PRIVACY POLICY

Committed to protecting the personal data we process and adhering to international recognized principles regarding privacy and/or personal data protection, at ARCH we have adopted actions that allow us to comply with this commitment; therefore, through this Privacy Policy, we inform you of the information regarding the existence and main characteristics of the processing to which your personal will be submitted.

ARCH is a corporation that brings together different brands with presence in the Americas to provide an ecosystem of Human Capital solutions based on innovation and technology.

I. Identity and address of the responsible person for data processing “Data Controller.”

We inform you that the Data Controller of your personal data will be carried out by Arch Florida Limited Liability Company (LLC) (hereinafter “Controller” or “ARCH”) with address at 1000 Brickell Ave, Suite 725, Miami, Florida, 33131 in the United States of America.

II. Definitions

  1. Personal data.- All information concerning an identified or identifiable natural person or individual. An identifiable natural person or individual is considered as any person whose identity can be directly or indirectly determined.
  2. Sensitive personal data.- Personal data that affect the most intimate sphere of its Holder, or whose improper use may give rise to discrimination or entail a serious risk for him/her.
  3. The natural person or individual to whom the personal data identifies or corresponds.
  4. Data controller.- ARCH
  5. Processing – Any operation or set of operations conducted on personal data, whether by automated procedures or not, such as obtaining, registering, organizing, structuring, using, handling, exploiting, communicating, transferring, disposing of, disclosing, storing, keeping, adapting, modifying, extracting, consulting, or destroying personal data.
  6. Privacy Policy.- The instrument hereby, through which the Data Controller informs and makes transparent to the Holder, whose personal data is processed, the conditions under which such personal data will be processed.
  7. Transfer – Any data communication that will be made to a person different that the Data Controller, in which case, the third-party recipient becomes the new Data Controller for the processing of the personal data.
  8. ARCO rights.- Right of Access, Rectification, Cancellation and Opposition of personal data. Such rights are defined as follows: (i) the right of access, understood as the prerogative that the holders have to know their personal data, as well as the conditions or generalities of processing it; (ii) the right of rectification, understood as the prerogative that the holders have to request the rectification of personal data that prove to be inaccurate or incomplete; (iii) the right of cancellation, understood as the prerogative that the holders have to request the cessation of the processing when they consider that it is not being legally processed, so it will have to be blocked (only stored for the time allowed by law or defined by the Data Controller to determine possible responsibilities regarding their processing until the legal or contractual limitation period); and (iv) the right of opposition, understood as the prerogative that the holders have to refuse the processing of their data for secondary purposes.
  9. Primary Purposes.- Those purposes for which personal data are mainly requested and for which the relationship between the Data Controller and the Holder is originated.
  10. Secondary Purposes.- Those purposes that are not essential for the relationship between the Data Controller and the Holder.

III. Collected personal data.

In order to comply with the purposes stated in this Policy, the Data Controller will process the following categories of personal data: identification, labor, contact and location. In case of being required, derived from the contracting of a service, personal patrimonial and financial data will be treated.

We inform you that sensitive personal data will not be processed.

 
IV. Purposes for processing your personal data.

Primary purposes. The Data Controller will process your personal data for the following primary purposes:

  • Contact you to offer you the services of ARCH. Such contact can be made by various means, such as telephone, email, SMS messages, instant messaging tools or through social networks.
  • Schedule appointments to visit or contact you and offer ARCH services.
  • Follow up on the activities carried out with prospective clients.
  • Present and follow up on commercial proposals and quotations.
  • Make statistical reports of the activities carried out with prospective clients.
  • To prepare the document that establishes the commercial relationship with ARCH and to carry out the actions tending to the provision, administration and follow-up of the contracted service.
  • To comply with the obligations of the parties.
  • Contact you to communicate situations related to the provision of contracted services, and where appropriate, the implementation of these.
  • To comply with legal and/or contractual obligations.
  • To carry out the actions tending to the improvement of the service provided and evaluation of its quality.
  • If applicable, to provide role registration-cancellation, administration and technical support services with respect to the tools or systems used by ARCH and managed by ARCH.
  • If applicable, to send you documentation by courier for your review and/or signature and/or acceptance and/or knowledge and/or use.
  • If applicable, identify you to authorize your entry to ARCH facilities.
  • In case you communicate through the means of communication established with ARCH, to provide you with the required attention.
  • In case of being in ARCH facilities and suffering an accident, to provide the required assistance.
  • Comply with the obligations required by law to the holder of the personal data.
  • Make operational, statistical or historical reports.
  • Where appropriate, to follow up and attend to requests for procedures made to ARCH.
  • Where appropriate, through video surveillance systems, monitoring the activities carried out in ARCH facilities, as well as providing security through video surveillance systems.

