Apo is your “data controller” and can be contacted as follows:
Data Protection Team
Apo Group Limited
St. Ann Street,
Collection and use of personal data
Your “Personal Data” is information that relates directly or indirectly to you, where you can be identified or you are identifiable from that information or from that and other information. We collect a range of information about you for the purposes set out below.
Information we collect directly from you.
When you transact or otherwise communicate with Apo, we collect a variety of your Personal Data, which may include your:
- Identity card or passport number;
- Contact information including telephone number and email address;
- Demographic information such as postal address;
- Financial information such as bank account details (when you make a reservation or rent an apartment with us);
- Lifestyle information relating to your hobbies or interests to improve our service to you;
- Booking and payment information for reservations, facilities, events and services.
- Other relevant information provided or made available to Apo from time to time.
Information we collect automatically:
When you visit our Site, we automatically collect information about your use of our Site or services through cookies and similar technologies. The information we collect may include: domain name; browser type; device ID; operating system type; device name and model; pages or screens you view; links you click; IP address; when and the length of time you visit or use our services; and the referring URL, or the webpage that led you to our Site.
Information we collect from third parties:
We may also collect information about you from third party sources, such as via social media accounts or our third-party partners.
If you do not provide certain Personal Data marked as mandatory, we may not be able to continue our relationship with you or provide you with our services, or you may not be able to access or use some of the functionalities of our Site.
How Apo uses your personal data
A. Providing our services:
We collect your Personal Data to process your interest in the properties we manage, to secure a membership to our services, complete the letting of your apartment and in order for us to help manage your stay in the properties we manage and the goods and services that you subscribe to through us. Where applicable, the Personal Data we collect about you will be used for internal record keeping purposes, where we have the appropriate consent carrying out credit checks, providing estate management services and general estate management communications. Where we have appropriate permissions, we may also use your Personal Data to contact you about other products and services we think may be of interest to you and use the information collected from the website to personalise your repeat visits to our website.
To ensure that we maintain the security of our Site.
C. Tailoring content:
We may use the information to customize the Site according to your interests.
D. Communicating with you:
Apo uses your Personal Data to inform or send notices, emails, letters or SMS about the properties we manage, , information affecting your home, service support, additions to properties we manage or services we provide and changes to Apo’s terms, conditions, and policies.
Where we have appropriate permissions, we may periodically send targeted advertising and promotional emails about Apo’s latest managed property and upcoming events as well as products and services by third parties, which we think you may find interesting. To stop receiving electronic marketing communications from us at any time, you can click the link at the bottom of any communications received which allows you to unsubscribe, or you can contact us at email@example.com.
F. Analysing use of our services:
From time to time we may use your Personal Data for research and analysis purposes and to run analytics so that we can monitor and improve the services that we provide.
G. Corporate exercises:
To ensure that we can operate as a global organisation and continue to expand and grow, including in connection with mergers, acquisition, sale of assets or joint ventures.
Where required by applicable data protection laws to do so, we will only collect, process or disclose your Personal Data with your consent.
What is our legal basis for processing your personal data?
- necessary for entry into, or performance of, a contract with you; This applies to the processing purposes described at A and D;
- necessary for the legitimate interest of Apo, where these are not overridden by your interests or fundamental rights and freedoms; This applies to the processing purposes described at B, C, E (save where consent is required by law), F and G;
- necessary in order to comply with our legal obligations under certain laws; and
- in limited circumstances, including where consent is required for marketing and to the extent the legal bases for processing do not apply, processed with your consent (which we obtain from you from time to time).
Where you are in the EEA, the ‘legitimate interests’ referred to above are:
- meeting and complying with our accountability requirements and regulatory obligations globally; and
- exercising our fundamental rights and freedoms, including our freedom to conduct a business.
Where required by applicable data protection laws to do so, we will not collect, process or disclose your Personal Data without your consent.
Who has access to your data
- Apo and its subsidiaries and associated companies;
- service providers, such as vendors, service providers, marketing agents, consultants, insurers, adjusters, utility companies, credit reporting agencies or others who provide services such as managing and enhancing customer data, providing customer service, assessing your interest in Apo’s developments and conducting customer research or satisfaction surveys;
- our regulators, such as the UK Information Commissioner’s Office and other regulators and law enforcement agencies around the world to ensure that we can comply with legal obligations;
- solicitors and other professional advisors, where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the security of our Site or as evidence in litigation in which we are involved; and
- any entities who purchase or invest in us or the properties that we manage
Where required by applicable data protection laws, we will maintain a record of any disclosure of Personal Data.
Some of our group entities and processors are located outside of your country, therefore we may share your Personal Data overseas. If we do, Apo will ensure a comparable degree of security of data and ensure at least one of the following safeguards is in place:
- we will only transfer to countries that have been approved by the relevant data protection regulatory authority as providing an adequate level of protection for Personal Data; and/or
- ensure we have in place appropriate contractual protections with the entity we are transferring the Personal Data to as required under applicable data protection laws, which may include entering into standard contractual clauses or data processing agreements.
If you are in the EEA, you have the right to ask us for more information about the safeguards we have put in place as mentioned above.
Protection of personal data
Apo takes the necessary precautions, both administrative and technical, to safeguard your Personal Data against loss, theft, misuse and unauthorised access, disclosure, usage, alteration or destruction.
Accuracy and retention of personal data
Depending on applicable data protection laws, you may have certain rights in relation to your Personal Data which can be exercised by contacting Apo (see Contacting Us section below).
You may have the following rights:
- to request access to your Personal Data and, in some cases, receive information about how we have used that data;
- withdraw your consent to the processing of your Personal Data (where we have obtained your consent);
- correction or rectification of your Personal Data where it is inaccurate or incomplete;
- erasure or deletion of your Personal Data under certain circumstances;
- data portability (where processing is carried out by automated means); and
- in certain circumstances, object to or restrict the use of your personal data for purposes necessary for entry into, or performance of, a contract with you.
We aim to respond to any valid request within one month (or in accordance with such other timeframe as prescribed by applicable data protection laws). If your request is particularly complicated, or you have made several requests, where permitted by applicable data protection laws our response may take longer.
Where permitted under applicable data protection laws, we may charge a reasonable fee for responding to your request (provided such fee shall not exceed the maximum amount permitted by applicable data protection laws).
We do ask that you please attempt to resolve any issues with us first, although you have a right to contact the ICO at any time.