AP3 Privacy Policy

  1. Introduction

AP3 is the trading name of AP3 Advisory Services Limited, which is registered as a company in England, with company number 13322746.

We have appointed Helen Ots as our Data Protection Manager. She is responsible for this notice and can deal with any questions you may have about it, or about your Personal Data. Please contact helen.ots@ap3advisory.com.

AP3 respects your privacy and is committed to protecting your Personal Data.

This privacy notice tells you about:

  • Who we are, and how to get in contact with us.
  • The data we collect about you when you use this website, or any of our services.
  • How we look after your Personal Data, including when you sign up to our mailing lists.
  • Your privacy rights and how the law protects you.
  • Important information about us and contact details.


  1. The data we collect about you

Some of the data we collect is known as Personal Data. This is because you can be identified from it. There are three types of Personal Data that we will collect from you from time to time.

The first is Identity Data. This is about who you are, and includes your name(s), title, gender, and your date of birth.

The second is Contact Data. This is about how you can be contacted, and includes addresses, email addresses and telephone numbers.

The third is Marketing Data. This is about your preferences, including what you want us to contact you about and how.

Sometimes we will use your Personal Data to put together statistics and research. For example, we might want to work out how many users are accessing a particular website feature. We will not do this in a way that can identify you.


  1. Special Data

There are certain types of Personal Data called Special Category Data which is particularly sensitive because it can be used to identify details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and information about your health.

We do not collect any Special Category Data about you. Nor do we collect any information about criminal convictions and offences.

Occasionally we will be given Special Category Data by organisations who we are working with as clients to deliver products and services. We will not be actively processing this data and will only keep it for as long as is necessary.


  1. Changes to your personal information

We want to make sure that any personal information that we hold about you is accurate and current. Please let us know if your details change.


  1. How is your Personal Data collected?

We use different methods to collect data about you. You might give it to us directly. For example, when you:

  • meet us,
  • fill in forms, or when you correspond with us by post, phone, email or in some other format,
  • contact us about our products or services,
  • request to join the Expert Directory,
  • contract with us in relation to our products and services,
  • subscribe to our service or publications, such as a newsletter,
  • request marketing to be sent to you,
  • enter a competition, promotion, or survey, or give us some feedback.

We may use Third parties or publicly available sources. We may collect Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.

We may be given your Personal Data to process by organisations that we work with as clients, in order to deliver our products and services. They will usually be in charge of how the data is to be used.


We use cookies on our website. Our cookie policy explains the cookies we use and why.

  1. How we use your Personal Data

We will only use your Personal Data when the law allows us to. Usually, it will be in the following circumstances:

  • Where you have given us your express consent.
  • Where we need to perform a contract we are about to enter into or have entered into with you.
  • Where the contract is not with you, but using the data is reasonable and necessary for us to run our business for our legitimate interests (or those of a third party). This includes using your data as part of carrying out our usual business activities, but only if it has been provided for that purpose, and your interests and fundamental rights are not compromised.
  • Where we need to comply with a legal or regulatory obligation. For example, where a Court or Government agency is allowed to request the data.

Do we need your consent?

Generally, we do not need your consent unless we are sending you direct marketing communications via email. We will ask for your consent before sending you marketing communications. To do so you can tick the ‘opt in’ box in our Contact Us page. You have the right to withdraw consent to marketing at any time by using the unsubscribe links or by emailing enquiries@ap3advisory.com with “unsubscribe”.

We have put together a table below which describes some of these uses, and the legal reasons we rely on. Some of these will overlap.

Purpose/Activity Type of Personal Data being used Lawful reason we use


To send you a newsletter by email Identity



Your consent when you sign up to our Expert directory
To deliver relevant marketing and website content to you and measure or understand the effectiveness of such content Marketing Legitimate Interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy.
To contact you to make suggestions and recommendations to you about goods or services that may be of interest to you where you are part of an existing client relationship Identity


Legitimate Interest (to develop our business and services, particularly where we regard these as genuinely useful to you)
To register new client contact details Identity


Legitimate Interest (where we are delivering products and services and you are connected to one of our clients)
To process and deliver services to clients Identity



Performance of a contract with you

Necessary for our legitimate interests (where you are not a party to the contract)

To register new consultant contact details Identity


Legitimate Interest (where we are delivering products and services)
To process and deliver services to consultants Identity


Performance of a contract with you
To manage our relationship with you which will include:

·       Notifying you about changes to our terms or privacy policy

·       Asking you to leave a review or take a survey




Performance of a contract with you

Necessary to comply with a legal obligation

Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to complete a survey Identity



Performance of a contract with you

Necessary for our legitimate interests (to study how clients use our products/services, to develop them and grow our business)


Change of purpose

We will only use your Personal Data for the reason it was collected, unless we reasonably consider that we need it for another reason which is almost the same, or compatible with the original reason.

