We are committed to your privacy 

We always treat your information with the highest standards of confidentiality and security.

Privacy Policy

This privacy policy explains:

  1. Who we are
  2. Data Protection Information
  3. Why we collect your data
  4. Types of personal data we collect
  5. Where does this information come from?
  6. How we use your data
  7. How the law applies to The Ark
  8. How long we store your information
  9. How we store your information
  10. Sharing your information
  11. International Transfers
  12. Your data protection rights
  13. What to do if you’re not happy
  14. Notification of changes to this Privacy Notice


1. Who we are 

The Ark (cm) Limited is an established UK-based company providing data quality products to help organisations keep their data up-to-date and accurate and to help them comply with relevant data laws.

Our registered office is Unit 1 The Old Barn, Wicklesham Lodge Farm, Faringdon, Oxfordshire, SN7 7PN and company registered number is 04659992.

The Ark (cm) Limited is registered as a data controller with the Information Commissioner Office (ICO) under number Z9518886.


2. Data Protection

We know you care about your privacy and the protection of your personal information, so we will always treat your information with the highest standards of confidentiality and security.

Because we are committed to your privacy, we take great care to handle all information that we collect about you lawfully in accordance with Data Protection Law, including the General Data Protection Regulation (EU) 2016/679 (GDPR), The Data Protection Act (2018) (DPA18), the Privacy and Electronic Communications Act (2003) (PECR) and other regulatory requirements.

This includes ensuring that data we hold is:

  • Processed lawfully, fairly and in a transparent way.
  • Not processed in a manner that is incompatible with what it was collected for.
  • Kept relevant and kept up to date.
  • Only retained for as long as it is necessary for the purposes it was collected for.
  • Kept securely by ensuring we have appropriate technical and organisational measures to keep data confidential.

To find out more you can visit Information Commissioner’s Office website (http://ico.org.uk).

This Privacy Policy came into effect on 25 May 2018 and applies to all personal data gathered when you engage with you. If you have any questions about what’s detailed here or want to know more about how we’re making privacy a priority, please get in touch by email on 2by2@ark-data.co.uk – we want to make sure you are comfortable with how we manage your personal information.


3. Why we collect your data

The Ark holds and processes certain information about our staff and other individuals we have dealings with for various purposes, including providing information and support to our clients, for administrative purposes, and for the provision of suppression files.


Re-mover is a suppression file created by us.  It contains the details of gone aways (people who have moved away from an address) that we have collected over a number of years and is used by organisations to help businesses keep their customer information up to date and accurate.  Re-mover helps businesses to reduce wastage caused by mailing gone aways and, more importantly, helps to reduce the opportunity for identity fraud.  Letters containing sensitive information, such as credit card and bank statements, are often used by fraudsters to assume the identity of another person, especially if the letter is sent to an address the individual is no longer living at.  Reducing the number of incorrectly addressed letters dramatically limits the risk of identity fraud taking place, protecting both the individual and the organisation.

National Deceased Register

The Ark also produces the National Deceased Register (NDR) which is a suppression file used by organisations to identify deceased customers and prospects on their campaign databases in order for them to be deleted, or flagged and removed from marketing activities. The Register is not used for marketing or targeting households where a death has occurred. The data included in the National Deceased Register is not personal data as it relates to people who have died.


4. Types of personal data we collect

Re-mover contains only name and address data – we do not receive or hold e-mail addresses, landline and/or mobile telephone numbers, dates of birth, IP addresses or any other personal information.  Additionally, Re-mover does not hold details of where an individual has moved from or where they have moved to.

If you are a client, supplier or contractor, we may collect the following types of information from you:

  • Your first name or initial, and surname
  • Your email address
  • Your telephone number
  • Your postal address
  • Your financial information
  • A record of our communications with you

If you’ve made an enquiry or are visiting our website, we may collect:

  • Your first name or initial, and surname
  • Your email address
  • Your telephone number
  • Your postal address
  • Your cookies

If you are an employee or a prospective employee, we will collect:

  • your name, address and contact details, including email address and telephone number, date of birth and gender
  • details of your qualifications, skills, experience and employment history, including start and end dates with previous employers and with us
  • information about your salary, including entitlement to benefits such as pensions or death in service insurance cover
  • details of your bank account and national insurance number
  • information about your marital status, next of kin, dependents and emergency contacts
  • information about your nationality and entitlement to work in the UK
  • information about your criminal record
  • details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence
  • information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments


5. Where does this information come from?

We collect personal information in several different ways. For example, we may collect your data if you submit a contact form to our website, apply for a job, if you call us, or if you send us an email.

We also receive information from data contributors, all of which comply with data protection legislation and are registered with the ICO.

For further details on how we process this information visit our Ark Data Usage.docx.


Cookies are small text-only files used by websites to recognize returning visitors and tailor content or advertising more effectively. We use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

If you wish to disable cookies, then you can do so by adjusting your browser settings.


