Privacy Policy
Last updated: 12/31/2025
Part I: Introduction & Legal Framework
1. Introduction (Article 5 UK GDPR)
Ark Platforms Europe Limited (“Ark Platforms”, “we”, “us”, or “our”) recognizes the critical importance of privacy and the security of personal information in the digital age. We are committed to maintaining the trust and confidence of our visitors and clients. This Privacy Policy is more than a legal requirement; it is a fundamental part of our commitment to transparency and ethical data management. It details our practices regarding the collection, use, processing, storage, protection, and disclosure of personal data, strictly adhering to the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
2. Data Controller Identification (Article 13(1)(a))
Ark Platforms Europe Limited, a company registered in England and Wales, serves as the data controller for all personal information collected and processed through our ecosystem. This ecosystem includes our primary websites, mobile applications, proprietary APIs, and all associated digital services. As the data controller, we are legally responsible for deciding how and why your personal data is used, ensuring that every processing activity is conducted with the highest standards of care and compliance with modern data protection legislation.
3. Scope of Application
This comprehensive Privacy Policy applies universally to all individuals who interact with Ark Platforms. This includes, but is not limited to, casual website visitors, registered clients, independent contractors, strategic partners, and end-users of our cloud-based platforms. The scope extends to any scenario where personal data is processed by Ark Platforms, ensuring that regardless of your relationship with us, your data remains protected under the robust framework of the UK GDPR as defined in Article 3.
4. Legal Framework
Our operations are built upon a rigorous legal foundation. We operate in strict accordance with the UK GDPR, which sets the gold standard for data protection globally. Furthermore, we comply with the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR) regarding digital marketing and tracking, and the evolving guidance provided by the United Kingdom's Information Commissioner's Office (ICO). This multi-layered legal framework ensures that your information is handled with the legality and dignity it deserves.
5. Definitions (Article 4 UK GDPR)
To ensure complete clarity, all technical terms used in this document—including "personal data" (any information relating to an identified or identifiable individual), "processing" (any operation performed on data), "data subject" (the individual the data refers to), "controller" (the entity determining the purpose), and "processor" (the entity handling data on behalf of a controller)—hold the specific legal definitions as outlined in Article 4 of the UK GDPR. We believe in using precise terminology to avoid any ambiguity in how your rights are described.
Part II: Data Governance & Processing Principles
6. Principles of Processing (Article 5)
Every byte of data we process is guided by the core principles set out in Article 5 of the UK GDPR. This means we process data lawfully, fairly, and with total transparency. We only collect data that is adequate, relevant, and limited to what is necessary for our stated purposes (data minimization). We strive for absolute accuracy, ensuring that incorrect data is erased or rectified immediately. Furthermore, we limit storage to the minimum necessary time and prioritize the integrity and confidentiality of your data through robust security measures.
7. Lawful Bases for Processing (Article 6)
We never process personal data without a clear, documented legal justification. Under Article 6(1) of the UK GDPR, we rely on several lawful bases: the performance of a contract, compliance with legal obligations, our own legitimate business interests (balanced against your rights), your explicit consent, or, in rare cases, the protection of vital interests. This structured approach ensures that our processing is always anchored in legal necessity.
8. Contractual Necessity (Article 6(1)(b))
Much of our processing is essential for us to deliver our services to you. When you sign up for a service or request information, processing your data becomes a contractual necessity. This covers everything from the initial account setup and identity verification to the ongoing delivery of services, technical support, invoicing, and managing the overall relationship between you and Ark Platforms. Without this processing, we simply could not provide the high-quality services you expect.
9. Legitimate Interests (Article 6(1)(f))
Beyond contracts and laws, we may process data for our legitimate business interests. These include improving our service offerings, enhancing user experience through UI/UX research, preventing fraudulent activities, maintaining the security of our IT infrastructure, and general operational management. We explicitly conduct "balancing tests" to ensure that our business interests never override your fundamental rights, freedoms, or expectations of privacy.
10. Consent (Articles 6 & 7)
In specific scenarios, such as certain marketing activities or the use of non-essential cookies, we will ask for your explicit consent. This consent is always freely given, specific, and based on clear information. We maintain records of these consents and ensure that you can withdraw your consent at any time as easily as you gave it. Withdrawing consent does not affect the legality of any processing that took place before the withdrawal.
Part III: Data Categories & Collection Methods
11. Categories of Personal Data
The data we collect can be broadly categorized to provide you with a clear picture of what we know. This includes Identification Data (names, aliases, job titles), Contact Details (emails, phone numbers, physical addresses), Technical Data (IP addresses, login history), Usage Data (how you navigate our site), Communications Data (our interactions with you), and Financial Data (billing history and payment information). We only collect the categories of data that are strictly necessary for the services you use.
