Privacy Policy

1. Introduction

Apollo Int Group (“Apollo,” “we,” “our,” or “us”) is a globally recognized cybersecurity and data protection organization that provides advanced information security services to corporate, governmental, and institutional clients. This Privacy Policy describes how Apollo collects, processes, uses, protects, and governs personal and organizational data across all its operations, platforms, and services.

Our privacy management system is certified and aligned with leading global standards, including ISO/IEC 27001:2022 (Information Security Management), ISO/IEC 27701:2019 (Privacy Information Management), SOC 2 Type II, and the NIST Cybersecurity Framework (CSF). These standards guide our technical and procedural controls to ensure consistent compliance, transparency, and accountability.

2. Governance and Accountability

Apollo Int Group maintains a formal Data Protection and Information Governance Framework overseen by a designated Data Protection Officer (DPO) and Chief Information Security Officer (CISO). Our governance model ensures privacy and data protection are embedded at every level of the organization through:

Regular third-party audits and ISO certification renewals.
Internal privacy impact assessments (PIAs) and data protection audits.
Staff training programs on data ethics, information governance, and security awareness.
Mandatory confidentiality and data handling agreements for all personnel.
Dedicated reporting channels for data privacy incidents and concerns.

3. Compliance Framework

Apollo Int Group complies with all applicable privacy laws and regulations, including but not limited to:

GDPR (EU General Data Protection Regulation)
UK GDPR and the Data Protection Act 2018
CCPA / CPRA (California Consumer Privacy Act / Rights Act)
LGPD (Brazilian General Data Protection Law)
PIPEDA (Canada)
PDPA (Singapore and other jurisdictions where applicable)

When Apollo acts as a Data Controller, we determine the purpose and means of data processing. When acting as a Data Processor on behalf of a Client, we process data strictly in accordance with written contractual terms and lawful instructions.

4. Categories of Data We Process

Apollo may collect and process the following categories of data:

Identification data (name, title, organization, contact details)
Professional information (role, department, access credentials)
Technical and network data (IP addresses, device identifiers, access logs)
Security and event logs (firewall, SIEM, intrusion detection systems)
Financial and billing information (invoices, payment details)
Communications (emails, secure messages, calls, incident reports)
Incident and forensic data collected during investigations or audits

5. Lawful Basis for Processing

We process personal data under the following lawful bases:

Contractual necessity: To deliver cybersecurity services or respond to client requests.
Legitimate interest: To enhance network security, prevent unauthorized access, and improve system integrity.
Legal obligation: To meet compliance, reporting, or audit requirements.
Consent: For marketing, educational communications, or optional service updates.

6. Data Collection and Processing Procedures

Apollo applies a structured data lifecycle management process consistent with ISO 27701 standards, including:

Data Collection: Information is collected through secure channels such as encrypted portals, controlled APIs, and verified communication systems.
Data Classification: All data is classified based on sensitivity (Public, Internal, Confidential, Restricted).
Data Processing: Processing is limited to authorized personnel with role-based access control (RBAC).
Data Storage: All information is stored within secure, ISO 27001-certified data centers with AES-256 encryption and geographically redundant backups.
Data Transfer: Transfers use TLS 1.3 encryption and comply with GDPR Chapter V mechanisms, including Standard Contractual Clauses (SCCs).
Data Retention: Retention schedules follow data minimization principles and are reviewed annually.
Data Deletion: Secure deletion and media sanitization follow NIST SP 800-88 guidelines.

7. Data Sharing and Subprocessors

We do not sell or monetize personal data. Apollo may engage certified subprocessors for cloud infrastructure, monitoring, or secure communications. All subprocessors undergo rigorous due diligence and must adhere to equivalent or higher security controls, including ISO 27001 and SOC 2 compliance. A full subprocessors list is available upon request.

8. Data Security Controls

Apollo employs a multilayered security model incorporating technical, organizational, and procedural controls such as:

Zero Trust security architecture
Multi-factor authentication (MFA) for all user access
24/7 Security Operations Center (SOC) monitoring
Network segmentation and continuous vulnerability scanning
Encryption at rest (AES-256) and in transit (TLS 1.3)
Endpoint detection and response (EDR) with automated threat containment
Quarterly penetration testing and security posture assessments

9. Communication and Client Interaction

Apollo Int Group maintains open, secure, and transparent communication channels with all clients. Authorized communications may include service notifications, incident alerts, and system advisories. These communications are essential to operational delivery and may not be disabled.

Marketing or educational communications (e.g., newsletters, webinars, threat intelligence updates) are sent only with explicit consent, in accordance with opt-in and opt-out preferences. Clients may update their preferences anytime by contacting privacy@apollointgroup.com.

10. International Data Transfers

Where personal data is transferred across borders, Apollo ensures compliance through Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other recognized safeguards, guaranteeing equivalent data protection across jurisdictions.

11. Retention and Deletion

Data retention follows the principle of storage limitation. Retention periods are defined by contractual obligations, regulatory requirements, or legitimate business needs. Upon expiration, data is securely deleted or anonymized following NIST SP 800-88 and ISO 27040 methods, ensuring no recoverable traces remain.

12. Your Rights

Depending on applicable jurisdiction, you may exercise the following rights:

Right of access
Right to rectification
Right to erasure (“right to be forgotten”)
Right to restriction of processing
Right to data portability
Right to object to processing
Right to lodge a complaint with a supervisory authority

13. Data Breach Response

Apollo maintains a certified Incident Response and Breach Notification Procedure aligned with ISO 27035 and GDPR Articles 33–34. In the event of a personal data breach, Apollo will notify affected clients and authorities within legally mandated timelines and provide detailed remediation actions.

14. Continuous Improvement and Certification

Our privacy and security programs undergo continuous improvement and external validation through:

Annual ISO/IEC 27001 and 27701 recertifications
Regular SOC 2 Type II audits by independent assessors
Ongoing staff training and compliance testing
Automated policy enforcement and documentation tracking

15. Policy Updates

This Privacy Policy may be updated periodically to reflect changes in legal, operational, or technological requirements. The most current version will be posted on our website, and any material changes will be communicated to Clients via secure channels.

16. Contact Information

Data Protection Officer (DPO):
Apollo Int Group
📧 privacy@apollointgroup.com
📞 +1 (786) 556-3933

17. Final Statement

Apollo Int Group is dedicated to upholding the highest standards of cybersecurity, privacy, and data integrity. Through certified governance, advanced protection systems, and full transparency, we ensure that client trust remains the foundation of every engagement.

Apollo Int Group
Certified. Secure. Trusted. Protecting information, preserving trust, and empowering security worldwide.