Skip to content

Book a product demo

See Asite in Action
Looking for support?

Your data will be stored securely & processed in accordance with our Privacy Policy.

Book a product demo

See Asite in Action
Looking for support?

Your data will be stored securely & processed in accordance with our Privacy Policy.

 
Version 3.0 - 1st June 2026Go to Previous Policy

 

Asite Solutions Limited Data Privacy Policy

 

  •  1. Introduction

    • 1.1 Asite Solutions Limited and its Subsidiaries and affiliates (collectively referred to as “Asite”, we”, “our”, “us”, “Company”) are fully committed to protecting your privacy and confidentiality of your Personal Data.
    • 1.2 This Data Privacy Policy (“Policy”) sets out how we, and our relevant subsidiaries (including Asite Solutions Limited (UK), Asite Solutions PVT Ltd (India), Asite LLC (USA), Asite Solutions PTY Limited (Australia), Saudi Asite Company for Communications and Information Technology (KSA), Asite Solutions DMCC (UAE), and Asite Solutions (HK) Limited (China) (“Subsidiaries”) handle, collect, share and process Personal Data of our customers, suppliers and other third parties through your use of this website, including any data you may provide when you purchase our product or service.  
    • 1.3 This Policy applies across all our locations. Please be aware that data privacy laws can vary in different jurisdictions where we operate. In the event of any discrepancy, the applicable local laws will prevail where required. 

  • 2. Scope

    • 2.1 This Policy applies to all Personal Data we Process regardless of the media on which that data is stored or whether it relates to past or present customers, clients or suppliers, or any other Data Subjects using our website. 
    • 2.2 The Data Protection Officer (“DPO”) is responsible for overseeing the matters relating to this Policy and any related policies and guidelines. Our DPO can be reached at dataprivacy@asite.com, or, alternatively, at Asite Solutions Limited, 7th Floor, Leconfield House, Curzon Street, London, W1J 5JA.
    • 2.3 The Company and DPO are registered with the UK Information Commissioner's Office (“ICO”) bearing registration number Z8249786.
    • 2.4 This Policy does not apply to the extent where we process Personal Data while acting as a processor or service provider on behalf of our customers; under such circumstances we only process Personal Data on behalf of and in accordance with the instructions from our customers. Please note that the privacy practices of our customers may differ from those explained in this Policy. 

  • 3. Definitions

    • 3.1 Consent:  agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by a statement or by a clear positive action, signifying agreement to the processing of their Personal Data.
    • 3.2 Controller:  person or organisation that determines when, why and how to process Personal Data. It is responsible for establishing practices and policies in line with the UK GDPR and the EU GDPR and further in line with various data privacy laws in the jurisdictions where we operate.
    • 3.3 Co-controller: means our Subsidiaries. 
    • 3.4 Data Subject: a living, identified or identifiable individual about whom the Company holds Personal Data. Data Subjects have legal rights regarding their Personal Data. In this Policy, Data Subjects are referred to as “you”, “yours”.  
    • 3.5 EU: means European Union. 
    • 3.6 ISO 27001:2022: the international standard to manage information security, which was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, with the latest revision in 2022.
    • 3.7 ISO 27701:2025: the former privacy extension to ISO/IEC 27001, a certification on its own since 2025.
    • 3.8 Personal Data: any information identifying you directly or indirectly from that data alone or in combination with other identifiers. Personal Data can be factual (e.g., name, email address, location, date of birth) or an opinion about that person’s actions or behaviour. Personal Data includes sensitive personal data such as revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
    • 3.9 Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including (but not limited to) organising, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
    • 3.10 Processor: a natural or legal person that processes Personal Data on behalf of the Controller. The UK GDPR places specific legal obligations for Controllers such as maintaining records of Personal Data and processing activities.
    • 3.11 EU GDPR: the General Data Protection Regulation (European Union) 2016/679 as defined in the Data Protection Act 2018.
    • 3.12 UK GDPR: the retained European Union law version of the EU GDPR.

  •  4. Controller

    • This Policy is issued on behalf of us and our Subsidiaries. Therefore, when we refer to "Asite", "Asite Group", "we", "us" or "our" in this Policy, we mean the relevant company in the Asite Group responsible for processing your data. We will let you know which entity will be the controller for your Personal Data when you purchase a product or service with us. Asite Solutions Limited is the Controller responsible for Personal Data collected through your use of our website.