12. Technical and Usage Data
To ensure our platform remains secure and optimized, we automatically collect technical information when you interact with our digital touchpoints. This includes your Internet Protocol (IP) address, device identifiers, browser type and version, time zone setting, operating system, and the "clickstream" to, through, and from our site. This data helps us understand system performance, diagnose technical issues, and improve the overall technical architecture of Ark Platforms.
13. Communications Data
When you reach out to us via email, support tickets, contact forms, or phone calls, we process the metadata and content of those communications. This is done to provide you with accurate answers, maintain a history of your requests for better service continuity, and for quality assurance and training purposes. We treat the content of these communications with the highest level of confidentiality.
14. Marketing Communications (PECR)
Our marketing practices are governed by the Privacy and Electronic Communications Regulations (PECR). We will only send you promotional materials if you have opted in to receive them or if there is a "soft opt-in" scenario based on an existing customer relationship. Every marketing email we send includes a clear and easy-to-use "unsubscribe" link, and we respect all "do-not-track" or "opt-out" requests immediately.
15. Cookies and Tracking (Articles 6 & PECR)
Ark Platforms uses cookies—small text files stored on your device—to enhance your browsing experience and analyze our traffic. We distinguish between "strictly necessary" cookies (required for the site to function) and "performance/analytical" or "marketing" cookies. We only deploy the latter categories if you have given your explicit consent through our cookie management banner. You can change your cookie preferences at any time through your browser settings or our on-site tools.
16. Analytics and Performance Monitoring
We utilize sophisticated analytics tools to gain insights into how our users interact with our platform. These tools help us identify which features are most valuable and where users might be experiencing friction. To protect your privacy, we always aim to use anonymized or pseudonymized data for these purposes, ensuring that we can improve our services without needing to identify individual users for general statistical analysis.
Part IV: Third-Party Processing & Global Transfers
17. Third-Party Processors (Article 28)
To provide our enterprise-grade services, we partner with specialized third-party service providers (data processors). These include cloud hosting providers, customer support platforms, and IT security firms. Under Article 28 of the UK GDPR, we enter into strict Data Processing Agreements (DPAs) with every processor. These agreements legally bind them to only process your data according to our instructions and to implement the same high level of security that we do.
18. Payment Processing
Financial security is paramount. All financial transactions are handled by highly regulated, PCI-DSS compliant third-party payment gateways. Ark Platforms does not store your full credit card number or sensitive CVV codes on our own servers. We only receive the information necessary to confirm that a payment has been successful and to manage your subscription or billing cycle.
19. Data Sharing
We do not sell your personal data to third parties. We only share information when it is necessary to provide our services, when we are legally required to do so by public authorities (such as tax offices or law enforcement), or when working with professional advisers (like lawyers or auditors) who are bound by professional secrecy. Any such sharing is conducted with the minimum data necessary for the specific purpose.
20. International Transfers (Articles 44–49)
In our interconnected world, your data may occasionally be transferred to or stored in locations outside the United Kingdom. When this happens, we ensure bridge-like safeguards are in place. This includes relying on "adequacy decisions" from the UK government or using International Data Transfer Agreements (IDTAs) and Addendums to the Standard Contractual Clauses (SCCs). These measures ensure that your data receives a level of protection essentially equivalent to that provided within the UK.
Part V: Data Retention & Security Measures
21. Data Retention (Article 5(1)(e))
We subscribe to the principle of "storage limitation." This means we only keep your personal data for as long as is strictly necessary to fulfill the purposes for which it was collected. This include periods required for legal, accounting, or reporting obligations. Once the data is no longer needed, we employ secure deletion protocols or irreversible anonymization to ensure it cannot be reconstructed or associated with you ever again.
22. Data Security (Article 32)
Security is integrated into everything we build. Following Article 32 of the UK GDPR, we implement state-of-the-art technical and organizational measures to protect your data. This includes end-to-end encryption for data in transit and at rest, multi-factor authentication (MFA) for internal access, regular vulnerability scanning, and the use of secure, isolated cloud environments. Our goal is to prevent any unauthorized access, alteration, disclosure, or destruction of your information.
23. Confidentiality Obligations
Technology is only half the battle; people are the other half. Every Ark Platforms employee and contractor who may have access to personal data is bound by rigorous, legally enforceable confidentiality agreements. Furthermore, our team undergoes regular data protection and security awareness training to ensure they understand the latest threats and the critical importance of maintaining your privacy.
