Astreya Privacy Policy

This Privacy Notice explains the policy regarding the collection, use, disclosure, and transfer of your information by Astreya Partners, LLC and its subsidiaries and affiliates (“Astreya Group”) (collectively “we/us/ our/Astreya”) through https://astreya.com/ (“Site”) for all the services provided by us (“Services”). If you are located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“U.K.”), please refer to this Notice for more information about which specific entity or entities act as a controller of your personal data. This Notice may change as we update, improve, and expand the Services, so please check it periodically. By accessing the Site or otherwise using the Services, you consent to collection, storage, and use of the personal information you provide (including any changes thereto as provided by you) for any of the Services offered by us.

This electronic record is generated by a computer system and does not require any physical or digital signatures.

This Privacy Notice is a legally binding document between the User (“you,” “your,” “yourself”) of the Site and us. Please read the terms of this privacy notice very carefully and should you disagree with the terms of this notice, please do not use the website.

Astreya is a Processor, not a Controller, of personal data that we process on behalf of our Subscribers when they use Astreya products and Services. For clarity, this means that this Notice does not apply to where Astreya processes personal data as a processor in its products and Services. If you have questions related to how an Astreya Subscriber utilizes your personal data, please contact them directly. We are not responsible for the privacy or data security practices of our Subscribers. This Notice also does not apply to personal data about current and former Astreya employees, job candidates, or contractors and agents acting in similar roles.

1.Introduction


When Does This Notice Apply?

This Notice applies only to personal data that Astreya handles as a Controller (meaning we determine how and why your personal data is processed). This includes situations where you:

• Visit or interact with the Site, Astreya mobile applications, our branded social media pages, or other websites we operate (collectively, our “Digital Properties”);
• Register for or participate in our webinars, events, programs, marketing campaigns, or promotional activities;
• Interact with us in person, such as by visiting our offices; or
• Inquire about or engage in commercial transactions with us.     

2. Personal Data We Collect and Disclose

The below table describes what personal data we collect about you and to whom we disclose personal data. California individuals: This table includes the parties we disclose personal data to for a business or commercial purpose, as defined by California law.    

In addition to the disclosures described above, we may share your personal data in order to respond to lawful requests from law enforcement or other governmental authorities, including to meet national security or law enforcement requirements. We may also de-identify, anonymize, or aggregate personal data and use or share such information with third parties for any purpose, where permitted by applicable law.

3. How We Process Personal Data

We may process your personal data for the following purposes:

Astreya will honor data subject rights to the extent required by applicable law. You may have the right to access, correct, update, or, in certain cases, request the deletion of your personal data (subject to legal exceptions). To exercise these rights, you may submit a request by contacting us at privacy@astreya.com.

Astreya engages a limited number of third-party service providers to support specific data processing activities. These providers assist with site functionality, database monitoring, technical operations, data transmission, and data storage. In the course of providing these services, third parties may process or store personal data.

Astreya maintains contracts with these providers that restrict their access, use, and disclosure of personal data in accordance with our obligations under the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, including the onward transfer provisions. Astreya remains liable for any failure by these third parties to meet those obligations, where we are responsible for the event giving rise to the damage.

4. Sources of Personal Data

• Information you provide to us directly, such as when you register or communicate with us through our Digital Properties, visit our offices, or participate in our events, marketing initiatives, or outreach activities.
• Information collected from your employer, coworkers, or friends, including details about representatives or other employees of our current, former, or prospective customers, suppliers, investors, and business partners. We may also receive your information via a referral from a friend in connection with our Services.
• Information automatically collected, such as technical data related to your interactions with our Digital Properties (e.g., IP address, browsing behavior, and purchase history). More details are available in the section below and in our [Cookies Notice].
• Information from public sources, including public records and content you share in publicly accessible forums, such as social media platforms.
• Information from other third parties, such as third-party service and content providers, entities with whom we partner to market or sell products and services, and social media networks (including embedded features like the “Facebook Like” button).

