Introduction
Personal data means any information capable of identifying an individual. It does not include anonymised data.
This privacy notice provides you with details of how we collect and process your personal data through your use of our website, www.apeas.org.uk, our email system, by direct contact with us or by our use of our IT administration system.
By providing us with your data, you confirm that you are 13 years of age or over.
APEAS is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Contact Details
Full name of organisation: The Architects Professional Examination Authority in Scotland Ltd
Email address: info@apeas.org.uk
Registered office: 15 Rutland Square, Edinburgh, EH1 2BE
Mobile: 07483 153893
Email: info@apeas.org.uk
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
For ease of accessibility much of the information presented in this Privacy Notice has been organised in terms of different APEAS stakeholders (e.g. candidate, examiner, employment mentor etc). Just click on the section below that applies to you for specific information about your category of stakeholder. However, before you do this please read the rest of the information on these pages as it provides important details regarding data security, data storage, third party links, cookies and international transfers.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, practice examiners, external examiners, PSAs, Board members and suppliers who need to know such data. These persons are subject to a duty of confidentiality.
We have put in place a procedure to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How do we store information?
We store information in both paper and digital formats. The paper copy protects the information held by APEAS from the potential risk of a technological failure with our website and IT administration system. The digital copy protects the information held by APEAS from physical damage e.g. fire or water damage.
All paper records are held securely within alarmed premises.
Digital information is stored on a secure server with an SSL certificate. Information is backed up on a secure, portable encrypted hard drive with additional key pad protection. This hard drive is stored in a lockable cupboard in the office when not in use. The APEAS website has an SSL certificate that is maintained on an annual basis. APEAS maintains anti-virus software to protect its computer systems.
Third Party links
The APEAS website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we advise you to read the privacy notice of every website you visit.
Cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Here are all the cookies used by the site:
ASPSESSIONID
This cookie is essential for the website to function properly. It lasts only for the length of time you are viewing the website and improves your experience by letting the site remember things as you move between pages. For example, if you are logged into the site on one page, this fact is held in your session and you continue to be logged in when you view a different page.
cc_cookie_accept & cc_cookie_decline
These cookies allow us to store the fact that you have previously approved the use of cookies for our website.
More Information
Want to know more about deleting or controlling cookies? Go to http://www.aboutcookies.org.
International Transfers
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
Please email us at info@apeas.org.uk if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
This privacy notice explains how APEAS collects and uses information about you in order to provide our Part 3 Examination services.
The nature of our relationship with you will determine what personal data we collect about you and how we use it.
What information do we collect about you?
If you are registered to sit the Part 3 Examination in Professional Practice and Management (Part 3 Examination) with APEAS, we will collect information about you. The types of information we collect include:
How do we collect your information and what do we use it for?
We collect information about you from your online registration, payment of fees through our bank or online processes, your examination submissions and the candidate questionnaire you complete at the Oral Examinations. We may also collect or update information directly from you when you contact us.
We use the information we collect about you:
* We anonymise some candidate personal data (so that it can no longer be associated with you) for statistical purposes. We may use this information indefinitely without further notice to you. The anonymised data is used, e.g. to calculate annual and cumulative overall pass rates and also for different categories of candidates (e.g. male/female, non-white, candidates’ who practice outwith Scotland, re-sit candidates). Data is also used to analyse candidate failures on a component basis and review trends in moderation of internal grades.
Legal basis for processing your information
We use and share your information:
Who do we share your information with?
We may receive or send personal data about you from/to various third parties and public sources as set out below:
How long do we keep your information?
Successful Candidate
APEAS will delete all personal data on a candidate who has successfully passed the Part 3 Examination at the latest 2 years after he/she sat their Oral Examination with the exception of the following data which will be archived for any future enquiries by a former candidate.
Re-sit/Deferred Candidate
APEAS will retain data on a re-sit/deferred candidate all the while he/she has not passed the Part 3 Examination. Once the candidate has passed the Part 3 Examination his/her data will be deleted according to the rule applied to successful candidates.
Posting/receiving paper information including personal details
APEAS communicates with its candidates mainly by electronic communication. However, there are still a few occasions when APEAS sends information to its candidates by post. These include the following:
What are my rights?
