top of page

Data Privacy Policy

Privacy Policy – My Appoints

Last updated: Feb 2026

My Appoints is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and the Data (Use and Access) Act (DUAA) where applicable.

​

1. Who We Are

Business name: My Appoints
Business type: Sole trader
Registered office: 
Email: gareth@myappoints.com
ICO Registration Number: ZC089122

My Appoints is a B2B telemarketing and appointment-setting business. We contact businesses on our own behalf and on behalf of clients to introduce products or services and arrange appointments.

For the purposes of data protection law, My Appoints is the data controller for the personal data described in this policy, unless otherwise stated.

​

2. Categories of Personal Data We Process

We process business-related personal data, including:

  • Name

  • Job title

  • Business email address

  • Business phone number

  • Company name and company details

  • Publicly available professional information

  • Notes from business calls or email interactions

We do not record calls.

​

3. Sources of Personal Data

We collect data from:

  1. Approved third-party B2B data suppliers

  2. Publicly available sources (company websites, directories, professional platforms)

  3. Our clients when running campaigns on their behalf

  4. Direct interactions (phone, email, or website contact)

​

4. Purposes of Processing and Lawful Bases

Purpose

Lawful Basis

B2B telemarketing and outreach

Legitimate interests

Sending relevant B2B emails

Legitimate interests (PECR compliant)

Appointment setting for clients

Legitimate interests / contractual necessity (client relationship)

Maintaining and updating business contact records

Legitimate interests

Responding to enquiries

Legitimate interests or consent (where applicable)

Legal and regulatory compliance

Legal obligation

​

5. Legitimate Interests

We rely on legitimate interests under Article 6(1)(f) UK GDPR, including recognised legitimate interests where applicable under the DUAA.

Our legitimate interests include:

  • Promoting relevant B2B products and services

  • Generating sales opportunities

  • Conducting market research

  • Arranging business appointments

We maintain a Legitimate Interests Assessment (LIA) to ensure:

  • Our interests are balanced against individual rights

  • Processing is proportionate and expected

  • Individuals can easily object or opt out

​

6. PECR and Direct Marketing Compliance

We comply with the Privacy and Electronic Communications Regulations (PECR).

Corporate vs Individual Subscribers

  • We primarily contact corporate subscribers (limited companies and other businesses).

  • Where we identify individual subscribers (sole traders or partnerships), we apply stricter PECR rules.

Email Marketing

We may send B2B marketing emails where:

  • The contact relates to a corporate subscriber, and

  • The content is relevant to their business role.

All marketing emails include a clear opt-out option.

Telephone Marketing

We:

  • Screen numbers against the TPS/CTPS where applicable.

  • Maintain an internal Do Not Contact list.

  • Respect all objections to marketing.

​

7. Statutory or Contractual Requirements

You are not generally required by law to provide personal data to us.

However, where you contact us or engage in a business relationship, we may require certain details to:

  • Respond to your enquiry

  • Provide services

  • Maintain business records

If you choose not to provide this information, we may be unable to provide certain services or respond effectively.

​

8. Data Sharing and Recipients

We do not sell personal data.

We may share data with the following categories of recipients:

  • Clients for whom we run telemarketing or appointment-setting campaigns

  • CRM and contact management providers

  • Email, IT, and hosting service providers

  • Professional advisers (where necessary)

  • Regulatory or legal authorities where required by law

  • A purchaser of the business or its assets (if applicable)

All processors are contractually required to protect data.

​

9. International Data Transfers

Where service providers are located outside the UK, we ensure:

  • The destination country has an adequacy decision, or

  • Appropriate safeguards are in place, such as:

    • Standard Contractual Clauses (SCCs)

​

10. Data Retention

We retain personal data only as long as necessary.

Typical retention periods:

  • Active prospect or client contact data: up to 24 months from last meaningful contact.

  • Client records: up to 6 years for accounting or legal purposes.

  • Suppression or opt-out data: indefinitely, to respect marketing preferences.

Retention may be extended where required by law or for legitimate business purposes.

​

11. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

​

12. Data Security

We implement appropriate technical and organisational measures, including:

  • Password-protected systems

  • Secure CRM platforms

  • Anti-virus and firewall protection

  • Restricted data access

  • Secure email systems

Where required, data breaches are reported to the ICO within 72 hours.

​

13. Your Data Protection Rights

Under UK data protection law, you have the right to:

  • Be informed

  • Access your data

  • Rectify inaccurate data

  • Erase data (where applicable)

  • Restrict processing

  • Data portability

  • Object to processing

  • Not be subject to automated decision-making

Right to Object to Marketing

You can object to direct marketing at any time.
If you do, we will stop marketing to you and place your details on our suppression list.

​

14. How to Exercise Your Rights

To exercise your rights, contact:

Email: gareth@myappoints.com

Suggested subject lines:

  • Access Request

  • Rectification Request

  • Erasure Request

  • Right to Object

  • Data Protection Complaint

We may need to verify your identity.
We aim to respond within one month.

​

15. Internal Data Protection Complaints Procedure

If you have a concern about how we handle your personal data, please contact us first.

Email: gareth@myappoints.com
Subject line: Data Protection Complaint

Our process

  1. We will acknowledge your complaint within 5 working days.

  2. We will investigate internally.

  3. We may contact you for more information.

  4. We will provide a written response within 30 days.

If you are not satisfied, you may complain to the ICO.

​

16. Complaints to the ICO

You have the right to lodge a complaint with:

Information Commissioner’s Office (ICO)
Website: https://www.ico.org.uk

​

17. Accountability and Data Protection Practices

To comply with UK GDPR accountability requirements, we:

  • Maintain records of processing activities

  • Conduct Data Protection Impact Assessments (DPIAs) where processing presents higher risk

  • Carry out risk assessments for new systems or data uses

  • Maintain procedures for handling data subject requests

​

18. Website Data and Cookies (if applicable)

When you visit our website, we may collect:

  • IP address

  • Browser type

  • Pages visited

  • Time spent on pages

  • Referral sources

We use this data to:

  • Analyse performance

  • Improve user experience

  • Maintain security

Cookies may be used for:

  • Essential functions

  • Analytics

  • Performance monitoring

You can control cookies through your browser settings.

​

19. Links to Other Websites

Our website may contain links to third-party sites.
We are not responsible for their privacy practices.

​

20. Changes to This Policy

We may update this policy from time to time.
The latest version will always be available on our website.

Please contact me gareth@myappoints.com if you have any questions regarding the above.​

.

.

bottom of page