Privacy Policy

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Directive (Directive 95/46/EC).

The General Data Protection Regulation builds on previous legislation but enhances privacy rights for individuals.  The GDPR applied in the UK and EU from 25th May 2018.

Appleby Associates Executive Career Consultants (AAECC) are dedicated to being responsible when collecting and using your personal data. The privacy policy below outlines how we will adhere to the GDPR. Your GDPR specific rights came into effect on 25th May 2018.


This policy will outline:

  • The details of the Data Controller and how to contact the Data Protection Officer(DPO)
  • The types of personal data we collect and how we use it
  • Our purpose and legal basis for processing your data
  • How and when we share data with AAECC suppliers and partners
  • How and when we use your data for marketing purposes
  • Our use of cookies and your preferences with use of cookies
  • Your rights to request your personal data and how to do so
  • How you can raise a complaint with the ICO


Who controls my personal data?

  • The Data Controller is AAECC
  • The registered address is Market House, 21 Lenton Street, Alton, Hampshire GU34 1HG
  • The Data Controller’s representative is the Data Protection Officer (DPO)
  • You can contact the DPO by
  • Emailing [email protected]
  • AAECC is registered as a Data Controller with the Information Commissioner’s Office. Certificate number ZA360555


Our purpose and legal basis for processing your data

We provide career coaching and outplacement services to individuals, corporate clients and ancillary services.

We collect the personal data of the following types of people:

Clients and prospective clients for our career coaching, career workshops, outplacement and on-line career services;

Individual contacts of our corporate clients and our suppliers;

Our employees, career coaches, licensees and franchisees and business connections


What data will you give to us or will we collect from you?

  • You provide us with your personal data by filling in forms on by corresponding with us by phone, e-mail or otherwise, by subscribing to our services, sharing your details at meetings with us, attending our events, participating in discussion boards or other social media functions on our website or online, by entering a competition, promotion, or survey or by reporting a problem with our site or by voluntarily providing your personal information directly to AAECC at any other time e.g. giving us your business card
  • The types of personal data we collect may vary according to its purpose, we typically collect information such as: your full name, telephone number, email address, postal address, and Curriculum Vitae. We will also record any other relevant professional or personal information which is relevant to your career situation and how we might help you e.g. salary details
  • Personal Data may also include links to professional sites such as LinkedIn, Twitter, or a corporate website


What are the purposes and legal bases for our processing?

We use information held about you in the following ways:

  • To carry out our obligations arising from any contracts we intend to enter or have entered between you and us and to provide you with the information, products, and services that you request from us or we think will be of interest to you because it is relevant to your career or to your organisation
  • To provide you with information about other goods and services we offer that are like those that you have already purchased, been provided with, or enquired about
  • Our main legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation, and consent for specific uses of data
  • We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligation, for example, our statutory obligation as an employer
  • We will in some circumstances rely on consent for uses of your data and you will be asked for your express consent e.g. before sharing your details with a recruiter or as part of a media request


Our Legitimate Business Interests

  • To provide career coaching, career workshops, outplacement and online career services to individuals and corporate clients
  • To manage employee and contractor relationships
  • To manage our corporate rights and obligations



  • Should we want or need to rely on consent to lawfully process your data we will request your consent, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this processing at any time


Other uses we will make of your data:

  • To notify you about changes to our services;
  • To ensure that content from our site is presented in the most effective manner for you and for your computer
  • To administer our site and for internal operations, including troubleshooting, security, data analysis, testing, research, statistical and survey purposes
  • To allow you to participate in interactive features of our service, when you choose to do so
  • To measure or understand the effectiveness of our advertising that we serve to you and others, and to deliver relevant advertising to you
  • We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision-making process


Who will have access to your data inside and outside of European Economic Area (EEA)?

We will share your personal information with selected third parties including:

  • Our data processors, licencees, franchisees, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter with them or you
  • We share data with google in accordance with google’s privacy policy terms which you can read here
  • We will not disclose your personal information to third parties except if we sell or buy any business or assets, in which case we may disclose some of your personal data to the prospective seller or buyer of such business or assets for due diligence or substantially all our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets


The lawful basis for the third-party processing will include:

  • Their own legitimate business interests in processing your personal data, in most cases to fulfil their contractual obligations to us
  • To fulfil their legal obligations


Will your data be used for marketing?

  • We will only send you information about our products and services that are relevant to you
  • We may send the communication in several ways including email, telephone, and post


What are cookies and how do they affect your personal data?

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.  Google will also collect data through the use of this website.  You can read more about this through the following link.


Links to other websites

Our website contains links to enable you to visit other websites. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should look at the privacy statement applicable to the website in question.


Where will we store and process your personal data?

  • All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone
  • The data that we collect from you may be digitally transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may be transferred to third parties outside of the EEA for the purposes of our services. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy and UK and EU data protection law, including contractual clauses
  • Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access


How long will we retain your data?

  • We understand our legal duty to retain accurate data that you are happy for us to retain and only retain personal data for as long as we need it for our legitimate business interests or to satisfy legal, accounting or reporting requirements. Accordingly, we have a data retention policy and run regular data routines to remove data that we no longer have a legitimate business interest in maintaining
  • We do the following to try to ensure our data is accurate:

We keep in touch with you, so you can let us know of changes to your personal data


Changes to this Privacy Policy

  • Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy


How safe is your data?

  • Appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
  • We use electronic safeguards including firewalls, anti-virus and anti-malware software to protect your data
  • Only authorised staff have access to personal data and are appropriately trained and supported by policies and procedures for handling personal data
  • For payments, we do not retain your full card details and always require you to provide the last three digits of the security code to process a payment
  • We do not recommend or guarantee the safety of your payment details sent to us electronically via email


What are your rights to your personal data?

  • You have the right to request copies of any personal data held by us.
  • To receive a copy of your personal data please send your written request to the Data Controller, AAECC, 33 St James’s Square, Mayfair, London SW1Y 4JS
  • We will provide you with a hard copy of your personal data held
  • You will not be charged for your personal data request
  • Your data will be returned within 40 days of receiving the request
  • We will require proof of identity
  • You also have the right to the following:
    • The right to prevent data being processed for direct marketing
    • The right to have inaccurate personal data rectified, erased, or destroyed
    • You have the right to make a complaint to a supervisory body, which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link:


Under GDPR you have the following rights:

  • The right to object to processing that is likely to cause, or is causing damage or distress.
  • The right to object to decisions being taken by automatic means.
  • The right to have inaccurate personal data suppressed, rectified, blocked, erased, or destroyed.
  • You can enforce these rights by contacting the Data Controller.


Last Reviewed:       28.04.2023

Next Review:           28.04.2024