You have certain rights under data protection laws with regard to your personal data. These include the right to:
You can see more about these rights at
If you wish to exercise any of the rights set out above, please email us at info@apeas.org.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Access to your information
You have the right to request a copy of the information that we hold about you by emailing us at info@apeas.org.uk
If you make such a request we will provide you with the following information:
We will try to respond to all reasonable requests within one month. However, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Correcting your information
We always want to make sure that your information is accurate, complete and up to date. Our records regarding you are based on the information you provide on the on-line registration form. You can update your registration details at any time while your records are active on the on-line registration system. You also have an opportunity to provide the APEAS Administrator with updated personal data at the Oral Examinations. The Administrator will transfer this information into the on-line registration system. You can also ask us to correct any information about you that you believe is incorrect or incomplete by emailing us at info@apeas.org.uk.
Deletion of your information
You have the right to ask us to delete information about you if:
Objecting to how we use your information
You have the right to ask us to stop using your information to:
Restricting how we may use your information
You have the right to ask us to restrict how we use your personal information in certain circumstances. For example, where you have asked us to check the accuracy of your information or where we no longer need your information but you want us to keep it to help you make a legal claim.
Withdrawing consent using your information
Where you have given us your consent to use your personal information, you can withdraw that consent at any time and we will stop using your personal information for that purpose(s).
Appendix
Purpose / Activity |
To register with APEAS as a candidate using the APEAS Moodle/Turnitin on-line system |
To transfer candidate data submitted via the APEAS Moodle/Turnitin on-line system to the APEAS IT administration system |
To confirm payment of candidate Registration, Examination, Re-sit or Deferment Fees on the APEAS IT administration system (payment is normally made via a third party source such as STRIPE or BACs payment) |
To allocate and record for each candidate the following in the APEAS IT administration system
(a) the pair of practice examiners who will examine them (b) the date and time of their Oral Examination |
Use the information from the previous row to enrol a candidate into the correct ‘Submission’ on the APEAS Moodle/Turnitin on-line system (so that the candidate’s on-line documentary submission is assigned to the correct pair of practice examiners) |
To receive the candidates’ on-line documentary submissions by the deadline dates and times specified by APEAS |
To communicate with candidates via the APEAS website* the venue, dates and times of their oral examination interview
*Candidates are only identified by their registration numbers |
To communicate with candidates via the APEAS website and post whether they have passed or failed the Part 3 Examination
Candidates are only identified on the website by their registration numbers |
To analyse completed candidate questionnaires to produce both quantitative and qualitative (candidate comments) data to inform the review of the APEAS Part 3 Examination process. All questionnaires are submitted anonymously. |
This privacy notice explains how APEAS collects and uses information about you in order to provide our Part 3 Examination services.
The nature of our relationship with you will determine what personal information we collect about you and how we use it.
What information do we collect about you?
If you are included in the APEAS Pool of Practice Examiners to examine candidates for the Part 3 Examination in Professional Practice and Management (Part 3 Examination) with APEAS, we will collect information about you. The types of information we collect include:
How do we collect your information and what do we use it for?
We collect information about you from:
We use the information we collect about you:
Legal basis for processing your information
We use and share your information:
Who do we share your information with?
We may share your personal information with the following bodies:
How long do we keep your information?
APEAS will retain data on you for the period you are in the APEAS pool of practice examiners and, therefore, available to examine. Once you retire from the APEAS pool of practice examiners all your data will be deleted at the latest one year after you have retired from the pool. We will retain a note of your email address and telephone number in case we need to contact you at some future date in connection with some aspect of APEAS business.
If you were unsuccessful in applying to be an examiner in the APEAS pool of practice examiners your personal data will be deleted at the latest 3-months after you were interviewed to join the pool.
Posting/receiving paper information including personal details
APEAS communicates with its practice examiners almost exclusively by electronic communication and will only post information to practice examiners very occasionally.
APEAS does receive some paper copies of practice examiner candidate documentary submissions (where an examiner has printed part or all candidate documentary submissions for assessment purposes), Assessment Sheets and Travel and Subsistence forms. Paper copies of candidate documentary submissions and Assessment Sheets are stored securely in a locked cupboard in the APEAS office until they are destroyed by shredding within a year of APEAS receiving them. Travel and Subsistence Forms are processed for payment purposes and filed in the yearly receipts/expenses/invoices folder which is stored in a locked cupboard in the APEAS office. The information contained in the yearly receipts/expenses/invoices folder is retain for 6-years in line with financial requirements.
