Datenschutz

Privacy Notice and Cookie Policy

Last updated: 6 June 2026

This Privacy Notice and Cookie Policy explains how apintra plc (“apintra”, “we”, “us” or “our”) collects, uses, stores, discloses and protects personal data when you visit our website, contact us, use our online services, communicate with us or otherwise interact with us.

We process personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (“PECR”) and, where applicable, the EU General Data Protection Regulation (“EU GDPR”).

1. Controller

The controller responsible for the processing of personal data is:

apintra plc

71-75 Shelton Street (Covent Garden)

London, WC2H 9JQ

United Kingdom

Telefax: +44 20 3936 3375

Contact: via Ticketing system

Website: https://apintra.net

For privacy-related requests, please contact us using the contact form above and clearly indicate that your request concerns data protection or privacy.

2. Supervisory Authority

As a UK company, our primary data protection supervisory authority is the:

Information Commissioner’s Office (ICO)

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

United Kingdom

Website: https://ico.org.uk

You have the right to lodge a complaint with the ICO if you believe that our processing of your personal data infringes applicable data protection law.

If you are located in the European Economic Area (“EEA”), you may also have the right to lodge a complaint with a supervisory authority in your country of residence, place of work or place of the alleged infringement.

3. Scope of this Notice

This Privacy Notice and Cookie Policy applies to personal data processed in connection with:

visits to our website;
use of our contact form and support systems;
enquiries from prospective customers, suppliers, partners, investors and other business contacts;
contractual and pre-contractual relationships;
registration, account management and customer support;
software, cloud, ERP, eCommerce, tax, accounting, compliance or related services provided by apintra;
newsletter, marketing and event communication, where applicable;
investor relations and corporate communication;
recruitment and business applications;
security, fraud prevention and legal compliance.

This Notice does not apply to third-party websites, platforms or services that we do not control. Where our website links to third-party websites, their own privacy notices and cookie policies apply.

4. Key Definitions

Personal data means any information relating to an identified or identifiable natural person.

Processing means any operation performed on personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, restriction, erasure or destruction.

Controller means the organisation that determines the purposes and means of processing personal data.

Processor means an organisation that processes personal data on behalf of a controller.

Special category data means particularly sensitive personal data, such as information about health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data or sexual orientation.

Cookies and similar technologies include cookies, pixels, tags, scripts, local storage, session storage, device fingerprinting and other technologies that store or access information on a user’s device.

5. Categories of Personal Data We May Process

5.1 Identity and Contact Data

name;
company name;
position or job title;
business address;
email address;
fax number;
customer number or account reference;
user ID or account credentials, where applicable.

5.2 Communication Data

messages submitted through our contact form;
support tickets;
email correspondence;
business letters;
enquiries, complaints, requests and replies;
communication metadata.

5.3 Technical and Usage Data

IP address;
date and time of access;
browser type and version;
operating system;
referrer URL;
pages accessed;
files requested;
access status or HTTP status code;
volume of data transferred;
device identifiers, where applicable;
log data relating to system security and error analysis.

5.4 Customer, Contract and Transaction Data

customer master data;
contract data;
service configuration data;
billing and payment information;
invoices;
delivery and service history;
licensing information;
support and maintenance records;
account and user administration data.

5.5 Business Partner and Supplier Data

contact details of employees or representatives of suppliers, consultants, partners and service providers;
contract and performance data;
payment and accounting records;
business correspondence.

5.6 Investor and Corporate Communication Data

shareholder or investor contact details;
subscription, participation or enquiry data;
investment-related correspondence;
corporate communication preferences;
documentation required for legal, regulatory or compliance purposes.

5.7 Marketing and Preference Data

newsletter subscription status;
communication preferences;
consent records;
opt-in and opt-out information;
campaign interaction data;
event registration details.

5.8 Recruitment Data

application documents;
CV, qualifications and professional history;
references;
interview notes;
communication with applicants;
information required for recruitment decisions.

5.9 Special Category Data

We do not actively request special category data through our website unless expressly required for a specific lawful purpose. If you voluntarily provide special category data to us, we will process it only where permitted by law and where an additional condition under applicable data protection law applies.

