Wraith Engineering
  • HOME
  • ABOUT
  • VISION
  • CAPABILITIES
  • GOVERNANCE
    • BOARD OF DIRECTORS
    • COMMITMENT TO QUALITY
    • CORE VALUES
    • EQUAL OPPORTUNITY
    • PRIVACY POLICY
    • RISK MANAGEMENT POLICY
    • CAREERS
  • More
    • HOME
    • ABOUT
    • VISION
    • CAPABILITIES
    • GOVERNANCE
      • BOARD OF DIRECTORS
      • COMMITMENT TO QUALITY
      • CORE VALUES
      • EQUAL OPPORTUNITY
      • PRIVACY POLICY
      • RISK MANAGEMENT POLICY
      • CAREERS
Wraith Engineering
  • HOME
  • ABOUT
  • VISION
  • CAPABILITIES
  • GOVERNANCE
    • BOARD OF DIRECTORS
    • COMMITMENT TO QUALITY
    • CORE VALUES
    • EQUAL OPPORTUNITY
    • PRIVACY POLICY
    • RISK MANAGEMENT POLICY
    • CAREERS

PRIVACY POLICY

INTRODUCTION

ARMEXIS and its subsidiaries are committed to protecting personal data and handling information responsibly, lawfully and securely.


This Privacy Policy explains how ARMEXIS collects, uses, stores, shares and protects personal data relating to individuals who interact with our business. This may include customers, suppliers, employees, job applicants, contractors, consultants, website users, professional advisers, business contacts and other stakeholders.


ARMEXIS operates in the defence, engineering and manufacturing sectors. As a result, we take privacy, 

confidentiality, security and information governance seriously. 


We recognise that the proper handling of personal and business information is essential to maintaining trust, protecting individuals and supporting the secure operation of the business.


This Privacy Policy should be read together with any other privacy notice or information notice provided when ARMEXIS collects or processes personal data.

WHO WE ARE

For the purposes of applicable data protection law, ARMEXIS is the controller of personal data where it determines the purposes and means of processing that data.


References in this Privacy Policy to “ARMEXIS”, “the Company”, “the Group”, “we”, “us” or “our” mean ARMEXIS and, where applicable, its subsidiaries, associated businesses and operating entities.


Our contact details for privacy-related matters are:


ARMEXIS DATA PROTECTION TEAM
EMAIL: privacy@armexis.co.uk

If you have any questions about this Privacy Policy, the way ARMEXIS handles personal data or how to exercise your data protection rights, you should contact the ARMEXIS Data Protection Team using the details above.

PURPOSE OF THIS PRIVACY POLICY

The purpose of this Privacy Policy is to explain clearly how ARMEXIS handles personal data.


This includes explaining:


  • What personal data we may collect
  • Why we collect personal data
  • How we use personal data
  • The lawful basis for processing personal data
  • Who personal data may be shared with
  • How long personal data may be retained
  • How personal data is protected
  • What rights individuals may have
  • How requests relating to personal data should be made


ARMEXIS is committed to ensuring that personal data is processed lawfully, fairly, securely and transparently.

PERSONAL DATA WE MAY COLLECT

ARMEXIS may collect and process different types of personal data depending on the nature of the relationship and interaction with the individual.


This may include:


  • Name
  • Job title
  • Employer or organisation
  • Business address
  • Personal or business contact details
  • Email address
  • Telephone number
  • Identification information
  • Employment history
  • Qualifications and training records
  • Recruitment and application information
  • Right to work information
  • Security clearance or vetting-related information where applicable
  • Contractual and commercial information
  • Payment and invoicing information
  • Correspondence and communication records
  • Meeting notes and contact history
  • Website usage information
  • Technical data such as IP address, browser type and device information
  • CCTV or site access records where applicable
  • Health and safety records where required
  • Compliance, audit or investigation records where necessary


ARMEXIS will only collect personal data that is relevant and necessary for the purpose for which it is being processed.

