Privacy Policy

Privacy Policy

Updated: 05.01.2024


Definitions
Arx Compliance means:
  • Arx Compliance AS, as the legal entity responsible for the group's operations in Norway;
  • and any majority-owned or controlled subsidiaries or affiliates.
References to Arx Compliance shall be taken to mean any or all of the above entities depending upon the context. Unless expressly stated otherwise, references to Arx Compliance in connection with the GDPR shall be taken to mean Arx Compliance.

Solution - means the Arx Compliance regulatory compliance software solution.

Personal Data - Any information relating to an individual, including name, telephone number, address, email address, social security number, personal business transaction details, Account Information and Personal Trading Data.

Special Category Data - The processing of Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person sex life or sexual orientation.

Sensitive Personal Information - means government identification numbers or financial account numbers associated with individual persons (e.g. Social Security numbers, driver’s license numbers, or personal credit card or banking account numbers), and medical records or health care claim information associated with individuals, including claims for payment or reimbursement for any type of medical care for an individual.

Processing of personal information or “processing” - Any operation or set of operations performed on personal information, whether by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combination, blocking, erasure or destruction.

Third Party - Any person, partnership, corporation, public authority, government agency, or any other entity other than the individual, under the direct authority of Arx Compliance, that are authorized to process the data.

Recipient - The person, public authority, government agency, or any other entity to which Personal Data is disclosed, even if the recipient is a third party.

Data Controller - determines how and why Personal Data is processed.

Data Processor - is responsible for processing Personal Data on behalf of a Data Controller.

CCPA terms – “Business,” “Service Provider,” and “Personal Information” shall have the meanings defined by the CCPA. 
No distinction between “data” and “information” is made when those terms are used generally in this policy.

Overview 
Arx Compliance is a leading provider of compliance and regulatory solutions for financial services and enterprise firms. We provide compliance software with a focus on global regulations including, SEC, FINRA, FCPA, FCA, UK Bribery Act, and MiFID. Our solutions provide a fully configurable platform that manages the complex and burdensome processes associated with managing employee compliance. 

Arx Compliance offers products and services in the business-to-business market sector.
 
Arx Compliance operates as a Data Processor or Service Provider in terms of the products and services we provide to our Clients, and as a Data Controller or Business when we collect or process Personal Data or Personal Information for our own internal use as an organization.

What this Privacy Policy covers 
The Arx Compliance Privacy Policy tells you what to expect when Arx Compliance collects personal information as a Data Controller or Business in respect of: 
  • the Personal Data we collect; 
  • how Personal Data is used and for what purpose; 
  • the transfer of Personal Data to a Third Party; 
  • how we maintain accuracy, integrity and security of your Personal Data;
  • how we retain and destroy your Personal Data; 
  • what are your individual rights in respect of your Personal Data; 
  • Personal Data of children under 13 years of age, and; 
  • contact details if you have any questions relating to the use of your Personal Data;

The Personal Data we collect 
Visitors to the Arx Compliance website, offices, public and private events can be asked to provide Personal Data relating to: 
  • queries or feedback you leave, including your name, email address, or telephone number if you contact arxcompliance.no; 
  • your name, email address and subscription preferences when you sign up to our email alerts; 
  • how you use our website - for example website navigation, whether you open items, and which links you click on, cookie use and page tagging techniques; 
  • Information provided to us in relation to technical assistance; 
  • Arx Compliance product interactions and performance data in relation to our products and services, and; 
  • your Internet Protocol (IP) address, and details of which version of web browser you used.
How Personal Data is used and for what purpose
Arx Compliance processes the Personal Data we collect as a Data Controller in accordance with this Privacy Policy. The lawful basis for collection by Arx Compliance under the GDPR may be based upon consent, legal obligation or legitimate interests. Examples of the purposes for which we may collect and process Personal Data may include: 
  • Responding to Requests for Information; 
  • Responding to Subject Access Requests; 
  • Responding to Data Breach Notifications; 
  • Responding to Due Diligence requests; 
  • Providing audit evidence; 
  • Providing white papers and resources; 
  • Registering users for Arx Compliance promotional material and events;
  • Contacting users for marketing and sales queries; 
  • Evaluating and improving the online user experience; 
  • Compliance with legal, regulatory and business obligations 
  • Analyzing website visitor information

Transfer of Personal Data to a Third Party 
Arx Compliance does not sell, lease, rent or give away Personal Data. Personal Data is handled in line with Arx Compliance’s Policies. Personal Data processed by Arx Compliance is subject to the:
EU General Data Protection Regulation (“GDPR”)
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS. 

