top of page

Data Privacy Policy

Privacy Policy – My Appoints
Last updated: February 2026

My Appoints is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and the Data (Use and Access) Act (DUAA) where applicable.

​

1. Who We Are

Business name: My Appoints
Business type: Sole trader
Registered office: 124 City Road, London, EC1V 2NX
Email: gareth@myappoints.com
ICO Registration Number: ZC089122

My Appoints is a B2B telemarketing and appointment-setting business. We contact businesses on our own behalf and on behalf of clients to introduce products or services and arrange appointments.

For the purposes of data protection law, My Appoints is the data controller for the personal data described in this policy, unless otherwise stated.

Role as Controller or Processor

Depending on the service provided, My Appoints may act as:

  • Data controller – where we determine the purpose and means of processing personal data for our own business activities

  • Data processor – where we process personal data strictly on behalf of a client and under their instructions

Where we act as a processor, the relevant client will be the data controller and their privacy policy will apply to the processing they carry out.

​

2. Categories of Personal Data We Process

We process business-related personal data, including:

  • Name

  • Job title

  • Business email address

  • Business phone number

  • Company name and company details

  • Publicly available professional information

  • Notes from business calls or email interactions

We do not record calls.

​

3. Sources of Personal Data

We collect data from:

  1. Approved third-party B2B data suppliers

  2. Publicly available sources (company websites, directories, professional platforms)

  3. Our clients when running campaigns on their behalf

  4. Direct interactions (phone, email, or website contact)

How we select business contacts

Where we collect data from public sources, we:

  • Focus on individuals in relevant business roles

  • Use information that is already publicly available in a professional context

  • Contact individuals only with information relevant to their organisation

​

4. Purposes of Processing and Lawful Bases

Processing Activity: B2B telemarketing calls
Personal Data Used: Name, job title, company, business phone
Purpose: To introduce relevant business products or services and identify interest
Lawful Basis: Legitimate interests

​

Processing Activity: B2B marketing emails
Personal Data Used: Name, job title, company, business email
Purpose: To send relevant business communications and follow-up information
Lawful Basis: Legitimate interests (PECR compliant)

​

Processing Activity: Appointment setting for clients
Personal Data Used: Name, job title, company, contact details, call notes
Purpose: To arrange meetings or demonstrations on behalf of clients
Lawful Basis: Legitimate interests / contractual necessity

​

Processing Activity: Maintaining prospect and client records
Personal Data Used: Contact details, company data, interaction history
Purpose: To keep business records accurate and up to date
Lawful Basis: Legitimate interests

​

Processing Activity: Responding to enquiries
Personal Data Used: Contact details, message content
Purpose: To respond to questions or requests
Lawful Basis: Legitimate interests or consent

​

Processing Activity: Legal and regulatory compliance
Personal Data Used: Relevant records and communications
Purpose: To comply with legal obligations
Lawful Basis: Legal obligation

​

5. Legitimate Interests

We rely on the lawful basis of legitimate interests under Article 6(1)(f) UK GDPR for certain processing activities.

Our legitimate interests include:

  • Promoting relevant B2B products and services

  • Generating sales opportunities for our business and clients

  • Conducting business-to-business market research

  • Arranging meetings or demonstrations between businesses

  • Managing legal, insurance, and professional risks

Before relying on legitimate interests, we carry out a Legitimate Interests Assessment (LIA) to ensure:

  • The processing is necessary for a defined business purpose

  • It is reasonable and expected in a B2B context

  • It does not override the rights and freedoms of individuals

  • Individuals can easily object or opt out at any time

Where an individual objects, we will stop processing their data for direct marketing purposes.

​

6. PECR and Direct Marketing Compliance

We comply with the Privacy and Electronic Communications Regulations (PECR).

Corporate subscribers

Corporate subscribers include:

  • Limited companies

  • Limited liability partnerships

  • Public sector bodies

  • Other incorporated organisations

We may send B2B marketing communications to corporate subscribers where:

  • The message is relevant to the recipient’s business role, and

  • A clear opt-out option is provided.

Individual subscribers

Individual subscribers include:

  • Sole traders

  • Partnerships

  • Some unincorporated organisations

For these recipients, stricter PECR rules apply. Where required, we will:

  • Obtain prior consent before sending marketing emails, or

  • Rely on a PECR-compliant exemption where applicable.

Telephone marketing

We:

  • Screen numbers against the TPS and CTPS registers where applicable

  • Maintain an internal Do Not Contact list

  • Respect all objections to marketing immediately

​

7. Statutory or Contractual Requirements

You are not generally required by law to provide personal data to us for marketing purposes.

