PRIVACY NOTICE

PRIVACY NOTICE 

Welcome to Our privacy notice (hereinafter referred to as the “Privacy Notice”), updated on 30 July 2025. This Privacy Notice relates to the use of the Website www.arrise.com (hereinafter referred to as the “Website”) and the recruitment and hiring process of the same. 

ARRISE (hereinafter referred to as the “Company,” “We,” “Us,” and/or “Our”) respects your privacy, security, and online safety, and are committed to processing your Personal Data in compliance with applicable laws including but not limited to Regulation (EU) 2016/679) of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as  the “GDPR”). 

We may change this Privacy Notice at any time, and if We do, We will notify you of the changes to this page as well as the date that the changes take effect. 

We encourage and recommend all visitors of the Website to read this Privacy Notice in full.  

1.  Introduction

1.1 The Data Controller of your Personal Data is ARRISE. If you have any questions about this Privacy Notice or the processing of your Personal Data, please contact Our data protection officer (hereinafter referred to as the “DPO”) at privacy@arrise.com.

1.2 This Privacy Notice explains how We collect, process, use, store and protect your Personal Data as well as your rights with respect to your use of Our Website.

1.3 By using the Website and/or through the submission of an application or other Personal Data for an open position with Us, you acknowledge that the Company and any entities within its Group will process your Personal Data in accordance with this Privacy Notice. If you do not wish to provide your Personal Data on the basis set out in this Privacy Notice, you should not enter the relevant data on the Website forms or otherwise provide us with any of your Personal Data. However, if you do not provide this Personal Data, We may not be able to provide support on your use of the Website including your queries relating to job applications ..  

2. Definitions

The capitalised terms shall have the meanings set out hereunder: 

  • Data Controller”: Is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
     
  • Data Processor”: Is a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller.
     
  • Data Subject”: A natural person whose Personal Data is processed by a Data Controller or Data Processor.
     
  • Data Subject Rights”: As described in Articles 12 to 23 of the GDPR, Data Subjects have specific rights in relation to the data the Company holds. These are the right of access, erasure, restriction, portability and objection to automated decision-making. 

 

  • Data Protection Officer”: The individual formally appointed under Article 37 of the GDPR to oversee data protection strategy and implementation, monitor compliance, advise on DPIAs, act as a contact point for supervisory authorities, and serve as a resource for Data Subjects.
     
  • Group”: All entities directly or indirectly, controlling, controlled by or under common control with the Company that process Personal Data in accordance with applicable data protection laws, including the GDPR.
     
  • Personal Data”: The definition of personal data is intentionally broad and can be found in Article 4(1) of the GDPR. It refers to any information relating or that can be traced back to an identified or identifiable natural person (‘data subject’). This includes direct, indirect identifiers such as name, identification number (IP address, employee ID etc.), location data (dynamic & static IPs), online identifiers (metadata, device ID, kiss metrics etc.), physical appearance, physiological, genetic, mental, economic, cultural, or social identity of that natural person.  

 

  • Services”: The services provided by the Company through the Website. 

 

  • User”: Refers to any individual who accesses or browses the Website, or interacts with the Website in any other way. 

3. Personal Data We collect

3.1 We collect the Personal Data which you provide to us, including when you register interest on our registration forms or when you apply for an open position with Us. In addition, We collect information about your use of the Website and other information necessary for us as set out in this Privacy Notice.  

3.2 Website Usage 

3.2.1 In regard to your use of the Website, We collect the: 

  • IP address; 
  • age confirmation;  
  • Users’ device data;  
  • General communication data;  
  • Browsing data and  
  • information on user preferences regarding the Website. 

3.3 Recruitment  

3.3.1 For the purposes of recruitment, We may collect and process the following categories of Personal Data: 

  • Identification data (e.g., full name, date of birth, address, nationality, passport); 
  • Contact data (e.g., email address, telephone number); and 
  • Application data (e.g., CV, cover letter, work experience, education history). 
  • Interview Information (e.g. audition video, interview notes and other supporting documentation)

4. Purpose and Legal Basis for Processing 

4.1 In accordance with data protection laws, We will only process your Personal Data where We have a lawful basis for doing so.  

4.2 Website Usage  

4.2.1 The Company may process your Personal Data to comply with its legal obligations, and for the following purposes, based on the following legal bases: 

  • Administration and development of the Website – based on the Company’s legitimate interests in accordance with Article 6(1)(f) of the GDPR, to ensure functionality, stability, and continuous improvement of the Website; 
  • Enhancement of User’s experience – based on the Company’s legitimate interests in accordance with Article 6(1)(f) of the GDPR, to improve usability and user satisfaction.; 
  • Detection, investigation, and prevention of fraudulent activity and other illegal activities and protection of your rights and rights of the Company – based on the Company’s legitimate interests in accordance with Article 6(1)(f) of the GDPR and its obligation to comply with legal obligations in accordance with Article 6(1)(c) of the GDPR; 
  • Collection, processing, and performing statistical and other research and analysis of information for enhancement of the Website and the Services – based on legitimate interests in accordance with Article 6(1)(f) of the GDPR; and 
  • Verifying compliance with the Terms and Conditions of the Website – based on legitimate interests in accordance with Article 6(1)(f) of the GDPR to enforce contractual terms and protect the Company’s services and integrity. 