  1. Intra-Group 
Arx Compliance may transfer Personal Data outside of the EEA to other group entities. In order to protect the security of Personal Data during such transfer, Arx Compliance relies on Intragroup International Data Transfer Agreements that incorporate the safeguards set out in the Standard Contractual Clauses. 

  1. Third Party 
Arx Compliance may also transfer Personal Data to other third-party service providers outside of the EEA. If and when transferring Personal Data outside the EEA, Arx Compliance will do so using one of the following safeguards:
 i. the transfer is to a non-EEA country that has been the subject of an adequacy decision by the EU Commission; 
ii. the transfer is covered by a contractual agreement compliant with the rules within Data Protection Laws relating to transfers to countries outside the EEA; or 
iii. the transfer is to an organisation which has binding corporate rules approved by an EU data protection authority.

How we maintain confidentiality, integrity and availability of your Personal Data 
In its roles as Data Controller/Business and Data Processor/Service Provider, Arx Compliance seeks to adhere to the following security principles: 
  • Confidentiality
  • Integrity
  • Availability 
This is achieved through the application of Security Controls: Administration, Technical and Physical. When combined these provide a number of security layers, designed to safeguard against any potential threats. 
These controls are subject to independent audits, security testing and external assessments by clients, and independent organizations against the latest industry standards. These security controls require constant and consistent audits, reviews, monitoring and communication. This is provided by Senior Management and the Board through the practices of Governance, Risk and Compliance.

How we retain and destroy your Personal Data 
Arx Compliance is bound by legal, regulatory, and business obligations in relation to the retention of Personal Data, with the purposes of:
  • Maintaining business relationships;
  • The provision of products, services or information based upon entitlement or reasonable expectations; 
  • Legal, regulatory, and contractual compliance; 


Please be aware that elements of legal and regulatory compliance may overrule the fundamental rights associated with your data protection rights. 

Destruction of Personal Data is subject to industry best practice.

Your individual rights in respect to your Personal Data – General Data Protection Regulation 
As a Data Controller, Arx Compliance observes and upholds your rights in respect to the General Data Protection Regulation. These rights are based upon: 
  • the right to request information regarding the Personal Data we process concerning you (Subject Access Request);
  • the right to rectify, update or complement inaccurate or incomplete Personal Data concerning you;
  • the right to delete or request the erasure of Personal Data concerning you, exceptions apply; for example, criminal records or due to legal and regulatory requirements; 
  • the right to withdraw any consent you may have given for us to process Personal Data concerning you; 
  • the right to object to our processing of Personal Data concerning you on the basis of our, or of third-parties’ legitimate interests; 
  • the right to obtain from us the portability of Personal Data concerning you which we process using automated means on the basis of your consent or of a contract you have entered into with us, and;
  • the right to, in the European Economic Area lodge a privacy complaint with a supervisory authority if you are unhappy with the way we have handled your Personal Data or any privacy query or request that you have raised with us.

Subject Access Request 
A Subject Access Request is a request from an individual to see copies of information held by an organization about them, as such: 
  • Arx Compliance, in its capacity as a Data Controller, is obliged to take reasonable measures to confirm your identity and the grounds of those making the request; 
  • Arx Compliance will notify client-based requests (Subject Access Requests) to the appropriate Data Controller within agreed timescales; 
  • Arx Compliance will process other Subject Access Requests within one calendar month. This period is extendable under certain criteria.

