Become a Client
Become a Client

Privacy Policy

Last updated: August 7, 2025

This Privacy Policy explains how Arvion (“Arvion,” “we,” “us,” or “our”) collects, uses, and protects your personal data when you visit our website at https://arvion.net (the “Site”), contact us, or use our services. We are a creative digital agency based in the UK, serving clients globally. We are committed to protecting your privacy and handling your data in a transparent and lawful manner.

Governing Law: This Privacy Policy is governed by UK law, specifically the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a global agency, we aim to comply with all applicable data protection laws worldwide, including the EU GDPR, California Consumer Privacy Act (CCPA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

By using our Site or services, you agree to the collection and use of your information in accordance with this policy.

 

1. Who We Are

Arvion is a UK-based creative digital agency specializing in UI/UX design, branding, website, app, and API development, digital marketing, graphics design, and video editing. Our registered address is [ ]. For data protection purposes, we are the data controller of the personal data we collect from you.

ICO Registration: [ ]

 

2. Information We Collect

We collect personal data to provide and improve our services, communicate with you, and operate our business. Below is a detailed breakdown of the specific data we collect and why:

Contact Information:

  • What we collect: Name, email address, phone number, company name, job title, budget range, project description, preferred contact method
  • How we collect it: Contact forms, email inquiries, phone calls, video consultations, payment gateways, freelance platform communications (Upwork, Fiverr, etc.)
  • Why we collect it: To respond to inquiries, provide quotes, schedule consultations, and maintain client relationships
  • Legal basis: Contractual necessity (to fulfill service requests) and legitimate interests (business communication)

Website Usage Data:

  • What we collect: IP address, browser type and version, operating system, device information, referral source, pages viewed, time spent on pages, click patterns, session duration, geographic location (country/city level)
  • How we collect it: Automatically through cookies, web beacons, and analytics tools
  • Why we collect it: To analyze website performance, improve user experience, understand visitor behavior, and enhance our services
  • Legal basis: Legitimate interests (website optimization and business improvement)

Third-Party Analytics Data:

  • Google Analytics collects: IP address (anonymized), browser information, device data, page views, session data, demographic information, user interactions
  • Purpose: Website traffic analysis, user behavior insights, marketing effectiveness measurement
  • Legal basis: Legitimate interests (website optimization and marketing analysis)

Customer & Project Data:

  • What we collect: Business details, industry information, target audience data, project specifications, brand guidelines, communication history, file versions, feedback, approval records
  • Why we collect it: To deliver contracted services, maintain project records, and ensure quality delivery
  • Legal basis: Contractual necessity

Client Assets & Materials:

  • What we collect: Brand assets (logos, fonts, images, videos, audio files), existing marketing materials, product information, website content, design briefs, proprietary business information, trade secrets, reference materials
  • Why we collect it: To complete contracted design, development, and marketing services
  • Legal basis: Contractual necessity
  • Special considerations: We may process sensitive business information; all materials are treated as confidential

Marketing and Communication Data:

  • What we collect: Email preferences, communication history, engagement data (email opens, clicks), unsubscribe records
  • Why we collect it: To send newsletters, service updates, and marketing communications
  • Legal basis: Consent (which can be withdrawn at any time)

Financial Information:

  • What we collect: Billing address, payment method details (processed by third-party payment providers), transaction history, invoice records
  • Why we collect it: To process payments and maintain financial records
  • Legal basis: Contractual necessity and legal obligation (accounting requirements)

 

3. How We Use Your Information

We use the data we collect for the following purposes:

To Provide Services: To fulfill our contractual obligations, including delivering UI/UX design, development, digital marketing, and other current and future services. This includes processing client-provided assets and materials solely for project completion.

To Store and Manage Client Assets: We securely store client-provided materials (logos, content, media files, etc.) for the duration of projects and retain them as specified in our data retention policy.

To Communicate with You: To respond to your inquiries, provide customer support, and send you updates about your projects.

To Improve Our Website and Services: We analyze website usage data to understand how visitors interact with our Site, which helps us enhance its functionality, content, and user experience.

For Marketing and Promotion: With your consent, we may use your contact information to send you marketing materials, newsletters, and information about our services. You can opt out of these communications at any time.

For Legal and Regulatory Compliance: To comply with our legal obligations, enforce our terms and conditions, and protect our rights and the rights of our clients.

 

4. Legal Basis for Processing

Under UK and EU data protection laws (including the UK GDPR), we must have a valid legal basis to process your personal data. Our legal bases are:

Contractual Necessity: We process your data to perform our contract with you or to take steps at your request before entering into a contract (e.g., when you request a quote or consultation). This applies to client project data, contact information for service delivery, and payment processing.