SPECIAL CATEGORY DATA AND SENSITIVE INFORMATION

In certain circumstances, ARMEXIS may process special category personal data or other sensitive information.


This may include information relating to:


  • Health or medical fitness where required for employment, site safety or legal compliance
  • Security clearance, vetting or suitability checks where applicable
  • Equal opportunity monitoring where legally permitted and appropriate
  • Trade union membership where relevant to employment administration
  • Criminal offence data where checks are lawful and necessary for a role or contract


ARMEXIS will only process special category or sensitive personal data where there is a lawful basis to do so and where appropriate safeguards are in place.


Due to the nature of ARMEXIS’ work, certain roles, contracts, facilities, projects or customer requirements may require additional security, compliance or vetting checks. Where this applies, personal data will be handled carefully and only used for legitimate, lawful and necessary purposes.

HOW WE COLLECT PERSONAL DATA

ARMEXIS may collect personal data directly from individuals or from third parties.


Personal data may be collected when an individual:


  • Contacts ARMEXIS by email, telephone, website form or post
  • Provides business contact details
  • Enters into discussions with ARMEXIS
  • Visits an ARMEXIS website
  • Applies for a role with ARMEXIS
  • Works for or with ARMEXIS
  • Attends an ARMEXIS site, facility or event
  • Provides goods or services to ARMEXIS
  • Enters into a contract or commercial relationship with ARMEXIS
  • Communicates with ARMEXIS as a customer, supplier, partner or stakeholder

ARMEXIS may also receive personal data from:


  • Employers or business contacts
  • Customers or suppliers
  • Recruitment agencies
  • Professional advisers
  • Government departments or public authorities
  • Security, vetting or compliance bodies
  • Publicly available sources
  • Due diligence providers
  • Regulatory or law enforcement bodies where lawful and appropriate


ARMEXIS will only collect information from third parties where it is lawful and necessary to do so.

HOW WE USE PERSONAL DATA

ARMEXIS may use personal data for legitimate business, employment, operational, security, legal and compliance purposes.


This may include using personal data to:


  • Communicate with customers, suppliers, partners and stakeholders
  • Respond to enquiries
  • Manage business relationships
  • Assess and enter into contracts
  • Deliver products and services
  • Manage supplier and customer accounts
  • Process payments and invoices
  • Conduct due diligence
  • Support procurement activity
  • Manage recruitment and employment processes
  • Verify identity, qualifications, suitability and right to work
  • Support security clearance, vetting or site access requirements
  • Manage facilities, access control and site security
  • Comply with legal, regulatory and contractual obligations
  • Maintain records for governance, audit and compliance purposes
  • Support health, safety and environmental management
  • Manage risks, disputes, claims or investigations
  • Protect ARMEXIS’ business, people, assets and information
  • Improve our website, systems, processes and services
  • Maintain cyber security and information security
  • Support business continuity and operational resilience


ARMEXIS will not use personal data for purposes that are incompatible with the reason it was collected unless permitted by law.

LAWFUL BASIS FOR PROCESSING PERSONAL DATA

ARMEXIS will only process personal data where there is a lawful basis to do so.


Depending on the circumstances, ARMEXIS may rely on one or more of the following lawful bases:


  • The individual has given consent
  • Processing is necessary for the performance of a contract
  • Processing is necessary before entering into a contract
  • Processing is necessary to comply with a legal obligation
  • Processing is necessary to protect vital interests
  • Processing is necessary for legitimate business interests
  • Processing is necessary for reasons of substantial public interest where applicable


Where ARMEXIS relies on legitimate interests, we will consider the nature of the processing, the purpose of the processing and the rights and interests of the individual.


Legitimate interests may include managing business relationships, protecting company assets, maintaining security, preventing fraud, managing risk, improving services, protecting confidential information and supporting the effective operation of the business.

DEFENCE, SECURITY AND CONFIDENTIALITY CONSIDERATIONS

ARMEXIS operates in a sector where security, confidentiality and controlled information handling are essential.


