Equality & Diversity
At APEX Personnel Limited, (known as APEX thereafter) we endeavour to securely hold all personal data collected by candidates and clients. We implement systems and policies to protect all user data and to ensure ongoing compliance with the Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR).
Information Collection and Use
APEX will only collect, access, and process your information in relation to recruitment activities. We will use your information to discuss your job search with you, match you to suitable vacancies and to contact you about jobs which match your preferences, via the contact methods provided.
Personal information collected could include (but not limited to):
Your name
Your contact details
Your CV
Salary information, job search preferences, notice period
Your name
Your contact details
Your CV
Salary information, job search preferences, notice period
Any additional information relevant to your job search which you provide us with e.g. reason for looking for a new job, right to work in the UK, products to avoid etc.
Passport
Payroll details
Personal Health Questionnaire
APEX will never sell your personal information.
Personal Health Questionnaire
APEX will never sell your personal information.
We will share your personal information with our clients by sending your CV in order to apply for a job, releasing your contact details so that a job offer can be sent to you, etc. By contacting APEX, you accept that consent is given to the sharing of your details with any potential employers.
We may use information for generating statistics on our in-house database. This is for internal purposes only, in order to improve both our customer service and recruitment services.
We may be required to share personal information if requested by official authorities or law enforcement agencies.
Your details will be shared with our Payroll Company. Your details may also be occasionally accessible by external service providers such as our database software and IT systems providers in order to carry out essential database maintenance. These companies are fully GDPR compliant, and your details will remain confidential at all times.
We do not request, or store, any of the following information (only exception would be connected to the application to any Ministry of Defence companies):
Race or ethnic origin
Political beliefs
Tarde union membership
Religious or philosophical beliefs
Sexual life or sexual orientation
Marital/family status
Your CV
Political beliefs
Tarde union membership
Religious or philosophical beliefs
Sexual life or sexual orientation
Marital/family status
Your CV
We may acquire your CV by you submitting it as a generic application or for a specific role, sending your CV to one of our consultants directly, applying for a job via an online job board other than our website, or if you have uploaded your CV onto an online CV database, such as REED and appear in one of our consultant’s searches.
Once we obtain your CV then it will be uploaded onto our internal database and will be accessible by all of APEX’s staff involved with recruitment.
If you have a new CV, you can update it using the same procedure as outlined above.
Request for information and deletion
You may request at any time to see a copy of the information held by us, and we will aim to provide this to you within 4 weeks - normally much quicker. You may also wish to amend the data that APEX hold on you and likewise you may also wish to have your information deleted from our database. (In some cases, full data removal may not be possible if it is needed for official purposes such as financial records.) Should you wish to take up any of these options then please emailThis email address is being protected from spambots. You need JavaScript enabled to view it. or call 020 3286 7387
You may request at any time to see a copy of the information held by us, and we will aim to provide this to you within 4 weeks - normally much quicker. You may also wish to amend the data that APEX hold on you and likewise you may also wish to have your information deleted from our database. (In some cases, full data removal may not be possible if it is needed for official purposes such as financial records.) Should you wish to take up any of these options then please email
Equality & diversity
APEX is committed to promoting equality and diversity in all its activities and will not discriminate on the basis of age, sex and sexual orientation, race, religion and belief, family status, disability, political views and nationality (although we do check right to work status).
Changes to privacy statement
We may edit this statement and/or our privacy policies and practices at any time without notice. However, should any changes be of any major significance, then we will endeavour to notify visitors through appropriate means such as email notification or announcement on the website.
We may edit this statement and/or our privacy policies and practices at any time without notice. However, should any changes be of any major significance, then we will endeavour to notify visitors through appropriate means such as email notification or announcement on the website.
Personal Data Security
We have an SSL Certificate installed on our server to ensure all data sent between your computer and our server is encrypted. We encrypt your email address and password. Your username, first name and last name are unencrypted.
We have an SSL Certificate installed on our server to ensure all data sent between your computer and our server is encrypted. We encrypt your email address and password. Your username, first name and last name are unencrypted.
