Arco Logo

Privacy Policy

Last Updated: November 24, 2025

Thank you for using Arco! This Privacy Policy explains how Arco ("Arco," "we," "us," or "our") collects, uses, and shares information about you when you use our platform at arcolist.com (the "Platform").

If you are a resident of the European Union, please note that this Privacy Policy includes information required under the General Data Protection Regulation ("GDPR") throughout the relevant sections below.

Table of Contents

  1. Who Controls My Personal Information
  2. Personal Information We Collect
  3. How We Use Information We Collect
  4. Sharing and Disclosure
  5. Third-Party Partners and Integrations
  6. Changing Your Country or State of Residence
  7. International Data Transfers
  8. Your Rights
  9. Security
  10. Retention
  11. Changes to This Privacy Policy
  12. Contact Information

1. Who Controls My Personal Information

1.1 Controller

Where this Policy mentions "Arco," "we," "us," or "our," it refers to the Arco entity that is responsible for your information under this Privacy Policy (the "Controller"). The Controller is Arco Global BV.

1.2 Payments Controller

This Privacy Policy also applies to payment services provided through the Platform. When using payment services, you will also be providing your personal information to our payment service providers (the "Payments Controller"), which will be responsible for your payment-related information.

2. Personal Information We Collect

2.1 Information Needed to Use the Arco Platform

We collect personal information about you when you use the Arco Platform. Without it, we may not be able to provide all services requested. This information includes:

2.1.1 Contact, Account, and Profile Information

Such as your first name, last name, phone number, postal address, email address, date of birth, and profile photo, some of which will depend on the features you use.

2.1.2 Identity Information

Where appropriate, we may ask you for verification information, such as your date of birth, address, email address, phone number, or other authentication information to verify your identity.

2.1.3 Payment Transaction Information

Such as payment account, credit card information, bank account information, payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode, and other related transaction details.

2.2 Information You Choose to Give Us

You can choose to provide us with additional personal information, including:

2.2.1 Additional Profile Information

Such as preferred language(s), personal description, and any additional profile information you provide.

2.2.2 Information About Others

Such as contact information belonging to another person. By providing us with personal information about others, you certify that you have permission to provide that information to Arco for the purposes described in this Privacy Policy.

2.2.3 Communications Information

Such as email, message, and text information where delivery is enabled on or through the Arco Platform.

2.2.4 User-Generated Content

Such as any photos, videos, and other content you choose to provide.

2.2.5 Support Information

Such as information collected to provide customer support services, including investigating and responding to user concerns.

2.2.6 Other Information

Such as when you fill in a form, add information to your account, respond to surveys, post to community forums, participate in promotions, or share your experience with us.

2.3 Information Automatically Collected by Using the Arco Platform

When you use the Arco Platform, we automatically collect certain information. This information may include:

2.3.1 Geolocation Information

Such as precise or approximate location determined from your IP address, mobile or other device's GPS, or other information you share with us, depending on your device settings.

2.3.2 Usage Information

Such as searches, listings you have viewed, bookings you have made, access dates and times, the pages you've viewed or engaged with before or after using the Arco Platform, and other actions on the Arco Platform.

2.3.3 Device Information

Such as IP address, hardware and software information, device information, device event information, unique identifiers, crash data, and read receipts.

2.4 Information We Collect from Third Parties

We may collect personal information from other sources, such as:

2.4.1 Third-Party Applications

If you choose to link, connect, or login to the Arco Platform with a third-party service, such as Google or Facebook, you direct the service to send us information such as your registration and profile information as controlled by that service.

2.4.2 Background Information Providers

To the extent permitted by applicable laws and with your consent where required, we may obtain background checks or verification reports.

2.4.3 Other Sources

To the extent permitted by applicable law, we may receive additional information about you from third-party service providers and combine it with information we have about you.

3. How We Use Information We Collect

We use personal information as outlined in this Privacy Policy.

If you are a resident of the European Union, each use of your personal information described below is based on one or more legal bases under the GDPR: (i) Performance of Contract, (ii) Legitimate Interests, (iii) Consent, or (iv) Compliance with Legal Obligations. See the end of each subsection for applicable legal bases.