Due to the nature of our work, certain information may be subject to additional controls, contractual restrictions, security obligations, government requirements or confidentiality protections.


ARMEXIS may withhold, restrict or carefully control the disclosure of information where lawful and necessary to protect:


  • National security
  • Defence interests
  • Operational security
  • Customer confidentiality
  • Commercial confidentiality
  • Legal privilege
  • Security-sensitive information
  • The rights and freedoms of others
  • Controlled technical or operational information
  • Contractual obligations
  • Regulatory or legal requirements


ARMEXIS will assess such matters carefully and lawfully. We will not disclose information where doing so would compromise security, operational integrity, confidentiality, legal obligations or defence-related responsibilities.

SHARING PERSONAL DATA

ARMEXIS may share personal data where it is lawful, necessary and appropriate to do so.


Personal data may be shared with:


  • ARMEXIS subsidiaries or associated entities
  • Customers
  • Suppliers
  • Contractors
  • Professional advisers
  • Insurers
  • Banks and payment providers
  • IT service providers
  • HR, payroll and recruitment providers
  • Security, vetting or screening providers
  • Auditors
  • Legal advisers
  • Government departments
  • Regulatory bodies
  • Law enforcement agencies
  • Courts or tribunals
  • Other parties where required by law, contract or legitimate business need


ARMEXIS will only share personal data where there is a proper basis to do so and will take appropriate steps to protect the information being shared.


Where third-party service providers process personal data on behalf of ARMEXIS, they are expected to handle that data securely and only in accordance with ARMEXIS’ instructions and applicable law.

INTERNATIONAL TRANSFERS

ARMEXIS may operate, partner or communicate internationally.


In some circumstances, personal data may be transferred outside the United Kingdom. This may occur where ARMEXIS works with international customers, suppliers, partners, service providers or professional advisers.


Where personal data is transferred internationally, ARMEXIS will take appropriate steps to ensure that the transfer is lawful and that the personal data is protected in accordance with applicable data protection requirements.


This may include using appropriate contractual safeguards, transfer mechanisms or other lawful measures where required.

DATA SECURITY

ARMEXIS is committed to protecting personal data from unauthorised access, loss, misuse, alteration or disclosure.

We use appropriate technical, organisational and operational measures to protect personal data. These may include:


  • Access controls
  • Password protections
  • Information security procedures
  • Staff training
  • Confidentiality obligations
  • Secure storage
  • Controlled access to systems and facilities
  • Cyber security measures
  • Supplier due diligence
  • Incident management procedures
  • Data minimisation
  • Role-based access controls
  • Secure disposal processes


ARMEXIS expects all employees, contractors, suppliers and partners to handle personal data responsibly and in accordance with applicable policies and procedures.

DATA RETENTION

ARMEXIS will retain personal data only for as long as necessary for the purposes for which it was collected.


Retention periods may vary depending on the type of information, the reason it is held and any legal, regulatory, contractual, operational, security or audit requirements.


When determining retention periods, ARMEXIS may consider:


  • The purpose for which the data was collected
  • The nature of the relationship with the individual
  • Legal and regulatory requirements
  • Contractual obligations
  • Security and defence-related obligations
  • Employment law requirements
  • Audit and governance requirements
  • Limitation periods for legal claims
  • Business continuity and operational requirements


When personal data is no longer required, ARMEXIS will securely delete, destroy, anonymise or archive it in accordance with applicable requirements and internal procedures.

YOUR DATA PROTECTION RIGHTS

Individuals may have rights under applicable data protection law in relation to personal data held by ARMEXIS.


These rights may include:


  • The right to be informed about how personal data is used
  • The right to request access to personal data
  • The right to request correction of inaccurate personal data
  • The right to request deletion of personal data in certain circumstances
  • The right to request restriction of processing
  • The right to object to certain processing
  • The right to data portability in certain circumstances
  • Rights relating to automated decision-making where applicable
  • The right to withdraw consent where processing is based on consent


These rights are not absolute and may be subject to legal, regulatory, contractual, security, defence-related or other lawful limitations.


