This policy is effective as of 15^th April 2023

This Privacy Policy applies to the information and data that Green Arrow Consultancy Ltd who's registered office is Sophia House, 28 Cathedral Road, Cardiff, CF11 9LJ, Wales, UK collects when you use our website or our products and services.  

Summary

This policy applies to:

• Visitors to our website
• Customers
• Vendors
• Employees & Contractors
• Users of our products and services

The purpose of this Privacy Policy is to let you know how we collect,use, store, share, retain, transfer, and process your Personal Information.  This policy also describes your choices and rights with respect to your Personal Information and how to exercise those rights.“Personal Information” is any information relating to an identified or identifiable individual.  

We may amend this policy from time to time. We encourage you to review this policy periodically, as changes will be posted on this page. If we make any material changes to this policy we will provide a prominent notice. If youdo not agree with this policy, you should not use our website, products or services.

This Policy covers:

What Personal Information We Collect

We collect various types of information depending on how you interact with us and what products or services you use. 

Personal Information you provide to us

If you fill out a form on our website that requires contact information such as signing up for a newsletter, submitting a request for information or products and services we will collect and process that information to provide you with the communication, products or services.  These types of Personal Information may include your name, email address, company name, job title, your physical address, payment and billing information.

Personal Information collected when you visit our website 

When you use our website, we may automatically collect Personal Information such as IP address, user - agent information (which is automatically sent by your web browser and may include device type) and information collected by cookies and other similar technologies.  Our Cookie policy can be found at https://greenarrowconsultancy.com/cookie-policy

Personal Information collected when you use our products or services

When you use our products and services, we collect other types of Personal Information.  These types of Personal Information include:

• Username
• IP Address
• Name
• Email Address
• Street Address
• Telephone Number
• Age
• Gender

We may also collect usage data regarding your use of our products and services and this data may contain Personal Information.

We also collect payment and billing information when you register for the use of our products and services.  For example, we may ask you to provide a billing address for your account and payment information.  We use this information solely to process payments and deliver our products and services.

Unless otherwise noted in this policy, we act as the “controller” of personal data that we collect and process.

How We Collect Information

We collect Personal Information from you when you visit our website or use our products and services.  Some of this information is provided by you and some is collected automatically. 

How We Use Your Information

We process your personal information for the following purposes:

• To provide our services.
• To respond to your requests for information.
• To contact you with updates about our services.
• To market and advertise our services, including sending marketing communications, with your consent.
• To analyze and improve our website and services.

The Legal Basis for Collecting and Processing Information

We use the following legal bases for collecting Personal Information:

• We may collect or process  information with your consent, such as when     you subscribe to our newsletter, ask for information, or sign up for     services.
• We may collect or process information we need to provide our services or fulfil     a contractual obligation.
• We may collect or process information to fulfil a legal obligation.
• We may collect information when we have a legitimate interest to do so, such     as for marketing, as long as our legitimate interests are not outweighed     by your rights.
• We may collect or process information if necessary to protect the vital     interests of the user or another individual.

How We Share Information

We share Personal Information with our affiliates and partners, as needed to provide our services. We share Personal Information with service providers such as accountants, payment processing companies, and other vendors we use to operate our website and provide our products and services.

Our vendors and service providers are not permitted to use your personal information for any other purpose than to provide contracted services. Vendor sare not permitted to use your personal information for their own marketing, andare not allowed to share your information for marketing purposes.

We may share personal information in response to a legal summons or subpoena, or if required by law enforcement agencies.

How Long We Retain Your Information

How long we keep Personal Information that we have collected depends on the type of information and the purpose for which it was collected.  After a reasonable period of time or the completion of the purpose for which it was collected, we will either delete or anonymize personal information.

We retain Personal Information where we have an ongoing legitimate business purpose to do so, for example to resolve disputes or to comply with ongoing legal obligations.

We retain your personal information for as long as it is needed to provide our services to you and to fulfill our legal obligations and for a reasonable period of time after such services are completed.

Cookies and Other Tracking Technologies

Cookies  are small files stored on your web browser when you visit our website. Some cookies last only as long as you remain on the website;others, called “persistent cookies” may be stored for longer periods of time.These cookies can make browsing easier by storing your password or your preferences regarding how you use the website. Cookies collect information such as the IP address of your computer, your browser settings, and information about how you use the website. Your general location may be estimated from your IP address. Some cookies track users’ activity on our website, apps, andservices in order to deliver personalized advertising to you on this and other websites. 

If you would like to opt out of cookies, you may change the settings on your web browser to reject or delete cookies. You may also find more information about cookies, including how to opt out of interest-based advertising, at www.cookiesandyou.com. 

Your Rights Regarding Access to and Control over Personal Information

If you reside in the EU/EEA, you may have the following rights with regard to your personal information:

• Right of information and access - You have the right to access your Personal Information we have about you and to be provided with a copy     of your Personal Information.

• Right to rectification - You have the right     to correct or update your inaccurate or out of date Personal Information.