What are my rights?
You have certain rights under data protection laws with regard to your personal data. These include the right to:
You can see more about these rights at
If you wish to exercise any of the rights set out above, please email us at info@apeas.org.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Access to your information:
You have the right to request a copy of the information that we hold about you by emailing us at info@apeas.org.uk
If you make a request to APEAS to see the personal data we hold on you we will provide the following information
We will try to respond to all reasonable requests within one month. However it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Correcting your information
We always want to make sure that your information is accurate, complete and up to date. APEAS will undertake a periodic review of the data it holds on practice examiners to ensure it has the most up to date information. APEAS will contact practice examiners by email to check if it has the most up to date information on them. The APEAS IT administration system will be updated with any revisions to practice examiner details. You can ask us to correct any information about you that you believe is incorrect or incomplete by emailing us at info@apeas.org.uk.
Deletion of your information
You have the right to ask us to delete information about you if:
Objecting to how we use your information
You have the right to ask us to stop using your information to:
Restricting how we may use your information
You have the right to ask us to restrict how we use your personal information in certain circumstances. For example, where you have asked us to check the accuracy of your information or where we no longer need your information but you want us to keep it to help you make a legal claim.
Withdrawing consent using your information
Where you have given us your consent to use your personal information, you can withdraw that consent at any time and we will stop using your personal information for that purpose(s).
This privacy notice explains how APEAS collects and uses information about you in order to provide our Part 3 Examination services.
The nature of our relationship with you will determine what personal information we collect about you and how we use it.
What information do we collect about you?
If you are an external examiner for APEAS we will collect information about you. The types of information we collect include:
How do we collect your information and what do we use it for?
We collect information about you from:
We use the information we collect about you:
Legal basis for processing your information
We use and share your information:
Who do we share your information with?
We may share your personal information with the following bodies:
How long do we keep your information?
APEAS will retain personal data on you all the while you are working for APEAS. Once you retire as an external examiner your data will be deleted from all APEAS records at the latest one year after retirement. We will retain a note of your email address and telephone number in case we need to contact you at some future date in connection with some aspect of APEAS business.
Posting/receiving paper information including personal details
APEAS communicates with its external examiners almost exclusively by electronic communication and will only post information to external examiners very occasionally.
APEAS does receive paper copies of Travel and Subsistence forms and invoices from external examiners. Travel and Subsistence forms and invoices are processed for payment purposes and filed in the yearly receipts/expenses/invoices folder which is stored in a locked cupboard in the APEAS office. The information contained in the yearly receipts/expenses/invoices folder is retain for 6-years in line with financial requirements.
What are my rights?
You have certain rights under data protection laws with regard to your personal data. These include the right to:
You can see more about these rights at
If you wish to exercise any of the rights set out above, please email us at info@apeas.org.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Access to your information
You have the right to request a copy of the information that we hold about you by emailing us at info@apeas.org.uk
If you make a request to APEAS to see the personal data we hold on you we will provide the following information
We will try to respond to all reasonable requests within one month. However it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Correcting your information
We always want to make sure that your information is accurate, complete and up to date. APEAS will undertake a periodic review of the data it holds on external examiners to ensure it has the most up to date information. APEAS will contact external examiners by email to check if it has the most up to date information on them. The APEAS IT administration system will be updated with any revisions to external examiner details. You can ask us to correct any information about you that you believe is incorrect or incomplete by emailing us at info@apeas.org.uk.
Deletion of your information
You have the right to ask us to delete information about you if:
Objecting to how we use your information
You have the right to ask us to stop using your information to:
Restricting how we may use your information
You have the right to ask us to restrict how we use your personal information in certain circumstances. For example, where you have asked us to check the accuracy of your information or where we no longer need your information but you want us to keep it to help you make a legal claim.
Withdrawing consent using your information
Where you have given us your consent to use your personal information, you can withdraw that consent at any time and we will stop using your personal information for that purpose(s).