6. Sources of Personal Data

We may receive personal data from:

you directly;
your employer or organisation;
contact forms or support portals;
website and server logs;
contractual documents;
business correspondence;
public registers, where legally relevant;
professional advisers;
payment, hosting, IT and communication service providers;
regulatory, legal or compliance sources, where applicable.

7. Purposes and Lawful Bases of Processing

We process personal data only where we have a lawful basis under applicable data protection law.

Purpose	Examples of Data	Lawful Basis
Website operation and security	IP address, log files, browser data, access timestamps	Legitimate interests in providing a secure and functional website
Contact enquiries and communication	Name, company, email address, message content	Legitimate interests; pre-contractual steps where applicable
Customer account and service management	Customer data, account data, licence data, service records	Performance of a contract; legitimate interests; legal obligations
Software, cloud and technical services	User data, technical data, configuration data, support data	Performance of a contract; legitimate interests; processor obligations where applicable
Support and ticket systems	Support tickets, attachments, technical data, communication data	Performance of a contract; legitimate interests
Billing, accounting and tax compliance	Invoices, payment records, billing details, tax data	Performance of a contract; legal obligations; legitimate interests
Marketing communication	Email address, preferences, consent records, campaign interaction data	Consent where required; legitimate interests where permitted
Newsletter	Email address, subscription status, consent record	Consent; legal obligation and legitimate interests in documenting compliance
Cookies and similar technologies	Cookie identifiers, device data, usage data, consent data	Legitimate interests for strictly necessary cookies; consent for non-essential cookies if introduced
Business partners and suppliers	Business contact details, contracts, correspondence, payment records	Performance of a contract; legitimate interests; legal obligations
Investor relations and corporate communication	Investor enquiries, participation data, corporate documentation	Legitimate interests; pre-contractual or contractual steps; legal obligations
Legal claims, compliance and corporate governance	Relevant records, correspondence, documentation and evidence	Legal obligations; legitimate interests in protecting our legal rights
Recruitment	CV, application data, interview notes, references	Pre-contractual steps; legitimate interests; legal obligations

7.1 Website Operation and Security

We process technical data to provide the website, ensure functionality, detect errors, prevent misuse, maintain IT security and protect our systems.

7.2 Contact Enquiries and Communication

If you contact us using the contact form or otherwise communicate with us, we process your information to respond to your enquiry, handle your request and maintain business communication.

7.3 Customer Account and Service Management

We process customer and user data to create and manage accounts, provide services, administer contracts, manage licences, deliver support, handle service requests and communicate about operational matters.

7.4 Software, Cloud and Technical Services

Where apintra provides software, cloud, ERP, eCommerce, accounting, tax, compliance or related services, we may process personal data to operate, maintain, secure, improve and support such services.

Depending on the service relationship, apintra may act either as a controller or as a processor on behalf of a customer. Where we act as a processor, we process personal data only in accordance with the customer’s documented instructions and the applicable data processing agreement.

7.5 Support and Ticket Systems

We process information submitted through our support systems to handle technical support requests, document incidents, resolve issues and maintain service quality.

7.6 Billing, Accounting and Tax Compliance

We process billing, payment and accounting data to issue invoices, process payments, manage receivables, comply with accounting and tax obligations and maintain business records.

7.7 Marketing Communication

We may process your contact details to send marketing communication, newsletters or information about our products and services, where permitted by law.

Where required, we will obtain your prior consent. You may withdraw your consent or object to marketing communication at any time.

7.8 Newsletter

If we offer a newsletter and you subscribe to it, we process your email address and subscription data to send the newsletter and manage your subscription. We may use a double opt-in procedure where appropriate. We keep records of consent to demonstrate compliance.

7.9 Cookies and Similar Technologies

The website may use cookies and similar technologies that are necessary for technical operation, security and functionality. Non-essential analytics, marketing, profiling, remarketing or tracking cookies should not be used unless a compliant consent management mechanism is implemented.