Legitimate Interests: We process data where it is necessary for our legitimate interests as a business, provided your rights and freedoms do not override those interests. Our legitimate interests include:

  • Website Analytics: “To improve website functionality, user experience, and optimize our services for the benefit of our users and business growth”
  • Marketing to Existing Clients: “To maintain client relationships and inform existing clients about relevant services”
  • Security and Fraud Prevention: “To protect our business and clients from security threats and fraudulent activities”
  • Business Development: “To analyze market trends and improve our service offerings”

Consent: In some cases, we rely on your explicit consent to process your data, particularly for:

  • Marketing communications to prospects
  • Newsletter subscriptions
  • Non-essential cookies
  • Portfolio use of client work You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legal Obligation: We process your data to comply with legal or regulatory obligations, such as:

  • UK tax and accounting laws (requiring 6-year retention of financial records)
  • Anti-money laundering regulations
  • Court orders or legal requests from authorities

5. How We Share Your Information

We do not sell, rent, or trade your personal data with third parties. We may share your information with the following categories of recipients:

Service Providers and Their Specific Data Access:

  • Website hosting providers (e.g., [ ]): Server logs, IP addresses, website usage data – hosted in UK and Ireland
  • Email communication platforms (Google Workspace, Mailchimp): Contact information, communication content, engagement data
  • Analytics services (Google Analytics): IP addresses (anonymized), browser data, page views, user behavior data
  • Cloud storage providers (Google Drive, Dropbox): Client files, project assets, communication records
  • Payment processors (Stripe, PayPal): Billing information, transaction data
  • Project management tools (Clickup, Notion, Trello): Project details, client communication, task data
  • Design and development platforms (Figma, GitHub): Design files, code repositories, project assets
  • Content delivery networks (CDNs): Website files, cached content
  • File sharing and collaboration tools: Client assets, project files, communication records

Data Processing Agreements: All service providers are bound by Data Processing Agreements (DPAs) that require them to protect your data and only use it for the purposes we specify.

Legal and Regulatory Authorities: We may disclose your information if required by law or to respond to valid legal requests, such as a court order, subpoena, or regulatory investigation.

Business Transfers: In the event of a merger, acquisition, or sale of our assets, your data may be transferred as part of that transaction. You will be notified of any such change in ownership or control of your personal data.

6. International Data Transfers

Data Storage Locations: As a UK-based company serving global clients, your personal data may be transferred to and stored in countries outside the UK and European Economic Area (EEA). Our primary data storage locations include:

  • Primary servers: UK and Ireland (adequate protection)
  • Backup systems: EU member states (adequate protection)
  • Third-party services: May include USA and other countries

Transfer Safeguards: When we transfer your data to countries without an adequacy decision, we implement appropriate safeguards:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission and UK government
  • Binding Corporate Rules (BCRs): For multinational service providers
  • Adequacy decisions: Where the destination country has been deemed to provide adequate protection
  • Derogations: In specific situations, such as with your explicit consent or for contract performance

Third-Party Provider Vetting: We carefully assess all international service providers for their data protection practices and ensure they provide adequate safeguards for international transfers.

 

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Our specific retention periods are:

Contact Inquiries: 24 months from last contact to allow for follow-up with potential clients, unless you become a client 

Client Project Data: 7 years after project completion (required for UK accounting and legal compliance under Companies Act 2006) 

Client Assets & Materials:

  • Working files and development assets: 2 years after project completion (unless client requests earlier return or deletion)
  • Final deliverables provided to client: 1 year after project completion for support purposes
  • Confidential or proprietary materials: Returned to client or securely deleted within 30 days of project completion (unless otherwise agreed in writing) 
  • Marketing Data: Until you withdraw consent, unsubscribe, or 5 years of inactivity, whichever comes first 
  • Website Analytics: 26 months (Google Analytics default setting) 
  • Financial Records: 6 years after the end of the accounting period (UK HMRC requirement) 
  • Communication Records: 3 years from last communication (for customer service and legal protection)

Secure Deletion Process: After retention periods expire, we permanently delete or anonymize your data using industry-standard data destruction methods. For digital files, we use multi-pass overwriting techniques. For physical media, we use certified destruction services. We maintain logs of deletion activities for audit purposes.

 

8. Data Security

We implement comprehensive technical and organizational measures to protect your personal data from unauthorized access, loss, misuse, or disclosure:

Technical Safeguards:

  • Encryption: All data is encrypted in transit using SSL/TLS protocols and at rest using AES-256 encryption
  • Access Controls: Multi-factor authentication, role-based access, and principle of least privilege
  • Firewalls and Network Security: Enterprise-grade firewalls and intrusion detection systems
  • Secure Hosting: Data hosted with certified providers meeting ISO 27001 and SOC 2 standards
  • Regular Backups: Automated, encrypted backups with geographically distributed storage

Organizational Safeguards:

  • Staff Training: Regular data protection and security awareness training for all employees
  • Confidentiality Agreements: All staff and contractors sign comprehensive confidentiality agreements
  • Security Policies: Written information security policies and procedures
  • Incident Response: Documented procedures for handling potential security incidents
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Vendor Management: Due diligence and ongoing monitoring of third-party service providers

Limitations: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to maintaining industry best practices.

 

9. Your Rights

Under UK and international data protection laws, you have the following rights regarding your personal data:

Right to Access: You have the right to request a copy of the personal data we hold about you, including information about how we process it within the retention period.