Other websites
This privacy policy only applies to APEX. If you upload your personal details or CV onto a third party website, then you must refer to that particular sites’ privacy policy which may differ from our own. APEX does not have control over the information collected or processed by third-party entities.
This privacy policy only applies to APEX. If you upload your personal details or CV onto a third party website, then you must refer to that particular sites’ privacy policy which may differ from our own. APEX does not have control over the information collected or processed by third-party entities.
Data breach policy
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
A personal data breach may mean that someone other than the data controller receives unauthorised access to personal data. A personal data breach can also occur if there is unauthorised access within an organisation, or if a data controller’s own employee accidentally alters or deletes personal data.
APEX understands that data breaches can occur from:
Access by an unauthorised third party;
Deliberate or accidental action (or inaction) by a controller or processor;
Sending personal data to an incorrect recipient;
Computing devices containing personal data being lost or stolen;
Alteration of personal data without permission; and
loss of availability of personal data.
Dedicated person
Cherie Lee, Office Manager & Darren Sandell, Managing Consultant are allocated the responsibility for managing a data breach.
Cherie Lee, Office Manager & Darren Sandell, Managing Consultant are allocated the responsibility for managing a data breach.
If any staff within APEX become aware of a potential security incident, they must escalate this to Cherie Lee or Darren Sandell, who will then action a plan to determine whether a breach has occurred.
Response Plan
If a suspected security breach has occurred, we will take the following steps:
If a suspected security breach has occurred, we will take the following steps:
We will determine whether any personal information is at risk by determining what information has been accessed.
If a theft of a device occurred, we will work out what information was held by the device holder.
If an external security breach occurred, we will liaise with our IT service provider and/or data processor to determine if and what data has been accessed.
We will attempt to identify how many and which individuals the information relates to.
An internal meeting will be held to discuss and determine whether there is risk posed to the individuals identified.
If it’s likely a risk is involved to individuals concerned, then we will notify the ICO within 72 hours.
If a risk is unlikely and we do not need to report the data breach to the ICO, then we will create a full detailed record of the incident and keep this on our internal computer system for future reference.
Reporting a breach
Reporting a breach
If APEX decide that that it is necessary to report a data breach then we will send the ICO a description of the nature of the personal data breach including, where possible:
The categories and approximate number of individuals concerned; and he categories and approximate number of personal data records concerned; the name and contact details of our data protection officers or other contact point where more information can be obtained;
a description of the likely consequences of the personal data breach; and a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.
If we do not have full details of the breach fully within the 72 hours, we will initially inform ICO of the breach with all available information at that time. We will then prioritise the investigation, give it adequate resources and expedite it urgently. We will then submit further information as soon as possible.
Informing individuals about a breach
If a breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform those concerned directly and without undue delay.
If a risk of damage is possible, we will contact individuals is to help them take steps to protect themselves from the effects of a breach.
We will inform individuals in clear and plain language, the nature of the personal data breach including, where possible: the categories and approximate number of individuals concerned; and the categories and approximate number of personal data records concerned;
the name and contact details of the data protection officer or other contact point where more information can be obtained; a description of the likely consequences of the personal data breach; and a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.
Recording breaches
We will ensure that we record all breaches, regardless of whether or not they need to be reported to the ICO.
We will ensure that we record all breaches, regardless of whether or not they need to be reported to the ICO.
We will document the facts relating to the breach, its effects and the remedial action taken. This is part of our overall obligation to comply with the accountability principle and allows us to verify our organisation’s compliance with its notification duties under the GDPR.
As with any security incident, we will investigate whether or not the breach was a result of human error or a systemic issue and see how a recurrence can be prevented – whether this is through better processes, further training or other corrective steps.
Contact details
If you have any questions or suggestions regarding this statement or believe we are not properly adhering to it, please contact Cherie Lee or Darren Sandell atThis email address is being protected from spambots. You need JavaScript enabled to view it. or call on 020 3286 7387
If you have any questions or suggestions regarding this statement or believe we are not properly adhering to it, please contact Cherie Lee or Darren Sandell at