Privacy policy (Last revised: December 12, 2023)

The purpose of this Privacy Policy is to inform you of how Arroyo Consulting PTE. LTD. (“Company” or “we” or “our” or “us”) processes, collects, uses, and discloses the personal data that we collect from you when you visit https://arroyo-consulting.org (the "Website"), how such data will be used by the Company (as defined below), its Advertising Partners, and/or other persons or entities with whom such data may be shared, as well as your choices regarding the processing, collection, use, and distribution of such data and the security measures that we have implemented to protect your privacy. Please read this Privacy Policy carefully to understand our policies and procedures regarding your personal data and how it will be processed.

BY CONTINUING TO USE THE WEBSITE, YOU PROMISE US THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY, AS AMENDED FROM TIME TO TIME BY THE COMPANY AT ITS SOLE AND ABSOLUTE DISCRETION. You further agree to regularly review this Privacy Policy to ensure that you are familiar with Company's most-current policies and procedures. Your continued use of the Website after we make changes is deemed to accept those changes. If you do not agree or are unable to make this promise, you must not use the Website.

If required by law, we will make reasonable efforts to contact you about material changes or updates to this Privacy Policy; if you have provided us with an email address, you agree that we may email you a notice regarding such changes or updates; if you have not provided us with an email address, you agree to view this page periodically and when our site informs you that this Privacy Policy has been updated.

Types of personal data collected

A. Personal data is provided by you filling out the contact form on the Website

If you are voluntarily filling out the contact form on the Website, you are required to provide us with specific personal data such as your name and email address. In addition, optionally, you may provide us with the company name, phone number.

B. Personal data provided by you through the Website

If you voluntarily contact us by sending an email to [email protected] or any other request or notification, you may be required to provide us with specific personal data such as your name and email address.

C. Usage Data

Usage Data has collected automatically when using the Website. Usage Data may include information such as your Device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

D. Cookies

We use cookies to track the activity on our Website and store certain information.

How do we use your personal data

A. When you request us to contact you

Via our Website if you voluntarily contact us by sending an email to [email protected] or any other request or notification regarding questions, queries, comments, or complaints and/or voluntarily filling out the contact form on the Website. When you do so, we will collect the data you fill out, including your name, email address, company name, and phone number. Therefore, we use this data for our legitimate interest in conducting business with you or establishing our future contract with you.

B. Data we collect automatically when you use this Website

When you access the Website, we may collect certain data automatically, including Usage Data, cookies, and similar tracking technologies. This data is collected for our legitimate interest in improving and administering our Website, including data analysis, troubleshooting, and statistical and survey purposes.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may be unable to use some parts of our Website.

With whom we may share your personal data

A. With Service providers

If necessary, we may share your personal data with Service providers to monitor and analyze the use of our Website, store the personal data, show advertisements to you, help support and maintain our Website, contact you, etc. We have concluded agreements with our Service providers to protect your personal data.

B. For business transfers

If the Company is involved in a merger, acquisition, reorganization, assignment, transfer, change of control, or asset sale, your personal data may be transferred to third parties in connection with such transaction. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.

C. With business partners

We may share your personal data with our business partners to offer you certain products, services, or promotions.

D. Law enforcement

Under certain circumstances, the Company may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

E. Other legal requirements

The Company may disclose your personal data in the good faith belief that such action is necessary to comply with a legal obligation, to protect and defend the rights or property of the Company, to prevent or investigate possible wrongdoing in connection with the Website, to protect the personal safety of users of the Website or the public, to protect against legal liability.

Cookies and similar tracking technologies

When you access the Website, we may use “cookies” (or similar tracking technologies). The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enabling automatic activation of certain features, remembering your preferences, and making the interaction between you and our Website quicker and easier. Cookies are also used to help customize your experience.

There are several types of cookies, among others:

Most browsers will allow you to erase cookies from your computer’s hard drive, block the acceptance of cookies, or receive a warning before a cookie is stored. You may remove our cookies by following the instructions of your device preferences. However, if you block or erase cookies, some features of the Website may not operate properly, and your online experience may be limited.

Children’s privacy

The Website is not intended for individuals under the age of eighteen (18); accordingly, we do not use the Website to knowingly solicit data from or market to children defined under applicable law (e.g., thirteen (13) regarding US individuals and sixteen (16) regarding European Economic Area (“EEA”) individuals). We request that such individuals do not provide personal data through our Website. We reserve the right to request proof of age at any stage so that we can verify that children under the age of eighteen (18) are not using the Website. If you become aware or have any reason to believe that a child has shared with us, please contact us at [email protected], and we will take reasonable steps to ensure that such data is deleted from our files.