4.2.2 The Company may request and process additional Personal Data only with your lawful consent in accordance with Article 6(1)(a) of the GDPR for the following purposes: 

  • For the purposes of commercial communication, marketing, and advertising of Our Services or third-party Services via SMS, telephone, e-mail, internet, fax, mail, social media and/or any other appropriate communication channels; and 
  • For personified market research and/or analysis purposes to better understand your needs, preferences, interests, experiences, and/or habits as a consumer. 

You have the right to withdraw your consent to Our processing of your Personal Data at any time in writing to Our contact details mentioned in this Privacy Notice. Withdrawal of your consent does not affect the lawfulness of the processing based on consent before its withdrawal. 

4.3 Recruitment 

4.3.1 Your Personal Data is processed for the purpose of assessing your suitability for employment with the Company. The legal bases for such processing are: 

  • Article 6(1)(b) GDPR-Performance of a contract: Processing is necessary in order to take steps at your request prior to entering into a contract; and 
  • Article 6(1)(f) GDPR- legitimate interest: Processing is necessary for the purposes of the legitimate interests pursued by the Controller, namely the recruitment of suitable personnel. 
  • We use third parties who will collect Personal Data and further information from you directly, to support us in gathering and confirming (but not limited to): professional reference checks, criminal checks, identity, right to work check, adverse finance check (anti-money laundering) and qualification check. If you have any questions about the use of this data, please contact privacy@arrise.com.   
  • As part of our External Referral Program, we may receive your Personal Data (such as your name, email address, phone number, and address) from an individual who has referred you for a potential employment opportunity with Us. Before any processing of this data occurs, We require your consent, which is obtained through our External Referral Program – Consent Form. This ensures your rights under Article 6(1)(a) of the GDPR are respected. 
  • The External Referral Consent Form outlines: 
  • What Personal Data we collect from referrals; 
  • The purposes of processing (contacting you and evaluating your suitability for employment); 
  • Your rights under the GDPR; 
  • How to withdraw your consent. 

You are under no obligation to proceed, and if consent is not given, your Personal Data will not be retained. For more information, please refer to the External Referral Program – Consent Form or contact our Data Protection Officer at privacy@arrise.com. 

5. Recipients and Categories of Recipients of Personal Data 

5.1 We may, for the identified stated purposes, disclose your Personal Data to any of the following recipients: 

  • any entities in the Group (including to its employees and sub-contractors) which assist the Company in fulfilling the stated purposes or which otherwise has a need to know such information; 
  • any third party which assists the Company in fulfilling the stated purposes, including (but not limited to) providing support through Human Resources, Legal, Commercial, Compliance or our Information Security teams; 
  • any third party which can assist the Company in verifying the accuracy of your Personal Data, including financial institutions and credit reference agencies (a record of the search may be retained by such third party); 
  • any third party which assists the Company in monitoring use of our Website, including the detection and prevention of fraud and collusion; 
  • any contractors or other advisers auditing any of our business processes or who have the need to access such information for the purpose of advising the Company; 
  • any law enforcement body which may have any reasonable need to access your Personal Data; and 
  • any potential purchaser of Our business or any investors in it or in any company within Our Group (including in the event of insolvency). 
  • Any service provider or consultant who provides required services to the Company 

 

5.2 If at any time you wish us to stop processing your Personal Data, please contact Us at privacy@arrise.com 

 

6. Marketing Preferences 

6.1 The Company and any entity within the Group will not send you unsolicited information regarding any third party’s products or services, without your prior consent. You will always have the opportunity to provide or withdraw your consent to receive such communications, and we will respect your preferences accordingly. 

6.2 Where an application is submitted for an open position with the Company, and such application does not result in a job offer, you will have the opportunity to choose whether or not to receive information on future job postings for another twelve (12) months. You will have the opportunity to inform Us that you no longer wish to receive such information at a later date or be able to unsubscribe from any automatic email updates within your account. Alternatively, please feel free to contact privacy@arrise.com to request a deletion of your profile. 

7. International Data Transfers 

7.1 Your Personal Data will be transferred outside of the European Economic Area (hereinafter referred to as the “EEA”), both to Us and other members of our Group. This includes, but is not limited to, the Ukraine, Isle of Man, Guernsey, India, or any location where you have applied for a position.  

7.2 Where We transfer your Personal Data outside of the EEA, We will put in place adequate measures to ensure that your Personal Data is kept secure (and such adequate measures shall include: (i) transferring to a jurisdiction which the European Commission recognises as providing adequate protection for the rights and freedoms of data subjects in connection with the processing of their personal data; and (ii) transfers pursuant to standard contractual clauses in accordance with European Commission decisions on transferring Personal Data). 