General secondary purposes. Additionally, the Data Controller will use your personal data for the following secondary purposes:

  • Invite you to events organized by ARCH.
  • Have a control of attendees to ARCH events, integration activities, challenges, contests or dynamics carried out by ARCH.
  • To send you ARCH advertising information.
  • Congratulate you for particular or general reasons.
  • If applicable, elaboration and publication of advertising with your identification data.
  • If applicable, publication of comments or testimonials of your experience with us.
  • Where appropriate, delivery and control of awards, gifts or prizes.

In case you do not want your personal data to be processed for any or all secondary purposes, from this moment you can notify us by sending an email to the address dataprivacy@archstaffing.us.

For the cases in which personal data have been obtained indirectly, you have a period of 5 (five) business days, from the first contact that the Data Controller has with you, in order to send an email to the address dataprivacy@archstaffing.us, stating the refusal to process your personal data.

The refusal to use your personal data for additional purposes may not be a reason to deny the requested services or terminate the relationship established with us.

V. Transfer of personal data.

Third-party receiving Purpose(s) Consent
Subsidiary or affiliate companies. – Processing for primary purposes. Not necessary.
Insurance companies and/or that provide medical or emergency services. – In the event of an accident at ARCH facilities and assistance is required. Not necessary.
Relatives. In the event of an accident at ARCH facilities and it is required to notify a family member. Not necessary.
Real estate leasing companies where ARCH provides services – If applicable, manage access to ARCH facilities. Not necessary.
Competent authorities – Compliance with the requirements of competent authorities, upon duly founded and motivated request Not necessary.
Authorized auditors. – Compliance with audits. Not necessary.
Strategic allies. – Report on the follow-up of the commercial prospecting procedure and, if applicable, of the contracting. Only applicable in cases where the prospective client is referred by a Strategic Ally of ARCH. Not necessary.
Business Partners. – Offering and, if applicable, rendering of services, of the nature of those provided by the Controller, but which are required by the Data Subject in countries where the Controller does not have a presence. Necessary
Social media. – Publication of advertising information. Necessary
Subsidiaries or affiliates or partners. – Participation in programs, and where appropriate, services aimed at professional and financial growth. Necessary.
New prospective clients of ARCH. – Contact to ask for references regarding the services provided by the Responsible. Not necessary.

If you do not want your personal data to be processed with respect to those transfers for which your consent is required as indicated in the table above, we ask you to send an email to the address dataprivacy@archstaffing.us.

AVI. ARCO rights and/or revocation of consent.

You or your legal representative may exercise any of the rights of Access, Rectification, Cancellation or Opposition, also known as “ARCO Rights”, as well as revoke your consent for the processing of your data, communicating this via email to the address dataprivacy@archstaffing.us, which is managed and addressed by our ARCH Personal Data Department.

You must submit an application: (i) indicate the name of the applicant, and where appropriate, his/her legal representative; (ii) prove the personality of the applicant, and where appropriate, of his/her legal representative; (iii) indicate the address and/or email where to find him/her; (iv) identify the right he/her wishes to exercise and the data on which it is required to exercise it – if it is a right of rectification, indicate the data to be corrected and the correction to be made, or if it is a right of opposition, indicate the secondary purposes on which he/she wants to exercise such right. Failure to comply with the point indicated in numeral (iii), the request will be considered as not submitted.

Once the request is received, ARCH will have 5 (five) business days to verify compliance with the provisions of the previous paragraph; in case it does not meet the requirements, ARCH will notify you and you will have 10 (ten) business days to comply with the requirement that we made. If it is not done within such period, the request will be considered as not submitted.

