Privacy Policy

1. Introduction

ARC Management Systems ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any way.

We operate in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, as well as other applicable Irish and EU data protection laws.

2. Data Controller Information

3. Information We Collect

3.1 Personal Information

We may collect the following types of personal information:

• Contact information (name, email address, phone number, company details)
• Business information (company size, industry, certification requirements, organizational processes, quality management systems, audit findings)
• Communication preferences and history
• Payment and billing information (processed securely through third-party providers)

3.2 Technical Information

We automatically collect certain technical information when you visit our website:

• IP address and location data
• Browser type and version
• Device information and operating system
• Website usage data and analytics

4. How We Use Your Information

We use your personal information for the following purposes:

• Providing ISO certification services and consultancy
• Communicating with you about our services and updates
• Processing payments and managing billing
• Improving our website and services
• Complying with legal and regulatory obligations

5. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract: To fulfill our contractual obligations when you engage our services
• Legitimate Interest: To provide and improve our services, and for business development
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with Irish and EU regulations

6. Data Sharing and Disclosure

We may share your information with:

• Certification Bodies: NSAI and other accredited bodies for certification purposes
• Service Providers: IT, payment processing, and communication services
• Legal Authorities: When required by law or to protect our rights

We ensure all third parties have appropriate data protection measures in place and process data only as instructed.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Staff training on data protection

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data (subject to legal requirements)
• Portability: Request data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdrawal: Withdraw consent for processing based on consent

To exercise these rights, contact us at privacy@arcmanagementsystems.ie

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Active clients: Duration of service plus 7 years for regulatory compliance
• Prospects: 2 years from last contact
• Website analytics: 26 months

10. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place through:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)

11. Cookies and Tracking

We use cookies and similar technologies in line with the ePrivacy Directive and GDPR. On your first visit we present a consent banner that sets all optional cookies to denied until you make a choice. You can reopen the banner at any time via the “Cookie settings” link in the footer.

• Strictly necessary cookies: Required for security, accessibility, and providing services you request. These always remain active.
• Analytics cookies: Set only if you grant consent. We use Google Analytics 4 with Google’s Consent Mode v2 to capture aggregated statistics such as page views, popular content, device type, and approximate geography. When consent is denied, measurement remains in cookieless, aggregated mode.
• Advertising cookies: Reserved for future campaigns. These remain disabled unless you opt in; when active they allow us to measure ad performance without sharing personally identifiable information.

Consent preferences are stored in a short JSON cookie (with timestamp and version) so that we can honour your decision for up to 6 months. You may change or withdraw consent instantly via the footer link, or by adjusting your browser settings and clearing cookies.

Google processes analytics data on our behalf. Data may be transferred outside the EEA under the Standard Contractual Clauses adopted by Google Ireland Limited. We do not use Google Analytics to collect personal identifiers or precise locations, and IP addresses are not retained in GA4. For more information, consult Google’s Privacy Policy and our Terms of Service.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

13. Complaints

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the Irish Data Protection Commission: