PRIVACY POLICY

Apatura Ltd GDPR Policy


1. Introduction

This Privacy Policy explains how Apatura Ltd (“Apatura”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you visit our website or engage with us online. We are committed to safeguarding your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

2. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.

Data Subject: The individual to whom the personal data relates.

Processing: Any operation performed on personal data, including collection, storage, and retrieval.

3. Data Controller Information

Apatura Ltd

Address: 1 Bar Lane, York, YO1 6JU

Email: info@apatura.energy

Phone: 01904897276

Data Protection Officer: Euan Taylor

4. Data Collected

We may collect the following types of personal data:

  • Names
  • Email addresses
  • Contact information
  • Billing and shipping addresses
  • User-generated content (e.g., comments or reviews)
  • Any other data necessary for the services we provide.

When you visit our website, we automatically collect certain information through cookies and similar technologies. This may include:

  • IP address and browser type
  • Device type and operating system
  • Pages visited and time spent on the site
  • Referral source (e.g., how you arrived at the site)
  • Clickstream data and site interactions

We use this data to understand how visitors use our site and to improve its performance and functionality. Google Analytics and HubSpot are used for these purposes. All data is anonymised or pseudonymised where possible.

5. Legal Basis for Processing

We process personal data based on the following legal bases:

Consent: When you provide explicit consent for a specific purpose.

Contractual Necessity: When data processing is necessary for the performance of a contract.

Legitimate Interests: When processing is based on our legitimate business interests.

6. Purposes of Processing

We collect and process personal data for the following purposes:

  • User account creation and management
  • Order processing and fulfilment
  • Communication with users
  • Improving our website and services
  • Managing marketing communications and campaigns
  • Tracking website performance and user engagement via analytics
  • Managing relationships and interactions through our customer relationship management (CRM) system (HubSpot)

7. Marketing Communications and Consent

With your consent, we may send you updates, newsletters, or event invitations via email. You can withdraw your consent and unsubscribe at any time by clicking the “unsubscribe” link in our emails or by contacting us directly at hello@apatura.energy.

8. Data Retention

We retain personal data only for as long as necessary for the purposes stated above or as required by law. Retention periods are determined based on the nature of the data and the applicable legal requirements.

9. Data Subject Rights

As a data subject, you have the following rights:

  • Right to access your data
  • Right to rectify inaccuracies
  • Right to erasure (in certain circumstances)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

10. Data Security

We implement robust security measures to protect personal data from unauthorised access, disclosure, alteration, or destruction. Our security measures include encryption, access controls, and regular security audits.

11. International Data Transfers

If we transfer data internationally, we ensure adequate safeguards are in place, such as standard contractual clauses or relying on the European Commission’s adequacy decisions.

12. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and support marketing campaigns. These may include first- and third-party cookies.

Tools we use include:

  • Google Analytics: to understand user behaviour and website performance
  • HubSpot: to manage customer relationships, track user activity, and support communication

You can manage or withdraw your consent to cookies at any time via our Cookie Policy or by adjusting your browser settings.

13. Third-Party Processing

We may share personal data with trusted third-party processors to support website performance, marketing, analytics, and communications. These include:

  • Google LLC (Google Analytics) – Website usage analytics
  • HubSpot Inc. – Customer relationship management and email marketing

All third-party processors are required to comply with applicable data protection laws and enter into appropriate data processing agreements with us.

14. Data Breach Response

In the event of a data breach, we have established procedures to promptly detect, report, and respond to breaches, including notifying affected individuals and authorities as required by law.

15. Contact Information

For any inquiries, requests, or concerns related to data protection, please contact our Data Protection Officer (if appointed) or our Customer Support team.

16. Recruitment Data

If you apply for a position with us, we will collect and process your personal data for the purpose of managing the recruitment process. This includes CVs, cover letters, communication records, and interview notes. We may use a third-party applicant tracking system whose privacy practices are outside of our control. Applicant data will be retained for up to 12 months post-process unless extended with your consent.

17. Updates to the Policy

This policy may be updated periodically. Last updated: 29 July 2025