24. Data Breach Response (Articles 33–34)
Despite our best efforts, no system is infallible. We have established a comprehensive Data Breach Response Plan. In the event of a significant data breach, we are committed to notifying the Information Commissioner’s Office within 72 hours of becoming aware of the incident, as required by Article 33. If the breach poses a high risk to your rights and freedoms, we will also notify you directly and without undue delay, providing clear information on how you can protect yourself.
25. Automated Decision-Making (Article 22)
We believe in human-centric technology. Currently, Ark Platforms does not utilize any algorithms or automated systems to make decisions about you that would have legal or similarly significant effects. We do not use profiling to automatically deny services or set prices. If we were to introduce such technologies in the future, we would update this policy and ensure you have the right to human intervention and to contest any such decisions.
Part VI: Your Rights as a Data Subject
26. Data Subject Rights (Articles 12–23)
The UK GDPR grants you a suite of powerful rights over your personal data. We are dedicated to making it easy for you to exercise these rights. Whether you want to know what data we hold or you want us to stop processing it, we have internal procedures to handle your requests promptly—typically within one calendar month. These rights are fundamental to your digital autonomy and we respect them fully.
27. Right of Access (Article 15)
You have the right to request a "Subject Access Request" (SAR). This allows you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. We will provide this information in a clear, easy-to-read format, along with details about why we have the data, who we share it with, and how long we plan to keep it.
28. Right to Rectification (Article 16)
Accuracy is a key principle of data protection. If you find that the personal data we hold about you is inaccurate, out of date, or incomplete, you have the right to have it corrected without undue delay. You can often do this yourself through your account settings, or by contacting our support team who will make the necessary updates for you.
29. Right to Erasure (Article 17)
Also known as "the right to be forgotten," this allows you to request the deletion of your personal data where there is no compelling reason for its continued processing. This might be because the data is no longer necessary for the original purpose, you have withdrawn your consent, or the data was processed unlawfully. Please note that certain legal obligations (like tax records) may require us to keep some data even after an erasure request.
30. Right to Restriction (Article 18)
In certain circumstances, you can ask us to "pause" the processing of your data rather than deleting it. This usually applies if you are contesting the accuracy of the data, or if you object to the processing but we need to verify whether we have overriding legitimate grounds to continue. While restricted, we will only store the data and not use it for any other purpose without your further consent.
31. Right to Data Portability (Article 20)
You have the right to obtain and reuse your personal data for your own purposes across different services. If you request this, we will provide your data in a structured, commonly used, and machine-readable format (like JSON or CSV). Where technically feasible, we can also transfer this data directly to another service provider at your request, making it easier for you to move between platforms.
32. Right to Object (Article 21)
You have the absolute right to object to the processing of your data for direct marketing purposes. Additionally, you can object to processing based on our legitimate interests if you feel it impacts your fundamental rights and freedoms. In such cases, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests.
33. Complaints to the ICO (Article 77)
We strive for excellence in data protection, but if you feel we have not addressed your concerns adequately, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). The ICO is the UK's independent authority set up to uphold information rights. While we would appreciate the chance to resolve any issues with you directly first, the ICO can be reached via their website at ico.org.uk.
Part VII: Special Considerations & Compliance
34. Children’s Data (Article 8)
Our services and platforms are designed for professional and enterprise use and are not intended for children. We do not knowingly collect or process the personal data of individuals under the age of 16. If we become aware that we have inadvertently collected data from a child without verifiable parental consent, we will take immediate steps to delete that information from our servers and systems.
35. Business Transfers
As our business evolves, we might undergo strategic changes such as a merger, acquisition, or sale of assets. In such scenarios, user information is typically one of the business assets transferred. We ensure that any successor entity continues to hold your data to the same high standards set out in this policy. You would be notified of any such change in ownership and informed of any choices you might have regarding your data at that time.
36. Policy Updates
The digital and legal landscape is constantly changing. To ensure our practices remain current, we reserve the right to modify this Privacy Policy. We will post any changes on this page and, if the changes are significant, we will provide a more prominent notice (such as an email notification or a dashboard alert). We encourage you to review this policy periodically to stay informed about how we are protecting your information.
37. Governing Law
This Privacy Policy, and any disputes arising from or in connection with it, shall be governed by and construed in accordance with the laws of England and Wales. By using our services, you agree that the courts of England and Wales shall have exclusive jurisdiction over any legal proceedings that may arise regarding your privacy or data protection rights under this agreement.
38. Contact Details
Clear communication is vital. If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please do not hesitate to reach out to us. Our dedicated privacy team is based in Manchester, and you can contact us via email at hello@arkplatforms.com. We aim to respond to all inquiries with the depth and urgency they deserve.