• Right of erasure - You have the right to     request that your Personal Information be permanently erased/deleted.

• Right to restrict processing - You have the right to restrict the processing     of your Personal Information.

• Right to object to processing - You have the right to object to specific types     of processing of your Personal Information.
• Right to portability - You may ask to receive a portable copy of your     personal information in a format that may be transferred to another     organization.
• Right not to be subject to decisions based solely on Automated     Decision Making -     You have the right not to be subject to decisions based solely on     automated processing.
• Right to complain to a data protection authority - You have the right to     complain to a supervisory authority in the country in which you reside,     details of which can be provided upon request or to the lead supervisory     authority for [Company Name], which is [insert name and contact     details of your company’s designated data protection authority].
• Right to withdraw consent - If you have given us consent to collect or     process your Personal Information, you may withdraw that consent at any     time. 
• The Right to Non-Discrimination - We may not discriminate     against you if you exercise your privacy rights.

If you wish to exercise any of these rights please submit a request via privacy@greearrowconsulty.com

We may charge a reasonable fee if your request is not valid under applicable law, repetitive or excessive.  We may also request additional information from you in order to verify your identity before processing your request.

These rights may be available only to EEA residents, or to all users

Information for California Residents

The California Consumer Privacy Act (CCPA) applies to information collected from California residents. Residents of California have the following rights with regard to their personal information:

• The Right to Know and Access Information

           The categories of personal information we collect is described above in the section

entitled “ The  Information WeCollect”. California residents may submit a verifiable 

request regarding the information collected, the types of sources from which personal 

Information is collected, the purposes for which information is collected, and the specific 

personal information collected about them.

• The Right to Have Personal Information Deleted 
• The Right To Portability 

California residents may request a copy of their personal information in a format that can be transferred to another person or entity.

• The Right to Non-Discrimination

We may not discriminate against you if you exercise your privacy rights.

You may be asked for more information in order for us to verify your identity when you make a request. You may exercise your rights by contact us at privacy@greenarrowconsultancy.com.

We do not sell Personal Information to third parties (pursuant to California Civil Code Sections 1798.100-1798.99, also known as the California Consumer Privacy Act of 2018

The sections above “What Personal Information We Collect” lists the categories of Personal Information we have collected in the preceding 12 months.

International Data Transfers

Personal Information may be transferred from users residing in the European Union to our servers, partners, or vendors located in the United States and other non-EU countries where there may not be an adequacy opinion issued with respect to that country. We have taken appropriate safeguards toensure that Personal Information remains protected wherever it istransferred.  When we transfer Personal Information of individuals in theEuropean Economic Area (“EEA”), Switzerland or the United Kingdom (“UK”) to theUS, we make use of the Standard Contractual Clauses and the UK Addendum as wellas additional safeguards where appropriate. 

Security

We take all reasonable steps to protect the information we receive from you from accidental or unlawful destruction, loss,alteration, and unauthorized disclosure or access. We have put in place appropriate physical, technical, and administrative measures to safeguard and secure your information, but no security measures are perfect; the risk of a data breach is possible. 

Personal data is encrypted during transmission.

Personal information is encrypted at rest at our data centers.

Employees are given access to users’ personal information only on a“need to know” basis.

All employees are required to receive training on information security.

All employees with access to personal information are subject to background checks.

All employees with access to personal information are required to sign a binding confidentiality agreement.

Before sharing personal information with our vendors, we make sure they have implemented security procedures to protect your data. Our vendors and partners are not permitted to use or share your information for any purpose other than to provide the services for which they have been contracted. 

Children’s Privacy

We do not knowingly collect or solicit personal information from children under age 13 without parental consent, unless permitted by law. If we become aware that we have collected personal information from children under the age of 13 without parental consent (or as permitted by law), we will delete it.  If you believe that a child may have provided us with personal information without such parental consent, please contact us.

California consumers:  We will not sell the information of California consumers who are 16 years old or younger unless we have prior parental authorization.  If a California consumer is under the age of 13,a parent or guardian must consent to the sale of such minor’s personal information.  If the California consumer is between the ages of 13 and 16 years old, the minor may consent on an opt-in basis to the sale of their personal information.  Our sites directed toward children will ask for age verification and will require appropriate consent.

EU residents: We do not collect or process personal information of data subjects in the EU under the age of 16 without explicit consent from a parent or guardian.  Our sites directed toward children will ask for age verification and will require appropriate consent.

Sensitive Information

Unless specifically requested, we ask that you not send us, and you not disclose on or through our websites or otherwise to us sensitive personal Information unless specifically requested by us or required by law.

Contact Us

If you have any questions about this privacy policy, or if you want to exercise your privacy rights as outlined above, please contact us at

info@greenarrowconsultancy.com

Green Arrow Consultancy Ltd
Sophia House,
28 Cathedral Road,
Cardiff, CF11 9LJ
Wales, UK

designated Data Protection Officer: Darren Tyler (Director of Green Arrow Consultancy Ltd

‍