🇬🇧 🇨🇳

Privacy

At Astus we respect your personal data. This Privacy Notice explains how we will use your
personal data when you become a new customer of Astus. We comply with the GDPR
(General Data Protection Regulation) as in UK Law and employ the latest technology to
ensure any data you share with us is as secure as possible. We also ensure that our staff are
all trained in the regulations on an annual basis.

Our contact details are Astus UK Ltd, Davidson Building, 5 Southampton Street, London,
WC2E 7HA. Our Data Protection person is David Jones and if you have any questions or
queries, he can be contacted at gdpr@astusuk.co.uk.

1) What personal data do we collect about you and your company; how do
we use that personal data; and what is our legal basis?

When you sign up as a new customer with Astus, we will collect the following personal
data about you:

  • Full Name

  • Company Name

  • Company address

  • Company registration number

  • Work email address

  • Work telephone number

  • Bank account details

We need all this information from you and about your company to set up the account
with us. We will process this data on the lawful basis of contract as we will be contracted
to supply you with our services.

Your name and contact details we need to answer any enquiries you may have about
our services and the financial information we need for our accounts team to raise
invoices at appropriate times. This means under HMRC rules we will retain your
information for up to 6 years after an account is closed.

Do we use any automated decision making?

We do not use any automated decision making.

2) Who do we share your personal data with?

We share your personal data with the following recipients:

Internally the information will be shared with Financial Accounts and the Relationship
manager to allow them to service the account.

3) Do we transfer your personal data outside of the EU or EEA?

We do not transfer your personal data outside of the EU.

4) How we look after your information

We take appropriate technical and organisational measures to secure your information
and to protect it against unauthorised or unlawful use and accidental loss or destruction,
including:

  • only sharing and providing access to your information to the minimum extent
    necessary, subject to confidentiality restrictions where appropriate, and on an
    anonymised basis wherever possible.

  • using secure servers to store your information

  • verifying the identity of any individual who requests access to information prior to
    granting them access to information.

  • using Secure Sockets Layer (SSL) software to encrypt any information you submit to
    us via any forms on our website] [and] [any payment transactions you make on or via
    our website.

  • only transferring your information via closed system or encrypted data transfers; and

  • insert any additional methods you use to ensure the security of personal information e.g. other technological measures or pseudonymisation.

5) Transmission of information to us by email

  • Transmission of information over the internet is not entirely secure, and if you
    submit any information to us over the internet (whether by email, via our website or
    any other means), you do so entirely at your own risk.

  • We cannot be responsible for any costs, expenses, loss of profits, harm to
    reputation, damages, liabilities or any other form of loss or damage suffered by you
    as a result of your decision to transmit information to us by such means

6) Your rights in relation to your information

Subject to certain limitations on certain rights, you have the following rights in relation
to your information, which you can exercise by writing to Astus UK Ltd, Davidson
Building, 5 Southampton Street, London, WC2E 7HA or sending an email to
gdpr@astusuk.co.uk:

1) To request access to your information and information related to our use and
processing of your information.
2) To request the correction or deletion of your information.
3) To request that we restrict our use of your information.
4) To receive information which you have provided to us in a structured, commonly
used and machine-readable format (e.g. a CSV file) and the right to have that
information transferred to another data controller (including a third-party data
controller);
5) To object to the processing of your information for certain purposes such as direct
marketing
6) To withdraw your consent to our use of your information
7) The right not to be subject to a decision based solely on automated processing,
including profiling which produces legal affects concerning you or similarly
significantly affects you and ask for a human response.

Retention of your data

The storage limitation principle under GDPR stipulates that you must not retain personal
data longer than you need it for, Astus can decide how long we keep data for commercial
reasons and for legal or financial reasons and we have outlined this in the table below.

Type of data

Length of retention and reason

Full Name

6 years as per HMRC

Company Name

6 years as per HMRC

Company address

6 years as per HMRC

Company registration number

6 years as per HMRC

Work email address

6 years as per HMRC

Work telephone number

6 years as per HMRC

Work telephone number

6 years as per HMRC



Verifying your identity where you request access to your information

Where you request access to your information, we are required by law to use all reasonable
measures to verify your identity before doing so.

These measures are designed to protect your information and to reduce the risk of identity
fraud, identity theft or general unauthorised access to your information.

How we verify your identity

Where we possess appropriate information about you on file, we will attempt to verify your
identity using that information.

If it is not possible to identity you from such information, or if we have insufficient
information about you, we may require original or certified copies of certain documentation
in order to be able to verify your identity before we are able to provide you with access to
your information.

We will be able to confirm the precise information we require to verify your identity in your
specific circumstances if and when you make such a request.

If you want to exercise any of these rights, please contact our data protection lead Sam
Brown on gdpr@astusuk.co.uk.

Changes to this privacy policy

Astus will amend this policy from time to time. If we make any substantial changes in the
way we use your personal information we will make that information available by posting a
notice on this site.

If you have any further questions or concerns, please email gdpr@astusuk.co.uk as most
matters can be resolved informally in the first instance.