General Data Protection Regulation (GDPR)

Appoly GDPR Statement

Appoly Ltd

The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will impact every organisation which holds or processes personal data.

Appoly has a commitment to high standards of information security, privacy and transparency. Our preparation for GDPR started in October 2017 and as part of this process, we are reviewing (and updating where necessary) all of our internal processes, procedures, data systems and documentation. The company will comply with applicable GDPR regulations when they take effect in 2018.

What is important to recognise is that compliance is a shared responsibility and all organisations will need to amend their data management practices.

Our Data Protection Officer is James Merrix (

All of our staff and contractors are familiar with GDPR and their personal responsibilities.

All staff are trained on induction and every two years (or sooner if there is a major change in legislation).

You have a right to erasure. If you wish to be erased, please contact us via our website contact form.

Our GDPR Principals are:

  • Data is processed fairly and lawfully.
  • Data is processed only for specified and lawful purposes.
  • Processed data is adequate, relevant and not excessive.
  • Processed data is accurate and, where necessary, kept up to date.
  • Data is not kept longer than necessary.
  • Data is processed in accordance with an individual’s consent and rights.
  • Data is kept secure.
  • We do not process sensitive information directly. We may process information on behalf of a client if they ask.
  • All storage is secure and our suppliers have GDPR procedures in place.

You have the right to lodge a complaint with the supervisory authority who is the Information Commissioner’s Office