Back to Home

Privacy Policy

Last Updated: 10 November 2025
Your Privacy Matters to Us. Arcturus Pro is committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, share, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

Table of Contents

  1. Data Controller Information
  2. Personal Data We Collect
  3. How We Collect Your Data
  4. Legal Basis for Processing
  5. How We Use Your Data
  6. Data Sharing and Transfers
  7. Data Retention
  8. Your Rights Under GDPR
  9. Cookies and Tracking Technologies
  10. Data Security
  11. Children's Privacy
  12. International Data Transfers
  13. Changes to This Policy
  14. Contact Us & Data Protection Officer

1. Data Controller Information

Arcturus Pro is the data controller responsible for your personal data. We are registered in Ireland and comply with Irish and EU data protection laws.

Company Details

Company Name: Arcturus Pro Limited
Registered Address: Ireland
Data Protection Registration: Registered with the Data Protection Commission (DPC) Ireland
Contact Email: privacy@arcturuspro.com

2. Personal Data We Collect

We collect different types of personal data depending on how you interact with our services:

2.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, company name, job title/role
  • Account Information: Username, password, profile preferences
  • Business Information: Company size, industry sector, project management maturity data
  • Communication Data: Messages, inquiries, feedback you send to us
  • Marketing Preferences: Your consent choices for marketing communications

2.2 Information We Collect Automatically

  • Technical Data: IP address, browser type and version, operating system, device information
  • Usage Data: Pages visited, time spent on pages, links clicked, referral sources
  • Location Data: Country and city based on IP address (not precise geolocation)
  • Cookies and Similar Technologies: See Section 9 for details

2.3 Information from Third Parties

  • Social Media: If you interact with us on LinkedIn or other platforms
  • Business Partners: Information from authorized partners or resellers
  • Publicly Available Sources: Company information from public business directories

3. How We Collect Your Data

We collect your personal data through various methods:

Collection Method Data Collected
Website Forms Pilot Programme applications, contact forms, newsletter signups
PM Maturity Assessment Assessment responses, email, company name, maturity scores
Direct Communication Email correspondence, phone calls, meeting notes
Cookies & Analytics Browsing behavior, session data, preferences
Product Usage Platform interactions, feature usage, project data (for customers)
Social Media LinkedIn interactions, comments, messages

4. Legal Basis for Processing

Under GDPR, we must have a legal basis to process your personal data. We rely on the following legal grounds:

Legal Basis Purpose
Consent Marketing emails, cookies (non-essential), newsletter subscriptions
Contractual Necessity Providing services to customers, processing orders, account management
Legitimate Interest Website analytics, improving services, fraud prevention, business development
Legal Obligation Tax compliance, responding to legal requests, regulatory requirements

Your Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

5. How We Use Your Data

We use your personal data for the following purposes:

5.1 Service Delivery

  • Providing access to the Arcturus Pro platform
  • Managing your account and authentication
  • Processing pilot programme applications
  • Delivering PM Maturity Assessment results
  • Customer support and troubleshooting

5.2 Communication

  • Responding to inquiries and requests
  • Sending service updates and notifications
  • Providing product information and demos
  • Sharing industry insights and best practices

5.3 Marketing (With Your Consent)

  • Sending promotional emails about new features
  • Newsletter distribution
  • Event invitations and webinars
  • Case studies and success stories

5.4 Business Operations

  • Website analytics and performance monitoring
  • Product development and improvement
  • Security and fraud prevention
  • Compliance with legal obligations
  • Business planning and strategy

5.5 Legal and Compliance

  • Complying with regulatory requirements (ISO, GxP, FDA)
  • Responding to legal requests
  • Protecting our rights and property
  • Enforcing our terms and conditions

6. Data Sharing and Transfers

We do not sell your personal data. We may share your information with the following categories of recipients:

6.1 Service Providers

  • Hosting Providers: Microsoft Azure (data centers in EU/Ireland)
  • Email Services: For sending communications and newsletters
  • Analytics Providers: Google Analytics (anonymized data)
  • CRM Systems: Customer relationship management platforms
  • Payment Processors: For handling subscription payments securely

6.2 Business Partners

  • Authorized resellers and implementation partners
  • Integration partners (with your permission)

6.3 Legal and Regulatory Authorities

  • When required by law or legal process
  • To protect our rights or comply with investigations
  • In response to valid government requests

6.4 Business Transfers

  • In the event of a merger, acquisition, or sale of assets

Data Processing Agreements

All third-party service providers are bound by Data Processing Agreements (DPAs) ensuring they process your data only as instructed and maintain GDPR compliance standards.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

Data Type Retention Period
Pilot Programme Applications 3 years from submission (or until you request deletion)
Assessment Results 3 years from completion (or until you request deletion)
Customer Account Data Duration of relationship + 7 years (tax/legal requirements)
Marketing Consent Until consent is withdrawn + 30 days
Website Analytics 26 months (Google Analytics default)
Communication Records 3 years from last contact
Legal/Compliance Records 7 years or as required by applicable law

After the retention period expires, we will securely delete or anonymize your personal data in accordance with data protection requirements.

