At Apex Privacy we support companies in achieving GDPR compliance and a big part of our process is developing customer-facing resources that showcase our client’s GDPR compliance strategy. We take the medicine we prescribe, so feel free to read on!
With privacy and data protection being the heart of our business, it is paramount for us to safeguard the privacy of our clients and visitors on our website, and to maintain compliance with privacy legislation. In a few words, we practice what we preach.
The data we process about you depends on who you are and how we interact with you.
We Collect Data About You in the Following Instances:
• Joining our newsletter
• Downloading resources
• Inquiries on our services
• Filling in an online form
• Applying to our team
Our services are not intended for children, therefore we do not knowingly collect data from any natural person under the age of 18.
Apex Privacy acts as a controller for the personal data, namely the representatives of our corporate clients, potential clients and other stakeholders such as suppliers and their representatives. Apex Privacy will also act as a processor for personal data in the context of providing our services to our clients. For example, when a client provides us with access to databases, software and communication tools during a privacy audit. Our customers always remain controllers of this personal data.
Collection and use of personal data:
Our core business is not the collection of your personal data. We process a minimum amount of personal data, only what is necessary to offer and provide our services, which allows us to operate our business. We will only process your personal data on predefined purposes and we make sure that we have a clear legal basis for doing so.
Personal data we collect:
• Contact & Identity Data: includes an email address, name and phone number.
• Usage Data
• Aggregated data that helps us understand how to optimize our website to provide a better user experience
• Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system device technology used to access this site.
We process personal data for the following purposes:
• Where we need to perform the contract we are about to enter into or have entered into with you
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
• Where we need to comply with a legal or regulatory obligation to engage with you in a recruitment process
Data sharing and disclosures:
We use third-party service providers to deliver our services and optimize how we operate our business. We audit our service providers who process your personal data to ensure that they do so in accordance with the laws and relevant data protection practices.
To ensure the processing of your personal data is performed in accordance with our standards, we enforce data processing agreements with every service provider we use for the personal data processing. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We will not disclose any personal data you have given to us other than as described in this statement, unless you have authorized us to so do, or if we are required to do so by law.
Apex Privacy has an appropriate information security policy tied to procedures that protect personal data from breach, misuse and loss. We ensure we have technical and operational measures in place that define a standard for how we protect our client data.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons whose personal data are subject to the GDPR, ApexPrivacy has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the following as appropriate: the pseudonymisation and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to data in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. We guarantee that your data is kept confidential and secure. All the employees authorized to process your data are committed themselves to confidentiality. We have a procedure to manage data breaches which allow us to assess the possible risks, notify the relevant authorities and alert you in case your personal data may have been affected. We ensure awareness within our organization through regular training and consultation.
You have several rights concerning your personal data, such as the right to access, update, delete and have a copy of such data as well transfer it between IT environments of your choosing. We seek to ensure that you can exercise your rights efficiently. You exercise your rights by reaching us at email@example.com
Under the law, you are granted six fundamental rights when data about you is being processed. We will ensure to reach out without undue delay (no more than 30 days) when you submit a request related to exercising your data subject rights. Although uncommon, when applicable for official or legal reasons we may be unable to address the specific request you make related to your rights.
Also, if a request is manifestly unfounded or excessive, in particular because of their repetitive character, we may either:
charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
refuse to act on the request.
In this scenario will we inform you of the reasons we believe your request is manifestly unfounded or excessive character of the request.
As a data subject, you may:
request access to the personal information we process about you;
request that we correct inaccurate or incomplete personal information about you;
request deletion of personal information about you;
request restrictions, temporarily or permanently, on our processing of some or all personal information about you;
request transfer of personal information to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated – data portability (e.g. on a PDF file);
and opt-out or object to our use of personal information about you where our use is based on your consent or our legitimate interests.
If we have reasonable doubts concerning your identity, we may request the provision of additional information necessary to confirm it.
If you wish to exercise your rights, or if you have any other question relating to your rights or this privacy statement, please contact us at firstname.lastname@example.org You also have the right to lodge a complaint with a supervisory authority. You can complain to the Data Protection Commission (‘DPC’) or exercise any of your other rights pursuant to data protection law.
Information about how to do this is available on the DPC website at www.dataprotection.ie.
We have determined retention periods based on the purpose of the processing and the rules set forth within the GDPR. For example, the GDPR requires us to remove data when it has served its purpose and is no longer of use. We review the personal data we collect (e.g. the information of our business contacts) regularly to ensure that the personal data we have is up-to-date and is not retained longer than needed or required by the regulation.
If you wish to have more detailed information about our retention times, please contact us at email@example.com.
Leaving our website:
Last update: 24/05/2022