  • 5. Personal Data we process

    • 5.1  We may collect, use, store and transfer various kinds of Personal Data about you, which we have collated into the following groups: 

      Categories of Identifiers

      Examples

      Identity Data

      First name

      Last name

      Title

      Date of birth

      Gender

      Unique personal identifier

      Account name

      Other identifiers you may have provided to us

      Contact Data

      Billing address

      Delivery address

      Email address

      Telephone number

      Any other information you have provided to us for the purpose of communicating or meeting

      Financial Data

      Bank account and payment card details

      Usage Data

      Interactions with our websites, applications, systems, and advertisements

      Referring webpage/source through which you accessed our products and services

      Statistics associated with the interactions between device or browser and our products (including first/last visit to the website, number of days active, time spent on the website)

      Marketing and Communications Data

      Marketing preferences

      Communication preferences

      Responses and actions in relation to your use of our services

      Audio/video recordings (e.g., recorded meetings and webinars), CCTV footage, photographs

      Transaction Data

      Details about payments to and from you

      Tax information

      Information about products and services you have purchased from us

      Technical Data

      Internet protocol (IP) address

      Browser type and version

      Time zone and settings

      Location

      Browser plug-in types and versions

      Operating system

      Profile Data

      Your username and password

      Purchases or orders made by you

      Your interests, preferences, feedback and survey responses

    • 5.2 We also collect, use and share aggregated data such as statistical or demographic data which is not Personal Data as it does not directly (or indirectly) reveal your identity.

  • 6. Sources of Personal Data or How is your Personal Data collected?

    • 6.1 We collect information about you and how you interact with us, in several ways, including:
      • 6.1.1 Information you provide to us directly: We collect information you provide to us directly. This includes instances when you register and communicate with us directly through our digital properties, or communicate with us by email, letter, fax, or other means, when you visit any of our offices, when you participate in our events, or when you participate in our marketing and outreach activities (including surveys, contests, promotions, sweepstakes, conferences and webinars).
      • 6.1.2 Information automatically collected or inferred from your interactions with us: We automatically collect technical information about your interactions with our digital properties (such as IP address, browsing preferences, and interaction history).
      • 6.1.3 Information from public sources: We may collect information from government entities from which public records are obtained and information you submit in public forums, including information made publicly available on social media networks.
      • 6.1.4 Information from other third parties: We receive information about you from other third parties, such as third-party service and content providers, entities with whom we partner to sell or promote products and services, telephone and fax companies, authentication service providers, data brokers, etc.
      • 6.1.5 Information about your actual location: We do not automatically collect information about your actual location, other than an approximate location (usually no more precise than city level), which can be determined from your IP address. In certain instances, our customers who are using our service may explicitly ask you to provide location information and this data will be stored in accordance with the way Personal Data is stored on our website. In certain instances, we may use cookies and similar technologies to store and access information we collect through our service.
    • 6.2 To the extent permitted by applicable law, we may combine information that we receive from the various sources described in this Policy, including third-party sources and public sources.

  • 7. Where Personal Data Stored?

    •  Your Personal Data may be transferred to, stored at, and processed on our secure systems.

  • 8. How we use your Personal Data

    • 8.1 The law requires us to have a legal basis for collecting and using your Personal Data. We will normally collect Personal Data from you only where we have your Consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some instances, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
    • 8.2 We have set out below, in a table format, a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. 
    • 8.3 We may process your Personal Data under more than one lawful basis, depending on the specific purpose for which we use it. Please contact us if you require details of the specific legal basis we rely on where more than one is set out in the table below. 

      Purpose/Activity

      Type of data

      Lawful basis for processing

      To register you as a new customer

      1. Identity
      2. Contact

      Performance of a contract with you

      To process and deliver your order including:

      (a) Manage payments, fees and charges;

      (b) Collect and recover money owed to us

      1. Identity
      2. Contact
      3. Financial
      4. Transaction
      5. Marketing and Communications
      1. Performance of a contract with you
      2. Necessary for our legitimate interests (to recover debts due to us)

      To manage our relationship with you which will include:

      (a) Notifying you about changes to our terms of use or privacy policy;

      (b) Asking you to leave a review or take a survey

      1. Identity
      2. Contact
      3. Profile
      4. Usage
      5. Marketing and Communications
      1. Performance of a contract with you
      2. Necessary to comply with a legal obligation
      3. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

      To enable you to partake in a prize draw or competition

      1. Identity
      2. Contact
      3. Profile
      4. Usage
      5. Marketing and Communications
      1. Performance of a contract with you
      2. Necessary for our legitimate interests (to study how customers use our products/services so that we can develop them and grow our business)

      To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

      1. Identity
      2. Contact
      3. Technical

      1. Necessary to comply with a legal obligation
      2. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

      To deliver relevant website content and advertisements to you and measure or understand the effectiveness of such advertising

      1. Identity
      2. Contact
      3. Profile
      4. Usage
      5. Marketing and Communications
      6. Technical

      Necessary for our legitimate interests (to study how customers use our products/services so that we can develop them, grow our business and inform our marketing strategy)

      To use data analytics to improve our website, products/services, marketing, customer relationships and experience

      1. Technical
      2. Usage

      Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

      To make suggestions and recommendations to you about goods or services that may be of interest to you

      1. Identity
      2. Contact
      3. Technical
      4. Usage
      5. Profile
      6. Marketing and Communications

      Necessary for our legitimate interests (to develop our products/services and grow our business)

      To carry out market research through your voluntary participation in surveys

      1. Profile

      Necessary for our legitimate interests (to study how customers use our products/services and to help us improve and develop our products and services)

       


  • 9. Communicating with us

    •  When you contact us by any means, we collect the data you have provided us so that we can respond to your enquiry and improve the efficiency of our business. We keep Personal Data associated with your message, such as your name and contact details, in order to track our communications with you and provide a high-quality service.

