Customer Privacy Policy

The ZARTIS group respects your privacy and is committed to protecting your personal information.

The ZARTIS group consists of:

  • Assemblypoint Limited, an Irish company registered in the CRO under number 476271, and corporate address at 12 South Mall, Cork, Ireland (parent company).
  • Zartis Spain SLU, a Spanish company with NIF B87685582, and corporate address at Calle Goya 83, 5 Derecha, 28001, Madrid, Spain.
  • Big Data Works SLU, a Spanish company with NIF ESB88044722, and corporate address at Calle Goya 83, 5 Derecha, 28001, Madrid, Spain.
  • Zartis Outsourcing SL, a Spanish company with NIF ESB88044714, and corporate address at Calle Goya 83, 5 Derecha, 28001, Madrid, Spain.
  • Zartis GmbH, a German company DE313019262, and corporate address at Schönhauser Allee 163, 10435 Berlin, Germany.
  • Zartis Unipessoal Lda, a Portuguese company PT516198084, and corporate address at Rua dos Lusíadas – Edf Alcantara Palace N9 R/C FTE, 1300-365, Lisbon, Portugal.
  • Zartis UK Limited, a British company with company number 11207666, and corporate address at Kemp House,  160 City Road,  London, EC1V 2NX, United Kingdom.
  • Zartis Crt Limited d.o.o, a Croatian company 81555309, and corporate address at Zagreb (Grad Zagreb) Radnička cesta 80, Croatia.
  • Zartis Czech Republic SRO, a Czech company CZ09764518, and corporate address at Školská 689/20, 110 00 Nové Město, Prague, Czech Republic.


This policy explains:

  • What information we collect when you engage with ZARTIS for consulting services (not including our website).
  • How we use that information.
  • Your rights regarding your data.

Information collected

We collect information you provide to us during the course of our engagement, such as:

  • Contact information (name, email, phone number)
  • Information relevant to your project (with your permission)


Lawful basis for data processing

Generally, for the purpose of customer-related work we will rely on the following lawful bases depending on the specific situation:

  1. GDPR Article 6.1.b – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. (Contract)
  2. GDPR Article 6.1.f – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. (Legitimate Interests)


We are unlikely to rely on other lawful bases when processing your data to execute our service contract with you, the customer. Where other lawful bases are used, you will be informed. For information regarding interactions you may have with Zartis, such as receiving marketing communications, applying to jobs or engaging with our other content outside of the commercial contract, please refer to our general website privacy policy at 

How do we use your information?

We use your information to:

  • Prepare and deliver project proposals.
  • Deliver the software consulting services you requested.
  • Communicate with you about your project.
  • Fulfil our contractual obligations.

We will never sell your information with third parties without your consent. We will share your data with third parties, such as software providers, email providers, subcontractors, etc, for the purpose of providing you with the contracted service. For more information, please refer to ‘Subprocessors’ below.

Your Rights

You have the right to:

  • Access your personal information.
  • Request correction of inaccurate information.
  • Request deletion of your information.
  • Data portability, allowing you to re-use your data across services in certain situations.
  • Be informed about the collection and processing of your personal data.
  • Object to, or restrict, the processing of your information in certain situations.


For any questions or to exercise your rights, please contact us via the email address listed in the Notices section of your contract. You may also contact us at if you have any questions.

We will handle any request to exercise your rights following the applicable laws, but please note that these rights may not be absolute. The Zartis group may refuse or deny a request in accordance with applicable rules.

You may resort to the competent supervisory authority to file a complaint regarding your personal data processing, though we would appreciate the chance to rectify any issue you have directly.



When providing services to you, Zartis relies on subprocessors to guarantee service. In these cases, we engage in appropriate data processing agreements to ensure that the recipients respect confidentiality and have the appropriate measures in place to protect personal data. Any subprocessors engaged by Zartis are obligated to ensure that your personal data is treated in accordance with current data protection regulations.

In those cases where the law may require the disclosure of personal data to public bodies or other parties, only what is strictly necessary for the fulfilment of such legal obligations will be disclosed. To the extent allowed by law, you will be informed where possible of such data sharing.

Zartis is a part of the Zartis group of companies. Zartis is a group of controlled undertakings which, in accordance with the EU GDPR Art. 4.19, and Recital 37 + 48, allow for a legitimate interest in sharing certain personal data within the group. This data sharing is limited to what is necessary. Your data will not be shared with other entities within the group with no purpose. If your data is to be shared, you will be provided with notice.

The categories of subprocessors used to execute your contract are as follows:

  • Software companies and sole traders that enable us to provide our services, help us to improve the services and/or serve us for marketing purposes (for example, to send newsletters, emails, manage customer contacts or applications); 
  • Payment service providers; 
  • Hosting providers;
  • Service companies, such as tax advisors or lawyers; and
  • Public bodies and administrations to the extent that we are legally obliged to do so.


Several subprocessors are located outside of the European Union. In these instances, Zartis relies on Article 46/49 safeguards and derogations to ensure that your personal data is protected. Where possible, Zartis engages with US-based providers that are part of the EU-US Data Privacy Framework. For more information on subprocessors, please contact us at


Additional Information

We maintain industry-standard security measures to protect your data. Zartis is ISO 27001 certified.

We are committed to transparency and building trust with our clients. If you have any questions about this policy, please don’t hesitate to ask.

Feel free to access further information on how we collect date online through our cookies policy.