8. Legitimate Interests

Where we rely on legitimate interests, we balance our interests against your rights, freedoms and reasonable expectations.

Our legitimate interests may include:

operating and securing our website and IT systems;
responding to enquiries;
managing business relationships;
providing customer support;
improving our products and services;
preventing fraud and misuse;
maintaining corporate and business records;
enforcing or defending legal rights;
conducting business-to-business communication and marketing, where permitted.

You have the right to object to processing based on legitimate interests at any time, as explained in the section “Your Rights”.

9. Contact Form and Support Portal

When you use our contact form or support portal, we process the data you submit, including your contact details, message content, technical information and any attachments or files you voluntarily provide.

We use this data to handle your request, respond to you, allocate your enquiry internally, document the communication and, where applicable, provide customer support.

Please do not submit special category data or confidential third-party information unless necessary for your request.

10. Server Log Files

When you access our website, our systems may automatically collect and store server log data. This may include:

IP address;
browser type and version;
operating system;
referrer URL;
host name of the accessing device;
date and time of the server request;
requested page or file;
amount of data transferred;
access status.

We process server logs to ensure technical operation, system security, abuse prevention, troubleshooting and statistical analysis in an aggregated or limited form.

Server logs are generally retained for a limited period unless longer retention is necessary for security incidents, legal claims or compliance purposes.

11. Cookie Policy

This Cookie Policy explains how apintra uses cookies and similar technologies on this website.

Cookies are small text files that are placed on your device when you visit a website. Similar technologies may include local storage, session storage, pixels, tags or scripts.

At present, this website uses a cookie notice to inform visitors about the use of cookies. The current cookie notice allows visitors to acknowledge the notice, but it does not provide a technical mechanism to select, reject or manage different categories of non-essential cookies.

Therefore, this website should use only cookies and similar technologies that are necessary for technical operation, security and functionality, unless and until a compliant consent management mechanism is implemented.

11.1 Strictly Necessary Cookies

Strictly necessary cookies are required for the website to function properly. They may be used for page navigation, security, form submission, session management, load balancing, fraud prevention or remembering that a cookie notice has been acknowledged.

These cookies are used on the basis of our legitimate interests in operating a secure and functional website and, where applicable, to provide an online service requested by the user. Under PECR, consent is not required where a cookie or similar technology is strictly necessary to provide a service requested by the user.

11.2 Cookie Notice Acknowledgement

The website may store a cookie or similar local setting to remember that you have acknowledged the cookie notice. This helps prevent the notice from being displayed repeatedly.

This type of cookie or setting is used to support the operation of the website notice and is not used for analytics, advertising, profiling or cross-site tracking.

11.3 Non-Essential Cookies

Non-essential cookies include analytics cookies, marketing cookies, tracking cookies, remarketing technologies, profiling technologies and some third-party embedded content cookies.

We will not intentionally use non-essential cookies unless a compliant consent mechanism is in place that allows users to accept or reject such cookies before they are set.

11.4 Analytics and Performance Technologies

Analytics and performance technologies may help website operators understand how visitors use a website and how the website can be improved. However, where analytics cookies or similar technologies are not strictly necessary, they generally require prior consent under PECR.

Because the current cookie notice does not offer a consent management mechanism, analytics technologies that require consent should not be activated on this website unless and until such a mechanism is implemented.

11.5 Marketing, Tracking and Profiling Technologies

Marketing, tracking and profiling technologies may be used to measure advertising campaigns, personalise content, track interactions across websites, build profiles or support remarketing.

Such technologies require prior consent. They should not be used on this website unless and until a compliant consent management mechanism is implemented.

11.6 Third-Party Content

If third-party content such as videos, maps, external forms, payment services or social media content is embedded on this website, the relevant third-party provider may set cookies or use similar technologies.

Where such technologies are not strictly necessary to provide a service requested by the user, they should only be activated after the user has given valid consent.

11.7 Browser Controls

You can block or delete cookies through your browser settings. The relevant settings depend on your browser. Please note that some parts of the website may not function properly if strictly necessary cookies are blocked.

