ASTA Privacy Policy

ASTA (CTR Secure Services Ltd) needs to obtain and process some personal data when entering in to a contract for services with an individual or company.

ASTA (CTR Secure Services Ltd) takes your data privacy very seriously and will only use your Personally Identifiable Information (PII) or Sensitive Personal Identifiable Information (SPII) for the purpose that it was given to us and to be able to communicate with you.

Why we collect and need your personal data?

When you supply your personal details to ASTA (CTR Secure Services Ltd) they are stored and processed for 5 reasons (words in bold are the relevant terms used in the Data protection Act 2018, which includes the General Data Protection Regulation – i.e. the law):

  1. ASTA (CTR Secure Services Ltd) needs to obtain and process some personally identifiable information (PII) when entering in to a business relationship with any individual. This is to ensure that every individual will be:
    a. Identified correctly
    b. Addressed correctly
    c. Have their requests or concerns met
    d. Able to communicate appropriately by post, phone or email.
  2. We have a “Legitimate Interest” in collecting that information, because without it we couldn’t do our job effectively.
  3. We also think that it is important that we can contact you to confirm your agreements with us or to update you on matters related to our business/contract. This again constitutes “Legitimate Interest”, but this time it is your legitimate interest.
  4. In the course of a contractual agreement for service, we may be requiring to pass a responsible amount of your PII to clients, customers or contractors for the purpose of communication between you and the third-party.
  5. Provided we have your “consent”, we may occasionally send you general information in the form of articles, advice or newsletters. You may withdraw this consent at any time – just let us know by any convenient method.

What we do with it?

ASTA (CTR Secure Services Ltd) takes data privacy very seriously and will only use PII or SPII for the purpose that it was given to us and to be able to communicate effectively. We only ever use your personal data with your consent, or where is necessary:

ASTA (CTR Secure Services Ltd) will:

ASTA (CTR Secure Services Ltd) will not:

Where we keep it?

We are based in the UK and we store our data within the UK. Some organisations which provide services to us may transfer or process personal data outside of the EU, but we will only allow them to do if your data is adequately protected (through our strict diligence process).

Some of our systems such as Microsoft 365 and Dropbox products are US Company’s and as such are compliant to the strict USA’s Privacy Shield Scheme.

How long we keep it?

We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored depends on the information in question and what it is being used for.

We continually review what information we hold and delete what is no longer required. We never store payment card information. We will not retain your data for any longer than necessary and the longest time that we will hold your data will be six years or eight years if medical information is collected.

What are your rights?

We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:

Understanding and contact?

Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

If you wish to raise a complaint on how we have handled your personal data, you can contact ASTA (CTR Secure Services Ltd) below who will investigate the matter.

By Mail or telephone: ASTA (CTR Secure Services Ltd), Beacon Innovation Centre, Gorleston, Norfolk, NR31 7RA Tel: 0333 370 4999

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.