Who are we?
To be clear, this Policy applies to the Asto mobile app, Asto website and any other method or device through which you to get our services. For simplicity, we’ll call these the Asto App from now on. Sometimes the Asto App will link to services that have their own privacy practices, so you should check those privacy policies too.
We’ve tried to make this Policy as short and clear as possible – but if there’s anything that’s not clear enough, or you want to know more – please get it touch with us at email@example.com
This Policy will be updated from time to time. If we make changes we think are important, we’ll let you know through the app, the website, by email or SMS.
This Policy was last updated on 19 October 2018
Other people’s personal information
If you give us someone else’s personal information, you must tell them what you’ve shared with us and get them to read this Policy. For example, you might share copies of directors’ passports, so we can complete the background checks we have to do for new customers – such as for compliance and anti-money laundering purposes (AML).
How we use your personal information
The Asto App is only as good as the information that goes into it. To give you our services, we need to collect your personal information, store it, transfer it, and share it with trusted partners.
We only use your information to provide our services to you and comply with our legal or contractual obligations.
We want to be clear about how we use your information, so you can make the choice that’s right for you.
Creating an account and registering on the Asto App
When you create your account, we ask for your first and last name, mobile number and email address. We use these to set up and run your Asto App account, give you technical and customer support and training, verify your identity, and send you important account, subscription and service information.
What personal documents we store and who can see them
One of Asto App’s main features is that it stores your data and documents. Personal information, like receipts, tax forms, payroll, financial data and more.
Only you, and people you allow, can access, control and manage this information. Sometimes, people we authorise may need to access it as well – to give you technical support, for example.
Identity and background checks we might make
As you know, the financial industry is – quite rightly – tightly regulated. Before we can offer you certain financial products or services, we have to run some identity checks:
KYC (know your customer), KYB (know your business) and AML (anti-money laundering) are standard checks to make sure you are who you say you are, and you’re not up to anything illegal.
We may ask for your passport, or other national identification documents, for these checks. You don’t have to give them to us, but if you don’t, we might be unable to give you the services you’ve asked for.
Linked bank accounts
If you choose to link your bank accounts to us, we can see which accounts you hold with other banks and information to do with those accounts – like your transactions. We won’t see this information unless you’ve given us your permission (including any legal permissions etc).
We’ll only use this information to give you the account views or services you’ve asked for.
If you’ve chosen to link a bank account, we may monitor payments being made through the Asto App for suspicious activity – just as your bank monitors your account. This is for security purposes and to prevent fraud.
Keeping you updated
When you sign up to test the app we add you to our email marketing list to make sure you don’t miss out on Asto news, invites to exclusive events and Asto podcasts. You can of course opt-out of receiving these email communications at any time by clicking on the “unsubscribe link” in the relevant email or by emailing us at firstname.lastname@example.org.
In some cases you may specifically request to receive our newsletters and updates. If you have signed up for any newsletters or updates about our products and no longer wish to receive these emails you can let us know at any time, and we will stop sending them to you. You can do this by emailing us at email@example.com or by clicking the “unsubscribe” link at the bottom of an email.
Sometimes we may offer you additional services, which could mean that we need to process your personal information differently. As soon as we offer you these, we’ll let you know how we’ll process your personal information, so you can make informed choices about how it is used. In some cases, if you choose not give us your personal information, we may not be able to provide you with these services.
Contacting us for help, by email or Live Chat
When you get in touch, we may ask you for personal information, like your name, address, or phone numbers. This is to help us answer your questions. Email’s not always secure, so we recommend keeping personal information to a minimum in emails.
You must never transmit your Asto account information by email. We will never ask you to.
Your emails are stored securely, on our standard internal contact systems, and can only be accessed by us.
What we have to do – by law
We may have to use and keep personal information for legal and compliance reasons, such as the prevention, detection or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, for information security purposes and as we believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (c) to enforce our terms and conditions; or (d) to protect our rights, privacy, safety, property, or those of other people.
When we share personal information
The list below shows who we share your information with and why. We only share your information when it helps us give you the services you’ve asked for.
Occasionally, we might also share non-personal, anonymous, statistical data with third parties.
- The Santander group: Santander’s businesses are supported by a variety of Santander teams and functions. Since we’re backed by Santander, we may share your information with Santander group companies to help them administer your account, give you services, for sales and marketing, for the prevention of fraud and financial crime and customer and technical support. Everyone we share this information with follows the same strict data privacy and security policies.
- Third-party service providers: Some of the partners and service providers we work with are located outside of the European Economic Area (EEA). We’ll only share information with them when they need it for the services they give us, such as software, system and platform support; cloud hosting services; advertising; data analytics; and order fulfilment and delivery. Our third-party service providers are not allowed to share or use this personal information unless it’s to provide these services for us. If you would like to receive a list of these third-party services providers please email us at firstname.lastname@example.org.
- Third parties for legal reasons: We share personal information when we believe it is required, such as:
- To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities. Both in, and outside, your country of residence.
- In the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- To protect our rights, users, systems and services.
Social Media and analytics
To help us assess how the Asto App, Asto Website and certain promotional campaigns perform we use a few third-party tools, such as Facebook pixels and Google analytics. The information from these third-party tools is anonymised and is only used to help us internally, to assess the effectiveness of our promotional campaigns and the performance of the Asto App and website. We may also use these tools (or similar) in our marketing email messages or newsletters to determine whether the email is opened or if links are clicked. We cannot identify you from the information collected.
We also carry out our own internal analytics to see how we can improve the service and determine what new functions or features will benefit you the most. In order to do this, we look at information such as the types of receipts uploaded, the average value of receipts and the most popular log in time.
Within the Asto App, or the Asto website, there may be links to third-party websites or applications. You should check those websites or applications for their privacy notices and the terms that apply to the use of the relevant third-party website or application. Asto is not responsible for the content or privacy compliance of third party websites or applications.
How to see your information and correct mistakes
Your personal information belongs to you. If you want a copy of it, or to make suitable changes, we’ll do our best to help.
- See your information: We’ll help you see your personal information, get a copy, or send it to another provider – unless legal requirements or other exemptions mean that we can’t. You’ll just need to show us proof of your identity and give us enough information about how you use our services, so that we can find your information.
- Make corrections: You have the right to correct or amend your personal information if it’s incorrect or out of date.
- Deleting: You may also have the right to ask us to delete your personal information. We’ll try to help, but sometimes this isn’t possible because of legal and regulatory requirements, and other obligations about keeping records.
To find out more about your information rights, visit the Information Commissioner’s website at: www.ico.org.uk
Where we store and process your data
We transfer personal information from the European Economic Area to other countries where their laws do not offer the same level of data privacy protection as the EEA. So we take other legal measures to protect the privacy of your personal information – such as approved standard contractual clauses and intragroup agreements.
How we keep your data secure
Keeping your data safe and secure is essential. Data security is built into the way we work – not an afterthought. We protect your personal information with both technology and security policies and procedures that follow the widely-accepted international standards. We review and update them regularly, as necessary, to meet our business needs, changes in technology and regulatory requirements.
How long we keep your information
We keep your personal information for only as long as we need to for legal and business purposes – taking into account local laws, contractual obligations, and the needs of our customers. When we no longer need personal information, we securely delete or destroy it.
How to contact us about this Policy or make a complaint
If you’d like to make a complaint about how we’ve handled your personal information, please contact us at: email@example.com
If you’re not satisfied with our response, or think we’re not processing your personal information in accordance with the law, you can escalate your complaint to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Or visit their website https://ico.org.uk