ARMA Connect

Privacy & Cookie Policy

At ARMA Connect, we are committed to protecting your personal information and ensuring the security of the data made available through the ARMA Connect Dashboard (“the Dashboard”). This Privacy & Cookie Policy explains how we collect, use, and safeguard the information processed within the Dashboard.

Information we collect

  • Account details: To access the Dashboard, we collect your work email address and a password. Accounts are created by ARMA Connect administrators on behalf of clients through an invitation process.
  • Client and site information: The Dashboard displays compliance data, including site details and addresses. This information is fed into the Dashboard via a secure connection to our client management system.
  • Compliance documentation: Compliance reports and certificates are stored securely within our systems and made available to you via the Dashboard. Clients do not upload files directly.
  • Session information: When you log in, we collect session information for authentication and security purposes.

How we use your information

We process personal information within the Dashboard only where we have a lawful basis under UK GDPR, primarily:

  • Contractual necessity – to provide you and your organisation with access to your compliance data and documentation.
  • Legitimate interests – to maintain system security, enforce session controls, and manage user access.
  • Legal obligations – to retain compliance records in line with regulatory requirements.

Sharing your information

We do not sell or share your personal information for marketing purposes. Data may be shared only:

  • With carefully selected service providers who support the secure operation of the Dashboard.
  • Where required by law or regulatory obligation.

Data retention

  • Compliance reports: Retained for as long as they remain valid and up to five years afterwards, in line with industry and regulatory requirements.
  • User accounts: Active for as long as the user remains employed at the client organisation or until access is withdrawn.
  • Sessions: Sessions automatically expire after 72 hours of inactivity or a maximum of 30 days, whichever comes first.

Security of your information

  • The Dashboard is hosted in a secure UK-based cloud environment.
  • Authentication and session management are provided through industry-standard secure systems.
  • All compliance documentation is stored on encrypted servers.
  • Access is restricted to authorised users only, and session management ensures single active sessions per user account.

Cookies in use

The Dashboard uses only essential session cookies required to authenticate users and keep you securely logged in. No analytics, tracking, or advertising cookies are used.

Your data rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your personal data where it is no longer required.
  • Restrict or object to our processing in certain circumstances.
  • Request transfer of your personal data to another provider (data portability).
  • Lodge a complaint with the Information Commissioner’s Office (ICO).

Policy updates

We may update this Privacy & Cookie Policy from time to time. Any changes will be posted within the Dashboard with a revised “last updated” date.

Back to home