Privacy Policy
Online Privacy and Data Security Statement Highlights
This page highlights some of the key elements of our Online Privacy and Data Security Statement. Both this page and our Online Privacy and Data Security Statement apply to www.arcesium.com, the official website of Arcesium LLC and its subsidiaries, and any other websites or applications we publish for our various products and services that may contain a link to this statement. For more information, please read our complete Online Privacy and Data Security Statement. Certain terms used in this statement have the meaning given to them here.
Summary of How We Handle Personal Information
What do we collect?
We collect and retain certain personal information from a variety of different data subjects. Our Privacy and Data Security Statement applies to visitors and users of our online and mobile resources, from whom we collect very little information unless it is voluntarily submitted to us. You can read here to learn about the categories of personal information we collect from the various groups of data subjects.
Why do we use it?
We use personal information received from visitors and users of our online and mobile resources to communicate directly with them. We provide further detail about our use of personal information here.
When do we share it?
We share personal information when needed to fulfill our legal obligations and when our vendors and business partners need it to perform under the contracts we have with them. We provide further detail about our sharing of personal information here. We do not sell or rent any personal information from any group of data subjects to third party data brokers or marketing companies.
How do we protect it?
We’ve invested in a Security Program that addresses technical, organizational and operational matters. Our program includes incident response and vendor oversight components. You can read about those components here and here.
Your Privacy Choices and Rights
You do not have to provide personal information to enjoy most of the features of our online and mobile resources. Moreover, you can opt out of certain activities like newsletters and announcements. You can learn more about that here.
Contacting Our Privacy Office
If you have any questions about our privacy and data security policies, procedures, and/or practices, including anything we say in these privacy and data security highlights or our Online Privacy and Data Security Statement, we encourage you to contact our Privacy Office.
Address: Arcesium LLC Attention: Privacy Office 441 9th Avenue, 24th Floor New York, NY 10001 Email: privacy@arcesium.com Phone: 1-646-386-0300
Online Privacy and Data Security Statement
Thank you for visiting Arcesium LLC’s online and mobile resources, and for viewing this Online Privacy and Data Security Statement. We use this statement to inform you of the types of information we collect when you use our online and mobile resources, how we use it, who we share it with and why, and what we do to try to protect it.
By using our online and mobile resources, you are signifying to us that you agree with this statement and that we may use and disclose your information as described.
This Online Privacy and Data Security Statement is effective as of July 15, 2021. The English language version of this Online Privacy and Data Security Statement is the controlling version regardless of any translation.
Navigating Through This Statement
You can use the links below to navigate this Online Privacy and Data Security Statement:
Who Do We Collect Personal Information From?
What Personal Information Do We Collect?
How Do We Use the Personal Information We Collect?
Sharing Personal Information With Others
How Do We Protect Collected Personal Information?
Privacy Laws Vary from Place to Place
The General Data Protection Regulation
Submitting Information From Outside the United States
Changes To This Privacy Statement
Some Important Vocabulary
When we reference “this statement”, “this privacy statement” and “our statement”, we mean the Online Privacy and Data Security Statement you are reading now. We use the words “you” and “your” to mean you, the reader, and other visitors to our online and mobile resources who are, in all cases, over the age of 18. This age requirement is discussed in more detail later in this statement here. When we talk about our “online and mobile resources”, we mean all websites, portals, or other features we operate to allow you to interact with us and our systems, as well as the mobile apps we’ve created and distributed to let you interact with the content we provide. Online and mobile resources do not include our cloud-based software solutions accessible only via use rights granted in a separate contract. An “affinity action” is when you “follow” us, “like” us or take a similar or analogous action on our external social media presence. Finally, when we refer to “personal information”, we mean any data or data element, whether in electronic or other form, that, alone or in combination with other elements, can be used to distinguish, trace, or discover your identity. Certain data privacy laws include specific elements or defined terms for what they consider to be the personal information (or personal data) they govern. Where such data privacy laws apply, then the term “personal information” includes the specific elements and defined terms required by such laws.
