Aspyrian is a company based in the UK. We provide services to other companies and charities to help them better comply with the requirements of data protection law. Privacy and confidentiality are therefore at the heart of everything we do. We comply with all relevant legislation, including the EU General Data Protection Regulation and the UK's Data Protection Act 2018.
All websites need to explain how they use and protect personal data and how they manage cookies. This privacy notice is our way of doing this.
First, we'd like to explain the general principles under which we work:
We abide by the letter and the spirit of the data protection Principles.
We never sell access to the information we collect and hold.
We only collect and use the information needed to provide our services and we always try to use the least amount of information necessary to provide those services.
We don't make information we have collected available to others unless you have said we can do so, except in some very limited circumstances (i.e. where we are legally required to provide access or if we need the information for legal proceedings.)
We do not knowingly request, or receive, information relating to children.
We perform no automated decision-making.
If you have any comments or questions about any aspect of this privacy statement, please contact Tom at email@example.com or use the contact details found at the bottom of each of our webpages.
How we collect and use your personal data
People who use our website
We collect some information about our website users. This is collected automatically in order to help us analyse how our site is used by visitors and to improve it based on that information. The information collected by our website includes: IP addresses, the general location from which you access the internet, the pages of our website that are viewed, your browser type, and the operating system used by the device you use to access the internet
Doing this does not allow us to directly identify an individual person who uses our website.
We collect this information because we have a legitimate interest in understanding the way in which visitors use our website. Collecting this information allows us to improve our website and the services we offer and we think users would expect us to do so. Because we cannot directly identify individual users, collecting this information poses very little risk.
People who use our services
We ask you to submit personal information to us when you contact us through our website or through other methods, such as via email or telephone. We collect only your name, contact details (such as email addresses, telephone numbers, and physical addresses). When providing services to you we will also ask you not to tell us any more than that. We will also have access to some information about your bank account when we process payments.
We use your personal information for the purpose of offering you or providing you with our services. Our use of your information is therefore performed on the basis of:
what we believe to be our legitimate interest in contacting you for marketing purposes;
entering into, negotiating, and performing a contract with you; or
where we have a legal obligation to provide the information to third parties or use it for legal proceedings.
If we use your data under point 1, we obtained your information via internet searches or through a referral. We will always inform you of this during our initial contact with you. We think that it is legitimate for us to do this because:
it furthers our ability to offer the services that we do;
it is necessary to expand our business and find new clients;
it is reasonably expected that we would do so;
there are very limited risks to you; and
any intrusiveness is brief and can be mitigated by you implementing your right to object to direct marketing (see below).
If we use your data under point 2., we obtained the information through a combination of web searches and the information you provided to us. The provision of types of personal data described at the beginning of this section are necessary for negotiating, entering into, and fulfilling a contract with you.
If we use your data under point 3, we are either legally compelled to provide the information (e.g. we might be required to provide information to a law enforcement agency) or we have to use the information in order to engage in legal proceedings.
There are very few risks posed to individuals by our use of the personal data that we collect and store. The personal data is very limited and none of it is of a sensitive nature. The only likely consequence of a data breach would be exposure of a limited number of contact details and disclosure that the individual had used our services. However, such breaches are very unlikely - see the section on Information Security, below.
We conduct extremely limited marketing activities. We only market to businesses and charities, never individuals. If you do not wish to be contacted for the purposes of marketing, please inform Tom at firstname.lastname@example.org or call us using the telephone number at the bottom of each of our webpages and we will make sure you are not contacted again.
How long we keep your data
We do not retain personal data indefinitely. We will keep your data only for as long as is needed to give you the services we agree as part of a contract. Once the our contract with you is over, we keep data for no more than a year. The only exception to this is our financial data, such as records of transactions and our invoices. These we keep for seven years, which is an industry standard for the retention of financial data.
We conduct regular and frequent audits of the data we hold and securely erase any data that we do not need. Personal data are destroyed at the end of the retention period. For digital information we use a secure erasure program. We destroy hardcopy material using a secure shredding system.
We only give access to personal data to third parties where necessary for the delivery of a service to you, where you have agreed that we can do so, or in other very limited circumstances, such as where we are subject to a legal obligation to provide access (such as some types of law enforcement requests) or we need the data for legal proceedings (such as if we were taken to court for some reason).
Should we give access to your data because you have told us that we can do so, we will always inform you beforehand of the identity of the recipient, the nature of the data, and the exact purpose of granting the access.