ARCH will have 20 (twenty) business days to inform you about the origin of your request. Once the above notification has been made, and if the exercise of the right is appropriate, ARCH will have 15 (fifteen) additional business days to make such right effective.

The terms indicated in the preceding paragraph may be extended for the same time indicated for a single occasion and for justified cause.

ARCH will keep your personal data in strict adherence to the retention periods applicable in accordance with the legislation in force in each of the States indicated in section I of the instrument herein, which are stipulated in the Quality Policy for personal data processed by the Data Controller, and that you will be able to know, by making the request to the email dataprivacy@archstaffing.us, which will be addressed in accordance with the provisions of this paragraph.

VII. Use of Cookies, web beacons or other similar technologies.

We inform you that, through our internet sites, we use cookies and other technologies, through which it is possible to monitor your behavior as an internet user, as well as provide you with a better service and experience when browsing our page. The personal data that can be obtained through the use of these technologies are the following: locations, source IP address, browser used, operating system, and access devices. These technologies may be disabled by following the procedures of the internet browser you use.

VIII. Personal data owners residing in the European Union.

About to the personal data of the Administrators and Users of the Platform, we inform you that PILAR carries out the processing in its capacity as Data Processor in accordance with the instructions of our clients (Data Controller), that is, those who contract the JOIN2WORK Platform.

In the case of potential customers and (effective) customers, we inform you:

Your personal data will be processed by Arch Florida Limited Liability Company (LLC) (hereinafter “Controller” or “ARCH”) with address at 1000 Brickell Ave, Suite 725, Miami, Florida, 33131 in the United States of America. The provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and repealing Directive 95/46/EC (General Data Protection Regulation) will be applicable only in cases where the owner of the personal data resides in the European Union.

To comply with the principle of transparency, we inform you of the following:

  1. The identity and contact details of the Data Collector: To comply with this requirement, the provisions of numeral I of this instrument will be followed.
  2. The contact details of the data collection delegate: To comply with this requirement, the provisions of numeral VI of this instrument will be followed, in particular, you must consider that the contact for issues related to the processing of your personal data is the PILAR Personal Data Department located at 1000 Brickell Ave., Suite 725, Miami, Florida, 33131 en Estados Unidos de América, and you may contact it via email dataprivacy@us.
  3. The purposes of the collection to which the personal data is destined and the legal basis of the collection. To comply with this requirement, the provisions of numeral IV of this instrument will be followed. Besides, we inform you that the legal basis for the treatment is the assumption that the treatment of your personal data is necessary for the attention of the request made, and in its case, to provide the contracted service, therefore, the treatment is necessary for the fulfillment of the legal obligations of the Data Controller. In the case of prospective clients, the legal basis is their tacit consent to the provision of this instrument.
  4. The recipients or categories of recipients of personal data. In cases where the recipients are located outside the territory, such as in the case of as subsidiaries, affiliates, business partners, media, strategic allies and/or prospective customers as provided for in section V of this instrument.
  5. The period during which the personal data will be kept. The term for which the personal data will be kept will be identified in two stages: The first refers to the time for which your personal data is used for the primary purposes indicated in numeral IV of this instrument, and at the end of such period, your personal data will be kept in the second stage regarding the blocking of your personal data, which will attend the time established by the legislation that regulates the provision of the service.
  6. The existence of the right to request from the data controller access to the personal data relating to the interested party, and its rectification or deletion, or the limitation of its processing, or to oppose the processing, as well as the right to data portability. For you to exercise the rights indicated above, the provisions of number VI of this instrument will be applicable, however, the specific rules for processing the corresponding request, the applicable precepts will be applicable according to the Regulation (EU) 2016/679.
  7. The right to file a claim with a supervisory authority. You may file a claim with the corresponding control authority in accordance with the applicable jurisdictional authority.
  8. The source from which the personal data comes. If the personal data is not obtained directly by the owner of the same, we inform you that the source of origin may be through another customer by referring us to you.
  9. We can perform and know its profiling through the tools indicated in section VIII.

IX. Changes to the instrument herein.

Any update to the document herein will be published on our website https://www.archresourcesgroup.com/

Update: April 19th, 2023.