Monitoring of Internal Activities 
Arx Compliance does not engage in blanket monitoring of internal communications but does reserve the right to monitor access, retrieve, read, or disclose internal communications when: 
  • a legitimate business need exists that cannot be satisfied by other means; 
  • the involved individual is unavailable, and timing is critical to a business activity; 
  • there is reasonable cause to suspect criminal activity or policy violation;
  • monitoring is required by law, regulation, or third party agreement. 
At any time and without prior notice, Arx Compliance management reserves the right to examine archived electronic mail, personal computer file directories, hard disk drive files, and other information stored on Arx Compliance information processing systems. This information may include Personal Information. Such examinations are typically performed to assure compliance with internal policies, support the performance of internal investigations, and assist with the management of Arx Compliance information processing systems.

Changes to this Policy 
If Arx Compliance seeks to make a material change to Arx Compliance policy to allow use of Personal Information for a new, legitimate business purpose, Arx Compliance will document the change to this policy, note the date of the last update at the start of the policy, and publish the policy. You are encouraged to check this policy occasionally to stay informed of any changes in our policies and procedures regarding Personal Information. For substantial and material changes to this policy, Arx Compliance will use reasonable efforts to provide notification to all affected users and suggest that such users review the updated policy.

Contact details if you have any questions relating to the use of your Personal Data
Arx Compliance commits to resolve complaints about your privacy and our collection or use of your personal information. Should you have any concerns about our processing of your Personal Data, please contact us as follows:

By email: post@arxcompliance.no

Updated: 05.01.2024


Definitions
Arx Compliance means:
  • Arx Compliance AS, as the legal entity responsible for the group's operations in Norway;
  • and any majority-owned or controlled subsidiaries or affiliates.
References to Arx Compliance shall be taken to mean any or all of the above entities depending upon the context. Unless expressly stated otherwise, references to Arx Compliance in connection with the GDPR shall be taken to mean Arx Compliance.

Solution - means the Arx Compliance regulatory compliance software solution.

Personal Data - Any information relating to an individual, including name, telephone number, address, email address, social security number, personal business transaction details, Account Information and Personal Trading Data.

Special Category Data - The processing of Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person sex life or sexual orientation.

Sensitive Personal Information - means government identification numbers or financial account numbers associated with individual persons (e.g. Social Security numbers, driver’s license numbers, or personal credit card or banking account numbers), and medical records or health care claim information associated with individuals, including claims for payment or reimbursement for any type of medical care for an individual.

Processing of personal information or “processing” - Any operation or set of operations performed on personal information, whether by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combination, blocking, erasure or destruction.

Third Party - Any person, partnership, corporation, public authority, government agency, or any other entity other than the individual, under the direct authority of Arx Compliance, that are authorized to process the data.

Recipient - The person, public authority, government agency, or any other entity to which Personal Data is disclosed, even if the recipient is a third party.

Data Controller - determines how and why Personal Data is processed.

Data Processor - is responsible for processing Personal Data on behalf of a Data Controller.

CCPA terms – “Business,” “Service Provider,” and “Personal Information” shall have the meanings defined by the CCPA. 
No distinction between “data” and “information” is made when those terms are used generally in this policy.

Overview 
Arx Compliance is a leading provider of compliance and regulatory solutions for financial services and enterprise firms. We provide compliance software with a focus on global regulations including, SEC, FINRA, FCPA, FCA, UK Bribery Act, and MiFID. Our solutions provide a fully configurable platform that manages the complex and burdensome processes associated with managing employee compliance. 

Arx Compliance offers products and services in the business-to-business market sector.
 
Arx Compliance operates as a Data Processor or Service Provider in terms of the products and services we provide to our Clients, and as a Data Controller or Business when we collect or process Personal Data or Personal Information for our own internal use as an organization.

