Policy & Privacy
Definitions
Below are some of the definitions used in this Policy (along with other defined terms found elsewhere in this Policy). For purposes of simplicity, we use “Individual” and “you” interchangeably to mean the natural person about whom Apogee collects and processes personal data. We call “personal data” “Information.” We use “Apogee”, “we” and Controller interchangeably to mean Apogee Group Limited.
Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Information. The GDPR also refers to Controllers as “Data Controllers.” Throughout this Policy we use Controller and Apogee interchangeably.
Cookies
A small amount of data stored in an Individual’s digital device that is often used at websites to give and receive information about that Individual to the owner and/or manager of that site. You can adjust your own Cookie settings in your digital device and on the sites that deploy Cookies on your digital devices.
Data Subject
This term is the definition used in GDPR, which is the natural person to whom the Personal Data (in this Policy, “Information”) refers.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
“GDPR” means Regulation (EU) 2016/679 (General Data Protection Regulation) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.
Individual
This term means each natural person who visits a Apogee website, provides Information to us and/or from whom Apogee obtains Information in other ways (described below).
Information
In this policy Apogee uses the term “Information” to mean what is called “Personal Data” in the GDPR, which is any information that directly, indirectly, or in connection with other information, allows for the identification or identifiability of a natural person.
Processor and Sub-Processor
The natural or legal person, public authority, agency or other body which processes Personal Data (in this Policy the “Information”) on behalf of the Controller, as described in this Policy. “Sub-Processor” means an entity that is engaged in Processing under contract with a Processor.
Service Providers
This term means corporate entities or individuals that provide services to Apogee or propose to provide such services, including, for example, third party accountants, auditors, lawyers, investment bankers, project managers, engineers, IT service providers and other consultants. Typically, Service Providers are Processors.
Usage Data
Information collected automatically through Apogee (or third-party services used by Apogee) which can include: the IP addresses or domain names of the digital device(s) utilized by Individual, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed on any Apogee website with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the IT environment of the Individual. Usage Data usually resides in the “Systems Logs” of Apogee. However, Apogee does not collect any Usage Data, except for traffic numbers (number of visitors).
Terms used but not defined in this Policy shall have the same meaning as in Article 4 of the GDPR
Who We Are: Apogee as Controller
Under applicable regulations of the European Union, entities that collect (or, in our case, receive) and use information from individuals are called “Controllers” or “Processors.” A Controller decides on the information it collects and how it uses such information and a Processor “processes” the information on behalf of the Controller. Controllers and Processors are subject to slightly different regulations. In general, Apogee is the Controller.
In some situations, an entity can be both a Controller and a Processor. For example, our UK entity, Apogee collects information on its own, but then it sends some of it to its subsidiary and corporate entities that advise and manage certain investments in other jurisdictions. In those situations, Apogee would be the Controller and the other entities would be the Processors. Therefore, when each of these entities collects information, it could become a Controller for that information; when it sends it to one or both of the other entities, each of those entities could become a Processor. However, many such entities receive such information under the direction of Apogee, in which case Apogee would be the Controller. The entities within the Apogee that transfer and process Information all have written agreements governing those transfers and the processing of the Information.
Each of these entities may also send information to a Service Provider. As we explain below, each of them is subject to confidentiality obligations as to the information collected. Each Service Provider is a Processor in their relationships with Apogee entities.
The Individuals Who Provide Us with Information
We receive contact information from individuals with whom we come in contact in the normal course of our business of raising and managing funds, making and managing investments, seeking advice thereon, complying with applicable regulations and obtaining the services of third parties for such matters as office support, transportation, information technology and the like. As noted in the “Definitions” section above, these natural persons are called “Individuals” throughout this Policy.
For example, such Individuals might be: potential, current and past investors; potential, current and past partners, managers or staff in our investment projects; individuals who might be involved in the decisions on and/or management of such projects (e.g., regulatory officials), candidates for employment or other engagement by one of our entities.
Types of Information Received
General Contact Information
Apogee receives information that it considers necessary or appropriate to fulfil its business objectives. In general, the minimum amount received would be what one would expect to find on a business card: name, title, company name, email address, office and mobile number and business street address (with city and country). Sometimes the information is only name and email address. In some instances, an individual might give us his or her personal contact information such as personal email address and phone numbers. Apogee might also receive other information freely given, such as birthdates and anniversaries of other significant events. In some instances, this information is available via social media platforms and access is provided to such information when, for example, a member of the Apogee team “links” or otherwise connects with such individuals during the use of such social media platforms. Such information may include gender and other personal information.
Additional Information
Apogee may also obtain from individuals additional information that is needed for our business. For example, Service Providers will usually have to provide financial information, such as bank and payment information (e.g., wire transfer instructions), credit or debit card information and, possibly, information necessary for a credit check. This information might come from an individual who is a Service Provider or one who represents a corporate Service Provider.
Similarly, investors might provide financial information for purposes of making their investments or receiving contractually mandated payments from Apogee. This may also be true of potential investors. Apogee may be required by law to request and obtain additional financial or other sensitive information due to requirements such as financial regulations. The above types of information might also be obtained from potential project partners and those involved in such projects or related decision-making. In all such cases, it is likely that Apogee will obtain tax identification information, too.
Apogee might also end up receiving additional “digital” information as a result of interaction by phone, email or SMS or their equivalents. For example, phones often display “Caller ID” and SMS systems that reveal your username for that system. Headers in email may also provide such information. In addition, websites might also collect what is called the “IP address” of visitors to such websites. In general, Apogee does not actively use such digital information “active” meaning that it is not purposely collected but only incidental to other form of communications.
Apogee might also obtain information that is publicly available, e.g., through profiles or other posts on social networks. It is natural that individuals in decision-making positions might seek information from such posts when they are considering a candidate for a position as an employee or Service Provider or in relation to a past, present or future project.