8. Your Rights Under GDPR

As a data subject in the EU/EEA (including Ireland), you have the following rights:

8.1 Right of Access

You can request a copy of the personal data we hold about you, including information about how we process it.

8.2 Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances, such as:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there's no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data was processed unlawfully

8.4 Right to Restriction of Processing

You can request that we limit how we use your data in certain situations, such as when you contest the accuracy of the data.

8.5 Right to Data Portability

You can request a copy of your data in a structured, commonly used, machine-readable format to transfer to another service provider.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes at any time.

8.7 Right to Withdraw Consent

Where we process data based on consent, you can withdraw that consent at any time.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland if you believe we have violated your data protection rights.

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@arcturuspro.com or use the contact details in Section 14. We will respond to your request within one month, or inform you if we need additional time (up to 3 months for complex requests).

Data Protection Commission (Ireland)

Website: www.dataprotection.ie
Phone: +353 57 868 4800
Email: info@dataprotection.ie

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website.

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us recognize you, remember your preferences, and analyze how you use our site.

9.2 Types of Cookies We Use

Cookie Type Purpose Duration
Essential Cookies Required for website functionality, security, and navigation Session or 1 year
Analytics Cookies Help us understand how visitors use our site (Google Analytics) Up to 26 months
Functional Cookies Remember your preferences and settings 1 year
Marketing Cookies Track visits across websites for advertising purposes (with consent) Up to 2 years

9.3 Managing Cookie Preferences

You can control cookies through:

  • Cookie Consent Banner: Accept or reject non-essential cookies when you first visit
  • Browser Settings: Most browsers allow you to block or delete cookies
  • Opt-Out Links: Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

Note: Blocking essential cookies may prevent certain features from working properly.

10. Data Security

We implement robust technical and organisational measures to protect your personal data:

10.1 Technical Security Measures

  • Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Infrastructure: Hosted on Microsoft Azure enterprise-grade data centres
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection systems
  • Firewalls: Network segmentation and advanced firewall protection
  • Backups: Regular encrypted backups with disaster recovery procedures

10.2 Organizational Security Measures

  • Staff Training: Regular data protection and security awareness training
  • Access Policies: Strict need-to-know basis for data access
  • Confidentiality: All staff sign confidentiality agreements
  • Vendor Management: Due diligence on all third-party processors
  • Incident Response: Documented breach notification procedures

10.3 Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Data Protection Commission within 72 hours of becoming aware
  • Notify affected individuals without undue delay if the breach poses a high risk
  • Provide information about the breach, its potential impact, and mitigation measures

11. Children's Privacy

Arcturus Pro is a B2B platform intended for business users. We do not knowingly collect personal data from individuals under 16 years of age.

If you believe we have inadvertently collected data from a child under 16, please contact us immediately at privacy@arcturuspro.com and we will delete that information promptly.

12. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA), specifically in Ireland and other EU data centers operated by Microsoft Azure.

12.1 Transfers Outside the EEA

In limited circumstances, we may transfer data outside the EEA to service providers. When this occurs, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved contracts ensuring GDPR-level protection
  • Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
  • Additional Safeguards: Supplementary measures such as encryption and access controls

12.2 Microsoft Azure Data Residency

Our primary hosting provider, Microsoft Azure, maintains data centers in Ireland and the EU, ensuring data residency within the European Economic Area.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will provide prominent notice on our website
  • We may send email notifications to registered users
  • Continued use of our services after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact Us & Data Protection Officer

Get in Touch

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your personal data, please contact us:

Data Protection Officer: privacy@arcturuspro.com
privacy@arcturuspro.com
General Inquiries: info@arcturuspro.com
Arcturus Pro Limited, Ireland

Response Time: We aim to respond to all privacy inquiries within 5 business days and fulfill data subject rights requests within one month.

Governing Law

This Privacy Policy is governed by Irish law and EU data protection regulations (GDPR). Any disputes arising from this policy will be subject to the exclusive jurisdiction of the Irish courts.