How long do we keep your personal data

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. For example, we will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Website, or we are legally obligated to retain this data for longer time periods.

Transfer of personal data

We may store or process your personal data in the EEA or in other countries. If you visit our Website from locations outside of the EEA, please note that any data you provide to us through your use of our Website may be transferred to and processed in countries other than the country from which you accessed our Website. If you are a resident of the EEA, we will take appropriate measures to ensure that your personal data receives adequate data protection upon its transfer outside of the EEA. If you are a resident of a jurisdiction where the transfer of your personal data requires consent, then your consent to this Privacy Policy includes your express consent for such transfer of your data.

Security of the personal data

We take great care in implementing and maintaining the security measures of the Website and your personal data. We employ industry standard procedures and policies and implement technical and administrative security measures to ensure the safety of our user’s personal data and prevent unauthorized access or use of any such personal data. However, no data transmission over the internet or any wireless network can be guaranteed to be 100% secure, and we can not be responsible for the acts of those who gain unauthorized access or abuse our Website, and we make no warranty, express, implied or otherwise, that we will prevent such access.

We may adopt what we believe are appropriate data collection, storage, and processing practices and security measures to protect against unauthorized access to such data and according to applicable law requirements. If you feel that your privacy was not treated in accordance with our Privacy Policy, or if any person attempted to abuse our Website or acted in an appropriate manner, please contact us directly at [email protected].

Changes to Privacy Policy

We reserve the right to amend this Privacy Policy at our sole discretion and at any time. If we make changes to this Privacy Policy, we will immediately post the updated Privacy Policy on our Website and update the relevant, effective date. Any such changes will be effective immediately upon being posted unless otherwise stated in the change. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

Terms related to EU/EEA users
Legal basis for processing personal data (for EU/EEA users)

If you are an individual in the European Union or European Economic Area (EEA), we collect and process data about you only where we have a legal basis for doing so under applicable EU laws, including the General Data Protection Regulation (GDPR). The legal basis depends on the way in which you use the Website. This means we collect and use your data only where:

A. It is necessary for the performance of a contract, such as to provide you with the services you requested, including operating the services, providing customer support and personalized features, and protecting the safety and security of the services, including all processing necessary for the performance of our contract(s) with you;

B. It satisfies a legitimate interest that is not outweighed by your data protection rights and interests, such as for research and development, to market and promote our services, and protect our legal rights and interests;

C. You give us consent to do so for a specific purpose, or

D. We need to process your data to comply with a legal obligation.

In any case, we will gladly help clarify the specific legal basis that applies to the processing, particularly whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract.

Your rights as a data subject

We respect the confidentiality of your personal data and guarantee you can exercise your rights. You have the right under this Privacy Policy, and by law, if you are within the EU/EEA, to

If you wish to exercise any of the rights set out above, please contact us at [email protected].

No fee is usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Timeframe for responding to a request

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Disclosure of your personal data

We may disclose aggregated data about our users and information that does not identify any individual without restriction. We may disclose personal data that we collect or you provide as described in this Privacy Policy:

A. To our subsidiaries and affiliates;

B. To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them;

C. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by Company about our Website users is among the assets transferred;

D. To fulfill the purpose for which you provide it;

E. With your consent.

We may also disclose your personal data:

A. To comply with any court order, law, or legal process, including responding to any government or regulatory request;

B. To enforce or apply our Terms of Use or Privacy Policy and other agreements; and

C. If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging data with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Privacy Policy for California and Virginia residents
Types of personal data collected

We collect data that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. The following is a list of categories of personal data that we may have collected from California residents within the last twelve (12) months.

Please be aware that the categories and examples provided in the list below are those defined in the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”). This does not mean that all examples of that category of personal data were, in fact, collected by us but reflects our good faith belief, to the best of our knowledge, that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal data would only be collected if you provided such personal data directly to us.

Category A. Identifiers

Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver's license number, passport number, or other similar identifiers.

Collected: Yes.

Category B. Personal data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

Collected: Yes.

Category C. Protected classification characteristics under California or federal law

Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Collected: No.

Category D. Commercial data

Examples: Records and history of products or services purchased or considered.

Collected: No.

Category E. Biometric data

Examples: Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

Collected: No.