11.8 Future Cookie Management

If we introduce analytics, marketing, tracking or other non-essential cookies in the future, we will update this Cookie Policy and implement an appropriate consent management mechanism that enables users to accept, reject or manage such cookies.

11.9 Current Cookie and Technology Overview

The following overview should be completed and kept up to date based on the cookies and technologies actually used on the website.

Technology	Purpose	Category	Data Processed	Retention	Consent Required?
Cookie notice acknowledgement	Remembering that the visitor has acknowledged the cookie notice	Strictly necessary / notice functionality	Consent or acknowledgement status, timestamp or local identifier where applicable	30 days	No, if used only to remember the notice acknowledgement
Session or security cookies	Website operation, session management, security, form protection or fraud prevention	Strictly necessary	Session identifier, technical data, security status where applicable	30 days	No, if strictly necessary
Server logs	Website delivery, security, abuse prevention and troubleshooting	Technical operation and security	IP address, browser data, access time, requested page or file, status code	30 days	No cookie consent required; processing must still comply with data protection law

Tools that are not actually implemented on the website should not be listed. If analytics, marketing, embedded third-party content or similar technologies are later added, this table should be updated before those technologies are activated.

12. Recipients of Personal Data

We may disclose personal data to the following categories of recipients where necessary and lawful:

hosting and infrastructure providers;
IT service providers;
cloud service providers;
email, communication and support system providers;
payment and billing service providers;
accounting, tax and audit advisers;
legal advisers;
banks and financial institutions;
business partners and subcontractors;
regulatory authorities, courts or public bodies where required;
prospective purchasers, investors or advisers in connection with corporate transactions, subject to appropriate safeguards.

We do not sell personal data.

Where service providers process personal data on our behalf, we use appropriate contractual arrangements, including data processing agreements where required.

13. International Transfers

As a UK company operating in an international business environment, we may transfer personal data to recipients outside the United Kingdom. If you are located in the EEA, personal data may also be transferred outside the EEA.

International transfers may occur, for example, where we use cloud, hosting, software, support, analytics, communication or professional service providers located in other countries.

Where personal data is transferred internationally, we ensure that appropriate safeguards are in place as required by applicable data protection law. These may include:

adequacy regulations or adequacy decisions;
the UK International Data Transfer Agreement;
the UK Addendum to the EU Standard Contractual Clauses;
EU Standard Contractual Clauses, where applicable;
the UK-US Data Bridge or EU-US Data Privacy Framework, where applicable;
contractual, technical and organisational safeguards;
transfer risk assessments, where required.

You may contact us for further information about the safeguards used for international transfers.

14. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, tax, contractual, support, security and compliance purposes.

The applicable retention period depends on the nature of the data and the processing purpose.

Data Category	Indicative Retention Period
Website server logs	Normally retained for a short period, unless longer retention is required for security, troubleshooting or legal purposes.
Cookie notice acknowledgement records	For as long as necessary to remember that the notice has been acknowledged and to avoid repeated display.
Contact enquiries	For as long as necessary to handle the enquiry and for a reasonable follow-up period.
Customer and contract data	For the duration of the contractual relationship and thereafter for applicable statutory limitation, accounting and tax retention periods.
Invoices and accounting records	In accordance with applicable accounting and tax laws.
Support tickets	For the duration necessary to provide support, document service history, improve service quality and defend legal claims.
Marketing consent records	For as long as necessary to demonstrate consent and compliance.
Newsletter data	Until you unsubscribe or withdraw consent, unless limited data must be retained to document the withdrawal.
Recruitment data	For the duration of the recruitment process and thereafter for a limited period, unless longer retention is legally required or you consent to longer retention.
Legal and compliance records	For as long as necessary to comply with legal obligations or establish, exercise or defend legal claims.

When personal data is no longer required, we delete, anonymise or securely restrict it.

15. Security

We use appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures may include:

access controls;
user authentication;
encryption where appropriate;
secure communication protocols;
backup and recovery procedures;
system monitoring;
logging and incident management;
staff confidentiality obligations;
supplier due diligence;
data processing agreements;
regular review of security measures.