We will ask for your consent if we need it for a completely new reason, unless we need to use it to comply with a legal obligation.

Marketing from us

If you are part of an existing client relationship, we may use your Identity or Contact Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.

Third-party marketing

We do not share your Personal Data with anyone outside of AP3 for marketing purposes. If we want to do this, we will ask you for your express consent.

Opting out

You can ask us to stop sending you marketing messages at any time by emailing ‘unsubscribe’ to enquiries@ap3advisory.com. Where you opt out of receiving these marketing messages, this will not stop us using the Personal Data for other lawful reasons, or for contacting you as part of delivering our business services, where we have a legitimate reason or doing so, for example, when we are delivering a contract.


  1. Sharing your Personal Data

We do not share your Personal Data with anyone for marketing purposes, but we will need to share it with certain organisations in order for us to carry out our usual business activities, especially the processes we set out in the table above. These organisations provide us with business support such as email software and data storage.

Your Personal Data will be shared with third parties in the following circumstances. Please note that this list is subject to change and we will update it as soon as is reasonably practicable after it does.

Organisation         Location Reason for sharing
Microsoft Corporation United States Necessary as part of our communication systems and for storing data
Mailchimp/ The Rocket Science Group United States Necessary for as part of our communication systems and for storing data
Less Annoying CRM United States Necessary for as part of our communication systems and for storing data


We may also share your Personal Data with certain third parties if we are about to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

  1. International transfers

Many of the third parties who we use for the processing of your Personal Data are based outside the European Economic Area (EEA) so their processing of your Personal Data will involve a transfer of data outside the EEA.

Whenever we transfer your Personal Data out of the EEA, we make sure that it is protected in at least one of three ways:

  • The Personal Data is transferred to a country approved by the European Commission as providing sufficient protection,
  • The Personal Data is transferred under contractual terms approved by the European Commission, or
  • Where Personal Data is transferred to the United States, the recipient must be certified as part of the UK-US privacy shield approved by the European Commission.
  1. Data security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

However, despite all our precautions, no data transmission over the internet is 100% secure. As a result, we cannot guarantee the security of any information which you disclose to us and so wish to draw your attention to the fact that you do so at your own risk.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Data retention

We will only keep your Personal Data for as long as necessary to fulfil the purposes we collected it for. We may need to keep it for longer to satisfy any legal, accounting, or reporting requirements.

We will consider the type of Personal Data we hold and whether it is particularly sensitive before working out how long we should keep it for. Wherever possible we will anonymise it so that you cannot be identified.

In some cases, you will be able to ask us what Personal Data we hold about you and request that it be deleted. See your right to request erasure below.

  1. Your legal rights

You have a number of important legal rights. Sometimes these rights will be limited by our right to legitimately run our business, or because there is legal reason preventing us from letting you exercise your rights fully.

You are entitled to do the following:

  • Request access to your Personal Data (known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us to keep using it, or we have not been using it lawfully.
  • Object to processing of your Personal Data. This enables you to object to us using your data as part of reasonably running our business (a legitimate interest) because you feel that that your fundamental rights or freedoms have been compromised.
  • Request a restriction on processing of your Personal Data. This enables you to ask us to stop using your data, without necessarily deleting it, or to just to put its use on hold while we establish why we need it.
  • Request the transfer of your automated Personal Data to you or to a third party. If you consented to providing data by an automatic process, for example where it has been collected by some sophisticated software, then you can ask for it to be provided to you or to a third party.
  • Withdraw consent at any time where you have given us this consent in the first place to use the data for a specific reason. This may mean we will not be able to provide certain products or services to you.
  1. How to exercise your rights

If you wish to exercise any of your rights or if you have any concerns about our use of your personal data, please contact our Data Protection Manager, Helen Ots by email at helen.ots@ap3advisory.com.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. In these cases, we may be justified in refusing to comply with your request.

What we may need from you

We may need some information from you to help us confirm your identity and to ensure you do have a valid right. This is a security measure to ensure that your data is not disclosed to anyone else who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within a month. Occasionally it may take us longer than a month if your request is particularly complex or you have made many requests. In this case, we will notify you and keep you updated.

Information Commissioner

If you have any concerns about our use of your Personal Data, as well as contacting our Data Privacy Manager you  can  also  contact  the  Information  Commissioner at https://ico.org.uk/global/contact-us/.

  1. Changes to our privacy notice

We will keep our privacy notice under regular review and will place any updates on this webpage. This privacy notice was last updated on 7 March 2022.