Appendix
Purpose / Activity |
To provide external examiners with electronic copies of candidate documentary submissions, the Practice Paper and candidate pre-Oral grades (including cross-marked grades) for review purposes. |
To provide external examiners with an analysis of pre-Oral grades information to inform, amongst other things, which examiner pairings may be marking too hard and which pairings may be marking too leniently. |
To provide external examiners with all post-Oral grades and overall pass/fail results for the second meeting of the Practice Examiners Committee and the Examination Committee meeting which follow on shortly after the completion of the Oral Examinations. |
To submit their jointly agreed external examiners report to APEAS for consideration by the APEAS Board and Examination Committee. |
This privacy notice explains how APEAS collects and uses information about you in order to provide our services.
The nature of our relationship with you will determine what personal information we collect about you and how we use it.
What information do we collect about you?
If you are an Employment Mentor for a candidate who is sitting the Part 3 Examination in Professional Practice and Management (Part 3 Examination) with APEAS, we will collect information about you. The types of information we collect include:
How do we collect your information and what do we use it for?
We collect information about you from:
We use the information we collect about you:
Legal basis for processing your information
We use and share your information:
Who do we share your information with?
We currently do not share your personal information with other service providers and third parties who we use to provide our services.
How long do we keep your information?
A mentor will normally have his/her data deleted at the same time as his/her successful candidate’s data is deleted by APEAS. Or if notification is received that you are no longer a mentor.
Posting/receiving paper information including personal details
APEAS communicates with employment mentors almost exclusively by electronic communication and will only post information to mentors very occasionally.
What are my rights?
You have certain rights under data protection laws with regard to your personal data. These include the right to:
You can see more about these rights at
If you wish to exercise any of the rights set out above, please email us at info@apeas.org.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Access to your information:
You have the right to request a copy of the information that we hold about you by emailing us at info@apeas.org.uk
If you make a request to APEAS to see the personal data we hold on you we will provide the following information
We will try to respond to all reasonable requests within one month. However, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Correcting your information
We always want to make sure that your information is accurate, complete and up to date. You can ask us to correct any information about you that you believe is incorrect or incomplete by emailing us at info@apeas.org.uk.
Deletion of your information
You have the right to ask us to delete information about you if:
Objecting to how we use your information
You have the right to ask us to stop using your information to:
Restricting how we may use your information
You have the right to ask us to restrict how we use your personal information in certain circumstances. For example, where you have asked us to check the accuracy of your information or where we no longer need your information but you want us to keep it to help you make a legal claim.
Withdrawing consent using your information
Where you have given us your consent to use your personal information, you can withdraw that consent at any time and we will stop using your personal information for that purpose(s).
University of Edinburgh, University of Strathclyde, Glasgow School of Art, University of Dundee, Robert Gordon University
This privacy notice explains how APEAS collects and uses information about you in order to provide our services.
The nature of our relationship with you will determine what personal information we collect about you and how we use it.
What information do we collect about you?
If you are a Professional Studies Advisor with one of the Higher Education Institutions identified above, we will collect information about you. The types of information we collect include:
How do we collect your information and what do we use it for?
We collect information about you from:
We use the information we collect about you:
Legal basis for processing your information
We use and share your information:
Who do we share your information with?
We may share your personal information with:
How long do we keep your information?
We will retain your personal data all the while you are in your job as a Professional Studies Advisor. All your data will be deleted at the latest one year after you have left your job except where information is retained in relation to candidates in which case the data will be deleted as per rules for candidates.
Posting/receiving paper information including personal details
APEAS communicates with Professional Studies Advisors almost exclusively by electronic communication and will only post information to Professional Studies Advisors very occasionally.
APEAS does receive paper copies of Travel and Subsistence forms from Professional Studies Advisors. Travel and Subsistence forms are processed for payment purposes and filed in the yearly receipts/expenses/invoices folder which is stored in a locked cupboard in the APEAS office. The information contained in the yearly receipts/expenses/invoices folder is retain for 6-years in line with financial requirements.
What are my rights?