We also want to be clear about exactly what parts of the Arcesium LLC corporate enterprise are covered by, and adhere to the policies and procedures explained in, this statement. Arcesium is a global financial technology and professional services firm, comprising Arcesium LLC and its related subsidiaries including Arcesium UK LLP and Arcesium India Private Limited. THIS PRIVACY STATEMENT APPLIES TO ARCESIUM LLC as well as such related entities. So, wherever we say “Company”, “we”, “us”, or “our” in this privacy statement we mean Arcesium LLC and its related entities (including Arcesium UK LLP and Arcesium India Private Limited).
Who Do We Collect Personal Information From?
We collect personal information from four groups of data subjects:
- visitors to, and users of, our online and mobile resources;
- current and former members of our workforce and those who apply for posted jobs;
- our third party vendors and business partners; and
- our customers.
The categories of information we collect from each of these groups, and the ways in which we use it, differ. It is important to note, however, that this privacy statement applies only to visitors and users of our online and mobile resources. Thus, the words “you” and “your” throughout this privacy statement mean only that category of data subject. As you may have noticed, it’s possible that the same person could fall into more than one group. For instance, someone who works for us might, on their day off, visit one of our general websites. The immediately following paragraphs provide a quick summary overview about everyone else.
Our Customers
Customers of our cloud-based software solutions and related services enter into contracts with us. That contract is separate from this statement and has its own terms and conditions for notice of collection of personal information and governing our overall confidentiality, data privacy, and data security obligations. As a result, those terms, and not this statement, apply to the personal information of customers.
Our Workforce and Job Applicants
We collect and retain the types of professional or employment related personal information you would expect an employer to have about its workforce and job applicants. We provide legally required notices of collection, and describe our use and sharing of the personal information of our workforce and applicants in greater detail in confidential internal human resource manuals and documents accessible to members of our workforce, or by publication on the proprietary workforce/applicant portals and apps we operate. In some cases, such portals and apps may be operated by third parties who transfer the personal information to us. In those situations, the legal responsibility to provide notice usually rests with the third party, not us.
Vendors and Business Partners
Like all corporate enterprises, we buy goods and services, lease equipment and office space, and attend industry events. In doing so, we interact with many existing and potential vendors and business partners from whom we necessarily collect certain personal information. We describe our use of vendor and business partner personal information in greater detail in our confidential contracts with those parties.
What Personal Information Do We Collect?
Generally, we collect personal information through automated/technical means and when you voluntarily provide it to us.
Voluntarily-Submitted Information
If you participate in or make use of certain activities and features available via our online and mobile resources, you may be asked to provide us with information about yourself.
If you do not want us to collect this type of personal information, please do not provide it. This means you should not participate in the activities on our online and mobile resources that request or require it and instead, you may want to communicate with us by phone or postal mail. Participation is strictly your choice. Not participating may limit your ability to take full advantage of the online and mobile resources, but it will not affect your ability to access certain information on the online and mobile resources available to the general public.
The types of personal information you will be submitting to us in those situations is almost always limited to basic identifiers such as your name, email address, mailing address and phone number. Here are some of the ways you voluntarily give us your personal information:
- Emails and Texts – if you choose to send us an email from our “contact us” link or a similar link, you will be giving us your email address and any other personal information that may be in your message or attached to it. The same is true if you send us a text message.
- Creating Accounts; Signing up for Newsletters – if we make an account creation feature available to the general public (that is, to visitors/users who are not our customers or workforce members) you will be giving us at least your email address and potentially other identifiers. The same is true if you sign up to receive a newsletter or other informational or marketing material we publish.
- Registering for Events – when you register for events, conferences, or programs we ourselves may host (rather than outsource to a third party event manager with its own privacy policies), you will be submitting the types of identifiers described above. If the event requires a fee, we may also ask you to submit credit card or other financial information.
- Social Media and Community Features – some of our online and mobile resources may offer social media-like community features letting users post messages and comments, and/or upload image or other files and materials. If you choose to make use of these features, the information you post, including your screen name and any other personal information, will be in the public domain and not covered/protected by this statement.
- Customer Portals and Job Applicants – some of our online and mobile resources are used to help us serve our customers and allow candidates to apply for available jobs. We discuss personal information submitted in those situations elsewhere in this statement, including here.
Automatically Collected Information
When you visit or use our online and mobile resources, basic information is passively collected through your web browser via use of tracking technologies (such as a “cookie”, which is a small text file that is downloaded onto your computer or mobile device when you access the online and mobile resources). It allows us to collect your IP address and recognize your computer or mobile device and store some information about your preferences for using our online and mobile resources or past actions, such as:
- the type of browser and operating system you use;
- the date and time and length of your visit;
- the pages visited, graphics viewed, and any documents downloaded; and
- links to other sites you accessed from our online and mobile resources or used to navigate to our online and mobile resources.
Additional information about cookies and tracking technologies is available here.
If you access our online and mobile resources from a phone or other mobile device, the mobile services provider may transmit to us certain information such as uniquely identifiable mobile device information. That, in turn, allows us to collect mobile phone numbers and associate them with the mobile device identification information. Some mobile phone service providers also operate systems that pinpoint the physical location of devices and we may receive this geolocation data as well.
When you use our online and mobile resources, we may allow third party service providers to place their own cookies or similar technologies in order to engage in the same types of collection we describe above. For example, we use third party “web analytics” services such as those offered by Google Analytics. For more information on how Google specifically uses this data, go to https://www.google.com/policies/privacy/partners/. You can learn more about how to opt out of Google Analytics by going to https://tools.google.com/dlpage/gaoptout.
External Sites, Apps, Links, and Social Media
We maintain a presence on one or more external social media platforms such as Twitter, Facebook, YouTube and LinkedIn. We may further allow the community features of our online and mobile resources to connect with, or be viewable from, that external social media presence. Similarly, our online and mobile resources may contain links to other websites or apps controlled by third parties.
Except for information we post directly from our official social media account, we are not responsible for the content on, or the privacy practices of, social media platforms, or any third party sites or apps to which we link. Those apps, sites and platforms are not controlled by us and therefore have their own privacy policies and terms of use. To be clear: neither this statement nor the terms of use appearing on or in any of our online and mobile resources apply to our social media presence or any third party sites or apps to which we may link. That means even if you take an affinity action on our specific social media profile, and identifiers about you are automatically collected and given to us as a result, that collection and transfer is governed by the privacy policies and other terms of the applicable social media platform and are not our responsibility. If you have questions about how those apps, sites, and platforms collect and use personal information, you should carefully read their privacy policies and contact them using the information they provide.
Do Not Track Disclosure
Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. We do not specifically respond to browser “do not track” signals.
How Do We Use the Personal Information We Collect?
We use the personal information we collect only in the manner and through the means allowed by applicable law. That means we determine whether we have a lawful basis/legitimate business purpose to use your personal information before doing so. As stated under applicable law, such lawful bases/legitimate business purposes may include receiving express consent, operating our business, performing a contract, and complying with a legal obligation. More specifically, we use the personal information of each group of data subjects as follows:
We use the automatically collected personal information described here to compile generic reports about popular pages/features of our online and mobile resources, and to see how users are accessing our online and mobile resources and in some cases (such as affinity actions) send materials to you. We use the personal information you voluntarily submit, as described here, to respond back directly to you and/or send you the information you requested or about which you inquired. We also may use any such personal information you provide to customize our programs and newsletters to make them more relevant to you. We do not sell or rent personal information automatically collected by, or which you voluntarily provide when using our online and mobile resources.
We use and retain your personal information in accordance with applicable law and as long as necessary to carry out the purposes described above in accordance with our internal data retention procedures.
Sharing Personal Information With Others
We may share your personal information as described below. This sharing applies to the personal information of all four groups of data subjects.
Affiliates
We may share personal information with other corporate affiliates who will use such information in the same way as we can under this statement.
Legal Requirements
We may disclose personal information to government authorities, and to other third parties when compelled to do so by such government authorities, or at our discretion or otherwise as required or permitted by law, including responding to court orders and subpoenas.
To Prevent Harm
We also may disclose such information when we have reason to believe that someone is causing injury to or interference with our rights or property, or harming or potentially harming other persons or property.
Business Sale/Purchase
If we, or any of our affiliates, sell or transfer all or substantially all of our assets, equity interests or securities, or are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, divestiture, consolidation, or liquidation, personal information may be one of the transferred assets.
Vendors and Business Partners
We also share personal information with those of our vendors and business partners who need it to perform under the contracts we have with them. As part of our Security Program, we have adopted standards for those vendors and business partners who receive personal information from us. We attempt to bind such vendors and business partners to those standards via written contracts. Such standards include expectations that when we share personal information with our vendors and business partners, they will comply with all applicable privacy and data security laws and regulations and our Security Program, and will contractually require and cause their subcontractors and agents to do the same.
For any personal information our vendors and business partners process or store at their own locations, we further expect them to use technology infrastructure meeting, at least at the facilities level, minimum recognized standards for security controls. Such recognized standards include those published by the International Standards Organization, the National Institute of Standards and Technology or any reasonably equivalent standards.
Please note, however, that we cannot guarantee that all of our vendors and business partners will agree to the above-described contractual requirements; nor can we ensure that, even when they do agree, they will always fully comply.
How Do We Protect Collected Personal Information?
Our Data Security Program
We have adopted, implemented, and maintain an enterprise-wide corporate information security and privacy program that includes technical, organizational, administrative, and other security measures designed to protect, as required by applicable law, against reasonably anticipated or actual threats to the security of your personal information (the “Security Program”). Our Security Program was created with reference to widely recognized industry standards such as those published by the International Standards Organization and the National Institute of Standards and Technology. It includes, among many other things, procedures for assessing the need for and employing encryption and multi-factor authentication as appropriate, or using equivalent compensating controls. We therefore have every reason to believe our Security Program is reasonable and appropriate for our business and the nature of foreseeable risks to the personal information we collect. We further periodically review and update our Security Program, including as required by applicable law.
Our Incident Response and Management Plan
Despite the significant investment we’ve made in, and our commitment to, the Security Program, including enforcement of our third party oversight procedures, we cannot guarantee that your personal information, whether during transmission or while stored on our systems or otherwise in our care or the care of our vendors and business partners, will be free from either failed or successful attempts at unauthorized access or that loss or accidental destruction will never occur. Except for our duty under applicable law to maintain the Security Program, we necessarily disclaim, to the maximum extent the law allows, any other liability for any such theft or loss of, unauthorized access or damage to, or interception of any data or communications including personal information.
All that said, as part of our Security Program, we have specific incident response and management procedures that are activated whenever we become aware that your personal information was likely to have been compromised. Those procedures include mechanisms to provide, when circumstances and/or our legal obligations warrant, notice to all affected data subjects within the timeframes required by law, as well as to give them such other mitigation and protection services (such as the credit monitoring and identity theft insurance) as may be required by applicable law. We further require, as part of our vendor and business partner oversight procedures, that such parties notify us at least within the timeframes required by law if they have any reason to believe that an incident adversely affecting personal information we provided to them has occurred.
Your Rights and Options
If we are using your personal information to send you marketing materials, such as newsletters or product alerts via text or email, you may opt out by following the opt-out instructions in the email or other communication (e.g., by responding to the text with “STOP”). In addition, certain of our online and mobile resources will provide a centralized opt-out link allowing you to opt out of any programs in which you may have enrolled using that particular online and mobile resource. When we receive your request, we will take reasonable steps to remove your name from our distribution lists, but it may take time to do so. You may still receive materials for a period of time after you opt out. In addition to opting out, you have the ability to access, amend and delete your personal information by contacting us using the contact information below. Opting out of or changing affinity actions or other submissions or requests made on our external social media presence, will likely require that you do so directly on that applicable platform as we do not control their procedures.
Children’s Privacy
Federal law imposes special restrictions and obligations on commercial website operators who direct their operations toward, and collect and use information from, children under the age of 13. We take those agerelated requirements very seriously, and, consistent with them, do not intend for our online and mobile resources to be used by children under the age of 18, and certainly not by those under the age of 13. Moreover, we do not knowingly collect personal information from minors under the age of 18. If we become aware that anyone under the age of 18 has submitted personal information to us via our online and mobile resources, we will delete that information and not use it for any purpose whatsoever. We encourage parents and legal guardians to talk with their children about the potential risks of providing personal information over the Internet.
Privacy Laws Vary From Place to Place
Privacy and data protection laws vary around the world and among the individual United States (“U.S.”). Our obligations arising under the majority of the world’s privacy laws, including U.S. federal and most state laws, are satisfied by individual risk assessments conducted by us to ensure we act reasonably and responsibly when processing your personal information. We refer to these as “General Privacy Laws”. In some jurisdictions, however, the privacy laws are more comprehensive, prescribing specific obligations for businesses and granting you, the data subject, certain specific rights regarding your personal information. We refer to these types of privacy laws as “Comprehensive Privacy Laws”. Examples of Comprehensive Privacy Laws include the European Union and United Kingdom’s variants of the General Data Protection Regulation or “GDPR”, and the consumer privacy protection statutes of several U.S. states, such as California, Colorado, and Virginia.
The nature and locations of our business activities makes certain of our data processing activities subject to the GDPR. As such, when we collect personal information from data subjects protected by the GDPR, we become subject to, and those data subjects have rights under the GDPR. We satisfy our GDPR notice obligations to those data subjects and further explain their rights in this section of this privacy statement.
We do not believe we have an obligation under the rules of other Comprehensive Privacy Laws to provide notices specific to them. Questions about how other Comprehensive Privacy Laws apply to us can be directed to us through the contact information found here.
The General Data Protection Regulation
When we collect personal information from individuals located in the European Economic Area and the United Kingdom (“UK”) (the “GDPR Jurisdictions”), those individuals have rights under the General Data Protection Regulation (“GDPR”). This section of our statement is used to fulfill our GDPR obligations and explain your GDPR rights. For purposes of this section, the words “you” and “your” mean only such individuals located in the GDPR Jurisdictions.
Our Collection, Use, and Sharing Practices
Please review this section to understand the scope of purposes and the sources from which we collect personal information. Similarly, you can find information about the categories of third parties with which we may share your personal information and why we share it in this section. We do not use your personal information for automated decision-making, including profiling. We do not sell, rent, or trade your personal information to third party data vendors or marketing companies nor do we use your personal information for automated decision-making, including profiling.
Legal Basis for Processing Your Personal Information
Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, such as to contact you about products and services you may be interested in. In certain circumstances where our legal basis of processing is for performance of a contract with you, please be aware that, in those circumstances, where you do not provide personal information which is required by us, we will not be able to provide the products and services under our contract with you or may not be able to comply with a legal obligation on us. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. If we happen to obtain your consent to process your personal information, you may withdraw your consent at any time by contacting us here.
Exercising Your Rights
You may exercise the rights available to you under the GDPR, including the right to object to the processing of your personal information, as follows:
- Access – the right to obtain a confirmation that your personal information is being processed, access to your personal information (if we are in fact processing it), other information about the processing of your personal information (most of which is set forth in this Notice) and a copy of the personal information we are processing.
- Rectification – the right to have your personal information corrected if it is inaccurate, and depending on the purposes of processing, you may also have incomplete personal information completed.