What this Privacy Policy covers 
The Arx Compliance Privacy Policy tells you what to expect when Arx Compliance collects personal information as a Data Controller or Business in respect of: 
  • the Personal Data we collect; 
  • how Personal Data is used and for what purpose; 
  • the transfer of Personal Data to a Third Party; 
  • how we maintain accuracy, integrity and security of your Personal Data;
  • how we retain and destroy your Personal Data; 
  • what are your individual rights in respect of your Personal Data; 
  • Personal Data of children under 13 years of age, and; 
  • contact details if you have any questions relating to the use of your Personal Data;

The Personal Data we collect 
Visitors to the Arx Compliance website, offices, public and private events can be asked to provide Personal Data relating to: 
  • queries or feedback you leave, including your name, email address, or telephone number if you contact arxcompliance.no; 
  • your name, email address and subscription preferences when you sign up to our email alerts; 
  • how you use our website - for example website navigation, whether you open items, and which links you click on, cookie use and page tagging techniques; 
  • Information provided to us in relation to technical assistance; 
  • Arx Compliance product interactions and performance data in relation to our products and services, and; 
  • your Internet Protocol (IP) address, and details of which version of web browser you used.
How Personal Data is used and for what purpose
Arx Compliance processes the Personal Data we collect as a Data Controller in accordance with this Privacy Policy. The lawful basis for collection by Arx Compliance under the GDPR may be based upon consent, legal obligation or legitimate interests. Examples of the purposes for which we may collect and process Personal Data may include: 
  • Responding to Requests for Information; 
  • Responding to Subject Access Requests; 
  • Responding to Data Breach Notifications; 
  • Responding to Due Diligence requests; 
  • Providing audit evidence; 
  • Providing white papers and resources; 
  • Registering users for Arx Compliance promotional material and events;
  • Contacting users for marketing and sales queries; 
  • Evaluating and improving the online user experience; 
  • Compliance with legal, regulatory and business obligations 
  • Analyzing website visitor information

Transfer of Personal Data to a Third Party 
Arx Compliance does not sell, lease, rent or give away Personal Data. Personal Data is handled in line with Arx Compliance’s Policies. Personal Data processed by Arx Compliance is subject to the:
EU General Data Protection Regulation (“GDPR”)
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS. 

  1. Intra-Group 
Arx Compliance may transfer Personal Data outside of the EEA to other group entities. In order to protect the security of Personal Data during such transfer, Arx Compliance relies on Intragroup International Data Transfer Agreements that incorporate the safeguards set out in the Standard Contractual Clauses. 

  1. Third Party 
Arx Compliance may also transfer Personal Data to other third-party service providers outside of the EEA. If and when transferring Personal Data outside the EEA, Arx Compliance will do so using one of the following safeguards:
 i. the transfer is to a non-EEA country that has been the subject of an adequacy decision by the EU Commission; 
ii. the transfer is covered by a contractual agreement compliant with the rules within Data Protection Laws relating to transfers to countries outside the EEA; or 
iii. the transfer is to an organisation which has binding corporate rules approved by an EU data protection authority.

How we maintain confidentiality, integrity and availability of your Personal Data 
In its roles as Data Controller/Business and Data Processor/Service Provider, Arx Compliance seeks to adhere to the following security principles: 
  • Confidentiality
  • Integrity
  • Availability 
This is achieved through the application of Security Controls: Administration, Technical and Physical. When combined these provide a number of security layers, designed to safeguard against any potential threats. 
These controls are subject to independent audits, security testing and external assessments by clients, and independent organizations against the latest industry standards. These security controls require constant and consistent audits, reviews, monitoring and communication. This is provided by Senior Management and the Board through the practices of Governance, Risk and Compliance.

How we retain and destroy your Personal Data 
Arx Compliance is bound by legal, regulatory, and business obligations in relation to the retention of Personal Data, with the purposes of:
  • Maintaining business relationships;
  • The provision of products, services or information based upon entitlement or reasonable expectations; 
  • Legal, regulatory, and contractual compliance; 


Please be aware that elements of legal and regulatory compliance may overrule the fundamental rights associated with your data protection rights. 

Destruction of Personal Data is subject to industry best practice.

Your individual rights in respect to your Personal Data – General Data Protection Regulation 
As a Data Controller, Arx Compliance observes and upholds your rights in respect to the General Data Protection Regulation. These rights are based upon: 
  • the right to request information regarding the Personal Data we process concerning you (Subject Access Request);
  • the right to rectify, update or complement inaccurate or incomplete Personal Data concerning you;
  • the right to delete or request the erasure of Personal Data concerning you, exceptions apply; for example, criminal records or due to legal and regulatory requirements; 
  • the right to withdraw any consent you may have given for us to process Personal Data concerning you; 
  • the right to object to our processing of Personal Data concerning you on the basis of our, or of third-parties’ legitimate interests; 
  • the right to obtain from us the portability of Personal Data concerning you which we process using automated means on the basis of your consent or of a contract you have entered into with us, and;
  • the right to, in the European Economic Area lodge a privacy complaint with a supervisory authority if you are unhappy with the way we have handled your Personal Data or any privacy query or request that you have raised with us.

Subject Access Request 
A Subject Access Request is a request from an individual to see copies of information held by an organization about them, as such: 
  • Arx Compliance, in its capacity as a Data Controller, is obliged to take reasonable measures to confirm your identity and the grounds of those making the request; 
  • Arx Compliance will notify client-based requests (Subject Access Requests) to the appropriate Data Controller within agreed timescales; 
  • Arx Compliance will process other Subject Access Requests within one calendar month. This period is extendable under certain criteria.

Monitoring of Internal Activities 
Arx Compliance does not engage in blanket monitoring of internal communications but does reserve the right to monitor access, retrieve, read, or disclose internal communications when: 
  • a legitimate business need exists that cannot be satisfied by other means; 
  • the involved individual is unavailable, and timing is critical to a business activity; 
  • there is reasonable cause to suspect criminal activity or policy violation;
  • monitoring is required by law, regulation, or third party agreement. 
At any time and without prior notice, Arx Compliance management reserves the right to examine archived electronic mail, personal computer file directories, hard disk drive files, and other information stored on Arx Compliance information processing systems. This information may include Personal Information. Such examinations are typically performed to assure compliance with internal policies, support the performance of internal investigations, and assist with the management of Arx Compliance information processing systems.

Changes to this Policy 
If Arx Compliance seeks to make a material change to Arx Compliance policy to allow use of Personal Information for a new, legitimate business purpose, Arx Compliance will document the change to this policy, note the date of the last update at the start of the policy, and publish the policy. You are encouraged to check this policy occasionally to stay informed of any changes in our policies and procedures regarding Personal Information. For substantial and material changes to this policy, Arx Compliance will use reasonable efforts to provide notification to all affected users and suggest that such users review the updated policy.

Contact details if you have any questions relating to the use of your Personal Data
Arx Compliance commits to resolve complaints about your privacy and our collection or use of your personal information. Should you have any concerns about our processing of your Personal Data, please contact us as follows:

By email: post@arxcompliance.no

Updated: 05.01.2024


Definitions
Arx Compliance means:
  • Arx Compliance AS, as the legal entity responsible for the group's operations in Norway;
  • and any majority-owned or controlled subsidiaries or affiliates.
References to Arx Compliance shall be taken to mean any or all of the above entities depending upon the context. Unless expressly stated otherwise, references to Arx Compliance in connection with the GDPR shall be taken to mean Arx Compliance.

Solution - means the Arx Compliance regulatory compliance software solution.

Personal Data - Any information relating to an individual, including name, telephone number, address, email address, social security number, personal business transaction details, Account Information and Personal Trading Data.

Special Category Data - The processing of Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric for the purposes of uniquely identifying a natural person, data concerning health or data concerning a natural person sex life or sexual orientation.

Sensitive Personal Information - means government identification numbers or financial account numbers associated with individual persons (e.g. Social Security numbers, driver’s license numbers, or personal credit card or banking account numbers), and medical records or health care claim information associated with individuals, including claims for payment or reimbursement for any type of medical care for an individual.

Processing of personal information or “processing” - Any operation or set of operations performed on personal information, whether by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, combination, blocking, erasure or destruction.

Third Party - Any person, partnership, corporation, public authority, government agency, or any other entity other than the individual, under the direct authority of Arx Compliance, that are authorized to process the data.

Recipient - The person, public authority, government agency, or any other entity to which Personal Data is disclosed, even if the recipient is a third party.

Data Controller - determines how and why Personal Data is processed.

