Security & Data Protection

Overview

ARTE One places a strong emphasis on the security, integrity, and confidentiality of data and systems used in connection with its website and digital wealth platform (the "Platform").

This Security & Data Protection statement is provided for informational purposes to describe the general approach used to support the safe operation of the Platform. It does not disclose confidential security details.

Security Governance

Security and data protection are embedded within ARTE One's governance framework and operating model and are managed using a risk-based, defence-in-depth approach.

  • Oversight is provided by senior management and relevant control functions.
  • Security responsibilities are assigned across technology, operations, and risk functions.
  • Policies, controls, and procedures are reviewed periodically to reflect changes in technology, threats, and regulatory expectations.
  • Personnel are expected to follow internal policies and participate in appropriate security awareness practices.

Technical and Organisational Measures

ARTE One implements technical and organisational measures designed to protect the Platform and information processed in connection with it. Depending on the nature of the service and associated risk, such measures may include, where appropriate:

  • Access controls and authentication, including role-based access, least-privilege principles, and multi-factor authentication (where available);
  • Segregation of duties and controlled administrative access;
  • Encryption of data in transit and, where appropriate, at rest;
  • Monitoring and logging to support detection of suspicious activity and operational issues;
  • Vulnerability management, including security updates and patching practices;
  • Secure development and change management practices to reduce risks introduced through software changes;
  • Data protection controls, such as data minimisation, access restriction, and retention controls aligned with business and legal requirements; and
  • Backup and recovery measures designed to support restoration of critical data and services following disruption.

These measures are intended to reduce the risk of unauthorised access, loss, misuse, or alteration of data. The specific controls applied may vary depending on the relevant service, product, or provider.

Operational Resilience and Continuity

Security controls form part of ARTE One's broader operational resilience, business continuity, and incident response capabilities.

Measures are designed to support:

  • continuity of critical Platform functions;
  • timely detection and response to operational and security events; and
  • recovery from technology-related disruptions.

While reasonable steps are taken to enhance resilience, no system can be guaranteed to be immune from disruption, failure, or attack.

Third-Party and Cloud Security

ARTE One relies on third-party service providers (including technology, hosting, infrastructure, and security service providers) to support the operation of the Platform.

  • Third-party providers may be subject to due diligence and risk assessment processes appropriate to the nature and criticality of the services provided.
  • Security and data protection considerations form part of vendor selection and, where appropriate, ongoing oversight.
  • Contractual arrangements may include confidentiality, security, and incident notification expectations, where appropriate.

Where third parties process data, they may do so under their own terms and policies. ARTE One is not responsible for the internal security practices or acts/omissions of third-party providers, except as required by applicable law or as expressly agreed under relevant contracts.

Data Protection and Privacy

Personal data is processed in accordance with ARTE One's Privacy Policy and applicable data protection laws.

Key principles include:

  • processing for specified and legitimate purposes;
  • data minimisation and proportionality;
  • retention only for as long as necessary; and
  • safeguards appropriate to the sensitivity of the data.

Where cross-border processing occurs, appropriate safeguards may be implemented where required by law.

Incident Management

ARTE One maintains processes designed to identify, assess, and respond to security and data-related incidents.

  • Incidents are handled in accordance with internal procedures, including escalation and coordination protocols.
  • Where required by applicable law, ARTE One will notify relevant authorities and/or affected parties within applicable timeframes.
  • Lessons learned from incidents and testing are used to enhance controls and preparedness.

Vulnerability Disclosure

If you believe you have identified a security vulnerability affecting the Platform, please report it responsibly by contacting security@arte-one.com.

Please do not publicly disclose potential vulnerabilities before ARTE One has had a reasonable opportunity to investigate and address the issue. ARTE One does not encourage or authorise any activity that compromises user accounts, data, or service availability.

User Responsibilities

Security is a shared responsibility. Users are expected to:

  • safeguard access credentials and avoid sharing them;
  • use strong and unique passwords;
  • enable available security features (such as multi-factor authentication, where offered);
  • keep devices, browsers, and applications reasonably up to date; and
  • notify ARTE One promptly of suspected unauthorised access, phishing attempts, or security concerns.

No Guarantee of Absolute Security

Despite the implementation of security measures and controls, no system or data transmission can be guaranteed to be completely secure.

ARTE One does not warrant that the Platform will be free from vulnerabilities, attacks, or unauthorised access, and users acknowledge and accept the inherent risks associated with digital services.

Relationship with Other Legal Documents

This Security & Data Protection statement should be read in conjunction with:

  • the Terms of Service;
  • the Privacy Policy;
  • the Cookie Policy; and
  • the Legal & Regulatory Information.

In the event of any inconsistency, the applicable contractual or legal documentation shall prevail.

Updates

This Security & Data Protection page may be updated from time to time to reflect changes in technology, risk, or legal requirements. The most recent version will always be available on the ARTE One website.

Contact

For security-related inquiries or to report a potential security issue, please contact:

security@arte-one.com

ARTE Partners LLC