3.1 Provide the Arco Platform

We may process this information to:

  • enable you to access the Arco Platform and make and receive payments,
  • enable you to communicate and engage with others,
  • process and respond to your requests,
  • provide you with support,
  • send you messages, updates, security alerts, and account notifications, and
  • enable your use of our services.

Legal Basis (EU Residents): Performance of Contract

3.2 Improve and Develop the Arco Platform

We may process this information to:

  • perform analytics, debug, and conduct research,
  • improve and develop our products and services, and
  • provide customer service training.

Legal Basis (EU Residents): Legitimate Interests

3.3 Personalize and Customize the Arco Platform

We may process this information to:

  • personalize and customize your experience based on your interactions on the Arco Platform, your search and booking history, your profile information and preferences, and other information you choose to give us, and
  • tailor your experience with Arco.

Legal Basis (EU Residents): Legitimate Interests

3.4 Safeguard the Arco Platform and Community

We may process this information to:

  • detect, prevent, assess, and address fraud and security risks,
  • protect our community from illegal activities or other harmful behaviors,
  • verify or authenticate information provided by you,
  • conduct checks against databases and other information sources,
  • comply with our legal obligations,
  • resolve disputes with our users,
  • enforce our agreements with third parties,
  • comply with law, respond to legal requests, prevent harm, and protect our rights, and
  • enforce our Terms of Service and other policies.

Legal Basis (EU Residents): Legitimate Interests; Compliance with Legal Obligations

3.5 Provide, Personalize, Measure, and Improve our Advertising and Marketing

We may process this information to:

  • send you promotional, advertising, and marketing messages,
  • show, personalize, measure, and improve our advertising,
  • administer referral programs, rewards, surveys, contests, or other promotional activities,
  • analyze characteristics and preferences to send you promotional messages, and
  • invite you to events and relevant opportunities.

Legal Basis (EU Residents): Consent (where required by law); Legitimate Interests

3.6 Analyze Your Communications

We may review, scan, or analyze your communications on or enabled through the Arco Platform for purposes disclosed in this Privacy Policy, including safety, support, and product enhancement. We use automated methods where reasonably possible.

Legal Basis (EU Residents): Legitimate Interests

3.7 Provide Payment Services

Personal information is used to enable, or authorize third parties to use, payment services, such as to:

  • process payments,
  • verify your identity,
  • detect and prevent fraud, abuse, and security incidents,
  • conduct security investigations and risk assessments,
  • comply with applicable legal obligations, and
  • provide and improve payment services.

Legal Basis (EU Residents): Performance of Contract; Compliance with Legal Obligations

3.8 Legal Bases Explained (EU Residents)

If you are a resident of the European Union, here is an explanation of the legal bases we rely on under the GDPR:

  • Performance of Contract: We process your personal information to perform our contract with you. This includes processing necessary to provide you with the Arco Platform services, process payments, enable communications between users, and provide customer support.
  • Legitimate Interests: We process your personal information based on our legitimate interests, including to improve and develop the Platform, personalize your experience, safeguard our community, prevent fraud, conduct analytics and research, and enforce our policies. We only rely on legitimate interests where our interests are not overridden by your rights and interests.
  • Consent: Where required by law, we process your personal information based on your consent. This includes processing for certain marketing communications, use of cookies and similar technologies, and collection of precise geolocation data. You may withdraw your consent at any time.
  • Compliance with Legal Obligations: We process your personal information to comply with applicable legal obligations, including tax and accounting requirements, identity verification requirements, and responses to valid legal requests from authorities.

4. Sharing and Disclosure

4.1 Sharing With Your Consent or at Your Direction

Where you provide consent or direct us to share your information, we share your information as described at the time of consent or choice.

4.2 Who We Share With

We may share your information with:

4.2.1 Other Users

To help facilitate transactions or interactions between users, we may share information in certain situations.

4.2.2 Service Providers

We share personal information with affiliated and unaffiliated service providers to help us run our business, including those that help us: (i) verify your identity, (ii) conduct background checks and fraud prevention, (iii) perform product development and maintenance, (iv) provide customer service, advertising, or payment services, (v) process transactions, and (vi) offer additional services you select.

4.3 Why We May Share Your Information

We may share your information in order to:

4.3.1 Build Your Public Profile

Information you share publicly on the Arco Platform may be indexed through third-party search engines. We may make certain information publicly visible to others, such as your profile and listing information.

