Skip to content
ARC12Defense R&D
Legal

Privacy Policy

Last updated 30 May 2026. This notice explains how we process personal data and the rights you have under the EU General Data Protection Regulation (GDPR) and applicable Ukrainian law.

1. Who we are

Arc12 (the “Company”, “we”, “us”) is a defense research-and-development team and acts as the data controller for personal data processed through this website. For any privacy matter, contact us at contact@arc12.systems.

2. What data we collect

We only collect what we need, and only when you choose to provide it:

  • Contact & vetting submissions: your name, organization, business email, country, registry identifiers, and the message or declared end-use you provide.
  • Technical data: strictly necessary information required to serve the site securely (for example, your IP address in server logs for security and abuse prevention).
  • Consent preference: a small cookie that records your cookie choice. We do not use advertising or third-party tracking cookies.

3. Why we process it (lawful bases)

  • Consent (Art. 6(1)(a) GDPR) — when you submit a form, you consent to us processing it to respond and to carry out screening.
  • Legitimate interests (Art. 6(1)(f)) — operating and securing the site, and assessing potential business relationships.
  • Legal obligation (Art. 6(1)(c)) — meeting export-control, sanctions-screening, and record-keeping requirements that apply to defense-sector activity.

4. Mandatory background screening

Because of the nature of our work, every prospective client is screened. This may include corporate-registry checks, ultimate-beneficial-owner tracing, sanctions and politically-exposed-person screening, and end-use verification. We do not, and will never, engage with aggressor states — including the Russian Federation, the Republic of Belarus, or their military allies.

5. Sharing & transfers

We do not sell personal data. We share it only with vetted service providers acting on our instructions, or where required by law or competent authority. Where data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses.

6. Retention

We keep submissions only as long as needed for the purpose collected and to meet legal and compliance obligations, after which they are deleted or anonymized.

7. Your rights

Subject to law, you may request access, rectification, erasure, restriction, portability, or object to processing, and you may withdraw consent at any time. To exercise these rights, email contact@arc12.systems. You also have the right to lodge a complaint with your local supervisory authority.

8. Security

We apply technical and organizational measures appropriate to the sensitivity of our work, including encryption in transit, access controls, and the principle of least privilege.

9. Changes

We may update this notice. Material changes will be reflected by the “last updated” date above.

This page is provided for transparency and is not legal advice. Final policy text should be reviewed by qualified counsel before publication.