed, time spent on pages, and navigation paths.
Technical Data: Details such as your IP address, browser type, device type, operating system, and referring URLs.
Cookies and Similar Technologies: Small text files or data signals that help us to recognise your device, maintain session information, and understand how you use the Website. For further information on the cookies we use, please refer to our separate GDPR Cookie Policy.
3.3 Data from Third Parties
We may also obtain data from third-party sources, such as analytics providers, that complement the information collected directly or automatically. For example, services like Google Analytics provide us with aggregated data that helps us understand visitor behaviour and enhance our Website’s performance.
4. Purposes of Data Processing
We process your personal data for several clearly defined purposes, including but not limited to:
Service Delivery: To respond to your enquiries, manage your requests for our services, and communicate with you about our services.
Website Management: To monitor and improve the performance, security, and usability of the Website. This includes analysing visitor behaviour and traffic trends.
Compliance and Security: To protect our rights and those of our users by preventing fraud, unauthorised access, and other security incidents.
Communication and Marketing: Where you have provided consent, to send you information about our services, updates, or other promotional material. You may opt out of such communications at any time.
Legal and Regulatory Obligations: To comply with applicable laws and regulations, including record-keeping obligations and responses to lawful requests by public authorities.
Every processing activity is founded on one or more legal bases, which are explained in the following section.
5. Legal Bases for Processing
Our processing of your personal data is conducted on the following legal grounds:
Consent: When you have provided explicit permission for a particular processing activity, such as receiving marketing communications.
Contractual Necessity: Where processing is required to take steps in response to your service enquiry or to perform a contract.
Legal Obligation: When processing is necessary to comply with statutory or regulatory requirements.
Legitimate Interests: Where processing is necessary for our legitimate business interests, including maintaining and enhancing the Website, ensuring security, and conducting internal research, provided that such interests do not override your rights and freedoms.
For each purpose, we carefully assess the legal basis and ensure that processing is both necessary and proportionate.
6. Data Sharing and Disclosure
Your personal data is not sold or rented to third parties. We may, however, share your information under the following circumstances:
With Service Providers: We may share your data with third-party service providers who perform services on our behalf (e.g. web hosting, data analytics, and IT support). These providers are contractually bound to maintain the confidentiality and security of your personal data.
For Legal Purposes: If required by law, regulation, or a valid judicial process, we may disclose your personal data to law enforcement agencies, regulators, or other authorised bodies.
Business Transactions: In the event of a merger, acquisition, or asset sale, your data may be transferred as part of the transaction. In such cases, we will ensure that the recipient upholds data protection standards consistent with this policy.
Third-Party Links: Our Website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
7. Cookies and Tracking Technologies
Our Website employs cookies and similar technologies to enhance your user experience and collect usage data. Key points include:
Types of Cookies: We use both session cookies (which expire after you leave the Website) and persistent cookies (which remain on your device for a specified period). These cookies may be used for essential Website functions, analytics, and functionality enhancements.
Managing Cookies: Most web browsers allow you to control or delete cookies via their settings. However, please note that disabling cookies may impact the functionality of the Website.
Further Details: A dedicated GDPR Cookie Policy is available on the Website, offering comprehensive details on the types of cookies used, their specific purposes, and instructions on how to manage them.
8. Data Security Measures
We implement robust technical and organisational measures to protect your personal data against unauthorised access, alteration, loss, or destruction. These measures include:
Encryption: Data transmitted to and from the Website is encrypted using secure protocols (e.g. HTTPS).
Access Controls: We restrict access to personal data on a need-to-know basis. Only authorised personnel who require access to perform their job functions are granted permission.
Regular Audits: Our systems and processes undergo periodic security audits and assessments to identify and mitigate vulnerabilities.
Incident Response: We maintain procedures to detect, report, and address any data breaches. Should an incident occur that poses a risk to your rights or freedoms, we will notify you and the relevant supervisory authority in accordance with the GDPR.
9. Data Retention Policy
Your personal data is retained only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law. Specific retention periods may vary based on:
Service-related Data: Data collected in relation to service enquiries is retained until a resolution is reached or for a reasonable period thereafter.
Analytical Data: Aggregated usage and technical data may be retained for longer periods to support the ongoing improvement of the Website.
Legal Requirements: In instances where statutory retention periods apply, your data will be securely stored for the required duration and then deleted or anonymised.
We regularly review our data retention practices to ensure compliance with legal requirements and best practice standards.
10. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). In such cases, we ensure that:
Adequate Safeguards: Transfers are made in compliance with the GDPR using approved safeguards such as standard contractual clauses.
Risk Assessment: We assess any potential risks associated with international data transfers and implement appropriate measures to protect your data.
Transparency: We remain transparent about any international transfers and inform you if your data is processed outside the EEA.
11. Your Rights Under GDPR
Under the GDPR, you have a range of rights regarding your personal data. These include:
Right of Access: You are entitled to request a copy of the personal data we hold about you.
Right to Rectification: If you believe any personal data is inaccurate or incomplete, you have the right to have it corrected.
Right to Erasure: In certain circumstances, you may request the deletion of your personal data (also known as the "right to be forgotten").
Right to Restrict Processing: You may request that we limit the processing of your personal data under specific conditions.
Right to Object: You have the right to object to the processing of your personal data for certain purposes, such as direct marketing.
Right to Data Portability: You can request that your personal data be provided in a structured, commonly used, and machine-readable format, and request that it be transmitted to another data controller.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
If you wish to exercise any of these rights, please contact us using the details provided in Section 13 below. We may require additional information to verify your identity before processing your request.
12. Children's Privacy
We do not knowingly collect personal data from children under the age of 16. If it comes to our attention that we have inadvertently collected data from a child without parental consent, we will take immediate steps to delete the information. Parents or guardians who believe that their child’s data has been collected by us should contact us promptly.
13. Complaints and Supervisory Authority
If you have any concerns about how we handle your personal data or if you wish to lodge a complaint, you have the right to:
Contact Us Directly: Please use the contact details provided below.
Lodge a Complaint with the JIOC: If you are not satisfied with our response, you may submit a complaint to the Jersey Office of the Information Commissioner (JIOC), Jersey C.I. For further guidance, please visit the JIOC website at http://jerseyoic.org.
14. Updates to This Privacy Policy
We periodically review and update this Privacy Policy to reflect changes in our data processing practices or legal obligations. When we make material amendments, the "Last Updated" date at the top of this policy will be revised, and we may notify you via a prominent notice on our Website or by email. We encourage you to review this policy regularly to remain informed about how we are protecting your personal data.
15. Contact Information
If you have any questions, concerns, or requests regarding this GDPR Privacy Policy or our data processing practices, please contact us using the following Email: info@arcje.com
Last Updated: 10 Feb 2025