You have certain rights under data protection laws with regard to your personal data. These include the right to:
You can see more about these rights at
If you wish to exercise any of the rights set out above, please email us at info@apeas.org.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Access to your information
You have the right to request a copy of the information that we hold about you by emailing us at info@apeas.org.uk
If you make a request to APEAS to see the personal data we hold on you we will provide the following information
We will try to respond to all reasonable requests within one month. However, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Correcting your information
We always want to make sure that your information is accurate, complete and up to date. APEAS will undertake a periodic review of the data it holds on Professional Studies Advisors to ensure it has the most up to date information. APEAS will contact Professional Studies Advisors by email to check if it has the most up to date information on them. The APEAS IT administration system will be updated with any revisions to Professional Studies Advisor’s details. You can ask us to correct any information about you that you believe is incorrect or incomplete by emailing us at info@apeas.org.uk.
Deletion of your information
You have the right to ask us to delete information about you if:
Objecting to how we use your information
You have the right to ask us to stop using your information to:
Restricting how we may use your information
You have the right to ask us to restrict how we use your personal information in certain circumstances. For example, where you have asked us to check the accuracy of your information or where we no longer need your information but you want us to keep it to help you make a legal claim.
Withdrawing consent using your information
Where you have given us your consent to use your personal information, you can withdraw that consent at any time and we will stop using your personal information for that purpose(s).
This privacy notice explains how APEAS collects and uses information about you in order to provide our services.
The nature of our relationship with you will determine what personal information we collect about you and how we use it.
What information do we collect about you?
If you are a member of the APEAS Board, we will collect information about you. The types of information we collect include:
How do we collect your information and what do we use it for?
We collect information about you from:
We use the information we collect about you:
Legal basis for processing your information
We use and share your information:
Who do we share your information with?
We currently do not share your personal information with other service providers and third parties who we use to provide our services.
How long do we keep your information?
Data on a Board member will be retained in line with retention of Board and other company records, e.g. minutes of meetings.
Posting/receiving paper information including personal details
APEAS communicates with Board members almost exclusively by electronic communication and will only post information to Board members very occasionally.
APEAS does receive paper copies of Travel and Subsistence forms from Board members. Travel and Subsistence forms are processed for payment purposes and filed in the yearly receipts/expenses/invoices folder which is stored in a locked cupboard in the APEAS office. The information contained in the yearly receipts/expenses/invoices folder is retain for 6-years in line with financial requirements.
What are my rights?
You have certain rights under data protection laws with regard to your personal data. These include the right to:
You can see more about these rights at
If you wish to exercise any of the rights set out above, please email us at info@apeas.org.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Access to your information
If you make a request to APEAS to see the personal data we hold on you we will provide the following information:
We will try to respond to all reasonable requests within one month. However, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Correcting your information
We always want to make sure that your information is accurate, complete and up to date. APEAS will undertake a periodic review of the data it holds on Board members to ensure it has the most up to date information. APEAS will contact Board members by email to check if it has the most up to date information on them. The APEAS IT administration system will be updated with any revisions to Board members details. You can ask us to correct any information about you that you believe is incorrect or incomplete by emailing us at info@apeas.org.uk.
Deletion of your information
You have the right to ask us to delete information about you if:
Objecting to how we use your information
You have the right to ask us to stop using your information to:
Restricting how we may use your information
You have the right to ask us to restrict how we use your personal information in certain circumstances. For example, where you have asked us to check the accuracy of your information or where we no longer need your information but you want us to keep it to help you make a legal claim.
Withdrawing consent using your information
Where you have given us your consent to use your personal information, you can withdraw that consent at any time and we will stop using your personal information for that purpose(s).
This privacy notice explains how APEAS collects and uses information about you in order to provide our services.
The nature of our relationship with you will determine what personal information we collect about you and how we use it.
What information do we collect about you?
If you are a member of APEAS staff, we will collect information about you. The types of information we collect include:
How do we collect your information and what do we use it for?
We collect information about you from:
We use the information we collect about you:
Legal basis for processing your information
We use and share your information:
Who do we share your information with?
We may share your personal information with, and obtain information about you, from:
How long do we keep your information?
Data on you will be retained by APEAS in line with retention of company records, e.g. financial records.
Posting/receiving paper information including personal details
APEAS communicates with staff verbally or by electronic communication. Information will only be posted to staff very occasionally e.g. in the case of a disciplinary matter or a grievance.