  • 10. Direct marketing

    • 10.1 You will receive marketing communications from us if you have requested information from us, purchased goods or services from us or if you use our website and you have not opted out of receiving the marketing.
    • 10.2 We may also analyse your Identity, Contact, Technical, Usage and Profile data to form a view which products, services and offers may be of interest to you so that we can then send you relevant marketing communications.

  • 11. Third-party marketing

    • We will get your express Consent before we share your Personal Data with any third party for their own direct marketing purposes, unless they are co-controllers in joint events where you have registered and/or attended.

  • 12. Opting out of marketing

    • 12.1 You can ask to stop sending you marketing communications at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links within any marketing communication sent to you or by contacting us.
    • 12.2 If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes, for example relating to appointment reminders, updates to our Terms and Conditions, checking that your contact details are correct.

  • 13. Cookies

    • 13.1 These are small files that we send to and store on your computer so that we may recognise it is a unique machine the next time you visit our site.
    • 13.2 We use the following cookies:
      • 13.2.1 Strictly necessary cookies. These are cookies that are required for the operation of our website. These essential cookies are always enabled because our website will not work properly without them. They include, for example, cookies that enable you to log into secure areas of our website.
      • 13.2.2 Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
      • 13.2.3 Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).
      • 13.2.4 Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.
    • 13.3 We use cookies to:
      •  13.3.1 keep a track of your information for your convenience;
      •  13.3.2 help us optimise your online experience by altering our content depending upon your particular needs or browsing patterns;
      •  13.3.3 help us understand the size of our audience and their traffic patterns within our website.
    • 13.4 Cookies do not typically contain any information that personally identifies a user, but any Personal Data that we store about you, may be linked to the information stored in and obtained from such cookies.
    • 13.5 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. For more information about cookies we use, please see our cookies policy at https://www.asite.com.

  • 14. International transfers

    • 14.1 We may share your Personal Data within the Company (i.e. with the Subsidiaries) and with external service providers that carry out certain functions on our behalf (e.g. website hosting). This may involve transferring your Personal Data outside the UK and the EU to countries which have laws that do not provide the same level of data protection as the UK and the EU GDPR
    • 14.2 Whenever we transfer your Personal Data outside the UK and the EU, we ensure that it is afforded a similar degree of protection by putting the following safeguards in place:
      • 14.2.1 We transfer your Personal Data to countries that have been deemed by the UK and the EU to provide an adequate level of protection for Personal Data.
      • 14.2.2 We use approved contractual clauses (such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses).
      • 14.2.3 In case of Personal Data transfer within the Company, we require our Subsidiaries to follow the same data protection standards through Asite Binding Corporate Rules, which are subject to approval by the relevant regulatory authority.
      • 14.2.4 We comply with a code of conduct approved by a supervisory authority in the EU.
      • 14.2.5 We are certified under an approved certification mechanism pursuant to Article 42 of the EU GDPR.
      • 14.2.6 We are certified under the ISO 27001:2022 and are also implementing ISO 27701:2025 standards.
    • 14.3 We use the following sub-processors and co-controllers to store/transfer/process any Personal Data in the following countries/regions:
      • 14.3.1 Co-controllers 

        Countries

        Co-controllers

        India

        Asite Solutions PVT Ltd

        USA

        Asite LLC

        Australia

        Asite Solutions PTY Limited

        KSA

        Saudi Asite Company for Communications and Information Technology

        UAE

        Asite Solutions DMCC

        China

        Asite Solutions (HK) Limited

        UK

        Asite Solutions Limited (UK)


         
      • 14.3.2 Sub-processors within the EU/UK   

        Company name

        Details

        Microsoft Office 365

        eMail, Teams

        Keeper Security

        Secure password sharing, API Key Sharing, Privileged access management

        Microsoft Azure – UK

        Client Data

        DocuSign

        Document and contract e-signature

        Abnormal Security

        eMail security

        Intune

        Device management

        Salesforce

        Sales & marketing, professional services, support, invoicing

        BreathHR

        HR data

        Google GCP

        ML/AI Data Vectorization



      • 14.3.3 Sub-processors outside the EU/UK  

        Company name

        Details

        Namescan

        Sanctions & PEP scans, KYC (Australia)

