DATA PROTECTION POLICY

INTRODUCTION

At APPH Limited (Heroux Devtek), we collect and process information about individuals (i.e. ‘personal data’) for business purposes, including employment and HR administration, provision of our services and business administration. This includes personal data relating to our employees, customers, suppliers and other third parties.

Compliance with data protection law is essential to ensure that personal data remains safe, our business operations are secure and the rights of individuals are respected. APPH Limited (Heroux Devtek) is a controller under data protection law, meaning it decides how and why it uses personal data. This Policy explains our procedures for complying with data protection law in relation to personal data. It also sets out your obligations whenever you are
processing any personal data in the course of your employment.

If you routinely handle individuals’ personal data, you will be given specific
training/instructions regarding data protection procedures in relation to your particular role/department. These instructions will supplement your obligations as set out in this Policy. There will also be other policies which will impact on how you deal with personal data and data protection. The main ones are our Information Security Policy and Cyber Security Policy and we expect you to comply with these where relevant.

This Policy does not give contractual rights to any Employees. It may be updated at any
time.

Who does this Policy apply to?

This Policy applies to all APPH Limited (Heroux Devtek) employees, workers, contractors, agency workers, consultants, interns, volunteers, partners and directors, (together referred to as ‘Employees’ or ‘you’).