AP3 is the trading name of AP3 Advisory Services Limited, which is registered as a company in England, with company number 13322746.
We have appointed Helen Ots as our Data Protection Manager. She is responsible for this notice and can deal with any questions you may have about it, or about your Personal Data. Please contact email@example.com.
AP3 respects your privacy and is committed to protecting your Personal Data.
This privacy notice tells you about:
Some of the data we collect is known as Personal Data. This is because you can be identified from it. There are three types of Personal Data that we will collect from you from time to time.
The first is Identity Data. This is about who you are, and includes your name(s), title, gender, and your date of birth.
The second is Contact Data. This is about how you can be contacted, and includes addresses, email addresses and telephone numbers.
The third is Marketing Data. This is about your preferences, including what you want us to contact you about and how.
Sometimes we will use your Personal Data to put together statistics and research. For example, we might want to work out how many users are accessing a particular website feature. We will not do this in a way that can identify you.
There are certain types of Personal Data called Special Category Data which is particularly sensitive because it can be used to identify details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and information about your health.
We do not collect any Special Category Data about you. Nor do we collect any information about criminal convictions and offences.
Occasionally we will be given Special Category Data by organisations who we are working with as clients to deliver products and services. We will not be actively processing this data and will only keep it for as long as is necessary.
We want to make sure that any personal information that we hold about you is accurate and current. Please let us know if your details change.
We use different methods to collect data about you. You might give it to us directly. For example, when you:
We may use Third parties or publicly available sources. We may collect Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.
We may be given your Personal Data to process by organisations that we work with as clients, in order to deliver our products and services. They will usually be in charge of how the data is to be used.
We will only use your Personal Data when the law allows us to. Usually, it will be in the following circumstances:
Do we need your consent?
Generally, we do not need your consent unless we are sending you direct marketing communications via email. We will ask for your consent before sending you marketing communications. To do so you can tick the ‘opt in’ box in our Contact Us page. You have the right to withdraw consent to marketing at any time by using the unsubscribe links or by emailing firstname.lastname@example.org with “unsubscribe”.
We have put together a table below which describes some of these uses, and the legal reasons we rely on. Some of these will overlap.
|Purpose/Activity||Type of Personal Data being used||Lawful reason we use
|To send you a newsletter by email||Identity
|Your consent when you sign up to our Expert directory|
|To deliver relevant marketing and website content to you and measure or understand the effectiveness of such content||Marketing||Legitimate Interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy.|
|To contact you to make suggestions and recommendations to you about goods or services that may be of interest to you where you are part of an existing client relationship||Identity
|Legitimate Interest (to develop our business and services, particularly where we regard these as genuinely useful to you)|
|To register new client contact details||Identity
|Legitimate Interest (where we are delivering products and services and you are connected to one of our clients)|
|To process and deliver services to clients||Identity
|Performance of a contract with you
Necessary for our legitimate interests (where you are not a party to the contract)
|To register new consultant contact details||Identity
|Legitimate Interest (where we are delivering products and services)|
|To process and deliver services to consultants||Identity
|Performance of a contract with you|
|To manage our relationship with you which will include:
· Asking you to leave a review or take a survey
|Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|To enable you to complete a survey||Identity
|Performance of a contract with you
Necessary for our legitimate interests (to study how clients use our products/services, to develop them and grow our business)
Change of purpose
We will only use your Personal Data for the reason it was collected, unless we reasonably consider that we need it for another reason which is almost the same, or compatible with the original reason.
We will ask for your consent if we need it for a completely new reason, unless we need to use it to comply with a legal obligation.
Marketing from us
If you are part of an existing client relationship, we may use your Identity or Contact Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
We do not share your Personal Data with anyone outside of AP3 for marketing purposes. If we want to do this, we will ask you for your express consent.
You can ask us to stop sending you marketing messages at any time by emailing ‘unsubscribe’ to email@example.com. Where you opt out of receiving these marketing messages, this will not stop us using the Personal Data for other lawful reasons, or for contacting you as part of delivering our business services, where we have a legitimate reason or doing so, for example, when we are delivering a contract.
We do not share your Personal Data with anyone for marketing purposes, but we will need to share it with certain organisations in order for us to carry out our usual business activities, especially the processes we set out in the table above. These organisations provide us with business support such as email software and data storage.
Your Personal Data will be shared with third parties in the following circumstances. Please note that this list is subject to change and we will update it as soon as is reasonably practicable after it does.
|Organisation||Location||Reason for sharing|
|Microsoft Corporation||United States||Necessary as part of our communication systems and for storing data|
|Mailchimp/ The Rocket Science Group||United States||Necessary for as part of our communication systems and for storing data|
|Less Annoying CRM||United States||Necessary for as part of our communication systems and for storing data|
We may also share your Personal Data with certain third parties if we are about to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
Many of the third parties who we use for the processing of your Personal Data are based outside the European Economic Area (EEA) so their processing of your Personal Data will involve a transfer of data outside the EEA.
Whenever we transfer your Personal Data out of the EEA, we make sure that it is protected in at least one of three ways:
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
However, despite all our precautions, no data transmission over the internet is 100% secure. As a result, we cannot guarantee the security of any information which you disclose to us and so wish to draw your attention to the fact that you do so at your own risk.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only keep your Personal Data for as long as necessary to fulfil the purposes we collected it for. We may need to keep it for longer to satisfy any legal, accounting, or reporting requirements.
We will consider the type of Personal Data we hold and whether it is particularly sensitive before working out how long we should keep it for. Wherever possible we will anonymise it so that you cannot be identified.
In some cases, you will be able to ask us what Personal Data we hold about you and request that it be deleted. See your right to request erasure below.
You have a number of important legal rights. Sometimes these rights will be limited by our right to legitimately run our business, or because there is legal reason preventing us from letting you exercise your rights fully.
You are entitled to do the following:
If you wish to exercise any of your rights or if you have any concerns about our use of your personal data, please contact our Data Protection Manager, Helen Ots by email at firstname.lastname@example.org.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. In these cases, we may be justified in refusing to comply with your request.
What we may need from you
We may need some information from you to help us confirm your identity and to ensure you do have a valid right. This is a security measure to ensure that your data is not disclosed to anyone else who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within a month. Occasionally it may take us longer than a month if your request is particularly complex or you have made many requests. In this case, we will notify you and keep you updated.
If you have any concerns about our use of your Personal Data, as well as contacting our Data Privacy Manager you can also contact the Information Commissioner at https://ico.org.uk/global/contact-us/.
We will keep our privacy notice under regular review and will place any updates on this webpage. This privacy notice was last updated on 7 March 2022.