Part VIII: Quality Control & Data Integrity
39. Data Minimization
We are steadfast in our commitment to data minimization. Our development processes include "privacy by design" reviews to ensure that we never collect more data than is strictly required for the feature or service being built. By reducing the volume of data we hold, we naturally reduce the potential impact on your privacy in the unlikely event of a security incident. We believe that less is often more when it comes to personal information.
40. Accuracy of Data
We take proactive measures to ensure the data we hold is accurate and current. This includes sending periodic reminders to users to update their profiles and implementing automated validation checks on data entry forms. If we discover that data is factually incorrect, we take immediate steps to rectify it or delete it if a correction is not possible. We rely on your cooperation to keep your contact information up to date.
41. Purpose Limitation
The "purpose limitation" principle ensures that we only use your data for the reasons we told you when we collected it. If we ever intend to process your personal data for a new purpose that is not compatible with the original one, we will provide you with information about that new purpose and, where necessary, seek your fresh consent or establish a new lawful basis before proceeding.
42. Storage Limitation
Our retention policies are reviewed annually to ensure we are not holding onto data longer than necessary. We have implemented automated scripts that flag data for review or deletion once it reaches his pre-defined retention period (e.g., 7 years for financial records). This systematic approach to storage limitation ensures that our data ecosystem remains lean,relevant, and focused on current user needs.
43. Integrity and Confidentiality
We view the integrity and confidentiality of your data as a sacred trust. Beyond encryption and firewalls, this means maintaining strict physical security at our data centers and office locations, conducting background checks on staff with high-level access, and maintaining a culture where privacy is discussed at the highest levels of management. Your data is not just a resource; it is a responsibility that we take extremely seriously.
44. Accountability
Accountability is the bedrock of the UK GDPR. We don't just say we comply; we prove it. This involves maintaining detailed Records of Processing Activities (ROPA), conducting regular Data Protection Impact Assessments (DPIA) for high-risk processing, and appointing clear owners for data protection within our organization. We are prepared to demonstrate our compliance to regulators and users alike at any time.
45. Security Measures
Our security measures are multi-faceted and layered (Defense in Depth). We utilize advanced firewall technologies, intrusion detection systems (IDS), and regular penetration testing by independent security experts. We also maintain strict "least privilege" access controls, ensuring that our staff only have access to the data they absolutely need to perform their specific job functions, further minimizing the risk of internal data misuse.
46. Risk Assessment
Risk is not static, and neither is our approach to it. We conduct continuous risk assessments to identify emerging threats in the cyber landscape. From phishing awareness campaigns for our staff to analyzing the security of our third-party supply chain, we are proactive in identifying and mitigating potential vulnerabilities before they can be exploited. This forward-looking approach is essential for maintaining a secure data environment.
47. Data Portability Requests
Handling data portability requests requires technical precision. We have developed standardized tools to extract your data in a clean, structured format that is compatible with other modern platforms. We aim to process these requests within 30 days, ensuring that you can take your data with you wherever you choose, reinforcing our commitment to user empowerment and the prevention of platform lock-in.
48. Data Protection Officer (DPO)
To ensure independent oversight of our privacy practices, we have appointed a dedicated Data Protection Officer. Our DPO reports directly to the highest levels of management and acts as a focal point for all data protection issues. They monitor our compliance with the UK GDPR, provide advice on impact assessments, and serve as the primary point of contact for the ICO and for users with complex privacy inquiries.
49. Record Keeping
Comprehensive record-keeping is vital for transparency and auditability. We maintain a centralized and secure log of all data processing activities, mapping the flow of data from collection to deletion. This "data map" allows us to quickly respond to inquiries, assess the impact of changes to our systems, and provide a clear trail of accountability for every piece of personal information we handle.
50. Third-Party Links
Our platform may contain links to external websites, plug-ins, or applications operated by third parties. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit to ensure you understand their practices.
51. Contacting Us
We believe in being accessible and helpful. Whether you have a simple question about a cookie or a complex request regarding your legal rights, our privacy desk is ready to assist. You can reach us at hello@arkplatforms.com. We take all privacy-related correspondence seriously and aim to provide detailed, helpful responses that address your concerns fully and transparently.
52. Final Acknowledgement
By accessing our websites, using our mobile applications, or engaging with our digital services, you acknowledge that you have read, understood, and consented to the practices described in this Privacy Policy. This document forms a core part of your agreement with Ark Platforms. We appreciate your trust in our platform and are committed to honoring it through the highest standards of data protection and privacy excellence.