6. How we use your data

The information that we collect directly from you will be used to:

  • provide you with information about the products and services we offer
  • provide you with a more personalised and relevant service
  • improve our products and services
  • conduct market research
  • suppress details from database
  • recruiting and employing staff
  • answer enquiries
  • support client administration
  • ensure the appropriate administration of a company


7. How the law applies to The Ark 

From 25 May 2018, the GDPR applies to our collection and use of your personal data. Under GDPR The Ark is required to have a legal basis for processing for both collecting and using your personal data. We use the following legal bases for processing: Contract, Legal Obligation, Legitimate Interest & Consent.

We will normally collect personal information from you only where we have your consent to do so, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or (in some cases) where we need the personal information to perform a contract with you.  We may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

Sensitive data (such as information about health status, sexual orientation or religious beliefs) will not generally be obtained, held, used or disclosed, unless you have given explicit consent. This means we must let you know why we need the data and get your agreement to hold it.


8. How long we keep your information

We retain personal information we collect from you where we have an ongoing legitimate need to do so (for example, to provide a service to our licensees, provide you with our services or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate need to process your personal information, we will delete, shred or anonymise it.


9. How we store your information

We are committed to protecting the security of your personal information. We use a range of security technologies and procedures to help protect your personal information from unauthorised access, use, or disclosure. We store your personal information on secure servers located in the UK with limited access.

We will take all steps reasonably necessary to ensure your personal information is treated securely and in accordance with this privacy policy.


10. Sharing your information 

We may disclose your information to third parties in the following circumstances:

  • If we sell or buy any business or assets, in which case we may disclose your personal information to the prospective buyer or seller.
  • If The Ark (cm) Limited or its assets are acquired by a third party, in which case personal information held by us will be transferred.
  • If we are required to disclose or share your personal information due to a legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of The Ark (cm) Limited, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • Details of individuals on National Deceased Register and Re-mover may be licenced and passed to third parties who will use this information to identify inaccuracies within their own or their clients’ databases in order to correct, amend or delete the inaccurate data. Article 5(d) of the GDPR states that personal data, must be “accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)”.  The use of data supplied to third parties from National Deceased Register and Re-mover is strictly controlled under separate licence agreements with each third party to ensure they comply with all relevant data protection laws.


11. International transfers

The Ark’s database servers are located in the United Kingdom. However, your personal information may be transferred to, and processed in, countries other than the United Kingdom.  These countries may have data protection laws that are different to the UK.

Specifically, our website servers are located in the United Kingdom and our third party service providers operate around the world. We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Policy.


12. Your data protection rights

We always try to make sure we hold accurate information on our Re-mover gone away suppression file, however if you feel that we haven’t or you simply wish to know what information we may hold about you then you can let us know at any time by submitting a Subject Access Request using any of the following methods:

When submitting a Subject Access Request please be aware that we will request information from you so we can confirm your identity, such as a copy of your driving licence and a copy of an official letter with your details on it (eg, Council Tax Bill).  This is to ensure we are dealing with the person to which the Subject Access Request is being made so we do not provide information about you to anyone else.

In addition, the information we hold on Re-mover contains only address details of where individuals used to live.  If you are submitting a Subject Access Request please provide details of any previous addresses you lived at as well as your current to enable us to process your request.

Once we have confirmed your identity, we will write back to you confirming what information, if any, we hold about you.  We will do this within 30 days.

If you wish to correct, update or request deletion of your personal information, object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information, you can contact us at any time by using the contact details provided above.

If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time.  This includes your right to opt out of any emails we may send you at any time.  Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.


13. What to do if you’re not happy

In the first instance, please talk to us directly so we can help resolve any problem or query. You can reach us on: 2by2@ark-data.co.uk, or by phone on: 01367 245470.

You also have the right to contact the Information Commissioners Office (ICO) if you have any concerns about Data Protection using their helpline 0303 123 1113 or at www.ico.org.uk


14.  Notification of changes to this Privacy Notice

We may update this Notice from time to time in response to changing legal, technical or operational developments. We will obtain your consent to any material changes if and where this is required by applicable data protection laws. You can see when this Notice was last updated by checking the “last updated” date shown at the end of this Notice.


 Last updated: June 2020

Case Studies

The Ark offers unrivalled data solutions, advanced matching software, and leading suppression and identification products. The following case studies demonstrate the significant impact our services have had on our clients data intitiatives.


Here you can read our latest company news, our thoughts on the world of data and advice regarding the data challenges facing large organisations today. 

CoviDirect Mail best practice

CoviDirect Mail best practice

Today more than ever, it’s critical to make sure that mailing files contain as few deceased records as possible, preferably none. The question I frequently hear is – can I do more to stop mail arriving with a recently bereaved relative?

Here are 4 things to think about when planning your data suppression: