Trust CentreRoadmapStatusLogin

Privacy Policy

Purpose and Scope

At Aphex, we respect your privacy and data protection rights and recognize the importance of protecting the personal data we collect and process. This Privacy Policy is designed to help you to understand what personal data we collect about you and how we use and share it.

When we refer to Aphex in this Privacy Policy, we mean Aphex Software Limited, a company registered in England and Wales, company registration number 09681747 and register address of 82 Wandsworth Bridge Road, London, United Kingdom, SW6 2TF, and all group companies of Aphex Software Limited, including:

  • Aphex Australia Pty Ltd (ABN: 13 628 119 648)

("Aphex", "we", "us", "our").

This Privacy Policy applies to you if you:

  • interact with any of Aphex’s websites (including aphex.co, app.aphex.co, help.aphex.co) or our social media pages (collectively, the "Sites") ("website users");

  • visit any of Aphex’s premises ("office visitors");

  • attend an Aphex event or an event which Aphex sponsors ("event attendees");

  • use Aphex's applications and services, to the extent that we are acting as a controller of your personal data (collectively, the "Aphex Services") ("customers");

  • interact with any shared data from Aphex's Apps (including shared reports and plans ("guests");

  • are a marketing prospect, who is anyone whose data Aphex processes for the purposes of assessing customer eligibility ("marketing prospect"); or

  • receive marketing communications from Aphex.

This Privacy Policy takes into account the General Data Protection Regulation 2016/679 (EU GDPR) for individuals located in the European Union or European Economic Area, and General Data Protection Regulation (EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018). In this Privacy Policy, the EU GDPR and UK GDPR are together referred to as the GDPR. This Privacy Policy also takes into account the requirements of the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, as well as the New Zealand Privacy Act 2020 and the Information Privacy Principles.

Role under the GDPR

For the purposes of the GDPR, this Privacy Policy covers personal data that we collect and process in our capacity as a controller of personal data. Where you are invited to access the Aphex Services by a business, that business is the ‘controller’ of any personal data that you input into the Services (“End User Data”), and we act as a data processor to process your End User Data on behalf of the controller organisation. The controller is responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining your consent prior to transferring the End User Data to us to process on their behalf, therefore End User Data is not covered by this Privacy Policy. You should view the controller’s privacy policy and/or contact the controller to understand their privacy practices in relation to your End User Data.

Our Data Protection Officer can be contacted in writing at [email protected].

Personal Data Collected by Aphex

Personal Data We Collect and Receive

The personal data that we collect about you broadly falls into the categories set out in the following table. Some of this information you provide voluntarily when you interact with the Aphex Services and Sites, or when you attend an event or visit our premises. Other types of information may be collected indirectly from your device, such as device data and service data (and in cases where cookies are used to collect this data, subject to your consent). From time to time, we may also receive personal data about you from third party sources (as further described in the table).

We may collect the following personal data about:

  • our website users;

  • recipients of marketing communications; and

  • marketing prospects.

1. Registration, contact, and company information:

  • first and last names;

  • email addresses;

  • phone numbers;

  • avatars;

  • company name;

  • your role in your company.

2. Payment information:

  • credit card information;

  • billing and mailing addresses;

  • other payment-related information.

3. Device data:

  • operating system type and version number, manufacturer and model;

  • browser type;

  • screen resolution;

  • IP address;

  • unique device identifiers.

4. Service data:

  • the website you visited before browsing to the Aphex Services;

  • how long you spent on a page or screen;

  • how you interact with our emails;

  • navigation paths between pages or screens;

  • date and time;

  • pages viewed;

  • links clicked.

5. Third party source data:

  • profile information gathered from social networking sites;

  • information that you have viewed or interacted with our content;

  • company information;

  • job titles;

  • avatars;

  • email addresses;

  • phone numbers;

  • addresses;

6. Geolocation data

  • The sources of this third party personal data may include:

  • Contact enrichment and lead generation providers; and

  • Targeted online advertising providers

We may collect the following personal data about our office visitors:

1. Registration, contact and company information:

  • first and last names;

  • email addresses;

  • phone numbers;

  • company name;

2. Visitation Data

  • time and date of arrival;

  • photograph ID;

  • signature;

  • CCTV footage.

We may collect the following personal data about event attendees:

1. Registration, contact and personal information:

  • first and last names;

  • email addresses;

  • phone numbers;

  • mailing addresses;

  • company name;

  • your role in your company.

2. Visitation Data

  • time and date of arrival;

  • photograph ID;

  • signature;

  • CCTV footage.

