Data Protection and Privacy Policy

This is the Data Protection and Privacy Policy of Apogee Property and Utility Consultants Limited.

Welcome to Apogee’s privacy policy. We appreciate you taking the time to read all our notices carefully. 

Apogee Property and Utility Consultants Limited (“Apogee”) are committed to protecting your privacy by ensuring that personal data is collected and used lawfully and transparently. When delivering our professional services, such as consultancy advice, utility services and general reports, we are the Data Controller of the business or personal data you supply to us under your contract with us. When delivering any of our online services or platforms, such as our polygon drawing facility or downloadable reports, we are deemed as a Data Processor. 

This Privacy Notice explains: 

  • Who we are. 
  • Data we collect. 
  • How we collect your data. 
  • How we use your data. 
  • Data sharing and international transfers. 
  • Data storage and security. 
  • Data retention. 
  • Your legal rights. 
  • Queries and complaints. 
  • Additional information. 

WHO WE ARE:

Apogee Property and Utility Consultants specialises in property development, planning and utility consulting services to businesses and consumers within Great Britain. 

When providing these services, we take our responsibilities regarding data protection very seriously. We are bound by all applicable data protection laws regarding the handling, processing, and collecting of data. All employees handling personal and business data are fully trained to ensure the data is processed as per the General Data Protection Regulations 2018 (GDPR) and The Data Protection Act 2018 (DPA 2018). 

DATA WE COLLECT:

The type and frequency of data collected will always depend on how our website and services are used. If you do not wish to provide us with specific categories of data, you may not be able to use our services in their entirety. 
 
Please also note that we only collect and store personal data regarding our employees, but with our business customers, we only store the business data you supply to us. If you supply us with personal email addresses or contact details, these will be removed from our systems within 90 days. 
We determine business email addresses by taking the domain name from your email address and researching whether this domain name points towards a legitimate business, legal company records and a credit reference check. If not, then we will classify these details as personal data, and as such, this data will be removed from all our systems within 90 days.   
 
On all occasions, this information and associated decisions are derived from a predetermined, documented human process. 
 
We classify the following as Business Data: 

Type of Data Examples of Data Collected/Stored
FinancialIncludes bank account/payment card details.
TransactionIncludes details about payments to and from customers/other details of services/products customers have purchased.
Technicalincludes IP address/customer login data/browser data/browser type

and version/location/operating system and platform/other technology

on the devices users use to access the website.
Profilencludes Usernames and passwords/purchases and/ or orders made,

and user /customer preferences/feedback.
Usageinclude information about how the user uses the website, products, and services
Marketing and Communicationsincludes the user’s preferences in receiving marketing from the

business and third parties and the user’s communication

preferences.

We classify the following as Personal Data: 

Type of DataExamples of Data Collected/Stored
Employee Data Includes name, address, date of birth, contact email address, contact telephone number, bank details, driving licence number, passport number, national insurance number, emergency contact details and next of kin information.
Job Applicant Data Includes name, address, contact number and/or email address.
Contact Form Submissions May include name, contact number, and email address.

HOW WE COLLECT YOUR DATA:

Type of Data Examples of Data Collected/Stored
Personal Data provided to usWe use emails and electronic contact forms across our websites. These forms or emails will prompt users to input basic contact details so we can generate quotes, provide information, updates and respond to enquiries.

You may also provide data when registering for a vacancy or corresponding with us by phone, email, or letter.

The personal data we hold about you must be accurate and current. You should keep us informed if your data changes during your relationship with us.

Please note that any data collected from you for business purposes will be removed after 90 days if we deem the data personal.
Personal Data collected by usEmployees only:
We will require your personal information for employment purposes, to remunerate you, for statutory purposes during your employment with us, and safeguarding purposes.

Business Customers only:
We may research and collect data from the internet, Companies House, and credit reference agencies to process Account Applications.
Personal Data from other sourcesEmployees only:
We do not collect personal information from other sources.

Business Customers only:
Regarding payments of orders, we only collect the payment reference information from PayPal. No other information is stored or used by us.