Category F. Internet or other similar network activity

Examples: Interaction with our Website.

Collected: Yes.

Category G. Geolocation data

Examples: Approximate physical location.

Collected: No.

Category H. Sensory data

Examples: Audio, electronic, visual, thermal, olfactory, or similar information.

Collected: No.

Category I: Professional or employment-related data

Examples: Current or past job history or performance evaluations.

Collected: No.

Category J. Non-public education data (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

Collected: No.

Category K. Inferences are drawn from other personal data

Examples: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Collected: No.

Category L. Sensitive personal data

Examples: social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of the email, email, and text messages unless the business is the intended recipient of the communication; genetic data; the processing of biometric information for the purpose of uniquely identifying; personal data collected and analyzed concerning health; personal information collected and analyzed concerning sex life or sexual orientation.

Collected: No.

Under CCPA and CPRA, personal data does not include:

Use of personal data

We may use or disclose personal data we collect for "business purposes" or "commercial purposes" (as defined under the CCPA and CPRA), which may include the following examples:

If we decide to collect additional categories of personal data or use the personal data we collected for materially different, unrelated, or incompatible purposes, we will update this Privacy Policy.

Sharing of personal data

We may disclose your personal data to a third party for business purposes or sell your personal data, subject to your right to opt out of those sales. When we disclose personal data for a business purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal data confidential and not use it for any purpose except the contract. The CCPA, CPRA, and Virginia Consumer Data Protection Act (“VCDPA”) prohibit third parties who purchase the personal data we hold from reselling it unless you have received explicit notice and an opportunity to opt out of further sales.

We may share your personal data with the following categories of third parties:

Disclosure of personal data for business purposes

We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal data for business or commercial purposes:

Please note that the categories listed above are those defined in the CCPA and CPRA. This does not mean that all examples of that category of personal information were, in fact, disclosed but reflects our good faith belief, to the best of our knowledge, that some of that information from the applicable category may be and may have been disclosed.

Sale of personal data

As defined in the CCPA and CPRA, "sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal data by the business to a third party for monetary or other valuable consideration. This means that we may have received some kind of benefit in return for sharing personal data, but not necessarily a monetary benefit.

Please note that the categories listed below are those defined in the CCPA and CPRA. This does not mean that all examples of that category of personal data were, in fact, sold, but it reflects our good faith belief, to the best of our knowledge, that some of that data from the applicable category may be and may have been shared for value in return.

We may sell and may have sold in the last twelve (12) months the following categories of personal data:

Sale of personal data of minors under 16 years of age

We do not knowingly collect personal data from minors under the age of 16 through our Website, although certain third-party websites that we link to may do so. These third-party websites have their own terms of use and privacy policies, and we encourage parents and legal guardians to monitor their children's Internet usage and instruct their children never to provide data on other websites without their permission.

We do not sell the personal data of consumers we actually know less than 16 years of age unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is between 13 and 16 years of age or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to the sale of personal data may opt out of future sales at any time. To exercise the right to opt out, you (or your authorized representative) may submit a request to us at [email protected].

If you have reason to believe that a child under the age of 13 (or 16) has provided us with personal data, please contact us with sufficient detail to enable us to delete that data.

Your rights under the CPPA, CPRA, and VCDPA

The CCPA and CPRA provide California residents, and VCDPA provides Virginia residents with specific rights regarding their personal data. If you are a resident of California and/or Virginia, you have the following rights:

The right to opt out

For California residents

If you are 16 years of age or older, you have the right to direct us not to sell or share your personal data at any time (the "right to opt out"). We do not sell or share the personal data of consumers we actually know less than 16 years of age unless we receive affirmative authorization (the "right to opt in") from either the consumer who is between 13 and 16 years of age or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal data sales or sharing may opt out of future sales at any time.

To exercise the right to opt out, you (or your authorized representative) may submit a request to us at [email protected].

Virginia residents have the right to opt out of the processing of personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

To exercise the right to opt out, you may submit a request to us at [email protected].

“Do not track” policy is required by California Online Privacy Protection Act (CalOPPA)

Our Website does not respond to do not track (“DNT”) signals.

However, some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

Children’s Privacy

Our Website does not address anyone under the age of 13. We do not knowingly collect personally identifiable data from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 13 without verification of parental consent, we take the necessary steps to remove that data from our servers.

If we need to rely on consent as a legal basis for processing your data and your country requires consent from a parent, we may require your parent's consent before we collect and use that data.

Other California privacy rights

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].