APEAS does receive paper copies of staff pay slips and Travel and Subsistence forms. Pay slips and Travel and Subsistence forms are processed for payment purposes. Pay slips are given to staff as soon after payments are processed as possible. Travel and Expense forms are filed in the yearly receipts/expenses/invoices folder which is stored in a locked cupboard in the APEAS office. The information contained in the yearly receipts/expenses/invoices folder is retain for 6-years in compliance with financial requirements.
What are my rights?
You have certain rights under data protection laws with regard to your personal data. These include the right to:
You can see more about these rights at
If you wish to exercise any of the rights set out above, please email us at info@apeas.org.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Access to your information
You have the right to request a copy of the information that we hold about you by emailing us at info@apeas.org.uk
If you make a request to APEAS to see the personal data we hold on you we will provide the following information
We will try to respond to all reasonable requests within one month. However, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Correcting your information
We always want to make sure that your information is accurate, complete and up to date. You can ask us to correct any information about you that you believe is incorrect or incomplete by providing it verbally or in writing to the Administrator or by emailing us at info@apeas.org.uk.
Deletion of your information
You have the right to ask us to delete information about you if:
Objecting to how we use your information
You have the right to ask us to stop using your information to:
Restricting how we may use your information
You have the right to ask us to restrict how we use your personal information in certain circumstances. For example, where you have asked us to check the accuracy of your information or where we no longer need your information but you want us to keep it to help you make a legal claim.
Withdrawing consent using your information
Where you have given us your consent to use your personal information, you can withdraw that consent at any time and we will stop using your personal information for that purpose(s).
This privacy notice explains how APEAS collects and uses information about you in order to provide our services.
The nature of our relationship with you will determine what personal information we collect about you and how we use it.
What information do we collect about you?
If you supply goods or service to APEAS, we will collect information about you. The types of information we collect include:
How do we collect your information and what do we use it for?
We collect information about you from:
We use the information we collect about you:
Legal basis for processing your information
We use and share your information:
Who do we share your information with?
We may share your personal information with:
How long do we keep your information?
Data from suppliers (including the company’s accountant) will be retained in line with APEAS’s requirement to keep financial records.
Posting/receiving paper information including personal details
APEAS communicates with its suppliers almost exclusively by electronic communication and will only very occasionally post information to suppliers.
Supplier paper receipts and invoices containing contact names are filed in the yearly receipts/expenses/ invoices folder which is stored in a locked cupboard in the APEAS office.
Paper copies of annual Financial Statements are also stored in a locked cupboard in the APEAS office.
What are my rights?
You have certain rights under data protection laws with regard to your personal data. These include the right to:
You can see more about these rights at
If you wish to exercise any of the rights set out above, please email us at info@apeas.org.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Access to your information
You have the right to request a copy of the information that we hold about you by emailing us at info@apeas.org.uk
If you make a request to APEAS to see the personal data we hold on you we will provide the following information
We will try to respond to all reasonable requests within one month. However, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Correcting your information
We always want to make sure that your information is accurate, complete and up to date. You can ask us to correct any information about you that you believe is incorrect or incomplete by emailing us at info@apeas.org.uk.
Deletion of your information
You have the right to ask us to delete information about you if:
Objecting to how we use your information
You have the right to ask us to stop using your information to:
Restricting how we may use your information
You have the right to ask us to restrict how we use your personal information in certain circumstances. For example, where you have asked us to check the accuracy of your information or where we no longer need your information but you want us to keep it to help you make a legal claim.
Withdrawing consent using your information
Where you have given us your consent to use your personal information, you can withdraw that consent at any time and we will stop using your personal information for that purpose(s).
This privacy notice explains how APEAS collects and uses information about you in order to provide our services.
The nature of our relationship with you will determine what personal information we collect about you and how we use it.
What information do we collect about you?
If you correspond with APEAS, we will collect information about you. The types of information we collect include:
How do we collect your information and what do we use it for?
We collect information about you from:
We use it to:
We use the information we collect about you:
Legal basis for processing your information
We use and share your information:
Who do we share your information with?
We do not anticipate sharing your data with any third party. In any event, we would not do so without your consent where we have asked for it and you have given it, unless complied to do so by a legal or regulatory obligation.
