Armakuni Limited respects your privacy and is committed to protecting your personal data. This Privacy Notice explains how we collect, use and protect personal data about visitors to our website, clients, prospective clients, suppliers, business contacts and other people we interact with in the course of running our business.
This Privacy Notice does not apply to job applicants. If you apply for a role with us, please see our separate Applicant Privacy Notice.
1. Who we are
Armakuni Limited is a company registered in England and Wales under company number 08104921.
Our registered office is:
Armakuni Limited
International House
64 Nile Street
London
N1 7SR
United Kingdom
For the purposes of UK data protection law, Armakuni Limited is the controller of the personal data described in this Privacy Notice. This means we decide why and how your personal data is used.
You can contact us about data protection matters at:
Email: DataProtection@Armakuni.com
2. Personal data we collect
The personal data we collect depends on your relationship with us.
We may collect and use the following types of personal data:
Website and enquiry data
This may include:
- your name;
- email address;
- telephone number;
- organisation;
- job title;
- the content of your enquiry or message;
- information submitted through our contact forms, event RSVP forms or other website forms;
- technical information about your use of our website, such as IP address, browser type, device information, pages visited and referral source;
- technical and form-interaction information collected through website security tools such as Google reCAPTCHA, where used to protect our website from spam, abuse and automated submissions.
Client, prospective client and business contact data
This may include:
- your name;
- business contact details;
- job title;
- organisation;
- correspondence with you;
- meeting notes;
- information about your organisation and its requirements;
- details of services discussed, requested or provided.
Supplier and contractor data
This may include:
- your name;
- business contact details;
- role or job title;
- organisation;
- contract details;
- invoice and payment information;
- correspondence and records relating to the supply of goods or services.
Invoice and finance data
This may include:
- names of client or supplier contacts;
- organisation names;
- business addresses;
- email addresses;
- invoice details;
- payment status;
- related correspondence.
We do not intentionally collect special category personal data through our website. Special category data includes information such as health data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, or information about sex life or sexual orientation.
3. How we collect personal data
We may collect personal data:
- directly from you, for example when you contact us, meet with us, complete a form or correspond with us;
- through our website forms, including contact forms and event RSVP forms;
- from your employer or organisation;
- from clients, suppliers, contractors or other business contacts;
- from publicly available sources, such as company websites, Companies House, LinkedIn or professional directories;
- through website security tools, including Google reCAPTCHA where used;
- through systems and service providers we use to host our website, route enquiries, store form submissions and manage business communications;
- through other systems and service providers we use to run our business.
4. How we use personal data and our lawful bases
We use personal data for the purposes set out below.
| Purpose | Types of Personal Data | Lawful Basis |
|---|---|---|
| Responding to enquiries | Name, contact details, enquiry details | Legitimate interests; steps before entering into a contract |
| Managing contact forms, event RSVP forms and other website submissions | Name, contact details, form submission details | Legitimate interests; steps before entering into a contract |
| Providing services to clients | Business contact details, correspondence, project information | Contract; legitimate interests |
| Managing client and business relationships | Contact details, meeting notes, correspondence | Legitimate interests |
| Managing suppliers and contractors | Contact details, contract details, invoice details, correspondence | Contract; legitimate interests |
| Issuing invoices and managing payments | Contact details, invoice details, payment records | Contract; legal obligation; legitimate interests |
| Maintaining accounting, tax and business records | Invoice data, payment records, contract records, correspondence | Legal obligation; legitimate interests |
| Operating, maintaining and securing our website | Technical data, usage data, enquiry data | Legitimate interests; consent where required for non-essential cookies or similar technologies |
| Protecting website forms from spam, abuse and automated submissions | Technical data, form-interaction data, IP address and related security information | Legitimate interests |
| Sending relevant business updates or marketing communications | Name, business email address, organisation, preferences | Legitimate interests or consent, depending on the circumstances |
| Protecting our business, systems and legal rights | Technical data, correspondence, records of activity | Legitimate interests; legal obligation |
| Managing legal, regulatory, insurance and professional advisory matters | Relevant business records, correspondence and contact details | Legitimate interests; legal obligation |
Where we rely on legitimate interests, this means we use personal data where we have a business reason to do so and where we consider that your rights and interests do not override that reason.
Our legitimate interests include:
- running and managing our business;
- responding to enquiries;
- providing and improving our services;
- managing client and supplier relationships;
- managing website forms and event RSVPs;
- protecting our website and systems from spam, abuse and security threats;
- keeping business records;
- managing invoices, payments and credit control;
- protecting our systems, confidential information and legal rights;
- obtaining professional advice.
5. Marketing communications
We may use business contact details to send relevant information about our services, events, updates or insights where permitted by law. We may do this directly or through an email or marketing service provider.
You can opt out of marketing communications at any time by contacting us at DataProtection@Armakuni.com or by using the unsubscribe link in our emails, where available.
We will not sell your personal data to third parties for marketing purposes.
