ARMEXIS and its subsidiaries are committed to protecting personal data and handling information responsibly, lawfully and securely.
This Privacy Policy explains how ARMEXIS collects, uses, stores, shares and protects personal data relating to individuals who interact with our business. This may include customers, suppliers, employees, job applicants, contractors, consultants, website users, professional advisers, business contacts and other stakeholders.
ARMEXIS operates in the defence, engineering and manufacturing sectors. As a result, we take privacy,
confidentiality, security and information governance seriously.
We recognise that the proper handling of personal and business information is essential to maintaining trust, protecting individuals and supporting the secure operation of the business.
This Privacy Policy should be read together with any other privacy notice or information notice provided when ARMEXIS collects or processes personal data.
For the purposes of applicable data protection law, ARMEXIS is the controller of personal data where it determines the purposes and means of processing that data.
References in this Privacy Policy to “ARMEXIS”, “the Company”, “the Group”, “we”, “us” or “our” mean ARMEXIS and, where applicable, its subsidiaries, associated businesses and operating entities.
Our contact details for privacy-related matters are:
ARMEXIS DATA PROTECTION TEAM
EMAIL: privacy@armexis.co.uk
If you have any questions about this Privacy Policy, the way ARMEXIS handles personal data or how to exercise your data protection rights, you should contact the ARMEXIS Data Protection Team using the details above.
The purpose of this Privacy Policy is to explain clearly how ARMEXIS handles personal data.
This includes explaining:
ARMEXIS is committed to ensuring that personal data is processed lawfully, fairly, securely and transparently.
ARMEXIS may collect and process different types of personal data depending on the nature of the relationship and interaction with the individual.
This may include:
ARMEXIS will only collect personal data that is relevant and necessary for the purpose for which it is being processed.
In certain circumstances, ARMEXIS may process special category personal data or other sensitive information.
This may include information relating to:
ARMEXIS will only process special category or sensitive personal data where there is a lawful basis to do so and where appropriate safeguards are in place.
Due to the nature of ARMEXIS’ work, certain roles, contracts, facilities, projects or customer requirements may require additional security, compliance or vetting checks. Where this applies, personal data will be handled carefully and only used for legitimate, lawful and necessary purposes.
ARMEXIS may collect personal data directly from individuals or from third parties.
Personal data may be collected when an individual:
ARMEXIS may also receive personal data from:
ARMEXIS will only collect information from third parties where it is lawful and necessary to do so.
ARMEXIS may use personal data for legitimate business, employment, operational, security, legal and compliance purposes.
This may include using personal data to:
ARMEXIS will not use personal data for purposes that are incompatible with the reason it was collected unless permitted by law.
ARMEXIS will only process personal data where there is a lawful basis to do so.
Depending on the circumstances, ARMEXIS may rely on one or more of the following lawful bases:
Where ARMEXIS relies on legitimate interests, we will consider the nature of the processing, the purpose of the processing and the rights and interests of the individual.
Legitimate interests may include managing business relationships, protecting company assets, maintaining security, preventing fraud, managing risk, improving services, protecting confidential information and supporting the effective operation of the business.
ARMEXIS operates in a sector where security, confidentiality and controlled information handling are essential.
Due to the nature of our work, certain information may be subject to additional controls, contractual restrictions, security obligations, government requirements or confidentiality protections.
ARMEXIS may withhold, restrict or carefully control the disclosure of information where lawful and necessary to protect:
ARMEXIS will assess such matters carefully and lawfully. We will not disclose information where doing so would compromise security, operational integrity, confidentiality, legal obligations or defence-related responsibilities.
ARMEXIS may share personal data where it is lawful, necessary and appropriate to do so.
Personal data may be shared with:
ARMEXIS will only share personal data where there is a proper basis to do so and will take appropriate steps to protect the information being shared.
Where third-party service providers process personal data on behalf of ARMEXIS, they are expected to handle that data securely and only in accordance with ARMEXIS’ instructions and applicable law.
ARMEXIS may operate, partner or communicate internationally.
In some circumstances, personal data may be transferred outside the United Kingdom. This may occur where ARMEXIS works with international customers, suppliers, partners, service providers or professional advisers.
Where personal data is transferred internationally, ARMEXIS will take appropriate steps to ensure that the transfer is lawful and that the personal data is protected in accordance with applicable data protection requirements.
This may include using appropriate contractual safeguards, transfer mechanisms or other lawful measures where required.
ARMEXIS is committed to protecting personal data from unauthorised access, loss, misuse, alteration or disclosure.
We use appropriate technical, organisational and operational measures to protect personal data. These may include:
ARMEXIS expects all employees, contractors, suppliers and partners to handle personal data responsibly and in accordance with applicable policies and procedures.
ARMEXIS will retain personal data only for as long as necessary for the purposes for which it was collected.
Retention periods may vary depending on the type of information, the reason it is held and any legal, regulatory, contractual, operational, security or audit requirements.
When determining retention periods, ARMEXIS may consider:
When personal data is no longer required, ARMEXIS will securely delete, destroy, anonymise or archive it in accordance with applicable requirements and internal procedures.
Individuals may have rights under applicable data protection law in relation to personal data held by ARMEXIS.
These rights may include:
These rights are not absolute and may be subject to legal, regulatory, contractual, security, defence-related or other lawful limitations.
ARMEXIS will consider all valid requests carefully and in accordance with applicable law.