3. Third party source data:

  • first and last names;

  • email addresses;

  • phone numbers;

  • mailing addresses;

  • company name;

  • your role in your company.

4. The sources of this third party personal data may include:

  • The event organizer

We may collect the following personal data about our customers and guests (to the extent applicable):

1. Registration and contact information:

  • first and last names;

  • email addresses;

  • phone numbers;

  • mailing addresses;

  • company name;

  • your role in your company.

2. Payment information:

  • credit card information;

  • billing and mailing addresses;

  • other payment-related information.

3. Device data:

  • operating system type and version number, manufacturer and model;

  • browser type and language;

  • screen resolution;

  • IP address;

  • unique device identifiers.

4. Service data:

  • the website you visited before browsing to the services;

  • how long you spent on a page or screen;

  • navigation paths between pages or screens;

  • session date and time; activity status (including first seen, last seen, last heard from - and last contacted);

  • pages viewed;

  • links clicked;

  • language preferences

  • tags applied within customer accounts

  • Aphex assigned user identifier.

5. Third party source data

  • profile information gathered from social networking sites;

  • information that you have viewed or interacted with our content;

  • company information;

  • job titles;

  • avatars;

  • email addresses;

  • phone number;

  • approximate geolocation data.

Where cookie consent (under applicable laws) is required to collect any of the above personal data, the collection will be subject to your consent.

Cookies and Other Tracking Technologies

Some device data, service data and third party source data is collected through the use of first or third party cookies and similar technologies. Aphex Apps do not collect, retain, or share data regarding a particular user's activity across multiple websites or applications that are not owned by Aphex. Aphex does assign each user a unique user ID within the scope of an individual website, but does not collect or retain IP or any information that would allow Aphex to identify the same particular user on more than one website. For more information, please see Aphex's Cookie Policy.

Do Not Track. Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

How and why we use your Personal Data

We collect and process personal data about you only where we have legal bases for doing so under applicable laws. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please reach out to us if you need further details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose of use / disclosure

Legal Basis for processing

Providing and facilitating delivery of the Aphex Services, including to provide you with a login.

  • Performance of a contract with you

Providing and facilitating delivery of the Aphex Site

  • Legitimate interests: to facilitate the function of our Aphex Site.

To contact and communicate with you about the Aphex Services, including in response to any support requests you lodge with us or other enquiries you make with us.

  • Performance of a contract with you

  • Legitimate interests: to administer the Aphex Services, including to inform you of the availability or security of the Aphex Services.

To contact and communicate with you about any enquiries you make with us via our website.

  • Legitimate interests: to ensure we provide the best client experience we can offer by answering all of your questions.

For internal record keeping, audit, anti-fraud, administrative, invoicing and billing purposes.

  • Performance of a contract with you

  • To comply with a legal obligation

  • Legitimate interests: to recover debts due to us and ensure we can notify you about changes to our terms of business and any other administrative points.

For analytics, market research and business development, including to operate and improve the Aphex Services and Sites.

  • Legitimate interests: to keep our website updated and relevant, to develop our business, improve our Services and to inform our marketing strategy.

For advertising and marketing, including to send you promotional information about our events and experiences and information that we consider may be of interest to you.

  • Legitimate interests: to develop our Services and grow our business.

For health and safety purposes, where you visit our offices.

  • Performance of a contract with you.

  • Legitimate interests: to protect our premises and confidential information against unauthorised access and the safety of our staff and office visitors.

To manage event registrations and attendance

  • Performance of a contract with you.

To maintain the security of the Aphex Services and Sites.

  • Legitimate interests: to control unauthorised use or abuse of the Aphex Services and Sites, or otherwise detect, investigate or prevent activities that may violate Aphex policies or applicable laws.

To comply with our legal obligations or if otherwise required or authorised by law.

  • To comply with a legal obligation.

In certain circumstances, we may collect your personal data on a different legal basis. If we do, or if we use your personal data for purposes that are not compatible with, or are materially different than, the purposes described in this notice or the point of collection, we will explain how and why we use your personal data in a supplementary notice at or before the point of collection. Where we refer to legal bases in this section we mean the legal grounds on which we can rely when processing personal data.

Sharing your Personal Data

  1. We may disclose some or all of the personal data we collect to the following third parties:

  • To Aphex Group Companies:

    • Aphex Software Limited;

    • Aphex Australia Pty Ltd;

    • Any such other group companies as may be added to this list from time to time.

