Legals

Data Protection

February 24, 2025

Arest Limited is committed to protecting the rights and freedoms of data subjects and processing personal data safely and securely in accordance with our legal obligations, including the General Data Protection Regulation (GDPR). This Data Protection Policy explains how we collect, use, store, and protect personal data when you visit our website or interact with our services.

We are registered with the Information Commissioner’s Office (ICO) under registration number ZB845598 as both a Data Processor and Data Controller.

Definitions
  • Business Purposes:
    “Business purposes” refers to the reasons for which personal data is collected and used by Arest Limited. These include, but are not limited to:
    • Delivering our services directly and through third-party suppliers.
    • Complying with legal, regulatory, and corporate governance obligations.
    • Facilitating investigations by regulatory bodies or in connection with legal proceedings.
    • Adhering to internal business policies (such as those relating to email and internet usage).
    • Managing operational functions including recording transactions, training, quality control, safeguarding commercially sensitive information, security vetting, credit checks, monitoring, and complaint investigation.
    • Ensuring safe working practices, managing staff absences, and monitoring system access.
    • Marketing new products or services and improving our existing offerings.
  • Personal Data:
    Any information relating to an identified or identifiable natural person (“data subject”), including, but not limited to, names, identification numbers, location data, and online identifiers.
  • Special Categories of Personal Data:
    Data concerning an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal offences, biometric data, or genetic data. This type of data is subject to enhanced protection.
  • Data Controller:
    The natural or legal person who determines the purposes and means of personal data processing.
  • Data Processor:
    A party that processes personal data on behalf of the Data Controller.
  • Processing:
    Any operation performed on personal data, including collection, recording, storage, retrieval, use, disclosure, and erasure.
  • We/Us/Our:
    These terms refer to Arest Limited and any of its associated brands, including Alfas AI.
Scope

This policy applies to personal data collected via our website and through our services. It is intended for website visitors, clients, and other individuals whose data we process. In addition, our internal practices for employees, contractors, and other staff are governed by our Internal Data Protection Policy.

Responsibilities
  • Data Protection Officer (DPO):
    Our DPO is responsible for implementing and maintaining this policy and ensuring that our data protection practices are followed.
    Contact: contact@alfas.ai
  • Our Staff:
    All employees and contractors are required to comply with this policy and report any data protection breaches or concerns to the DPO promptly.
Data Protection Principles

Arest Limited is committed to processing personal data in accordance with the following GDPR principles:

  • Lawfulness, Fairness and Transparency:
    Data is processed in a manner that is legal, fair, and transparent.
  • Purpose Limitation:
    Personal data is collected for specified, explicit, and legitimate purposes and is not processed in any manner incompatible with those purposes.
  • Data Minimisation:
    We only collect the personal data that is necessary for the purposes outlined in this policy.
  • Accuracy:
    We endeavour to keep personal data accurate and up to date.
  • Storage Limitation:
    Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.
  • Integrity and Confidentiality:
    We implement appropriate security measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
  • Accountability:
    We maintain appropriate documentation and procedures to demonstrate our compliance with these principles.
Data Processing Purposes

We process personal data for a range of business purposes, including:

  • Service Delivery:
    To provide our services directly and through third-party suppliers.
  • Legal and Regulatory Compliance:
    To meet legal, regulatory, and corporate governance obligations.
  • Investigations and Legal Proceedings:
    To assist with investigations by regulatory bodies or legal proceedings.
  • Operational Requirements:
    For transaction management, training, quality control, and system access monitoring.
  • Security and Complaint Management:
    To investigate complaints, ensure safe practices, and conduct security checks.
  • Marketing and Service Improvement:
    To market new products or services and continuously improve our offerings.
Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to be Informed:
    You are entitled to be informed about how your data is collected and used.
  • Right of Access:
    You may request access to your personal data.
  • Right to Rectification:
    You may request corrections to any inaccurate or incomplete data.
  • Right to Erasure:
    Also known as the “right to be forgotten,” you may request deletion of your data under certain conditions.
  • Right to Restrict Processing:
    You may request that the processing of your personal data be restricted.
  • Right to Data Portability:
    You have the right to receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object:
    You may object to the processing of your personal data under certain circumstances.
  • Rights Related to Automated Decision-Making:
    You have the right not to be subject to decisions based solely on automated processing, including profiling.
Data Transfers

Any transfer of personal data outside the European Economic Area (EEA) will be carried out in compliance with GDPR requirements, ensuring that appropriate safeguards (such as Standard Contractual Clauses) are in place.

Data Retention

We will retain your personal data only for as long as necessary to achieve the purposes for which it was collected, or as required by applicable law. Our data retention practices are regularly reviewed to ensure compliance.

Security Measures

Arest Limited employs robust security measures—including encryption, access controls, and regular staff training—to safeguard your personal data. Where appropriate, Privacy Impact Assessments (PIAs) are conducted to identify and mitigate risks related to data processing.

Review and Updates

This Data Protection Policy is reviewed periodically and updated as necessary to ensure continued compliance with the GDPR and other applicable laws. Any updates will be published on our website.

Contact Information

If you have any questions or concerns regarding this policy or our data protection practices, please contact our Data Protection Officer at contact@alfas.ai.

Redefining Finance with AI Innovation
Contact
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Copyright © 2025 Arest Limited.