However, no internet-based service can be guaranteed to be completely secure. You are responsible for keeping your access credentials confidential and notifying us promptly of any suspected unauthorised access.

16. Automated Decision-Making and Profiling

We do not use personal data for decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you, unless expressly stated otherwise.

If this changes, we will provide appropriate information in accordance with applicable law.

17. Your Rights

Subject to the conditions and limitations under applicable data protection law, you may have the following rights:

17.1 Right of Access

You have the right to request confirmation as to whether we process your personal data and to receive a copy of that data.

17.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

17.3 Right to Erasure

You have the right to request deletion of your personal data where the legal requirements are met.

17.4 Right to Restriction of Processing

You have the right to request restriction of processing in certain circumstances.

17.5 Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may have the right to receive personal data in a structured, commonly used and machine-readable format.

17.6 Right to Object

You have the right to object to processing based on legitimate interests at any time on grounds relating to your particular situation.

Where we process personal data for direct marketing purposes, you have the right to object at any time. If you object to direct marketing, we will stop processing your personal data for that purpose.

17.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

17.8 Right to Complain

You have the right to lodge a complaint with the ICO or, where applicable, another competent supervisory authority.

18. How to Exercise Your Rights

To exercise your rights, please contact us using the contact form provided in the “Controller” section.

We may need to verify your identity before responding to your request. This is to protect your personal data against unauthorised disclosure.

We will respond to requests within the statutory timeframe, generally within one month, unless an extension is permitted by law due to complexity or number of requests.

19. Direct Marketing

We may send direct marketing communication only where permitted by law.

You can unsubscribe from marketing emails at any time by using the unsubscribe link, where provided, or by contacting us.

We may retain limited suppression data to ensure that you do not receive further marketing communication after opting out.

20. Children

Our website and services are not directed at children. We do not knowingly collect personal data from children through our website.

If you believe that a child has provided personal data to us, please contact us so that we can take appropriate action.

21. Business Customers and End Users

Where apintra provides services to business customers, our customer may determine the purposes and means of processing personal data relating to its own users, employees, customers or business partners.

In such cases, the customer is generally the controller and apintra may act as processor. If you are an end user of one of our customer’s systems or services, you should first contact the relevant customer for privacy-related requests.

Where apintra acts as processor, we process personal data only in accordance with the customer’s instructions and applicable contractual arrangements.

22. Data Processing on Behalf of Customers

Where we process personal data on behalf of customers, we apply appropriate processor obligations, including:

processing only on documented instructions;
confidentiality obligations;
appropriate security measures;
assistance with data subject rights where applicable;
assistance with security and breach obligations where applicable;
use of sub-processors only where permitted;
deletion or return of personal data at the end of the service, subject to legal retention obligations;
documentation and audit support as required by law and contract.

Specific processor terms may be set out in a separate Data Processing Agreement.

23. Data Breaches

If a personal data breach occurs, we will assess the risk and take appropriate measures.

Where legally required, we will notify the ICO or other competent supervisory authority. Where a breach is likely to result in a high risk to affected individuals, we will also notify those individuals in accordance with applicable law.

24. EEA Users and EU GDPR

Although apintra is established in the United Kingdom, the EU GDPR may apply where we offer goods or services to individuals in the EEA or monitor their behaviour within the EEA.

Where the EU GDPR applies, references in this Notice to the UK GDPR should be understood as including the corresponding provisions of the EU GDPR, where relevant.

If required by law, we will appoint an EU representative and provide the relevant contact details in this Notice or separately.

25. Changes to this Privacy Notice and Cookie Policy

We may update this Privacy Notice and Cookie Policy from time to time to reflect changes in our processing activities, legal requirements, services, website functionality or cookie technologies.

The latest version will be published on our website. Please review this Notice periodically.

26. Contact

For questions about this Privacy Notice and Cookie Policy or the processing of your personal data, please contact:

apintra plc

71-75 Shelton Street (Covent Garden)

London, WC2H 9JQ

United Kingdom

Telefax: +44 20 3936 3375

Contact: via Ticketing system

Website: https://apintra.net