How long do we keep your information?
Data will be kept for 2 years, after which time it will be destroyed.
Posting/receiving paper information including personal details
Paper correspondence is filed and kept securely in the APEAS office.
What are my rights?
You have certain rights under data protection laws with regard to your personal data. These include the right to:
You can see more about these rights at
If you wish to exercise any of the rights set out above, please email us at info@apeas.org.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Access to your information
You have the right to request a copy of the information that we hold about you by emailing us at info@apeas.org.uk
If you make a request to APEAS to see the personal data we hold on you we will provide the following information
We will try to respond to all reasonable requests within one month. However, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Correcting your information
We always want to make sure that your information is accurate, complete and up to date. You can ask us to correct any information about you that you believe is incorrect or incomplete by emailing us at info@apeas.org.uk.
Deletion of your information
You have the right to ask us to delete information about you if:
Objecting to how we use your information
You have the right to ask us to stop using your information to:
Restricting how we may use your information
You have the right to ask us to restrict how we use your personal information in certain circumstances. For example, where you have asked us to check the accuracy of your information or where we no longer need your information but you want us to keep it to help you make a legal claim.
Withdrawing consent using your information
Where you have given us your consent to use your personal information, you can withdraw that consent at any time and we will stop using your personal information for that purpose(s).
Introduction
This documents sets out the APEAS procedure for dealing with a data breach in an effective, timely and consistent manner.
Definition of a Data Breach
The Information Commissioners Office gives the following definition of a data breach:
‘A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed: if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed.
A security incident may include, but not be limited to, any of the following:
Scope of this Procedure
This procedure applies to the following APEAS categories of individuals:
Reporting an incident
Any person accessing, using or managing APEAS information is responsible for reporting any data breach immediately to the APEAS Chief Executive Officer (info@apeas.org.uk or 01324 484652). If the breach is identified outside of normal working hours it must be reported as soon as reasonably practicable.
The report must contain the following details:
Containment of the breach
5.1 The APEAS Chief Executive Officer (CEO) will first ascertain if the breach is still taking place. If it is, the CEO will take appropriate measures immediately to minimise the impact of the data breach.
5.2 The CEO will make an initial assessment of the severity of the breach and determine if anything can be done to retrieve any losses and limit the damage the breach might cause.
5.3 The CEO will decide who needs to be notified about the breach as part of initially containing it.
5.4 The CEO will decide a suitable course of action to be taken to resolve the breach as soon as possible.
5.5 The advice and support of the APEAS IT consultant may be sought at any stage while the steps in 5.1 to 5.4 are being implemented.
5.6 The CEO will advise the Chairperson of the APEAS Board, as soon as practical and certainly within 24-hours of learning of the breach, that a breach has occurred and what steps have been taken to minimise the effects of the breach.
5.7 Where the CEO is absent the APEAS Office Manager (OM) will takes the steps outlined in 5.1 to 5.6.
Investigation
6.1 The CEO will undertake an investigation of the breach normally within 24 hours of the breach being reported/discovered.
6.2 The investigation of the breach will include an assessment of the risks associated with it. This risk assessment will include which individuals are potentially affected by the breach, how serious are the consequences for those affected and how likely it is that these consequences might be realised.
6.3 The investigation will need to take account of the following:
Notifications
7.1 The CEO will, in consultation with the Chair of the APEAS Board, OM and APEAS IT consultant, determine if the breach should be notified to the Information Commissioners Office (ICO). This should normally be done within 72 hours of the breach being reported/discovered.
7.2 In deciding whether the ICO should be informed the following factors will be taken into account:
7.4 The CEO may find it necessary to contact third parties such as the police, banks, insurers or credit card companies. This would be appropriate if illegal activity is suspected or known to have occurred or there is the risk that it might happen in the future.
7.5 APEAS will keep a record of any personal data breach that has occurred irrespective of whether it was notified to the ICO or not.
After the data breach has been contained the CEO will carry out a review into the causes of the breach and the effectiveness of the APEAS response. Any such review should consider the following (the list is not exhaustive) questions:
Report to the APEAS Board
8.1 Where a data breach has occurred the CEO will make a report to the next meeting of the APEAS Board. This report should include the following details: