When you use and interact with our websites or services, communicate with or otherwise contact us, or visit our premises or attend our events, we may collect, use, share and process information relating to you (“Personal Data”). Our Privacy Policy describes our Personal Data processing practices as Data Controller and your related rights.

In our privacy policy we detail:

• Our identity and contact details;
• Our purposes in processing your Personal Data;
• Categories of Personal Data we typically process;
• Our legal basis for processing your Personal Data;
• Who we may send your Personal Data to;
• The location of your Personal Data on our systems;
• How long we store your Personal Data for;
• Your rights regarding our processing of your Personal Data;
• Our policy on Cookies;
• How to raise a question or complaint.

Where we refer to “processing”, we mean any operation carried out on Personal Data, including collecting, organising,  storing, adapting, retrieving, using, making available, combining, and erasing.

Please note that this policy only applies where Aptem is the Controller of Personal Data (for example, Aptem website visitors’ personal data and business-to-business contact data). Aptem is a Processor, not a Controller, of personal data we process on behalf of our Customers when they use Aptem products and Services. For clarity, this means that this Policy does not apply to such Aptem products and Services. If you have questions related to how an Aptem Customer utilises your personal data, please contact them directly. We are not responsible for the privacy or data security practices of our Customers. This Policy also does not apply to Personal Data about current and former Aptem employees or contractors.

Our identity and contact details

We are Aptem Ltd. We are registered with the Information Commissioners Office and our registration number is: Z1900970. Our address is 3 Harmood Grove, London, NW1 8DH and our email address for privacy related matters is dpo@aptem.co.uk. Our telephone number is 020 7870 1000. Our Data Protection Officer is Stefanie Thomas.

Our purposes in processing your data

We process your Personal Data we under this Policy for one or more of the following purposes:

• to send and receive and respond to communications;
• to handle contact and user support requests;
• to provide our website and social media pages;
• to manage registrations and attendance at events;
• to maintain the security of Aptem and our services;
• to provide and optimise the performance of Aptem and our services;
• to conduct research;
• to administer surveys;
• to process job applications;
• to bill for our services and manage our accounts;
• to comply with our company policies; and
• to comply with our legal obligations.

Categories of personal data

We typically collect your name, company/employer name (if relevant), email address and telephone number. If you are submitting a job application we will also receive any additional information that you choose to include in your CV.

With the exception of any data that you may choose to include in a CV, we do not generally process any special categories of Personal Data.

Our legal basis for processing your data

The legal bases for our processing your Personal Data are as follows, depending on the specific purpose(s) of the processing:‎

• Performance of a contract – in some cases we need to process Personal Data to perform a contract with you or your employer, or to ‎take steps at your request before entering into a contract;
• Consent – in certain cases, we may process Personal Data with your specific, freely given consent: if so, we will inform you at the time of the purpose of the processing and your right to withdraw consent at any time;
• Legal obligation – where the purpose indicated above is that the processing is needed to comply with a relevant legal ‎obligation, that is also the legal basis of processing;
• In very rare cases, we may need to process your Personal Data to protect the vital interests of the data subject or ‎of another person;
• Legitimate interest – in all other cases, the purposes described above represent our legitimate business interests and the ‎processing is a reasonable and proportionate way of achieving them and does not override your interests, fundamental rights or freedoms.

To whom do we provide your Personal Data

We provide your Personal Data to third parties who provide services to us, for example our sub-processors who process data on our behalf, such as our service providers. We have contracts in place with our sub-processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us without consent and will hold it securely and retain it only for the required period.

The location of your data

Your data is stored on cloud based servers in secure data centres and will not be transferred outside the area comprising the UK and the EEA except where our sub-processors and service providers are based outside the UK and EEA and need to remotely access the data to provide their services or, in some cases, where we need to transfer the data to their servers. We only do this where permitted by data protection laws and we ensure that, unless adequacy regulations apply to the destination country, appropriate safeguards are in place to protect your rights and freedoms relating to your personal data. These include our use of the Information Commissioner’s Office’s approved International Data Transfer Agreement (a copy of which is available by contacting us as below).

How long we store your Personal Data for

We may retain your Personal Data for a duration consistent with the original purpose of its collection (see “Our legal basis for processing your data” above) or for as long as necessary to fulfil our legal obligations. The appropriate retention period for Personal Data is determined based on the volume, nature and sensitivity of the data being processed, the potential risk of harm from unauthorised use or disclosure, whether we can achieve the processing purposes through alternative means and relevant legal requirements (for example, applicable statutes of limitation).

Upon the expiration of the applicable retention periods, your Personal Data will be deleted. Should there be any data that cannot be entirely removed from our systems due to technical reasons, we will implement suitable measures to prevent any further use of such data.

For additional information on data retention periods, please contact us using the details provided below.

Your rights

Under data protection law you have the following rights you should be aware of.

Your right of access

You have the right to ask us for copies of your Personal Data which we are processing. You can read more about this right here.

Your right to rectification

You have the right to ask us to correct Personal Data you think is inaccurate. You also have the right to ask us to complete Personal Data you think is incomplete. You can read more about this right here.

Your right to erasure

You have the right to ask us to erase your Personal Data in certain circumstances. You can read more about this right here.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your Personal Data in certain circumstances. You can read more about this right here.

Your right to object to processing

You have the right to object to processing  in certain circumstances. You can read more about this right here.

Your right to data portability

You have the right to ask that we transfer your Personal Data to another organisation or give it to you, in certain circumstances. You can read more about this right here.

Automated decision making or profiling

We do not use automated decision making or profiling.

Cookies

We use the following website cookies to understand how you use our website and improve your experience on our website.