Privacy Policy

Apo Group Limited, incorporated in England & Wales with company number 12376424 (“Apo”, or “us” or “we”) views and treats your Personal Data seriously. This privacy policy (“Privacy Policy”) applies to information we collect about visitors to our website (“Site”), and people who transact with us or note an interest in one of the properties we manage.

Apo is your “data controller” and can be contacted as follows:

Data Protection Team
Apo Group Limited
Windover House,
St. Ann Street,
SP1 2DR.


Collection and use of personal data

Your “Personal Data” is information that relates directly or indirectly to you, where you can be identified or you are identifiable from that information or from that and other information. We collect a range of information about you for the purposes set out below.

Information we collect directly from you.

When you transact or otherwise communicate with Apo, we collect a variety of your Personal Data, which may include your:

  • Name;
  • Identity card or passport number;
  • Age;
  • Gender;
  • Nationality;
  • Contact information including telephone number and email address;
  • Demographic information such as postal address;
  • Financial information such as bank account details (when you make a reservation or rent an apartment with us);
  • Lifestyle information relating to your hobbies or interests to improve our service to you;
  • Booking and payment information for reservations, facilities, events and services.
  • Other relevant information provided or made available to Apo from time to time.

Information we collect automatically:

When you visit our Site, we automatically collect information about your use of our Site or services through cookies and similar technologies. The information we collect may include: domain name; browser type; device ID; operating system type; device name and model; pages or screens you view; links you click; IP address; when and the length of time you visit or use our services; and the referring URL, or the webpage that led you to our Site.

Information we collect from third parties: 

We may also collect information about you from third party sources, such as via social media accounts or our third-party partners.

If you do not provide certain Personal Data marked as mandatory, we may not be able to continue our relationship with you or provide you with our services, or you may not be able to access or use some of the functionalities of our Site.

How Apo uses your personal data

A. Providing our services:

We collect your Personal Data to process your interest in the properties we manage, to secure a membership to our services, complete the letting of your apartment and in order for us to help manage your stay in the properties we manage and the goods and services that you subscribe to through us. Where applicable, the Personal Data we collect about you will be used for internal record keeping purposes, where we have the appropriate consent carrying out credit checks, providing estate management services and general estate management communications. Where we have appropriate permissions, we may also use your Personal Data to contact you about other products and services we think may be of interest to you and use the information collected from the website to personalise your repeat visits to our website.

B. Security:

To ensure that we maintain the security of our Site.

C. Tailoring content:

We may use the information to customize the Site according to your interests.

D. Communicating with you:

Apo uses your Personal Data to inform or send notices, emails, letters or SMS about the properties we manage, , information affecting your home, service support, additions to properties we manage or services we provide and changes to Apo’s terms, conditions, and policies.

E. Marketing:

Where we have appropriate permissions, we may periodically send targeted advertising and promotional emails about Apo’s latest managed property and upcoming events as well as products and services by third parties, which we think you may find interesting. To stop receiving electronic marketing communications from us at any time, you can click the link at the bottom of any communications received which allows you to unsubscribe, or you can contact us at

F. Analysing use of our services:

From time to time we may use your Personal Data for research and analysis purposes and to run analytics so that we can monitor and improve the services that we provide.

G. Corporate exercises:

To ensure that we can operate as a global organisation and continue to expand and grow, including in connection with mergers, acquisition, sale of assets or joint ventures.

Where required by applicable data protection laws to do so, we will only collect, process or disclose your Personal Data with your consent.

What is our legal basis for processing your personal data? 

Where you are in the European Economic Area (“EEA”), we need to have a lawful basis for processing your Personal Data. We have set out below the lawful basis we rely on when processing your Personal Data as described in this Privacy Policy:

  1. necessary for entry into, or performance of, a contract with you; This applies to the processing purposes described at A and D;
  2. necessary for the legitimate interest of Apo, where these are not overridden by your interests or fundamental rights and freedoms; This applies to the processing purposes described at B, C, E (save where consent is required by law), F and G;
  3. necessary in order to comply with our legal obligations under certain laws; and
  4. in limited circumstances, including where consent is required for marketing and to the extent the legal bases for processing do not apply, processed with your consent (which we obtain from you from time to time).

Where you are in the EEA, the ‘legitimate interests’ referred to above are:

  • the processing purposes described in the relevant parts of this Privacy Policy, to the extent the processing is necessary in order to (i) comply with our legal obligations under certain laws or (ii) to enter into any contract with you and fulfil our obligations thereunder;
  • meeting and complying with our accountability requirements and regulatory obligations globally; and
  • exercising our fundamental rights and freedoms, including our freedom to conduct a business.

Where required by applicable data protection laws to do so, we will not collect, process or disclose your Personal Data without your consent.

Who has access to your data

We may disclose the information that we collect about you, including Personal Data, to certain third parties in order to help manage our business and deliver our services and for the purposes set out in this Privacy Policy. These third parties may from time to time have to access your Personal Data, and include:

  • Apo and its subsidiaries and associated companies;
  • service providers, such as vendors, service providers, marketing agents, consultants, insurers, adjusters, utility companies, credit reporting agencies or others who provide services such as managing and enhancing customer data, providing customer service, assessing your interest in Apo’s developments and conducting customer research or satisfaction surveys;
  • our regulators, such as the UK Information Commissioner’s Office and other regulators and law enforcement agencies around the world to ensure that we can comply with legal obligations;
  • solicitors and other professional advisors, where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the security of our Site or as evidence in litigation in which we are involved; and
  • any entities who purchase or invest in us or the properties that we manage

Where required by applicable data protection laws, we will maintain a record of any disclosure of Personal Data.

Some of our group entities and processors are located outside of your country, therefore we may share your Personal Data overseas. If we do, Apo will ensure a comparable degree of security of data and ensure at least one of the following safeguards is in place:

  • we will only transfer to countries that have been approved by the relevant data protection regulatory authority as providing an adequate level of protection for Personal Data; and/or
  • ensure we have in place appropriate contractual protections with the entity we are transferring the Personal Data to as required under applicable data protection laws, which may include entering into standard contractual clauses or data processing agreements.

If you are in the EEA, you have the right to ask us for more information about the safeguards we have put in place as mentioned above.

Protection of personal data

Apo takes the necessary precautions, both administrative and technical, to safeguard your Personal Data against loss, theft, misuse and unauthorised access, disclosure, usage, alteration or destruction. 

Accuracy and retention of personal data

Apo takes reasonable measures to ensure the Personal Data we hold about you is accurate, complete and up to date. We will retain your Personal Data for the period necessary to fulfil the different purposes outlined in this Privacy Policy. Where we are required to do so to meet legal, regulatory, tax or accounting requirements, we will retain your Personal Data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your Personal Data or dealings.

Your rights

Depending on applicable data protection laws, you may have certain rights in relation to your Personal Data which can be exercised by contacting Apo (see Contacting Us section below).

You may have the following rights:

  • to request access to your Personal Data and, in some cases, receive information about how we have used that data;
  • withdraw your consent to the processing of your Personal Data (where we have obtained your consent);
  • correction or rectification of your Personal Data where it is inaccurate or incomplete;
  • erasure or deletion of your Personal Data under certain circumstances;
  • data portability (where processing is carried out by automated means); and
  • in certain circumstances, object to or restrict the use of your personal data for purposes necessary for entry into, or performance of, a contract with you.

We aim to respond to any valid request within one month (or in accordance with such other timeframe as prescribed by applicable data protection laws). If your request is particularly complicated, or you have made several requests, where permitted by applicable data protection laws our response may take longer.

Where permitted under applicable data protection laws, we may charge a reasonable fee for responding to your request (provided such fee shall not exceed the maximum amount permitted by applicable data protection laws).

Contacting us

If you have a complaint or concern about how we use your Personal Data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible (see contact details on page 1 of this Privacy Policy). You may also have a right to lodge a complaint with the UK, the Information Commissioners Office (the “ICO”) (

We do ask that you please attempt to resolve any issues with us first, although you have a right to contact the ICO at any time. 

Apo reserves the right to update and amend this Privacy Policy from time to time. Any material changes will be notified to you via the email address that you provided or shall be posted on our Site with the updated Privacy Policy. Where required by applicable data protection laws we will obtain your consent to such changes.