- Erasure – also known as the “right to be forgotten,” the right to request your personal information be deleted under certain circumstances such as if it is no longer needed for the original purpose it was collected for or if you withdrew your consent. The right of erasure does not apply under limited circumstances including if the processing is necessary for exercising the right of freedom of expression and information or our compliance with a legal obligation.
- Restrict processing – the right to restrict processing of your personal information under certain circumstances such as if you contest the accuracy of the personal information (and only for so long as it takes to verify that accuracy), the processing is unlawful and you have requested restricting the processing rather than erasure, or if we no longer need the personal information but you need it to establish, exercise or defend a legal claim.
- Portability – the right to receive the personal information you provided to us (and not any other information) under limited circumstances such as if the basis for processing the personal information was consent or necessary for the performance of a contract with you, or the processing is carried out by automated means.
- Automated Processing – the right to not be subject to a decision based solely on automated processing, including profiling.
- Object to processing – the right to object to the processing of your personal information under the following circumstances:
- Legitimate Interests – if the basis for which the processing occurs is in our legitimate interests or in the performance of a task carried out in the public interest. If you object, we will stop processing your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or we require the personal information to establish, exercise or defend a legal claim.
- Direct Marketing – if the processing is for direct marketing purposes.
You can exercise these rights by contacting us using the contact information listed here; however, we may need to request additional information from you to verify your identity before granting your request. We will respond to all requests we receive from individuals wishing to exercise such rights in accordance with the GDPR. We have the ability to charge a reasonable fee for administrative costs of providing the personal information to you in situations where the request is unfounded or excessive (due to its repeated nature), or in the alternative, we may refuse to act on the request in those situations.
Lodging a Complaint
You have the right to complain to your data protection authority about our collection and use of your personal information. Please contact your local data protection authority for more information. Contact information for data protection authorities can be found here and here.
Retaining Your Personal Information
We will store and retain your personal information in accordance with applicable law and as long as necessary to carry out the purposes described in this Section in accordance with our internal data retention procedures. The criteria used to determine the retention periods include:
- how long the personal information is needed in connection with the applicable purposes for which we use it;
- the type of personal information collected; and
- whether we are subject to a legal, contractual or similar obligation to retain the personal information (e.g., mandatory data retention laws, government orders to preserve personal information relevant to an investigation, or personal information that must be retained for the purposes of litigation or disputes).
Consent to Cross-Border Data Transfer
By submitting personal data to us you, we will, except in certain limited circumstances, transfer it outside the GDPR Jurisdiction to the United States where our technical infrastructure resides. We undertake such transfer solely for the purposes described previously in this policy. You hereby expressly consent to that transfer and acknowledge that you have been advised of its risks; namely, that the U.S., does not, in the view of European data protection authorities, have data protection laws that afford data subjects with protections equivalent to those in the GDPR Jurisdictions. In certain instances, we may further transfer your information to third countries, such as certain of our affiliates located in India. Your consent includes consent to such onward transfers though, in any event, we will have bound the recipient of your personal information to the EU standard contractual clauses or other contract obligations the GDPR permits, and obtained such other assurances and implemented such appropriate safeguards as required by the GDPR. You can request further details in relation to international transfers, including a copy of the standard contractual clauses, by contacting us at privacy@arcesium.com.
Changes to This Privacy Statement
We reserve the right to change or update this statement from time to time. Please check our online and mobile resources periodically for such changes since all information collected is subject to the statement in place at the time of collection. Typically, we will indicate the effective/amendment date at the beginning of this statement. If we feel it is appropriate, or if the law requires, we’ll also provide a summary of changes we’ve made near the end of the new statement.
Contacting Us
If you have questions about our privacy statement or privacy practices, please contact our Privacy Office:
Address: Arcesium LLC Attention: Privacy Office 441 9th Avenue, 24th Floor New York, NY 10001 Email: privacy@arcesium.com Phone: 1-646-386-0300