4.3.2 Comply with Law, Respond to Legal Requests, Prevent Harm, and Protect Our Rights

As we reasonably deem appropriate, we may disclose your information to courts, law enforcement, governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or where disclosure is reasonably necessary to: (i) comply with our legal obligations, (ii) comply with a valid legal request, (iii) respond to a valid legal request relating to a criminal investigation, (iv) enforce and administer our agreements with users, (v) investigate potential violations of applicable law, or (vi) protect the safety, security, rights, or property of Arco, its employees, its users, or members of the public.

4.3.3 Effectuate Business Transfers

If Arco undertakes or is involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer, or share some or all of our assets, including your information in connection with such transaction. In this event, we will notify you before your personal information is transferred and becomes subject to a different privacy policy.

5. Third-Party Partners and Integrations

5.1 Linking Third-Party Services

You can link your Arco account with certain third-party services, such as social networks. When you direct the data sharing by creating this link, some of the information provided to us from linking accounts may be published on your public profile.

5.2 Third-Party Service Terms

Parts of Arco may link to third-party services. Arco does not own or control these third parties. When you interact with these third parties and choose to use their service, you are providing your information to them. Your use of these services is subject to the privacy policies of those providers.

6. Changing Your Country or State of Residence

6.1 Applicable Controller

If you change your country or state of residence, the Controller and/or Payments Controller will be determined based on your new country or state of residence from the date on which your residence changes.

6.2 Transfer Between Controllers

The Controller that originally collected your personal information will need to transfer such personal information to the new applicable Controller. The new Controller will continue to process your personal information as described in this Privacy Policy.

6.3 Applicable Rights

Consistent with applicable law, your country or state of residence may impact the rights available to you.

7. International Data Transfers

7.1 Transfers Outside the EEA

If you reside in the European Economic Area ("EEA"), your personal information may be transferred to countries outside the EEA, including to countries that may not provide the same level of data protection as your home country. When we transfer personal information outside the EEA, we ensure appropriate safeguards are in place.

7.2 Safeguards for International Transfers

We rely on the following safeguards for international data transfers:

  • Standard Contractual Clauses: We use Standard Contractual Clauses approved by the European Commission to protect personal information transferred outside the EEA.
  • Adequacy Decisions: We may transfer personal information to countries that have been deemed by the European Commission to provide an adequate level of data protection.
  • Other Transfer Mechanisms: Where appropriate, we may rely on other legally-approved transfer mechanisms, such as binding corporate rules or certified frameworks.

7.3 Your Rights Regarding Transfers

You have the right to obtain information about the safeguards we use for international transfers. To request this information, please contact us using the details in Section 12.

8. Your Rights

You may exercise any of the rights described in this section consistent with applicable law.

8.1 EU Residents

If you are a resident of the European Union, you have the following rights under the General Data Protection Regulation ("GDPR"):

  • Right of Access: You have the right to obtain confirmation that we process your personal information and to request a copy of your personal information.
  • Right to Rectification: You have the right to correct inaccurate or incomplete personal information.
  • Right to Erasure: You have the right to request deletion of your personal information in certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict processing of your personal information in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to Object: You have the right to object to processing of your personal information based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

To exercise any of these rights, please contact us using the details provided in Section 12.

9. Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication procedures
  • Employee training on data protection and security
  • Incident response procedures

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your information.

10. Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The retention period depends on various factors, including:

  • The nature of the personal information
  • The purposes for which we process it
  • Our legitimate business needs
  • Legal and regulatory requirements

Specifically, we retain:

  • Account Information: For the duration of your account and for a reasonable period thereafter to comply with legal obligations and resolve disputes
  • Transaction Records: For at least 7 years to comply with tax and accounting requirements
  • Marketing Communications Data: Until you unsubscribe or withdraw consent
  • Support and Communications Data: For up to 3 years after the last interaction

When personal information is no longer needed, we will securely delete or anonymize it in accordance with applicable law.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Privacy Policy on our Platform with a new "Last Updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of the Arco Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

If you do not agree with any changes, you may close your account by contacting us using the information in Section 12.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please email us at: hello@arcolist.com.