However, if you:

  • Contact us with an enquiry, or

  • Enter into a business relationship with us or our clients

we may require certain information to:

  • Respond to your enquiry

  • Arrange appointments or meetings

  • Provide contracted services

  • Maintain business and accounting records

If this information is not provided, we may be unable to respond to your request or deliver the relevant service.

​

8. Data Sharing and Recipients

We do not sell personal data.

We may share personal data with the following categories of recipients where necessary:

  • Clients for whom we run telemarketing or appointment-setting campaigns

  • Customer relationship management (CRM) providers, to store and manage contact records

  • Email service providers, to send business communications

  • Telephony and communication providers, to make and manage calls

  • IT hosting and cloud service providers, for secure data storage and system operation

  • Professional advisers, such as accountants or lawyers where required

  • Regulatory authorities where required by law

  • Potential business purchasers in the event of a sale or merger

All service providers acting as data processors are contractually required to protect personal data.

Where we share your personal data with a client as part of a campaign, that client will become an independent data controller for their own processing. Their privacy policy will apply to any processing they carry out after receiving your data.

​

9. International Data Transfers

Some of our service providers may be located outside the United Kingdom.

Where personal data is transferred to a country that does not benefit from a UK adequacy decision, we implement appropriate safeguards to protect that data.

These safeguards may include:

  • Transfers to countries with a UK adequacy decision, or

  • The use of International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs) approved by the UK government

These measures are designed to ensure personal data receives a level of protection equivalent to that required under UK data protection law.

​

10. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, or reporting requirements.

Typical retention periods:

  • Active prospect or client contact data: up to 24 months from last meaningful contact

  • Client records: up to 6 years for accounting or legal purposes

  • Suppression or opt-out data: indefinitely, to respect marketing preferences

Retention may be extended where required by law or for legitimate business purposes.

​

11. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

​

12. Data Security

We implement appropriate technical and organisational measures, including:

  • Password-protected systems

  • Secure CRM platforms

  • Anti-virus and firewall protection

  • Restricted data access

  • Secure email systems

These measures may include secure systems, access controls, staff awareness training, and regular security reviews.

Where required, data breaches are reported to the ICO within 72 hours.

​

13. Your Data Protection Rights

Under UK data protection law, you have the right to:

  • Be informed

  • Access your data

  • Rectify inaccurate data

  • Erase data (where applicable)

  • Restrict processing

  • Data portability

  • Object to processing

  • Not be subject to automated decision-making

Right to object to marketing

You can object to direct marketing at any time.
If you do, we will stop marketing to you and place your details on our suppression list.

Right to withdraw consent

Where we rely on your consent, you may withdraw it at any time by contacting:
gareth@myappoints.com
This will not affect the lawfulness of processing carried out before consent was withdrawn.

Right to complain

If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

​

14. How to Exercise Your Rights

To exercise your rights, contact:

Email: gareth@myappoints.com

We may need to verify your identity.
We aim to respond within one month.

​

15. Internal Data Protection Complaints Procedure

If you have a concern about how we handle your personal data, please contact us first.

Email: gareth@myappoints.com
Subject line: Data Protection Complaint

Our process:

  1. We will acknowledge your complaint within 5 working days.

  2. We will investigate internally.

  3. We may contact you for more information.

  4. We will provide a written response within 30 days.

If you are not satisfied, you may complain to the ICO.

​

16. Complaints to the ICO

You have the right to lodge a complaint with:

Information Commissioner’s Office (ICO)
Website: www.ico.org.uk

​

17. Accountability and Data Protection Practices

To comply with UK GDPR accountability requirements, we:

  • Maintain records of processing activities

  • Conduct Data Protection Impact Assessments (DPIAs) where appropriate

  • Carry out risk assessments for new systems or data uses

  • Maintain procedures for handling data subject requests

​

18. Website Data and Cookies (if applicable)

When you visit our website, we may collect:

  • IP address

  • Browser type

  • Pages visited

  • Time spent on pages

  • Referral sources

We use this data to:

  • Analyse performance

  • Improve user experience

  • Maintain security

Cookies may be used for:

  • Essential functions

  • Analytics

  • Performance monitoring

You can control cookies through your browser settings.

​

19. Links to Other Websites

Our website may contain links to third-party sites.
We are not responsible for their privacy practices.

​

20. Changes to This Policy

We may update this policy from time to time.
The latest version will always be available on our website.

Please contact me gareth@myappoints.com if you have any questions regarding the above.​

.

.

bottom of page