Your rights under data protection legislation
You have specific rights that you can enforce with respect to how we use your personal data. You can make requests relating to accessing, amending, objecting to, restricting, moving, and erasing your personal data. Should you wish to discuss exercising any of these rights, please inform Tom at email@example.com.
Below we explain in what circumstances the law allows you to make certain rights requests about your data, in the context of how Aspyrian Ltd uses your data:
you can always request access to the information we hold about you;
you can always request that we amend the information we hold about you if that information is incorrect;
you can object to our use of your information where we have justified that use under our own legitimate interests and, specifically, with respect to any direct marketing activities;
you can request that we restrict the way we use your data were the data we hold are inaccurate, you have objected to the processing, the use of your data is unlawful, and where we no longer need the data but you need it for a legal claim;
you can request that we provide you, or someone else, with your personal data if you provided the data to us and it is used on the basis of your consent or the performance of a contract; and
you can request that we erase your information if:
that information is no longer necessary in relation to the purpose for which it was originally collected or used;
we were using the information based on your consent and you withdraw that consent;
when you object to the use of your information and our legitimate interests are not sufficient to justify our continued use of the information;
we have unlawfully used your information; and
we have to erase the information to comply with a legal obligation.
There is no charge for exercising these rights, unless your rights requests are of a plainly vexatious nature, in which case we will charge you a reasonable administration fee.
We have one month to respond to a rights request or two months if the request is very complicated (although we will tell you about this within the first month). Should we fail to respond to a rights request, you can complain to the Information Commissioner's Office.
If you ask us to erase your personal data we will do so as soon as we are able and keep only enough data to prevent you from being contacted again.
We use industry standard internet security measures, including encryption.
All the data held by Aspyrian Ltd - for example on company devices, such as laptops and mobile phones - is kept with strong digital and physical security safeguards, including encryption (depending on the storage method, this will be device encryption, drive encryption, or file encryption) and access control restrictions. Only company employees have access to company data and that access is only ever given where it is absolutely necessary.
Our content management system and website building tool
As we said at the beginning of our privacy statement, this website is powered by Squarespace: our content management system is provided by Squarespace and our website is built using Squarespace tools. As a consequence, Squarespace uses some information from our website (such as data about how the website is used and personal data provided through the contact form).
To understand more about how Squarespace approach the issue of your data (as an 'end user') please see Point 9 of their Privacy Statement.
Squarespace is based in the USA and complies with the relevant EU-USA data protection agreement known as Privacy Shield. The Squarespace statement on their compliance with Privacy Shield can be found at Point 10 of their Privacy Statement. We are satisfied that they comply with the relevant data protection rules.
Links to other websites
Our website may sometimes contain links to third-party websites. We have no control over the content of such websites and cannot vouch for them in any way.
What are cookies?
Cookies are small pieces of information placed by websites on to electronic devices such as computers, smartphones, and tablets. These pieces of information are sent back to that website each time the user visits it. Cookies are very widely used and allow websites to function in a number of different ways, in particular to allow website owners to understand more about how people use their websites, to remember a website user's preferences, to target adverts at users, and to permit logins. Cookies usually improve the browsing experience and make websites more efficient. They do not provide access to your electronic device.
We don't advertise on our website. Any cookies placed on your computer when you access our website will not be used by Aspyrian Ltd to advertise to you.
Web browser cookie settings and privacy controls
User choice and online privacy and security are important. One of the ways you can maximise all of these things is to choose to limit the way cookies interact with your device.
The majority of web browsers allow users to prevent or limit the extent to which cookies are placed on their devices. You can do this by checking your browser privacy or cookie settings and changing them to suit the level of control you want. See the links below for how to do this for each of the most popular web browsers:
You can opt out of being tracked by Google Analytics at http://tools.google.com/dlpage/gaoptout.
There are also a number of privacy-enhancing additions for most web browsers. These are called add-ons or extensions. They can be easy to use, free, and found (for the most popular desktop or laptop web browsers) at:
Intellectual property rights
The intellectual property rights in the material found within this website are owned by Aspyrian Ltd unless otherwise stated. All rights are reserved.
Banner photographs are used under the Creative Commons Zero (CC0) License. CIPP/E certification imagery copyright is owned by the International Association of Privacy Professionals.
You are not permitted to reproduce this website in part or in whole except:
License to copy for personal use: display on the screen of a relevant device, print or download to a local storage medium a reasonable number of unmodified copies for personal use.
License to copy for limited purposes: you may copy the contents to individual third parties for their personal information, only if you properly credit Aspyrian Ltd.