        Asite Solutions PVT Ltd (India)

        Support (India)

        nCircle (India)

        Migration support (India)

        Microsoft Azure

        For clients with data in UAE, Hong Kong, China, Gov Cloud USA, USA, Canada

        Amazon Web Services (AWS)

        For clients with data in USA

        Adobe

        Document signing (USA)

        HubSpot

        Sales & marketing contacts, website hosting (USA)

        Trinet

        HR, wage, benefits (USA)

        Cognism

        Sales & marketing (USA)

        Gong

        Sales & client success (USA and EU)

        Atlassian JIRA

        Support tickets (USA)

        Atlassian JIRA, Confluence, Bitbucket

        Tickets, documentation, code repository (USA)

        Expensify

        Expenses (USA)

        GitHub

        Code repository (USA)

        Google GCP KSA

        For clients with data in KSA (Saudi Arabia)

  •  15. Data security

    • 15.1 We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. 
    • 15.2 We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  • 16. Complaints

    •  If you are in any way dissatisfied about how we process your Personal Data, please contact our DPO at dataprivacy@asite.com.

  • 17. Your legal rights and requests

    • 17.1 In this section we have summarised the rights you have under data protection laws. We may have not included all the details of such rights in our summary below and invite you to read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
    • 17.2 Subject to any applicable data protection legislation, you have the following rights:
      • 17.2.1 Right to know: You have the right to know and understand what Personal Data we collect and how we process it.
      • 17.2.2 Right to access: You have the right to request access to any Personal Data concerning you, subject to limited exceptions that may be prescribed by applicable law.
      • 17.2.3 Right to correct: We aim to ensure that all of your Personal Data is correct. You are entitled to have any inadequate, incomplete or incorrect Personal Data corrected.
      • 17.2.4 Right to withdraw Consent: In the event your Personal Data is processed on the basis of your Consent, you have the right to withdraw Consent at any time, without affecting the lawfulness of processing based on Consent before its withdrawal.
      • 17.2.5 Right to request the transfer of your Personal Data to you or to a third party: We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided Consent for us to use or where we used the information to perform a contract with you.
      • 17.2.6 Right to erase: You are entitled to have your Personal Data erased under specific circumstances, such as where you have withdrawn your Consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds or where Personal Data is unlawfully processed.
      • 17.2.7 Right to object to processing for direct marketing purposes: You also have the absolute right to object any time to the processing of your Personal Data for direct marketing purposes.
      • 17.2.8 Right to object to processing based on legitimate interests: You have the right to object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object. 
      • 17.2.9 Right to restriction of Processing: You have the right to restrict the Processing of your Personal Data in the following circumstances:  
        • 17.2.9.1 where you contest the accuracy of the Personal Data, until we have taken sufficient steps to correct or verify its accuracy; 
        • 17.2.9.2 where the processing is unlawful, but you do not want us to erase the Personal Data; 
        • 17.2.9.3 where we no longer need your Personal Data for the purposes of the processing, but you require such Personal Data for the establishment, exercise or defence of legal claims; or 
        • 17.2.9.4 where you have objected to processing on legitimate interest grounds, pending verification as to whether we have compelling legitimate grounds to continue processing.
      • 17.2.10 Right to lodge a complaint: You may lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement. The list of the European Data Protection Board which brings together the national supervisory authorities of the countries in European Economic Area can be accessed at the following link: https://edpb.europa.eu/about-edpb/about-edpb/members_en. You also have the right to make a complaint at any time to the UK’s Information Commissioner's Office. The ICO's contact details are available on the ICO's website: https://www.ico.org.uk
    • 17.3 If you wish to exercise any of the above rights, please contact our DPO at dataprivacy@asite.com in writing.
    • 17.4 You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
    • 17.5 We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 
    • 17.6 We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

  • 18. Compliance with the law

    • This Policy has been compiled to comply with the law of every country or jurisdiction in which we conduct our business or aim to conduct our business. If you consider that it does not meet the legal requirements of your jurisdiction, please let us know.

  • 19. Review of this Policy

    • We may change, update or amend this Policy from time to time as necessary. The terms that apply to you are those posted on our website on the day you use our website. We encourage you to read and return to this Policy regularly to make sure you are up to date with the latest version published.

  • 20. Data retention

    • 20.1 We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
    • 20.2 To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
    • 20.3 When we no longer have an ongoing legitimate business need or lawful basis to process your Personal Data, we will either delete or anonymise it, or, if this is not possible (for example, because your Personal Data has been stored in backup archives), we will securely store your Personal Data and isolate it from further processing until deletion is possible. Where we use anonymised information, we will not attempt to re-identify it.
    • 20.4 In some circumstances you can ask us to delete your data: see section 17 above for further information.