ARMEXIS will consider all valid requests carefully and in accordance with applicable law.

SUBJECT ACCESS REQUESTS

Individuals may request access to personal data that ARMEXIS holds about them. This is commonly known as a subject access request.


Requests should be submitted in writing to:


ARMEXIS DATA PROTECTION TEAM
EMAIL: privacy@armexis.co.uk

Before responding to a request, ARMEXIS may need to verify the identity of the requester. Where a request is made by a third party, ARMEXIS may also require evidence that the third party is authorised to act on behalf of the individual.


ARMEXIS will respond to valid requests within the timescales required by law.


Where a request is complex, unclear or involves a significant volume of information, ARMEXIS may ask the requester to clarify the scope of the request. Where permitted by law, ARMEXIS may extend the response period.

FEES, EXCESSIVE REQUESTS AND REFUSAL TO COMPLY

In most circumstances, ARMEXIS will not charge a fee for responding to a valid data protection request.


However, where a request is manifestly unfounded, excessive, repetitive or otherwise abusive, ARMEXIS may charge a reasonable administrative fee or refuse to comply with the request where permitted by law.


ARMEXIS may also refuse to comply with a request, in whole or in part, where a lawful exemption applies.


Any decision to charge a fee, refuse a request or apply an exemption will be considered carefully and recorded appropriately.

EXEMPTIONS AND RESTRICTED DISCLOSURE

ARMEXIS may withhold or restrict the disclosure of personal data where permitted or required by law.


This may include circumstances where disclosure would:


  • Adversely affect national security or defence interests
  • Compromise security or operational integrity
  • Disclose confidential customer, supplier or third-party information
  • Reveal legally privileged material
  • Prejudice legal proceedings or investigations
  • Affect the rights and freedoms of another individual
  • Breach contractual confidentiality obligations
  • Disclose commercially sensitive information
  • Undermine fraud prevention, security or compliance activity
  • Conflict with legal or regulatory obligations


ARMEXIS will assess each request on its own facts and will balance transparency with legal obligations, security considerations, confidentiality and the rights of others.

ACCURACY OF PERSONAL DATA

ARMEXIS takes reasonable steps to ensure that personal data is accurate, complete and kept up to date where necessary.


Individuals are encouraged to inform ARMEXIS if their personal data changes or if they believe information held by ARMEXIS is inaccurate.


Where appropriate, ARMEXIS will correct or update inaccurate personal data in accordance with applicable law.

WEBSITE DATA AND COOKIES

ARMEXIS may collect limited technical information when individuals visit our website.


This may include:


  • IP address
  • Browser type
  • Device information
  • Pages visited
  • Date and time of visit
  • Website usage data
  • Referring website information


This information may be used to operate the website, improve performance, understand usage, maintain security and support website functionality.


ARMEXIS may use cookies or similar technologies on its website. Cookies are small files placed on a device to support website functionality, analytics, security or user experience.


Where required, ARMEXIS will provide appropriate cookie information and obtain consent for non-essential cookies.

MARKETING COMMUNICATIONS

ARMEXIS may use business contact details to send relevant communications about the company, its services, capabilities, events or business updates.


Individuals may opt out of marketing communications at any time by following the instructions in the communication or by contacting ARMEXIS directly.


ARMEXIS will not sell personal data to third parties for marketing purposes.

RECRUITMENT AND EMPLOYMENT DATA

Where an individual applies for a role with ARMEXIS, we may process personal data as part of the recruitment process.


This may include:


  • CVs and application forms
  • Qualifications and work history
  • Interview notes
  • References
  • Right to work information
  • Identity verification
  • Security or vetting information where applicable
  • Assessment results
  • Communication records


If an applicant is successful, relevant personal data may become part of the employee record.