6. Cookies and similar technologies
Our website uses cookies and similar technologies for limited purposes. Some cookies are strictly necessary for the website to function or to help keep it secure.
We use Google reCAPTCHA on our contact and event RSVP forms to help protect our website from spam, abuse and automated submissions. Google reCAPTCHA may collect technical information and form-interaction signals, and may set Google cookies.
We do not currently use analytics or marketing cookies on our website. If we introduce analytics or marketing tools, such as Google Tag Manager or related services, we will update our cookie information and, where required by law, obtain consent before those non-essential cookies or similar technologies are used.
You can manage cookies through your browser settings. Blocking some cookies may affect how the website works.
For more information, please see our Cookie Notice.
7. Who we share personal data with
We may share personal data with third parties where this is necessary for the purposes set out in this Privacy Notice, where required by law, or where we have another lawful basis for doing so.
This may include sharing personal data with:
- IT, hosting, cloud infrastructure and website service providers, including Railway;
- email delivery and communication service providers, including AWS SES and Google Workspace;
- website security and anti-spam providers, including Google reCAPTCHA;
- workflow automation and data routing providers, including Zapier;
- document, spreadsheet and business administration tools, including Google Sheets;
- accounting, invoicing and finance platforms, including Xero;
- CRM, marketing and website analytics providers, where used;
- cookie banner, consent management and website performance providers, where used;
- professional advisers, including lawyers, accountants, auditors, insurers and consultants;
- banks and payment providers;
- clients, suppliers, contractors and business partners where necessary for our business, services or contractual arrangements;
- group companies, affiliated companies or support teams, where reasonably necessary for business administration, finance, IT, operations or service delivery;
- regulators, public authorities, law enforcement agencies, courts or other third parties where required by law or necessary to protect our rights.
We require our service providers to handle personal data securely and only for authorised purposes.
We do not sell personal data to third parties.
8. International transfers
Some of our service providers, systems and internal teams may access or process personal data from outside the United Kingdom.
In particular, website enquiry and form data may be processed or stored in the United States by service providers including Railway, AWS SES, Google and Zapier. Personal data may also be accessed or supported by authorised Armakuni personnel or teams in the United Kingdom, the United States and India.
Personal data held in our business systems, including accounting and invoicing systems such as Xero, may also be accessed by authorised personnel outside the UK where this is necessary for finance, administration, IT support, operational support or service delivery.
Where we transfer personal data internationally, we take steps to ensure it is protected in accordance with UK data protection law. This may include relying on adequacy regulations or using appropriate contractual safeguards, such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.
9. How long we keep personal data
We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, tax, reporting, contractual or regulatory requirements.
As a general guide:
| Type of Record | Typical Retention Period |
|---|---|
| Client and supplier contract records | Up to 6 years after the end of the relevant relationship or contract |
| Invoices, accounting and tax records | Usually 6 years from the end of the relevant financial year |
| General business correspondence | Usually up to 6 years, depending on the nature of the correspondence |
| Website enquiry and contact form records | Usually up to 2 years, unless the enquiry leads to an ongoing business relationship or another legitimate business need |
| Event RSVP records | Usually up to 2 years after the relevant event, unless a longer period is needed for business, legal or record-keeping purposes |
| Marketing contact records | Until you opt out or we no longer have a valid business reason to retain them |
| Website security and anti-spam records | Retained for as long as necessary to protect the website and investigate or prevent misuse, subject to provider settings where relevant |
We may keep some records for longer where necessary to comply with legal obligations, resolve disputes, establish, exercise or defend legal claims, or protect our rights.
10. How we protect personal data
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
These measures may include:
- access controls;
- individual user accounts;
- multi-factor authentication where appropriate;
- confidentiality obligations;
- staff training;
- secure cloud systems;
- data backup and recovery measures;
- monitoring and review of access permissions;
- procedures for handling suspected personal data breaches.
11. Your rights
Under UK data protection law, you have rights in relation to your personal data. These include the right to:
- request access to your personal data;
- ask us to correct inaccurate or incomplete personal data;
- ask us to delete your personal data in certain circumstances;
- ask us to restrict how we use your personal data in certain circumstances;
- object to our use of your personal data in certain circumstances;
- object to direct marketing;
- ask for your personal data to be transferred to you or another organisation in certain circumstances;
- withdraw consent where we rely on consent.
These rights do not apply in every situation. For example, we may need to keep certain records to comply with legal, tax, accounting or contractual obligations.
To exercise your rights, please contact us at: DataProtection@Armakuni.com
We may need to ask for information to confirm your identity before responding.
12. Complaints
We hope you will contact us first if you have any concerns about how we use your personal data, so that we can try to resolve them.
You also have the right to complain to the UK Information Commissioner's Office, the UK regulator for data protection matters.
ICO website: www.ico.org.uk
ICO telephone: 0303 123 1113
13. Changes to this Privacy Notice
We may update this Privacy Notice from time to time. The latest version will be published on our website.