Data Processor - is responsible for processing Personal Data on behalf of a Data Controller.

CCPA terms – “Business,” “Service Provider,” and “Personal Information” shall have the meanings defined by the CCPA. 
No distinction between “data” and “information” is made when those terms are used generally in this policy.

Overview 
Arx Compliance is a leading provider of compliance and regulatory solutions for financial services and enterprise firms. We provide compliance software with a focus on global regulations including, SEC, FINRA, FCPA, FCA, UK Bribery Act, and MiFID. Our solutions provide a fully configurable platform that manages the complex and burdensome processes associated with managing employee compliance. 

Arx Compliance offers products and services in the business-to-business market sector.
 
Arx Compliance operates as a Data Processor or Service Provider in terms of the products and services we provide to our Clients, and as a Data Controller or Business when we collect or process Personal Data or Personal Information for our own internal use as an organization.

What this Privacy Policy covers 
The Arx Compliance Privacy Policy tells you what to expect when Arx Compliance collects personal information as a Data Controller or Business in respect of: 
  • the Personal Data we collect; 
  • how Personal Data is used and for what purpose; 
  • the transfer of Personal Data to a Third Party; 
  • how we maintain accuracy, integrity and security of your Personal Data;
  • how we retain and destroy your Personal Data; 
  • what are your individual rights in respect of your Personal Data; 
  • Personal Data of children under 13 years of age, and; 
  • contact details if you have any questions relating to the use of your Personal Data;

The Personal Data we collect 
Visitors to the Arx Compliance website, offices, public and private events can be asked to provide Personal Data relating to: 
  • queries or feedback you leave, including your name, email address, or telephone number if you contact arxcompliance.no; 
  • your name, email address and subscription preferences when you sign up to our email alerts; 
  • how you use our website - for example website navigation, whether you open items, and which links you click on, cookie use and page tagging techniques; 
  • Information provided to us in relation to technical assistance; 
  • Arx Compliance product interactions and performance data in relation to our products and services, and; 
  • your Internet Protocol (IP) address, and details of which version of web browser you used.
How Personal Data is used and for what purpose
Arx Compliance processes the Personal Data we collect as a Data Controller in accordance with this Privacy Policy. The lawful basis for collection by Arx Compliance under the GDPR may be based upon consent, legal obligation or legitimate interests. Examples of the purposes for which we may collect and process Personal Data may include: 
  • Responding to Requests for Information; 
  • Responding to Subject Access Requests; 
  • Responding to Data Breach Notifications; 
  • Responding to Due Diligence requests; 
  • Providing audit evidence; 
  • Providing white papers and resources; 
  • Registering users for Arx Compliance promotional material and events;
  • Contacting users for marketing and sales queries; 
  • Evaluating and improving the online user experience; 
  • Compliance with legal, regulatory and business obligations 
  • Analyzing website visitor information

Transfer of Personal Data to a Third Party 
Arx Compliance does not sell, lease, rent or give away Personal Data. Personal Data is handled in line with Arx Compliance’s Policies. Personal Data processed by Arx Compliance is subject to the:
EU General Data Protection Regulation (“GDPR”)
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS. 

  1. Intra-Group 
Arx Compliance may transfer Personal Data outside of the EEA to other group entities. In order to protect the security of Personal Data during such transfer, Arx Compliance relies on Intragroup International Data Transfer Agreements that incorporate the safeguards set out in the Standard Contractual Clauses. 

  1. Third Party 
Arx Compliance may also transfer Personal Data to other third-party service providers outside of the EEA. If and when transferring Personal Data outside the EEA, Arx Compliance will do so using one of the following safeguards:
 i. the transfer is to a non-EEA country that has been the subject of an adequacy decision by the EU Commission; 
ii. the transfer is covered by a contractual agreement compliant with the rules within Data Protection Laws relating to transfers to countries outside the EEA; or 
iii. the transfer is to an organisation which has binding corporate rules approved by an EU data protection authority.