8. Updating your Personal Data 

8.1 You may request an update or deletion of your Personal Data at any time by contacting privacy@arrise.com 

9. Data Subject Rights  

9.1 You have the following rights in relation to your Personal Data: 

  • a right to access your Personal Data as held by Us (also known as a subject access request); 
  • a right to receive certain Personal Data in machine-readable format; 
  • a right to object to processing where the lawful basis relies on our legitimate interests, however, please note that We may still process your Personal Data where there are other relevant lawful bases or where We have compelling grounds to continue processing your Personal Data in our interests which are not overridden by your rights, interests or freedoms; 
  • a right to have inaccurate Personal Data rectified; 
  • a right to have certain Personal Data erased where it is no longer necessary for us to process it or where erasing your Personal Data is required in accordance with a legal obligation;  
  • a right to request an explanation of the logic involved where We make decisions about you solely through automated means; 
  • a right to complain to the Information and Data Protection Commissioner (Malta) at https://idpc.org.mt/, if you have any complaints regarding Data Protection; 
  • where We have specifically requested your consent to process your Personal Data and have no other lawful conditions to rely on, you have the right to withdraw this consent; and 
  • a right to object to direct marketing, which can be done by opting out of direct marketing via the communication itself.  You also have a right to object to any profiling to the extent that it relates to direct marketing only. 

9.2 If you are unsure about your rights or are concerned about how your Personal Data may be processed, you should contact us at privacy@arrise.com and/or your national data protection regulator.  

9.3 If you would like to exercise any of your rights, then you can do so by contacting Us as described below.  Please be aware that while We will try to accommodate any request you make in respect of your rights; they are not absolute rights.  This means that We may have to refuse your request or may only be able to comply with it in part.  

9.4 Where you make a request in respect of your rights, We will require proof of identification.  We may also ask that you clarify your request. We will aim to respond to any request within one month of verifying your identity.  If We receive repeated requests or have reason to believe requests are being made unreasonably, We reserve the right not to respond.  

10. Retention Periods 

10.1 Website Usage 

10.1.1 We will retain your Personal Data for the period necessary for Us to comply with Our legal and regulatory responsibilities and fulfil Our legitimate business interests, or until you withdraw your consent.  Accordingly, where it is no longer necessary for Us to process your Personal Data, We will delete it sooner. 

10.1.2 Furthermore, the Company may retain your Personal Information after the expiration of the relevant processing purposes in the following limited cases: 

  • In case that there is a legal obligation under a relevant statutory provision. 
  • In case of any claims against the Company, for as long as necessary to defend Our rights and legitimate interests before any competent court and any other public authority. 
  • After the period of retention, your Personal Information is erased from Our databases and systems. 
  • For more information about data retention terms in relation to specific Personal Information, please contact Us at privacy@arrise.com. 

 

10.2 Recruitment  

10.2.1 For recruitment purposes, We will retain your Personal Data for a period of twelve (12) months from the date of last contact or application submission, unless a longer retention period is required or permitted by applicable law. 

11. Contacting us 

11.1 If at any time you believe that We have not adhered to this Privacy Notice, please contact our privacy team at privacy@arrise.com 

12. Security 

12.1 We are committed to ensuring that your Personal Data is secure. To prevent unauthorized access or disclosure, We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the Personal Data that We collect. 

12.2 All the Personal Data that you provide us is stored in a secure computing environment protected by secure firewalls to prevent unauthorized access. We control access so that only people who need to access the Personal Data can.  All staff are provided security training and are required to adhere to a comprehensive set of security policies, procedures, and standards related to their jobs. 

12.3 Where your Personal Data needs to be disclosed to our service providers, We require them to process and protect your Personal Data in a manner consistent with this Privacy Notice and applicable laws. 

13. Testing 

13.1 Occasionally, We may share limited Personal Data to test a new third-party service or new software providers, to improve our capabilities to adhere regulatory requirements. Any Personal Information shared will be fully restricted for the purpose of testing of services, new software, new third-party providers capabilities. This is a mandatory aspect of continuous improvement of services We offer to players and clients. 

13.2 Any data shared to conduct these tests will be deleted promptly at the end of the testing period. 

14. Your Obligations 

14.1 By using Our Website and when submitting a job application with Us, you acknowledge that you are required to provide your actual, accurate and complete Personal Data as requested by the Company. Furthermore, you must inform Us of any changes to your Personal Information so as to ensure it is kept up-to-date and accurate. 

14.2 If you are found to be in breach of your obligations or if We have reasonable suspicion that the Personal Information you provide is false or incomplete or in any way contrary to applicable law or this Privacy Notice, We retain the right to reject your application for registration or to suspend or terminate your Account immediately without notice. In this case, you have no right to any compensation due to the rejection of your application, or the suspension or termination of your account. 

15. Cookies

15.1 When visiting our Website, We collect cookies from your device, for more information, please read our Cookies Notice