Privacy Policy

Introduction

The aim of this privacy policy is to introduce the rules related to the protection of personal data that ARAM TECHNOLOGIES agrees to respect as data controller and data processor, for all personal data covered by this policy. These rules were drafted pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter “GDPR”) on the protection of individuals with regards to processing of personal data and on the free movement of such data, and repealing Directive 95/46/CE.

This document is subject to change where necessary in order to implement the obligations imposed by personal data protection legislation. We encourage you to periodically review this privacy policy on this dedicated page.
The concepts related to personal data protection used in this document have the meaning given in the GDPR, notably in accordance with article 4 of the GDPR.

General principles on personal data protection

When ARAM TECHNOLOGIES acts as a data controller

Pursuant to article 5 of the GDPR, ARAM TECHNOLOGIES ensures that personal data are:

processed lawfully, fairly and in a transparent manner;
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
accurate and, where necessary, kept up to date;
kept for no longer than is necessary for the purposes for which the data are processed;
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

When ARAM TECHNOLOGIES acts as a data processor

Pursuant to article 28 of the GDPR, ARAM TECHNOLOGIES ensures that:

the purposes of the processing are described in the contract signed between ARAM TECHNOLOGIES and the client;
the client’s personal data are processed solely for the purpose for which they were originally collected based on their instructions, in accordance with the terms of the contract;
the deletion of personal data is carried out at the end the of contractual relationship and under the conditions laid down in the contract, unless the applicable law requires the preservation of personal data.

Purpose and legal basis of personal data processing

When ARAM TECHNOLOGIES acts as data controller

For internal needs, ARAM TECHNOLOGIES collects personal data for purposes such as:

management of customer contacts and leads (sending marketing, product or Group information, satisfying customers and leads, producing statistics, etc.);
management of commercial contracts (fulfilling orders, billing, debt recovery, etc.);
management of ARAM TECHNOLOGIES’s staff, recruitment and careers (evaluating and contacting candidates, etc.);
creation and administration of user accounts;
development and management of services to which the client has subscribed (recording calls to the helpdesk, etc.).

Depending on these different purposes, ARAM TECHNOLOGIES ensures that at least one of the following applies:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract;
processing is necessary for compliance with a legal obligation to which ARAM TECHNOLOGIES is subject;
processing is necessary for the purposes of the legitimate interests pursued by ARAM TECHNOLOGIES, except where such interests are overridden by the interests, fundamental rights and freedoms of the data subject.

Purposes not detailed in this section are provided in the dedicated notices presented to the data subjects concerned at the time of personal data collection.

When ARAM TECHNOLOGIES acts as data processor
ARAM TECHNOLOGIES may need to access and process personal data provided by its clients in order to provide offerings and services to which the customer subscribes. This access and processing are governed by a contract containing specific clauses for data protection signed between ARAM TECHNOLOGIES and the client.

ARAM TECHNOLOGIES processes personal data only on behalf of the client based on their documented instructions, in accordance with the provisions of the contract.

Security and notification of personal data breaches

ARAM TECHNOLOGIES has taken technical and organisational measures to ensure a level of security appropriate to the risks. All employees of ARAM TECHNOLOGIES are subject to an IT security charter appended to the internal policy to ensure an appropriate level of security.

Pursuant to articles 33 and 34 of the GDPR, personal data breaches shall be notified:

to the UK supervisory authority and, if necessary, to data subjects affected by the breach, when ARAM TECHNOLOGIES acts as a data controller;
to its clients affected by the breach in accordance with the contract signed between ARAM TECHNOLOGIES and its clients, when ARAM TECHNOLOGIES acts as a data processor.

Data subject’s rights

When ARAM TECHNOLOGIES acts as a data controller

Under the conditions set forth in articles 15 and 22 of the GDPR, data subjects have the right to:

access their personal data processed by ARAM TECHNOLOGIES;
request the rectification, erasure or restriction of processing of personal data carried out by ARAM TECHNOLOGIES;
in certain circumstances, object to the processing of their personal data;
request the portability of personal data;
withdraw their consent when it is the legal basis of the processing;
give instructions regarding the handling of their personal data after their death (pursuant to Law no. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties).

ARAM TECHNOLOGIES reserves the right to ask for clarifications in relation to any request and to verify the identity of the requester. An “Unsubscribe” link is also available in our marketing emails. In any event, ARAM TECHNOLOGIES recommends contacting us for more information about data protection regulations, the rights of data subjects and the possibility of lodging a complaint.

When ARAM TECHNOLOGIES acts as data processor

In the event ARAM TECHNOLOGIES receives a request from a data subject whose data is processed in the course of performing the contract between ARAM TECHNOLOGIES and the client, ARAM TECHNOLOGIES will communicate this request to the client at the earliest opportunity upon its receipt and, taking into account the nature of the processing and the terms of the contract, will take appropriate technical and organisational measures to assist the client with fulfilling its obligation to respond to these requests, insofar as this is possible.