How we maintain confidentiality, integrity and availability of your Personal Data 
In its roles as Data Controller/Business and Data Processor/Service Provider, Arx Compliance seeks to adhere to the following security principles: 
  • Confidentiality
  • Integrity
  • Availability 
This is achieved through the application of Security Controls: Administration, Technical and Physical. When combined these provide a number of security layers, designed to safeguard against any potential threats. 
These controls are subject to independent audits, security testing and external assessments by clients, and independent organizations against the latest industry standards. These security controls require constant and consistent audits, reviews, monitoring and communication. This is provided by Senior Management and the Board through the practices of Governance, Risk and Compliance.

How we retain and destroy your Personal Data 
Arx Compliance is bound by legal, regulatory, and business obligations in relation to the retention of Personal Data, with the purposes of:
  • Maintaining business relationships;
  • The provision of products, services or information based upon entitlement or reasonable expectations; 
  • Legal, regulatory, and contractual compliance; 


Please be aware that elements of legal and regulatory compliance may overrule the fundamental rights associated with your data protection rights. 

Destruction of Personal Data is subject to industry best practice.

Your individual rights in respect to your Personal Data – General Data Protection Regulation 
As a Data Controller, Arx Compliance observes and upholds your rights in respect to the General Data Protection Regulation. These rights are based upon: 
  • the right to request information regarding the Personal Data we process concerning you (Subject Access Request);
  • the right to rectify, update or complement inaccurate or incomplete Personal Data concerning you;
  • the right to delete or request the erasure of Personal Data concerning you, exceptions apply; for example, criminal records or due to legal and regulatory requirements; 
  • the right to withdraw any consent you may have given for us to process Personal Data concerning you; 
  • the right to object to our processing of Personal Data concerning you on the basis of our, or of third-parties’ legitimate interests; 
  • the right to obtain from us the portability of Personal Data concerning you which we process using automated means on the basis of your consent or of a contract you have entered into with us, and;
  • the right to, in the European Economic Area lodge a privacy complaint with a supervisory authority if you are unhappy with the way we have handled your Personal Data or any privacy query or request that you have raised with us.

Subject Access Request 
A Subject Access Request is a request from an individual to see copies of information held by an organization about them, as such: 
  • Arx Compliance, in its capacity as a Data Controller, is obliged to take reasonable measures to confirm your identity and the grounds of those making the request; 
  • Arx Compliance will notify client-based requests (Subject Access Requests) to the appropriate Data Controller within agreed timescales; 
  • Arx Compliance will process other Subject Access Requests within one calendar month. This period is extendable under certain criteria.

Monitoring of Internal Activities 
Arx Compliance does not engage in blanket monitoring of internal communications but does reserve the right to monitor access, retrieve, read, or disclose internal communications when: 
  • a legitimate business need exists that cannot be satisfied by other means; 
  • the involved individual is unavailable, and timing is critical to a business activity; 
  • there is reasonable cause to suspect criminal activity or policy violation;
  • monitoring is required by law, regulation, or third party agreement. 
At any time and without prior notice, Arx Compliance management reserves the right to examine archived electronic mail, personal computer file directories, hard disk drive files, and other information stored on Arx Compliance information processing systems. This information may include Personal Information. Such examinations are typically performed to assure compliance with internal policies, support the performance of internal investigations, and assist with the management of Arx Compliance information processing systems.

Changes to this Policy 
If Arx Compliance seeks to make a material change to Arx Compliance policy to allow use of Personal Information for a new, legitimate business purpose, Arx Compliance will document the change to this policy, note the date of the last update at the start of the policy, and publish the policy. You are encouraged to check this policy occasionally to stay informed of any changes in our policies and procedures regarding Personal Information. For substantial and material changes to this policy, Arx Compliance will use reasonable efforts to provide notification to all affected users and suggest that such users review the updated policy.

Contact details if you have any questions relating to the use of your Personal Data
Arx Compliance commits to resolve complaints about your privacy and our collection or use of your personal information. Should you have any concerns about our processing of your Personal Data, please contact us as follows:

By email: post@arxcompliance.no

Get in touch to discuss employee compliance and relevant regulations

Get in touch to discuss employee compliance and relevant regulations