Privacy Policy

1. OUR PRIVACY COMMITMENT

At Arestech, we’ve built our reputation on trust. When you’re dealing with cybersecurity and physical protection, privacy isn’t just legal compliance—it’s the foundation of everything we do. This policy explains how we handle your personal information, because absolute security starts with transparency.

2. INFORMATION WE COLLECT

We handle several types of information to deliver world-class security services:

Professional Information: Names, titles, contact details, company information, and professional credentials. For high-profile clients, we maintain emergency contacts and security-relevant professional information.

Technical and Security Data: IP addresses, system logs, network traffic patterns, cybersecurity assessment results, and threat intelligence. This diagnostic information helps us identify and address security vulnerabilities.

Assessment Data: Physical security evaluations generate detailed vulnerability information, facility layouts, access control data, and surveillance footage when conducting comprehensive risk assessments.

Business Information: Contract details, billing records, and payment information processed through secure, PCI-compliant channels.

We collect this information through direct engagement during consulting work, on-site assessments, SOC monitoring services, website interactions, and publicly available threat intelligence sources.

3. HOW WE USE YOUR INFORMATION

Every piece of information serves a specific security purpose. We use it to conduct risk assessments, deliver managed SOC services, perform incident response investigations, and continuously improve our security methodologies.

We also use information for essential business operations like contract management, billing, regulatory compliance, and maintaining the high service standards our clientele expects.

Some information helps protect the broader ecosystem through threat detection, monitoring for emerging attack patterns, and fraud prevention activities.

4. INFORMATION SHARING

We share information only when necessary and appropriate:

Trusted Partners: Carefully selected technology providers, cloud infrastructure partners, and specialized security vendors access client information under strict contractual obligations that mirror our privacy commitments.

Legal Requirements: We comply with court orders, properly authorized law enforcement requests, and regulatory obligations. We evaluate each request carefully and share only what’s legally required.

Business Continuity: In unlikely scenarios involving mergers or acquisitions, information transfers would include appropriate confidentiality protections.

5. DATA RETENTION

We balance practical business needs with privacy principles:

• Service-related data: Duration of relationship plus 7 years
• Security assessment data: Up to 10 years (security patterns evolve slowly)
• Financial records: 7 years following standard business practices
• Marketing communications: Until you opt out

6. INTERNATIONAL OPERATIONS

Operating globally means information sometimes crosses borders. We use Standard Contractual Clauses, maintain current international certifications, and implement enhanced safeguards like additional encryption for transfers requiring extra protection.

7. YOUR RIGHTS AND CONTROL

You have meaningful control over your information:

• Access: Request detailed information about what we have and how we use it
• Corrections: We’ll promptly fix any inaccuracies
• Deletion: Request information removal (subject to legal/contractual obligations)
• Processing Controls: Object to specific uses or restrict processing
• Marketing: Easy opt-out from communications

8. OUR SECURITY MEASURES

Security isn’t just our business—it’s how we protect your information daily. We use enterprise-grade encryption for data in transit and at rest, multi-factor authentication with least-privilege access controls, and multiple layers of network protection.

Our facilities maintain the same physical security standards we recommend to clients. Regular security assessments and external audits validate our protective measures.

9. WEBSITE TECHNOLOGY

Our website uses cookies for functionality, user experience, and security. You can control cookie settings through your browser, though some features may not work with cookies disabled.

10. POLICY UPDATES

When we update this policy, we notify affected clients through appropriate channels and clearly mark changes. Material updates receive prominent notification with time to review.

11. REGIONAL COMPLIANCE

European Union: We comply with GDPR requirements, serving as data controller or processor based on the service context. Legal bases include legitimate interests, contract performance, legal compliance, and explicit consent.

United States: We follow applicable federal and state privacy laws, including emerging state requirements and sector-specific regulations.

Mexico: Compliance with Federal Law on Protection of Personal Data, ensuring appropriate consent and security measures.

Saudi Arabia: Full compliance with Personal Data Protection Law requirements and technical safeguards.

12. CONTACT US

For privacy questions or requests:
Email: contact@arestech.us