All Website Visitors:
We collect and use analytics data from Google. However, this data is anonymised before use. Employees only:
We do not collect personal information from other sources.

Business Customers only:
Regarding payments of orders, we only collect the payment reference information from PayPal. No other information is stored or used by us.

All Website Visitors:
We collect and use analytics data from Google. However, this data is anonymised before use.
Special Categories of DataEmployees only:
There may be instances where we need to process Special Category Data provided by you. This Special category data which we collect from you is about your health. We will not collect or store any other unique category data about you.

The fundamental rights of the data subjects are continually assessed to ensure that the processing is fair, transparent, and lawful.
Online IdentifiersWhen you visit our website, a record of your device’s IP address is retained and used anonymously to determine website and page visitors.

Please visit our cookies policy for more information on how we use online identifiers or cookies.

HOW WE USE YOUR DATA:

Before processing personal data, we ensure that at least one lawful basis is met under the Data Protection Acts or the GDPR. We will not disclose personal data for any purpose other than what the data was initially collected for unless an overriding legal basis enables this processing. 
 

We may collect, hold, use and disclose the information collected to compile statistical data and to maintain our database; to develop or improve our website; respond to any queries; notify you of any upcoming marketing, training or other events that we think may be of interest to you; provide you with publications; manage quality control and compliance issues; manage systems administration; provide you or your organisation with advice; notify you about significant changes or developments to our services; contact you for your views on our services or to determine the suitability for employment.

 

We may also process your data in the following circumstances:

Purpose/ActivityType of data Lawful basis for processing, including basis of legitimate interest
To register you as a new customer
(a) Identity

(b) Contact
Performance of a contract with you.
To process and deliver your order, including:

(a) Manage payments, fees, and charges

(b) Collect and recover money owed to us
(a) Identity

(b) Contact

(c) Financial

(d) Transaction
(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

(c) We record all calls to our staff members, including internal, inbound, or outbound calls. We often rely on a lawful basis to process data for the duration of servicing on your account. The decision to enter an initial or any subsequent contract is under our ‘legitimate interests.’

(d) Ensuring our administrative and IT systems are secure and robust against unauthorised access also falls under this basis.
To manage our relationship with you, which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey







(a) Identity

(b) Contact

(c) Profile

(d) Marketing and communications
(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and this website.
(Including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)
(a) Identity

(b) Contact

(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation


To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. (a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and communications



Necessary for our legitimate interests (to study how customers use our products/services to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, and customer relationships (a) Technical

(b) Usage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant to develop our business and to inform our marketing strategy)



To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

(f) Marketing and communications

Necessary for our legitimate interests (to develop our products/services and grow our business)
For fraud prevention (a) Due to the products/services we offer to companies, we also have a ‘legal obligation’ to validate the status of companies we work with which may involve identifying and verifying individual data subjects as part of our ‘legitimate interests to safeguard against criminal or fraudulent activities.

(b) We also need to ensure that VAT and premium tax is paid.


When you apply for a vacancy or begin employment with us.
(a) You provide several pieces of data to us directly during the recruitment exercise. In some cases, and to facilitate our ‘Legitimate Interests’ we will collect data about you from third parties, such as employment agencies and former employers, when gathering references or credit reference agencies.

(b) Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins.

(c) We have a Legal Obligation to ensure you have a right to work in the UK and make reasonable adjustments for you if you have a disability.

(d) The ongoing lawful basis we rely on to process your data will be under our legal obligations or legitimate interests, which may include assessments made on salary.

DATA SHARING AND INTERNATIONAL TRANSFERS:

Personal data will only be disclosed confidentially to external service providers so that they can provide financial, technological, or administrative assistance. When we share data with an external third party, these operations are governed by a Data Processing Agreement (DPA). We perform regular due diligence on any external companies we work with to maintain high data integrity levels.

 

Any transfers outside the EEA are only permitted with the provision of an Adequacy Decision, Standard Contractual Clauses (SCCs) or any other lawful transfer mechanism. We may need to share data with external organisations such as law enforcement, regulatory bodies, fraud prevention agencies, partners, or advisors where necessary. Before any data is shared, we ensure that all technical and organisational controls are firmly in place and a data protection impact assessment is undertaken, where applicable, if the sharing or transfer is considered high risk.  
 