If an applicant is unsuccessful, ARMEXIS may retain recruitment data for a limited period for administration, future recruitment, legal or compliance purposes unless the applicant requests otherwise and where deletion is appropriate.

CCTV, SITE ACCESS AND FACILITY SECURITY

ARMEXIS may use CCTV, visitor logs, access control systems or other security measures at its facilities where appropriate.


These measures may be used to:


  • Protect people
  • Protect property and assets
  • Maintain site security
  • Manage access to facilities
  • Support health and safety
  • Prevent and detect crime
  • Investigate incidents
  • Comply with contractual or security obligations


Access to CCTV and site security records will be restricted to authorised personnel and retained only for as long as necessary, unless required for investigation, legal, security or compliance purposes.

INFORMATION RELATING TO CHILDREN

ARMEXIS does not intentionally collect personal data from children through its website or general business activities.


If ARMEXIS becomes aware that personal data relating to a child has been collected without an appropriate lawful basis, we will take steps to delete or protect that information as appropriate.

AUTOMATED DECISION-MAKING

ARMEXIS does not generally make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.


If ARMEXIS introduces automated decision making of this nature in the future, appropriate information will be provided where required by law.

DATA BREACHES AND INCIDENT MANAGEMENT

ARMEXIS maintains procedures for identifying, assessing and responding to personal data breaches and information security incidents.


Where a breach occurs, ARMEXIS will take appropriate steps to contain the incident, assess the impact, reduce risk and comply with any reporting obligations required by law.


Employees, contractors and suppliers are expected to report suspected data breaches or information security incidents promptly through the appropriate internal channels.

THIRD PARTY WEBSITES

The ARMEXIS website may contain links to third-party websites.


ARMEXIS is not responsible for the privacy practices, content or security of third-party websites. Individuals should read the privacy policies of any third-party websites they visit.

COMPLAINTS

If an individual has concerns about how ARMEXIS handles personal data, they should contact us in the first instance so that we can review and respond to the concern.


Complaints should be sent to:


ARMEXIS DATA PROTECTION TEAM
EMAIL: privacy@armexis.co.uk

Individuals may also have the right to complain to the UK Information Commissioner’s Office or another relevant data protection authority.


ARMEXIS will cooperate with relevant supervisory authorities where required.

CHANGES TO THIS PRIVACY POLICY

ARMEXIS may update this Privacy Policy from time to time to reflect changes in law, regulation, business operations, security requirements or data processing practices.


The latest version of this Privacy Policy will be published on the ARMEXIS website.


Individuals are encouraged to review this Privacy Policy periodically to remain informed about how ARMEXIS handles personal data.

OUR COMMITMENT

ARMEXIS is committed to handling personal data lawfully, securely and responsibly.


We recognise that privacy, confidentiality and information security are essential to trust, governance and operational resilience.


Our approach is based on:


  • Lawful processing
  • Clear purpose
  • Data minimisation
  • Security
  • Confidentiality
  • Accountability
  • Transparency where appropriate
  • Respect for individual rights
  • Protection of defence and security-sensitive information
  • Responsible information governance


ARMEXIS will continue to develop its privacy, security and information governance processes as the business grows.


Our commitment is to protect personal data, respect individual rights and maintain the standards expected of a responsible UK defence engineering and manufacturing business.

INFORMATION RELATING TO CHILDREN

ARMEXIS does not intentionally collect personal data from children through its website or general business activities.


If ARMEXIS becomes aware that personal data relating to a child has been collected without an appropriate lawful basis, we will take steps to delete or protect that information as appropriate.

TOP
HOME
  • HOME
  • CAPABILITIES
  • BOARD OF DIRECTORS
  • COMMITMENT TO QUALITY
  • CORE VALUES
  • EQUAL OPPORTUNITY
  • CAREERS

ARMEXIS

DELIVERING SOVEREIGN CAPABILITY

© MMXXVI ARMEXIS  | ALL RIGHTS RESERVED 

INFO@ARMEXIS.CO.UK