Privacy Policy (UK)

Effective date: 28 November 2025
Who we are: Apollo Rank ("we", "us", "our").
Trading/Legal name: Apollo Rank
Contact: [email protected]

This Privacy Policy explains how we collect, use, share, and protect personal data when you visit apollorank.co.uk, book a call, or use our review‑request / reputation‑management services. It also explains your rights under the UK GDPR and Data Protection Act 2018.

We act as a data controller for personal data about visitors, prospects and our own clients. We act as a data processor for personal data about our clients’ end‑customers (e.g., when we send review requests on a client’s behalf). Where we are a processor, our client is the controller and is responsible for providing any required privacy information to their customers and for choosing a lawful basis for contacting them.

1) Personal data we collect

A. Site visitors & prospects

Contact details you provide (name, email, phone, business name) through forms and booking pages.

Booking details (preferred date/time, notes).

Analytics and technical data (IP address and general location, device/browser, pages viewed).

Cookie preferences and consent choices.

B. Clients

Account and billing contact details (name, email, phone, business address, VAT details if applicable).

Service configuration (templates, review links/QR code settings, routing rules).

Communications with us (emails, support chats, calls).

C. Our clients’ customers (processed on our clients’ instructions)

Basic contact details provided by our client (name, mobile number, email address).

Job/context info supplied by our client (service date, job type, work location area – if included).

Review‑request delivery status and opt‑out preferences.

We do not knowingly collect children’s data. Our services are designed for businesses.

2) How we use personal data & lawful bases

We only use personal data where we have a lawful basis under the UK GDPR. Depending on who you are, we use data for:

A. Site visitors & prospects (Controller)

To respond to enquiries and book onboarding calls (Contract / Legitimate interests).

To improve our website and measure performance using privacy‑aware analytics (Consent for non‑essential cookies; Legitimate interests for essential operations).

To send service updates or content you request (Consent or Legitimate interests, with opt‑out).

B. Clients (Controller)

To provide and support the service (Contract).

Invoicing and account management (Contract / Legal obligation).

Service communications and security (Legitimate interests).

C. Our clients’ customers (Processor)

To send polite review requests via SMS or Email with one reminder max, including opt‑out instructions (Processed strictly under our client’s instructions).
Clients are responsible for ensuring they have a lawful basis and comply with PECR rules for electronic communications. We do not use end‑customer data for our own marketing.

We do not carry out automated decision‑making that produces legal or similarly significant effects.

3) Cookies & analytics

We use cookies and similar technologies to operate the site, remember choices, and understand site performance. Non‑essential cookies only run with your consent. Our analytics (e.g., Google Analytics 4) use first‑party cookies to distinguish visits and sessions. You can withdraw consent or change preferences at any time via our cookie banner/settings.
See also: our separate Cookie Policy for details of cookies, providers and retention.

4) Who we share data with

We may share personal data with trusted service providers (processors) who help us deliver the website and services. Typical categories include:

Hosting & infrastructure (e.g., website hosting, CDN, backups).

CRM/automation & booking (e.g., client portal, calendar and messaging systems we configure on your behalf).

Communications (e.g., email and SMS gateways used to send review requests and alerts).

Analytics & tag management (e.g., GA4, tag manager tools).

Payment processing (if applicable).

We require processors to keep data secure, to act only on our instructions, and to sign appropriate data‑processing terms. We do not sell personal data.

5) International transfers

Some providers may process data outside the UK. Where we make restricted transfers under the UK GDPR, we use appropriate safeguards, such as the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and carry out transfer risk assessments. For some US recipients, we may rely on the UK‑US Data Bridge where the organisation is certified.
For details of specific transfer tools used for a given provider, contact us.

6) Data retention

We keep data only as long as needed for the purposes set out above, plus any period required by law. Typical retention periods:

Site enquiries and bookings: up to 24 months from last interaction.

Client account data: for the duration of the contract + 24 months.

End‑customer data processed for clients: as directed by the client; typically for the service term and then deleted or returned within 30–90 days of termination.

Analytics data: according to our analytics settings (e.g., up to 14 months).

We will delete or anonymise data when it is no longer required.

7) Security

We use appropriate technical and organisational measures to protect personal data, including: HTTPS encryption in transit, role‑based access controls, multi‑factor authentication on admin systems where available, least‑privilege access, staff training, and regular review of supplier security measures. No method of transmission or storage is 100% secure; we maintain and improve controls on an ongoing basis.

8) Your rights

Under the UK GDPR you have rights which may include: access, rectification, erasure, restriction, portability, objection, and the right to withdraw consent where processing is based on consent. To exercise your rights, email [email protected]. We will respond within one month (or explain if more time is needed for complex requests). You may be asked to verify your identity.

If you have concerns about our use of personal data, please contact us first. You also have the right to complain to the Information Commissioner’s Office (ICO): ico.org.uk or 0303 123 1113.
[If you are in the EU/EEA, you may also contact your local supervisory authority.]

9) Direct marketing, review requests & opt‑outs

We do not send marketing to our clients’ customers. When we process end‑customer data on a client’s behalf, we only send review requests and related service messages as instructed by the client, with clear opt‑out instructions (e.g., reply STOP to SMS or click unsubscribe in Email).

Clients are responsible for ensuring they have permission to contact their customers and for providing any required privacy information to them.

For our own marketing to prospects and clients, you can opt out at any time by using the unsubscribe link in emails or by contacting us.

10) Third‑party links

Our website may link to third‑party sites. We are not responsible for their content or privacy practices. We encourage you to read their privacy notices.

11) Changes to this policy

We may update this policy from time to time. We will post any changes on this page and update the effective date above. If changes are material, we will notify you by email or show a notice on the site.

12) Contact

For privacy questions or to exercise your rights:
Email: [email protected]

Controller–Processor Summary (for clients)

Our role: We are your processor for your end‑customer data used in review‑request workflows; you are the controller.

Your responsibilities: choose a lawful basis; comply with PECR for electronic communications; provide privacy information to your customers; ensure data is accurate and supplied securely and lawfully.

Our commitments: process only on your documented instructions; keep data secure; help you respond to individual rights requests; delete/return data at end of contract; notify you of personal data breaches without undue delay; maintain appropriate sub‑processor terms and transfer safeguards.

This document is provided for general information and should not be taken as legal advice. Please review with your legal adviser to ensure it reflects your specific circumstances and providers.