DATA PROTECTION POLICY

Introduction

At APPH Limited (Heroux Devtek), we collect and process information about individuals (i.e.
‘personal data’) for business purposes, including employment and HR administration,
provision of our services and business administration. This includes personal data relating to
our employees, customers, suppliers and other third parties.
Compliance with data protection law is essential to ensure that personal data remains safe,
our business operations are secure and the rights of individuals are respected. APPH
Limited (Heroux Devtek) is a controller under data protection law, meaning it decides how
and why it uses personal data. This Policy explains our procedures for complying with data
protection law in relation to personal data. It also sets out your obligations whenever you are
processing any personal data in the course of your employment.
If you routinely handle individuals’ personal data, you will be given specific
training/instructions regarding data protection procedures in relation to your particular
role/department. These instructions will supplement your obligations as set out in this Policy.
There will also be other policies which will impact on how you deal with personal data and
data protection. The main ones are our Information Security Policy and Cyber Security
Policy and we expect you to comply with these where relevant.
This Policy does not give contractual rights to any Employees. It may be updated at any
time.

Who does this Policy apply to?

This Policy applies to all APPH Limited (Heroux Devtek) employees, workers, contractors,
agency workers, consultants, interns, volunteers, partners and directors, (together referred
to as ‘Employees’ or ‘you’).