We may combine information collected from the various sources described in this Notice, including public and third-party sources, and use or disclose it for the purposes outlined in this Notice.

5. Cookies and Tracking Technologies

We use cookies and other tracking technologies, and we offer you the ability to manage your preferences as outlined in our [Cookies Notice][e][f]. Some of these technologies allow us to track activity on your device over time and across different websites and devices. While certain web browsers offer “Do Not Track” (DNT) settings, we do not currently respond to DNT signals.

6. Security and Retention

We maintain appropriate security procedures, as well as technical and organizational measures, to protect your personal data against accidental or unlawful destruction, loss, disclosure, alteration, or misuse.

Your personal data will generally be retained for as long as necessary to fulfill the purposes for which it was collected. Once you and/or your company terminate your contractual relationship with us—or otherwise end your relationship with us. We may retain your personal data in our systems and records to ensure the proper fulfillment of any surviving contractual provisions or for other legitimate business purposes. These may include maintaining evidence of our business practices and contractual obligations, informing you about our products and services, or complying with applicable legal, tax, or accounting requirements.

When we no longer have a legitimate business need or lawful legal basis to process your personal data, we will delete, anonymize, or aggregate it. If deletion is not immediately possible (for example, if your personal data is stored in backup archives), we will securely store and isolate it from further processing until deletion becomes feasible.

If you would like more information about the specific retention periods that may apply to your circumstances, please contact us at privacy@astreya.com.

7. Children’s Privacy

Our Sites and Services are not directed to children under the age of 16, and we do not knowingly collect personal data online directly from children. If you are a parent or legal guardian and believe that your child has provided us with personal data, please contact us at privacy@astreya.com, and we will take appropriate steps to investigate and address the issue.

8. External Links

When interacting with us, you may encounter links to external websites or online services, including those embedded in third-party advertisements. We do not control and are not responsible for the privacy practices or data collection policies of such third-party sites or services. We encourage you to review the privacy notices of those third parties directly if you have any questions or concerns about their practices.

9. Contact Information

If you have any questions or complaints regarding this Notice or the Astreya Group’s privacy practices, please contact us at privacy@astreya.com.

In compliance with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we commit to refer unresolved complaints concerning our handling of personal data received under these frameworks to TRUSTe, a U.S.-based alternative dispute resolution provider.

10. Supplemental Terms for California Residents


‍
Pursuant to the California Consumer Privacy Act (“CCPA”), this Section 10 applies to certain personal data collected about California residents where Astreya determines the purposes and means of processing such data (referred to as a “business” under the CCPA). This section supplements the rest of our Notice.

Please note that this Section does not apply to current or former employees, job applicants, contractors, or agents of Astreya.

Additional Data Processing Disclosures 

The below table provides the categories of personal data we have sold, shared, or disclosed to third parties, as defined by the California Privacy Rights Act. For reference, the table in Section 2 provides the categories of personal data collected and our disclosures of personal data.

‍

Although we have not “sold” or “shared” personal data for monetary consideration in the past 12 months, we engage in standard practices with our Digital Properties that may be considered a “sale” or “sharing” under California law.

We do not knowingly sell or share the personal data of individuals under the age of 16.

Additionally, we do not collect or process sensitive personal information, as defined by California law—for the purpose of inferring characteristics about you. Astreya only uses sensitive personal information in ways that fall within the exceptions to the right to limit such use, as permitted by law.

Financial Incentives: We may offer certain benefits or incentives in exchange for your personal data, for example, providing a discount or coupon to individuals who complete a survey. In connection with such surveys, we may collect personal data including your name, contact information, preferences, experiences, beliefs, opinions, and other responses to survey questions.

Participation in surveys is voluntary and subject to the specific terms and conditions provided for each survey. These terms will include details about any associated financial incentives and instructions on how to participate. The value of your personal data is reasonably related to the value of the offer, which we calculate based on the cost of providing the benefit.

You may withdraw from any financial incentive at any time by contacting us at privacy@astreya.com. If we offer other types of financial incentives in the future, we will provide you with the material terms at the time of the offer.

