Privacy Policy

Apaxon Limited is committed to protecting and respecting the privacy of our customers, contractors, and partners. This Privacy Notice explains how we collect, store, use, and share your personal data in compliance with UK GDPR and other regulations.

We only process data according to the various laws that govern data protection:

• GDPR (UK GDPR from Jan 2021)
• Data Protection Act 2018
• PECR (Privacy and Communications Act)

The data controller is Apaxon Limited, 132 -134 Great Ancoats Street, Manchester, Greater Manchester, M4 6DE. Our company registration number is 09784429.

If you want to contact us regarding this Privacy Notice, or if you have any concerns about how we handle your personal data, please email us at:dataprotection@apaxon.co.uk.

Purpose and Lawful Basis for Processing

We process personal data for different purposes, each with a specific lawful basis:

• Existing Customers: We process your personal data to provide our services, send updates, and issue invoices. This is based on contractual necessity.
• Former Customers: For up to three years after contract termination, we may send you relevant information about our services under the legitimate interest basis, as permitted by the Privacy and Electronic Communications Regulations (PECR).
• Employees of Customers: If your employer is an Apaxon customer, we may have received your personal details from them. We use this data to deliver our services under legitimate interest.
• Newsletter Subscribers: If you signed up for our newsletter, we process your data based on consent. You can withdraw your consent at any time by clicking the "unsubscribe" link in our emails.
• Enquiries via Website: If you contact us via the website, we process your data under performance of a contract if you engage in service discussions. If you don’t become a client, we retain your data under legitimate interest with a strict retention policy.

Where we rely on legitimate interest, we ensure it does not override your rights.

How We Collect Data

We collect data through various interactions, including:

• Face-to-face meetings
• Telephone calls
• Email communications
• Contact details submitted via our website
• Cookies and tracking technologies on our website
• Note: We do not collect personal data from publicly available sources.

Our services are designed for adults, and we do not knowingly collect data related to children. Additionally, we do not engage in any form of profiling of personal data.

The Type of Data We Collect

In our operations, we may have access to various aspects of your organisation’s network. We advise employers to restrict access to highly sensitive areas. Typically, we process the following types of data:

• Full name and contact details (phone, email, address)
• IP address
• Place of work
• Employee ID number
• Financial details (for credit checks and transactions)
• Job title
• Website analytics data (Google Analytics usage tracking)

Retention Policy

We enforce a strict data retention schedule to comply with legal and business needs:

• Former client data is retained for three years for marketing purposes, unless legally required for longer.
• Website visitor data (IP addresses, analytics, tracking data) is stored for up to three years from the last recorded visit.
• Marketing communications: If you have provided consent for email updates, you may withdraw consent at any time via the unsubscribe link in emails or by contacting us at:dataprotection@apaxon.co.uk.

Who We Share Your Data With

To operate our services efficiently, we work with third-party service providers (data processors). Your data may be shared with:

• IT & system administration service providers
• Marketing, advertising, and promotional partners
• Website analytics providers (Google Analytics, tracking tools)
• Cloud-based data storage & hosting providers
• Email, document storage, and backup solution providers
• Accounting & financial service providers

We require all service providers to comply with strict data protection policies and contractual safeguards.

Third-Party Websites

Our website may contain links to external websites operated by third parties. We do not control their privacy policies, and we recommend reviewing their policies before submitting personal data.

Law Enforcement & Business Transfers

We may disclose personal data if required by law enforcement, regulatory authorities, or legal obligations. Additionally, in the event of a business merger, acquisition, or sale, personal data may be transferred to the acquiring entity under the same privacy protection policies.

International Transfers of Personal Data

We do not directly transfer any personal data outside the European Economic Area (EEA). However, some of our service providers (data processors) may store or process data in locations outside the EEA.

Many of these processors operate cloud-based systems, meaning that data may be stored in data centres across multiple locations. In some cases, they may retain copies of your personal data outside the EEA for backup and disaster recovery purposes.

How We Safeguard International Transfers

Where personal data is transferred outside the EEA, we and our processors implement one or more of the following safeguards to ensure your privacy rights are protected:

• Adequacy Decisions – Some countries are deemed by the European Commission to provide an adequate level of data protection.View Adequacy Decisions.
• Model Contractual Clauses (SCCs) – If a transfer occurs to a country without an adequacy decision, we ensure compliance using Standard Contractual Clauses (SCCs) approved by the European Commission.View SCCs.
• EU-US Data Privacy Framework – Where applicable, we work with US-based providers that self-certify under the EU-US Privacy Shield (or its successor frameworks).Learn about the Data Privacy Framework.

Additionally, we assess potential risks of international transfers and apply additional security measures when required.

Your Personal Data Rights

Under UK GDPR and Data Protection Act 2018, you have specific rights regarding your personal data. You can exercise these rights by emailing us at:dataprotection@apaxon.co.uk.

• 📌 Access: Request a copy of the personal data we hold about you.
• 🛠️ Rectification: Request corrections if your data is inaccurate or incomplete.
• 🗑️ Erasure (Right to be Forgotten): Request deletion of your data where no legal basis for retention exists.
• 🚫 Restriction: Request that we limit how we process your data in certain circumstances.
• 🔄 Data Portability: Request transfer of your personal data to another organisation.
• 🔕 Objection to Processing: Object to data processing where we rely on legitimate interests.
• ❌ Withdraw Consent: If processing is based on consent, you may withdraw it at any time.

Lodging a Complaint

If you believe your data protection rights have been violated, you can file a complaint with:

• Information Commissioner's Office (ICO)
  📍 https://ico.org.uk/concerns/
  📞 0303 123 1113

However, we encourage you to contact us first, and we will do our best to resolve your concern promptly.

Security of Your Data

We implement robust security measures to protect your personal data against unauthorised access, loss, misuse, or disclosure.

• 🛡️ Firewalls & Intrusion Prevention Systems
• 🔑 Encryption of Data (at rest & in transit)
• 🔒 Access Controls & Multi-Factor Authentication
• 📜 Regular Security Audits & Penetration Testing

Automated Processing

We do not perform automated decision-making that would significantly impact your rights. However, some automated marketing activities are carried out via our email and advertising platforms. You can opt-out at any time by emailing:dataprotection@apaxon.co.uk.

Keeping You Informed

This Privacy Notice was last updated on 20th March 2025. We may periodically review and update this notice to reflect changes in our practices, legal requirements, or operational processes.

When updates are made, we will revise the "last updated" date at the top of this page. Where changes are significant, we will make reasonable efforts to notify you via email or other appropriate means.

We encourage you to check this page regularly to stay informed about how we protect your personal data and privacy.

How to Contact Us

If you have any questions or concerns about this Privacy Notice, or how we handle your personal data, please contact us at:

• 📧 Email: dataprotection@apaxon.co.uk
• 📍 Address: Apaxon Limited, 132 -134 Great Ancoats Street, Manchester, Greater Manchester, M4 6DE
• 📞 Phone: 01614649941

Your trust is important to us, and we are committed to keeping your personal data safe, secure, and used in compliance with UK data protection laws.