Individuals may request access to personal data that ARMEXIS holds about them. This is commonly known as a subject access request.
Requests should be submitted in writing to:
ARMEXIS DATA PROTECTION TEAM
EMAIL: privacy@armexis.co.uk
Before responding to a request, ARMEXIS may need to verify the identity of the requester. Where a request is made by a third party, ARMEXIS may also require evidence that the third party is authorised to act on behalf of the individual.
ARMEXIS will respond to valid requests within the timescales required by law.
Where a request is complex, unclear or involves a significant volume of information, ARMEXIS may ask the requester to clarify the scope of the request. Where permitted by law, ARMEXIS may extend the response period.
In most circumstances, ARMEXIS will not charge a fee for responding to a valid data protection request.
However, where a request is manifestly unfounded, excessive, repetitive or otherwise abusive, ARMEXIS may charge a reasonable administrative fee or refuse to comply with the request where permitted by law.
ARMEXIS may also refuse to comply with a request, in whole or in part, where a lawful exemption applies.
Any decision to charge a fee, refuse a request or apply an exemption will be considered carefully and recorded appropriately.
ARMEXIS may withhold or restrict the disclosure of personal data where permitted or required by law.
This may include circumstances where disclosure would:
ARMEXIS will assess each request on its own facts and will balance transparency with legal obligations, security considerations, confidentiality and the rights of others.
ARMEXIS takes reasonable steps to ensure that personal data is accurate, complete and kept up to date where necessary.
Individuals are encouraged to inform ARMEXIS if their personal data changes or if they believe information held by ARMEXIS is inaccurate.
Where appropriate, ARMEXIS will correct or update inaccurate personal data in accordance with applicable law.
ARMEXIS may collect limited technical information when individuals visit our website.
This may include:
This information may be used to operate the website, improve performance, understand usage, maintain security and support website functionality.
ARMEXIS may use cookies or similar technologies on its website. Cookies are small files placed on a device to support website functionality, analytics, security or user experience.
Where required, ARMEXIS will provide appropriate cookie information and obtain consent for non-essential cookies.
ARMEXIS may use business contact details to send relevant communications about the company, its services, capabilities, events or business updates.
Individuals may opt out of marketing communications at any time by following the instructions in the communication or by contacting ARMEXIS directly.
ARMEXIS will not sell personal data to third parties for marketing purposes.
Where an individual applies for a role with ARMEXIS, we may process personal data as part of the recruitment process.
This may include:
If an applicant is successful, relevant personal data may become part of the employee record.
If an applicant is unsuccessful, ARMEXIS may retain recruitment data for a limited period for administration, future recruitment, legal or compliance purposes unless the applicant requests otherwise and where deletion is appropriate.
ARMEXIS may use CCTV, visitor logs, access control systems or other security measures at its facilities where appropriate.
These measures may be used to:
Access to CCTV and site security records will be restricted to authorised personnel and retained only for as long as necessary, unless required for investigation, legal, security or compliance purposes.
ARMEXIS does not intentionally collect personal data from children through its website or general business activities.
If ARMEXIS becomes aware that personal data relating to a child has been collected without an appropriate lawful basis, we will take steps to delete or protect that information as appropriate.
ARMEXIS does not generally make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.
If ARMEXIS introduces automated decision making of this nature in the future, appropriate information will be provided where required by law.
ARMEXIS maintains procedures for identifying, assessing and responding to personal data breaches and information security incidents.
Where a breach occurs, ARMEXIS will take appropriate steps to contain the incident, assess the impact, reduce risk and comply with any reporting obligations required by law.
Employees, contractors and suppliers are expected to report suspected data breaches or information security incidents promptly through the appropriate internal channels.
The ARMEXIS website may contain links to third-party websites.
ARMEXIS is not responsible for the privacy practices, content or security of third-party websites. Individuals should read the privacy policies of any third-party websites they visit.
If an individual has concerns about how ARMEXIS handles personal data, they should contact us in the first instance so that we can review and respond to the concern.
Complaints should be sent to:
ARMEXIS DATA PROTECTION TEAM
EMAIL: privacy@armexis.co.uk
Individuals may also have the right to complain to the UK Information Commissioner’s Office or another relevant data protection authority.
ARMEXIS will cooperate with relevant supervisory authorities where required.
ARMEXIS may update this Privacy Policy from time to time to reflect changes in law, regulation, business operations, security requirements or data processing practices.
The latest version of this Privacy Policy will be published on the ARMEXIS website.
Individuals are encouraged to review this Privacy Policy periodically to remain informed about how ARMEXIS handles personal data.
ARMEXIS is committed to handling personal data lawfully, securely and responsibly.
We recognise that privacy, confidentiality and information security are essential to trust, governance and operational resilience.
Our approach is based on:
ARMEXIS will continue to develop its privacy, security and information governance processes as the business grows.
Our commitment is to protect personal data, respect individual rights and maintain the standards expected of a responsible UK defence engineering and manufacturing business.
ARMEXIS does not intentionally collect personal data from children through its website or general business activities.
If ARMEXIS becomes aware that personal data relating to a child has been collected without an appropriate lawful basis, we will take steps to delete or protect that information as appropriate.
ARMEXIS
DELIVERING SOVEREIGN CAPABILITY
© MMXXVI ARMEXIS | ALL RIGHTS RESERVED
INFO@ARMEXIS.CO.UK