The client remains nevertheless responsible for replying to the data subject concerned.

Information to be given to the data subject

When ARAM TECHNOLOGIES acts as a data controller

ARAM TECHNOLOGIES undertakes to provide data subjects with at least the following information, to the extent possible and regardless of the processing carried out:

the contact information of the controller and its Data Protection Officer;
the purposes of the processing and its legal basis;
the recipients;
transfers of data outside the EU, if applicable;
the length of time the data will be kept;
the possibility to request the exercise of any available rights pursuant to the applicable regulations;
the right to submit a complaint with the supervisory authority.

When ARAM TECHNOLOGIES acts as data processor
Pursuant to article 13 of the GDPR, the controller has the responsibility to inform data subjects. In accordance with the terms of the contract, ARAM TECHNOLOGIES provides clients acting as data controllers with any information that might help them enforce article 13 of the GDPR.

Transfers outside the European Union
Personal data may be processed outside European Union. As a consequence, pursuant to data protection legislation, ARAM TECHNOLOGIES cannot transfer personal data, without implementing the appropriate safeguards according to article 46 of the GDPR, outside:

the European Union, or
the European Economic Area, or
countries recognised by the European Commission as having an adequate level of security.

Data recipients
ARAM TECHNOLOGIES may share personal data with third parties solely under the conditions of this document and/or the applicable contract.

Services provider

ARAM TECHNOLOGIES may share personal data with third parties who provide services, including:

on ARAM TECHNOLOGIES’s behalf, as part of the performance of the client contract (hosting, consulting, subcontracting, etc.) and in accordance with its terms;
to help ARAM TECHNOLOGIES fulfil the financial and administrative conditions of the contract (debt recovery, invoicing, etc.);
to send marketing communications on behalf of ARAM TECHNOLOGIES;
support in the development of new products or services.

Commercial or distributor ARAM TECHNOLOGIES partners

ARAM TECHNOLOGIES has developed a network of partners (distributors, publishers, etc.) for several of its offerings in order to help it deliver and develop its products. Depending on which product is or may be of interest to the contact, ARAM TECHNOLOGIES may need to share this contact’s information with an appropriate partner.

Subsidiaries of ARAM TECHNOLOGIES
ARAM TECHNOLOGIES may share personal data with the subsidiaries or the purposes that are described in this privacy policy, if necessary for its implementation (signing a contract, applying for a position in a subsidiary outside UK, etc.).

Public authorities

In certain situations, ARAM TECHNOLOGIES may be required to disclose personal data in response to a request by a public authority, a subpoena, or any other lawful request pursuant to the applicable legislation. In such cases, ARAM TECHNOLOGIES will disclose the necessary data, particularly when it believes in good faith that disclosure is necessary to protect your rights, ensure your safety or the safety of others, investigate fraud, or meet a legal requirement. For more information about the recipients, please contact us.

Cooperation of ARAM TECHNOLOGIES with its clients and with the supervisory authority

In accordance with article 28 of the GDPR and its contractual commitments, ARAM TECHNOLOGIES undertakes to reasonably cooperate with its clients in order to help them meet their obligations pursuant to articles 32 to 36 of the GDPR.
More generally, ARAM TECHNOLOGIES agrees to cooperate with the UK supervisory authority where necessary and to reasonably consider its recommendations.

Privacy by design regarding products and services

If ARAM TECHNOLOGIES plans to develop a new service or offering, ARAM TECHNOLOGIES, in its capacity as a software publisher, will make every effort to introduce “privacy by design” principles from the beginning of the project, thereby helping its clients comply with the applicable regulations using specific features and resources.

ARAM TECHNOLOGIES staff awareness

All new ARAM TECHNOLOGIES employees must take an awareness training concerning personal data protection. More generally, ARAM TECHNOLOGIES will make every effort to offer its employees regular awareness training regarding personal data protection.
Awareness training or more specific trainings may be conducted for employees working on a regular basis with personal data.

Records of processing activities

Pursuant to article 30 of the GDPR, ARAM TECHNOLOGIES maintains two records of personal data processing:

a record describing the processing carried out as data controller;
a record describing the processing carried out on behalf of its clients acting as data controllers, based on their instructions.

These records are made available upon request.

Contractual policy

Pursuant to article 28 of the GDPR, ARAM TECHNOLOGIES has incorporated the new mandatory contractual stipulations into all contracts concerned. Accordingly, specific contractual clauses on data protection pursuant to the applicable regulations have been added to:

client contracts (GTC/GTU);
contracts between ARAM TECHNOLOGIES and its own data processors.

Privacy Policy

ABOUT