Privacy & Data Protection Policy
Privacy & Data Protection
Last updated: 05/06/2025
At Arx Nova, we are committed to protecting and respecting your privacy. This Privacy and Data Protection Policy explains how we collect, use, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who We Are
Arx Nova is a UK-based crisis management consultancy working with mid-tier organisations across financial, operational, legal, and reputational matters. We are the data controller for the personal data we collect and process.
If you have any questions about this policy or your data, you can contact us at:
Email: dpo@wearearxnova.com
What Information We Collect
We may collect and process the following types of personal data:
Name and job title
Contact information including email address and phone number
Company details (e.g. business name, size, and sector)
Information you provide when contacting us, including during initial enquiries, consultations, and assessments
Technical data such as IP address, browser type, and website usage through cookies (see our Cookie Policy)
How We Use Your Information
We collect and use your personal data for the following purposes:
To respond to your enquiries and provide professional services
To conduct a free crisis assessment when requested
To manage our client relationships and deliver services
To send occasional updates or insights (only where you have opted in)
To comply with our legal and regulatory obligations
Lawful Bases for Processing
We process your data based on the following lawful grounds:
Consent:
Where you have given us clear permission (e.g. to receive marketing communications)
Contract:
Where processing is necessary for the performance of a contract or to take steps at your request before entering into a contract
Legitimate interests:
Where processing is necessary for our business operations and does not override your data protection rights
Legal obligation:
Where we are required to comply with legal or regulatory duties
Marketing Communications
We will only send you marketing communications if you have explicitly opted in to receive them. You can unsubscribe at any time by clicking the link in our emails or by contacting us directly.
Data Storage and Security
We store your data securely using reputable cloud-based services that comply with UK GDPR requirements. We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse.
How Long We Keep Your Data
We retain personal data only for as long as is necessary for the purposes outlined in this policy. For client records, we may retain data for up to seven years to comply with legal, tax, or regulatory requirements.
Your Rights
Under UK GDPR, you have the following rights:
The right to access your personal data
The right to correct inaccurate or incomplete data
The right to request erasure of your data in certain circumstances
The right to object to or restrict certain types of processing
The right to data portability (to receive your data in a commonly used format)
The right to withdraw consent at any time
The right to lodge a complaint with the Information Commissioner's Office (ICO)
Third Parties and Data Sharing
We do not sell, rent, or trade your data. We may share your information with trusted service providers who help us operate our business (e.g. IT and cloud service providers), but only where they comply with data protection standards.
Changes to This Policy
We may update this policy from time to time. Any changes will be posted on this page, and where appropriate, we will notify you by email.