We do not sell your data to any third parties. 

DATA STORAGE AND SECURITY:

We have a dedicated Information Security team who are in place to offer protection across all our networks and IT assets to assist with data security and data loss prevention.  
 
Our systems are robustly secured; we are ‘Cyber Essentials certified.

We also have a specialised Incident Response Team to respond quickly to data-related issues, including preventing and detecting cyber criminals. For all customers, we maintain that all cloud providers have servers based within the UK and EEA districts. As a company, we promote a ‘paperless’ culture where possible. 

 

DATA RETENTION:

We only keep your data for as long as necessary unless there is an overriding legal ground. We will not retain data if it is deemed unlawful to do so.  
 
Data may be held for purposes relating to the establishment, exercise, or defence of legal claims that our clients or we may face. Where we represent you in any legal case, we retain the data for seven years from the conclusion of the litigation case. We will also typically keep data concerning your account for at least seven years from the date you end your contract with us.  
 
Some data may be deleted before this period depending on the category of that data in line with our commercial legitimate interests and retention schedule; for example, data provided to us during an unsuccessful job application will be retained up to six months after the recruitment exercise. 
 
Personal data no longer necessary is deleted securely per Apogee’s Data Disposal Policy. Our Data Retention and Data Disposal policies are available upon request. 

YOUR LEGAL RIGHTS:

All data subjects have individual rights. On a case-by-case basis, you have the following rights concerning your data processed by Apogee: 

  • The right to know how your data is collected and used.
  • The right to request access to a copy of any personal data that we hold about you.
  • The right to rectify personal data we may hold which is identified as incorrect or misleading.
  • The right to erase personal data, also known as ‘the right to be forgotten.’ 
  • The right to restrict further processing of your data.
  • The right to data portability, where technology allows us to send personal data onto a new controller. 
  • The right to object to the processing or certain processing activities. 
  • Rights concerning automated decision-making, including profiling. 
 

As an organisation, we do not operate any automated decision-making systems. Please be aware that the rights listed in this section only apply to individuals and cannot be used to request data relating to business entities.  
 
Please be aware that your access rights do not entitle you to any physical or digital copy of any documentation we hold. 

QUERIES AND COMPLAINTS:

All data subjects have individual rights. On a case-by-case basis, you have the following rights concerning your data processed by Apogee: 

  • The right to know how your data is collected and used.
  • The right to request access to a copy of any personal data that we hold about you.
  • The right to rectify personal data we may hold which is identified as incorrect or misleading.
  • The right to erase personal data, also known as ‘the right to be forgotten.’ 
  • The right to restrict further processing of your data.
  • The right to data portability, where technology allows us to send personal data onto a new controller. 
  • The right to object to the processing or certain processing activities. 
  • Rights concerning automated decision-making, including profiling. 
 

As an organisation, we do not operate any automated decision-making systems. Please be aware that the rights listed in this section only apply to individuals and cannot be used to request data relating to business entities.  
 
Please be aware that your access rights do not entitle you to any physical or digital copy of any documentation we hold. 

ADDITIONAL INFORMATION:

This version was last updated and reviewed in March 2023. 

We regularly review and monitor regulatory guidance for any industry changes which may impact our business operations or your rights and freedoms. 

In this privacy notice, “personal data” means any information relating to an individual who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data or an online identifier. 

We are legally known as Apogee Property and Utility Consultants Limited.

Our Head Office for all correspondence is:
Blount House Hall,
Hall Park Way,
Telford,
Shropshire,
TF3 4NQ

Our registered office is at Suite 2, Sigma House Hadley Park East, Telford, Shropshire, TF1 6QJ, United Kingdom.
We are registered in England and Wales under company number 11208090. 
Our VAT registration number is GB294459458

Telephone:

01952 686 570

Address:

Suite 2
Blount House
Hall Park Way
Telford
TF3 4NQ