Arrowsgate Limited

 

Investigations, Intelligence & Litigation Support

 

1.Data Processing and Privacy Notice

 

This notice explains how Arrowsgate Limited processes personal data when providing investigative, intelligence and cyber risk advisory services to its clients.

 

This notice should be read alongside the Arrowsgate website privacy notice and applies specifically to the handling of personal data in connection with professional services including intelligence monitoring, cyber investigations, open-source intelligence research, due diligence and litigation support.

 

 

2.About Arrowsgate

 

Arrowsgate Limited is a United Kingdom based intelligence, cyber investigations and risk advisory consultancy.

 

Arrowsgate provides services including cyber threat monitoring, open-source intelligence investigations, breach dataset analysis, fraud investigations, counterparty due diligence and litigation support.

 

In providing these services, Arrowsgate may process personal data relating to individuals who are the subject of investigations, appear within datasets or are identified through intelligence sources.

 

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Arrowsgate will generally act as an independent data controller in respect of investigative and intelligence activities conducted as part of its professional services.

 

 

3.Nature of Investigative Processing

 

The work undertaken by Arrowsgate frequently involves the analysis of information relating to individuals or organisations where this is necessary to:

• identify fraud or criminal activity

• investigate cyber incidents or data breaches

• conduct counterparty due diligence

• support litigation or regulatory proceedings

• monitor reputational or operational risks

• assist clients in the prevention or detection of unlawful conduct

 

Such processing may involve reviewing information that is publicly available, lawfully accessible or otherwise relevant to the client’s legitimate interests in protecting their legal, financial or reputational position.

 

 

4.Categories of Personal Data Processed

 

In the course of providing investigative and intelligence services, Arrowsgate may process personal data including:

names, aliases or usernames

• business or professional affiliations

• directorship or corporate involvement

• publicly available contact details

• publicly available online information

• information contained within corporate registries or official records

• intelligence derived from open-source environments including forums, media reporting or communications platforms

• information contained within datasets that are relevant to a cyber incident, fraud investigation or litigation matter

 

Arrowsgate does not actively seek to process special category data unless such information becomes directly relevant to the investigative objectives of the engagement.

 

 

5.Sources of Information

 

Personal data processed by Arrowsgate may originate from a variety of lawful sources, including:

• publicly accessible online sources

• open-source intelligence platforms and databases

• corporate registries and official public records

• media publications and investigative reporting

• intelligence monitoring platforms such as Dataminr

• breach datasets or exposed databases relevant to a client investigation

• information provided by clients or their legal representatives

 

Where breach datasets or exposed databases are analysed, this is done solely for the purpose of understanding the nature and extent of a cyber incident, identifying affected parties, or supporting legal claims and investigations.

 

 

6.Lawful Basis for Processing

 

Arrowsgate processes personal data for investigative and intelligence purposes under the following lawful bases:

 

7.Legitimate Interests

 

Processing is necessary for the legitimate interests of Arrowsgate and its clients in:

• preventing fraud or criminal activity

• protecting legal and financial interests

• conducting due diligence

• identifying cyber security threats

• protecting business reputation

• investigating misconduct or regulatory risks

 

 

8.Legal Claims and Legal Proceedings

 

Processing may also be necessary for the establishment, exercise or defence of legal claims, or for the provision of services supporting litigation or regulatory proceedings.

 

These lawful bases are widely relied upon by professional investigations, forensic and intelligence advisory firms.

 

9.Processing of Breach Data and Compromised Datasets

 

In certain engagements, Arrowsgate may analyse data that originates from cyber incidents, exposed databases or breach datasets.

 

Such data is not accessed for the purpose of exploitation or redistribution. Instead, it is processed strictly for legitimate investigative purposes including:

• determining the nature and scope of a cyber incident

• identifying whether personal data has been compromised

• identifying potential victims of fraud or identity misuse

• supporting legal claims, regulatory reporting or litigation

• assisting clients in mitigating harm arising from a breach

• Where such datasets are analysed, Arrowsgate implements strict safeguards including the use of isolated, segregated or sandboxed analysis environments designed to prevent malicious code or hostile artefacts from compromising operational systems.

 

Arrowsgate does not republish breach datasets or make them available to unauthorised third parties.

 

10.Security Measures

 

Arrowsgate implements appropriate technical and organisational measures designed to protect personal data from unauthorised access, disclosure or loss.

 

These measures may include:

• controlled access to investigative systems and intelligence platforms

• restricted access to sensitive investigative material

• secure storage environments

• encrypted communications where appropriate

• segregation of investigative data from operational systems

• isolated environments for analysing potentially malicious datasets

 

Such safeguards are intended to ensure that investigative work can be conducted securely while minimising the risk of unauthorised disclosure.

 

11.Data Sharing

 

Information processed during investigative work may be shared where necessary with:

• the instructing client

• legal advisers acting on behalf of the client

• regulatory authorities or law enforcement agencies where legally required

• specialist professional service providers assisting with investigative work

 

Arrowsgate does not sell personal data and does not disclose investigative intelligence to third parties except where required in connection with professional services or legal obligations.

 

 

12.International Intelligence Sources

 

Given the global nature of cyber threats, fraud networks and investigative intelligence, information sources may originate from jurisdictions outside the United Kingdom or the European Economic Area.

 

Where such information is processed, Arrowsgate ensures that appropriate safeguards are applied consistent with the requirements of UK GDPR.

 

13.Data Retention

 

Personal data processed as part of investigative engagements will be retained only for as long as necessary to fulfil the purpose for which it was obtained or to comply with legal and professional obligations.

 

Retention periods may vary depending on the nature of the engagement, the requirements of legal proceedings, or regulatory obligations.

 

When information is no longer required, it will be securely deleted or anonymised.

 

 

14.Data Subject Rights and Investigative Exemptions

 

Individuals whose personal data is processed by Arrowsgate may have rights under UK GDPR including:

• the right to access personal data

• the right to request rectification of inaccurate information

• the right to request erasure in certain circumstances

• the right to restrict processing

 

However, these rights may be subject to exemptions under the Data Protection Act 2018 where disclosure would:

• prejudice the prevention or detection of crime

• prejudice an ongoing investigation

• interfere with legal proceedings

• compromise the legitimate interests of the client

 

Where applicable, Arrowsgate may rely on these statutory exemptions in order to protect the integrity of investigative work.

 

 

15.Contact

 

Any enquiries relating to data protection or privacy matters may be directed to:

Arrowsgate Limited

Email: info@arrowsgate.io

 

 

END OF DOCUMENT