  • Our employees and contractors

  • Service Providers:

    • Consultants and vendors engaged by us to support our provision of the Aphex Services and Sites and the operation of our business, including IT service providers, data storage, web-hosting and server providers, marketing or advertising providers, payment systems operators, and including those service providers set out on our Subprocessor List, from time to time; and

    • third-party AI providers such as Open AI and Anthropic.

  • Professional Advisors:

    • Professional advisors, such as lawyers, auditors and insurers, in the course of the professional services that they render to us.

  • Compliance with Law Enforcement:

    • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;

    • Protect our, your or others’ rights, privacy, safety or property (including by making and defending actual or prospective legal claims);

    • Enforce the terms and conditions that govern the Services; and

    • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

  • Business Transfers:

    • Parties to transactions or potential transactions (and their professional advisors) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business, assets, or equity interests of Aphex Group Companies (including, as part of a bankruptcy or similar proceeding).

  • Analytics businesses:

    • Third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), Meta Pixel or other relevant analytics businesses.

  1. Aggregated or anonymised information. We may also share aggregated or anonymised information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the websites you generally use, the configuration of your computer, and performance metrics related to the use of websites which we collect through our technology, products and services. If we are required under applicable law to treat such information as personal data, then we will only disclose it as described above. Otherwise, we may disclose such anonymised information for any reason.

Retention of your Personal Data

  1. We retain your personal data only for as long as necessary to fulfill the purposes set out in this Privacy Policy, or as otherwise required under law. If you would like more information about specific retention periods please contact [email protected]

  2. Note that content you create may remain on the Sites even if you cease using the Sites or we terminate access to the Sites.

  3. We will process End User Data for as long as is required and/or permitted under the relevant data processing agreement between us and the controller entity, unless required to be retained by law.

Transfers of your Personal Data

  1. The Aphex Services and Sites, are provided and hosted globally by Google Cloud. Unless otherwise specified, we may transfer, and process, your personal data outside of the country in which you are resident to other Aphex Group Companies and our service providers including to the UK, Australia and other such countries as we deem appropriate from time to time. These countries may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective). We will protect your personal data in accordance with this Privacy Policy wherever it is processed.

  2. Certain recipients (our service providers and other companies) who process your personal data on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer mechanism is put in place to protect your personal data.

EU and UK - Your Privacy Rights and Choices

  1. If you are a resident of the EEA or the UK you have the following data protection rights:

  • Access: You may request details of the personal data that we hold about you and how we process it (commonly known as a “data subject request”). If you wish to access, correct, update or request deletion of your personal data, you can do so at any time by using the contact details below.

  • Processing and portability: You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data.

  • Unsubscribe: You have the right to opt-out of marketing communications we send you at any time. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by clicking on the "unsubscribe" or "opt-out" link in the communications we send you. Please note, however, that it may not be possible to opt-out of certain service-related communications. You can let us know at any time if you do not wish to receive marketing messages by contacting us on the Aphex Messenger or by contacting us using the contact details below.

  • Withdraw consent: If we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

  • Information from third parties: If we receive personal data about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal data about somebody else, you represent and warrant that you have such person’s consent to provide the personal data to us.

  • Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and the UK are available here. We would, however, appreciate the chance to deal with your concerns before you approach the relevant data protection authority, so please contact us in the first instance.

  1. You can exercise any of these rights by submitting a request to our Data Protection Officer at [email protected].

AU and NZ - Your Privacy Rights and Choices

  1. If you are a resident of Australia or New Zealand, you have the following data protection rights:

  • Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you.

  • Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

  • Restrict and unsubscribe: To object to processing for direct marketing/ unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

  • Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

  • Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

  • Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (if you are an Australian resident), or the Office of the New Zealand Privacy Commissioner (if you are a New Zealand resident).

Links to other websites

Our website may contain links to other party's websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal data which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Amendments

We may change this Privacy Policy from time to time. We will notify you if we make a significant change to this Privacy Policy, by contacting you through the contact details you have provided to us and by publishing an updated version on our website.

Contact details

For any questions or notices in relation to this Privacy Policy regarding Aphex Software Limited, please contact us at:

Aphex Software Limited, a company registered in England and Wales, with company number 09681747

C/O: Data Protection Officer

Email: [email protected]

For any questions or notices in relation to this Privacy Policy regarding Aphex Australia Pty Ltd, please contact us at:

Aphex Australia Pty Ltd, a company registered in Australia, with company number 13 628 119 648.

Email: [email protected]

Last updated

Was this helpful?