Privacy Policy

1 Purpose

We are committed to protecting the privacy and rights of our employees, associates, and job applicants. This Privacy Policy explains how Apache iX Limited (“we”, “us”, “our”) processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable UK data protection legislation.

2 Scope

This privacy notice applies only to personal data processed in the context of employment, sub-contracting, or recruitment, including through use of our website. It does not cover any personal data we may process as part of the work we do for our clients, which is covered under separate agreements. In all cases, we do not collect, store, or use personal data belonging to customers, website visitors, or the general public.

3 Objectives

The objectives of this policy are to:

  • Demonstrate our compliance with UK GDPR, the Data Protection Act 2018, and all other applicable UK data protection legislation
  • Describe our legitimate interests
  • Describe the types of data we collect and what we use it for
  • Provide people with a Point of Contact (POC) should you wish to exercise your data protection rights.

4 Privacy Policy

4.1 Who we are

Apache iX Limited is UK based engineering and P3M technical services consultancy:

  • Legal name: Apache iX Limited
  • Registered address: C/O Apache iX, Bristol & Bath Science Park, Dirac Crescent, Bristol, England, BS16 7FR.
  • Registration number: 09263201.
  • Data Protection Officer POC: dpo@apacheix.co.uk

We act as data controller and determine the purposes and means of processing employee, associate, and job applicant personal data.

4.2 Personal data we collect

We process only the personal data necessary for employment, sub-contracting, and recruitment related purposes. This may include:

  • Employment and HR data:
    • Full name, contact details, date of birth
    • Emergency contact/next of kin information
    • National Insurance number
    • Bank details for payroll
    • Salary, benefits, employment history
    • Performance and appraisal records
    • Training and qualification records
    • Sickness absence information
    • Disciplinary and grievance information.
  • Special Category Data (where relevant and lawful):
    • Health information for sick pay, workplace adjustments, or statutory reporting
    • Equal opportunities monitoring data (e.g., ethnicity, disability) – collected only for compliance or monitoring and always voluntary
    • Criminal records checks (if required for specific roles)
    • Background security checks (if required for specific roles).
  • Recruitment data
    • CVs, application forms, interview notes
    • Right-to-work documentation.
  • Website log files (only applicable for website user traffic and is not personally identifiable):
    • IP address, browser type, ISP, referring/exit pages, operating system, date/time stamp and clickstream data

We collect this information directly from employees, associates and applicants, via cookies on our website, and where necessary, from third parties such as referees, recruitment agencies, HMRC, or government bodies.

4.3 Legal basis for processing

We process employee personal data only where we have a lawful basis under the UK GDPR. These may include:

  • Contract – processing necessary to enter into or perform an employment or associate contract.
  • Legal obligation – complying with UK employment, tax, and health & safety law.
  • Legitimate interests – such as managing the workforce, ensuring security, and improving business operations (which are subject to purpose, necessity and balancing tests where required).
  • Consent – used only where no other lawful basis applies (e.g., certain optional benefits). Consent can be withdrawn at any time.

Special category data is processed only under conditions permitted by law, such as employment law obligations or where the employee has given explicit consent.

4.4 How we use personal data

We use employee, associate and job applicant personal data for purposes including:

  • Recruitment, onboarding, and employment administration
  • Payroll, pensions, benefits, and expense payments
  • Managing performance, development, and training
  • Ensuring health & safety, wellbeing, and workplace adjustments
  • Statutory reporting and compliance
  • Managing absences, disciplinary matters, and grievances
  • Security, IT access management, and fraud prevention
  • Analysing website traffic trends, administering the website, tracking user behaviour around our website, and to gather basic demographic data.

We do not sell, trade or otherwise use or transfer employee, associate or job applicant personal data to third parties for any purpose E.g. marketing.

4.5 Who we share personal data with

We may share personal data with the following categories of recipients:

  • Payroll providers and pension administrators
  • Benefits providers (e.g., healthcare, life insurance)
  • HMRC and other government authorities
  • IT and system service providers under contract
  • Auditors, legal advisers, or regulators
  • Training providers and professional bodies
  • Background screening providers (where relevant)

All third-party processors are contractually required to protect personal data and process it only on our instructions.

4.6 Third party links

Our website may contain links to third-party websites or services that are not owned or controlled by Apacheix.co.uk. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of those third parties before providing any personal information.

4.7 Website cookies and analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets several cookies to evaluate your use of our website and enable us to carry out the actions described in section 4.4. Google stores the information collected by these cookies on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out in Section 4.4.

If you wish to reject or delete this cookie follow the instructions under “Exporting, removing & deleting your information” here:

http://www.google.com/intl/en/privacypolicy.html

4.8 International transfers

If we as data controller transfer personal data outside the UK (for example, through service providers), we ensure that appropriate safeguards are in place, such as:

  • UK adequacy regulations, or
  • UK International Data Transfer Agreements (IDTAs) or Addendums

You may request details of current safeguards by contacting us.

4.9 Data retention

We retain personal data only for as long as necessary for lawful employment and business purposes or to meet legal requirements. Typical retention periods include:

  • Indefinitely for certain basic information to maintain proper database records E.g.
    • Payroll, tax records, accounting records
    • Relevant Health and Safety records
    • Job applicant names and contact details
  • 6 months following departure from the company:
    • All other personal data not required above.
  • For as long as you give us permission to do so for a specific purpose E.g.
    • Your CV, contact details, and availability if you are on our associate register.

Where retention differs, we follow our internal data retention policy.

4.10 Your rights

Under UK data protection law, employees, associates, and applicants have the right to:

  • Access their personal data
  • Rectify inaccurate or incomplete data
  • Erase data where legally applicable (“right to be forgotten”)
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interests
  • Data portability (where applicable)
  • Withdraw consent at any time (where consent is the basis for processing)

To exercise your rights, contact us either in writing or via email using the details in Section 4.1.

4.11 Automated decision making

We do not use employee personal data for automated decision-making or profiling that produces legal or significant effects.

4.12 Security

We take security very seriously and appropriate technical and organisational measures are in place to protect personal data, including access controls, secure storage, encryption, and staff training. Access to employee, associate and job applicant data is restricted to authorised personnel only.

4.13 How to raise a concern

If you have concerns about how your data has been handled, you can contact our Data Protection Officer at:
dpo@apacheix.co.uk

You also have the right to lodge a complaint with:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
www.ico.org.uk

5 Roles and Responsibilities

Role Responsibility
Employees, Associates & Job Applicants Ensure they read, understand and accept this policy before providing your personal data to us.
Data Protection Officer Responding to information requests, advising the business on its obligations, monitoring compliance, and acting as the POC with the ICO if required.
CBO Responsible for implementing this policy across the business.
CIO Accountable to the board for compliance with this policy.

6 Training and Awareness

All staff involved in the processing of personal data receive the appropriate training to ensure we carry out our activities lawfully and according to this policy.

7 Reviews, Updates and Audits

We may update this notice from time to time. The latest version will always be published on our website.

Last updated: December 2025