Internal Use Only Privacy Disclosure Policy

1. Introduction

This Internal Use Only Privacy Disclosure Policy (the "Policy") outlines how ARCC Inc. collects, uses, and protects customer data. This Policy is intended for internal use by all employees and contractors.

2. Purpose

The purpose of this Policy is to ensure that all employees and contractors understand their responsibilities in protecting customer data and to comply with applicable data protection laws.

3. Scope

This Policy applies to all employees, contractors, and third-party service providers who have access to customer data.

4. Data Collection

4.1 Types of Data Collected

• Personal Information: Names, addresses, email addresses, phone numbers, and other identifying information.

• Transaction Data: Information related to transactions, including payment details and purchase history.

• Usage Data: Information on how customers use our services, such as website activity and app usage.

• Device Information: Information about the devices used to access our services, including IP addresses and device IDs.

4.2 Methods of Collection

• Direct Collection: Data collected directly from customers through forms, surveys, and interactions.

• Indirect Collection: Data collected through cookies, web beacons, and other tracking technologies.

5. Data Usage

5.1 Purposes of Data Usage

• Service Delivery: To provide and improve our services.

• Customer Support: To respond to customer inquiries and provide support.

• Marketing and Communications: To send marketing materials and communications, with customer consent.

• Analytics and Improvement: To analyze usage patterns and improve our services.

• Legal and Compliance: To comply with legal obligations and internal policies.

6. Data Security

6.1 Security Measures

• Access Controls: Restrict access to customer data to authorized personnel only.

• Encryption: Use encryption to protect sensitive data both in transit and at rest.

• Regular Audits: Conduct regular security audits to identify and address vulnerabilities.

• Incident Response: Have a clear incident response plan in place to handle data breaches.

7. Data Retention and Disposal

7.1 Retention

• Customer data will be retained for as long as necessary to fulfill the purposes outlined in this Policy or as required by law.

7.2 Disposal

• Customer data will be securely disposed of when it is no longer needed, in accordance with legal and regulatory requirements.

8. Employee Responsibilities

8.1 Data Handling

• Employees must handle customer data with care and only use it for authorized purposes.

• Employees must report any suspected data breaches or security incidents immediately to the Data Protection Officer (DPO).

8.2 Training

• All employees and contractors will receive regular training on data protection and privacy practices.

9. Compliance and Enforcement

9.1 Compliance

• All employees and contractors are required to comply with this Policy and any applicable data protection laws.

9.2 Violations

• Violations of this Policy may result in disciplinary action, up to and including termination of employment or contract.

10. Policy Updates

10.1 Review and Updates

• This Policy will be reviewed and updated annually or as required by changes in law or business practices.

• Any significant changes will be communicated to all employees and contractors.

11. Contact Information

For any questions or concerns regarding this Policy, please contact the Data Protection Officer (DPO) at info@arccinc.com or 512 270-0021