Right to Rectification: You can request that we correct any inaccurate or incomplete personal data without undue delay.

Right to Erasure (‘Right to be Forgotten’): You can request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent (where consent was the legal basis)
  • The data has been unlawfully processed
  • Erasure is required for legal compliance 

Note: This right may be limited where we have a legal obligation to retain the data (e.g., financial records for tax purposes).

Right to Restrict Processing: You can request that we limit how we use your personal data in certain circumstances, such as while we verify its accuracy.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., CSV, JSON) and transmit it to another controller.

Right to Object: You can object to processing based on legitimate interests, particularly for direct marketing purposes (which we will stop immediately).

Right to Withdraw Consent: Where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

How to Exercise Your Rights: To exercise any of these rights, please email us at privacy@arvion.com with the subject line “Data Subject Request” and include:

  • Your full name and contact information
  • Specific right you wish to exercise
  • Any relevant details to help us locate your data

Response Time: We will respond to all valid requests within one month of receipt. For complex requests, we may extend this by an additional two months and will notify you of any delay.

Fees: Most requests are free, but we may charge a reasonable fee for excessive or repetitive requests.

Right to Complain: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

  • Website: https://ico.org.uk/make-a-complaint/
  • Helpline: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 

10. Automated Decision Making and Profiling

Current Status: We do not currently use automated decision-making processes or profiling that would significantly affect you. All business decisions involving your personal data are made by humans.

Future Changes: If we implement automated processing in the future (such as automated client matching or pricing algorithms), we will:

  • Update this privacy policy with detailed information
  • Notify affected users in advance
  • Provide information about the logic involved
  • Offer the right to request human intervention
  • Allow you to express your point of view and contest decisions

 

11. Children’s Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

 

12. Data Breach Notification

In the unlikely event of a data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by law. We will provide information about the nature of the breach and the steps we are taking to address it.

 

13. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience. Cookies are small text files stored on your device. We use them for:

Essential Cookies: Necessary for the website to function properly 

Functionality Cookies: Remember your preferences and settings 

Analytics Cookies: Help us understand how you use our Site to improve it (Google Analytics) 

Marketing Cookies: Provide personalized content and track marketing effectiveness

You can control cookies through your browser settings, but disabling them may affect the functionality of our Site.

 

14. Third-Party Websites

Our Site may contain links to other websites, such as social media platforms or client sites. This Privacy Policy only applies to our Site. We are not responsible for the privacy practices of other websites, so we encourage you to read their privacy policies.

 

15. Updates to This Policy

Change Notification Process:

  • Minor changes: We will update the “Last updated” date and post the revised policy on our website
  • Significant changes: We will notify you via email (if you have provided your email address) at least 30 days before the changes take effect
  • Material changes affecting your rights: We may require your renewed consent before implementing changes

What We Consider Significant Changes:

  • Changes to legal basis for processing
  • New categories of personal data collection
  • New purposes for data processing
  • Changes to data retention periods
  • New third-party data sharing arrangements

Your Options: If you disagree with policy changes, you may:

  • Object to the changes (where applicable)
  • Withdraw consent for future processing
  • Request deletion of your data (subject to legal limitations)
  • Close your account or discontinue our services

Version History: We maintain records of previous policy versions for transparency and legal compliance.

Effective Date: This Privacy Policy is effective as of August 7, 2025, and supersedes all previous versions.

 

16. Client Assets and Intellectual Property

Ownership: All client-provided assets, materials, and intellectual property remain the sole property of the client. We do not claim any ownership rights over materials provided to us.

Confidentiality: We treat all client assets and materials as confidential information. Our team members and contractors are bound by confidentiality agreements and will not disclose, use, or reproduce client materials for any purpose other than delivering the agreed services.

Security of Client Assets: Client materials are stored securely using industry-standard encryption and access controls. Access is limited to team members directly involved in your project.

Use Limitations: Client assets are used exclusively for:

  • Completing the contracted services
  • Creating backups for project continuity
  • Quality assurance and testing purposes
  • Legal compliance where required

Portfolio and Marketing Use: We will not use client materials, assets, or project details in our portfolio, case studies, or marketing materials without explicit written consent from the client.

Return of Materials: Upon project completion or termination, we will:

  • Return all client-provided materials upon request
  • Securely delete client assets from our systems as per the retention schedule
  • Provide confirmation of deletion when requested

Third-Party Assets: If you provide materials that contain third-party intellectual property, you confirm that you have the necessary rights and permissions for us to use these materials in delivering our services.

 

17. Contact Us

For Privacy-Related Inquiries, contact us via;

Privacy Email: privacy@arvion.com (recommended for data subject requests) 

General Email: hello@arvion.com 

Address: [ ] 

Phone: +(880) 164 408 565

For Data Subject Requests: Please use the subject line “Data Subject Request” and include your full name, contact information, and specific request details.

Response Time: We aim to respond to all inquiries within 3-5 business days, and data subject requests within one month as required by law.

For EU Residents: You may also contact your local data protection authority in your EU member state.

 

This Privacy Policy is effective as of August 7, 2025, and applies to all information collected by Arvion.