Your Data Protection Rights

Subject to legal limitations, certain California residents may have the below rights.

• Right to Know. You have the right to request the following information:
• The categories of personal data we have collected about you
• The categories of sources from which the personal data was collected
• The purposes for collecting the personal data
• The categories of third parties to whom we disclosed your personal data
• The purposes for which we disclosed your personal data (the “Categories Report”)
  

You also have the right to request information about the specific pieces of personal data we have collected about you (the “Specific Pieces Report”).

• Right to Delete. You have the right to request that we delete the personal data we have collected from you, subject to certain exceptions as permitted by law.
  
• Right to Correct. You have the right to request that we correct any inaccurate personal data we maintain about you.
• Right to Opt Out of Sale or Sharing. We do not sell personal data to third parties in exchange for money. However, as we explain above, we share information with advertising partners and allow advertising partners to collect information from our Digital Properties. This exchange may be considered a “sale” or “sharing” under California law, and you have the right to opt out of this “sale” or “sharing” of personal data. 
  

California residents may exercise their Right to Know, Right to Delete, and Right to Correct by contacting us at privacy@astreya.com. We will not discriminate against you in any way that is prohibited by applicable law for exercising your privacy rights.

How to Fully Exercise the Right to Opt Out of Sale or Sharing: To fully exercise your Right to Opt Out of Sale or Sharing with respect to any “sale” or “sharing” of your personal information, you must complete both of the following steps:

1. Submit a Right to Opt Out of Sale or Sharing request by contacting us at privacy@astreya.com; and
2. Disable advertising cookies and other tracking technologies by clicking the “Do Not Sell or Share My Personal Information” link in the footer of our website. You must complete this step on each of our Sites, from each browser, and on each device you use. This is necessary so we can place a first-party cookie that signals your opt-out preference for that specific browser and device.
   

If you block cookies, we may be unable to honor your Right to Opt Out of Sale or Sharing request for device data that is automatically collected and disclosed to third parties through cookies, pixels, and other tracking technologies. Additionally, if you clear cookies from your browser, you will need to repeat Step 2 outlined above to re-establish your opt-out preference.

To the extent required by California law, we will honor “Do Not Sell or Share” opt-out preference signals sent in a commonly used and recognized format at the browser level—such as through an HTTP header field or a JavaScript object.

Verification: To process California data protection requests, we may need to collect certain information to locate you in our records or verify your identity, depending on the nature of your request. In most cases, we will ask for details such as your name, email address, or other relevant information.

If you submit a Right to Know – Specific Pieces Report, we may also require you to provide a signed declaration under penalty of perjury confirming your identity. In some cases, we may request alternative forms of verification and/or engage third-party services to assist in the identity verification process.

Authorized Agents: Authorized agents may exercise California data protection rights on behalf of California individuals, but we reserve the right to verify the individual’s identity directly as described above. Authorized agents must contact us by submitting a request by writing to us at privacy@astreya.com and indicate that they are submitting the request as an agent. We may require the agent to demonstrate authority to act on your behalf by providing signed permission from you. We may also require you to verify your own identity directly with us or to directly confirm with us that you provided the authorized agent permission to submit the request.

Timing: We will process Right to Opt Out of Sale or Sharing requests within fifteen (15) business days from the date we receive the request. We will respond to Requests to Delete and Requests to Know within forty-five (45) days, unless additional time is needed. If more time is required, we will notify you, and the total response time may take up to ninety (90) days.

11. Supplemental Information for the EEA, Switzerland, and the U.K.

The following terms supplement the Notice with respect to our processing of EEA (i.e., European Union Member States, Iceland, Liechtenstein, and Norway), Swiss, and U.K. personal data. In the event of any conflict or inconsistency between the other parts of the Notice and the terms of this Section 11, Section 11 shall govern and prevail with regard to the processing of EEA, Swiss, and U.K. Personal Data, to the extent applicable.

Data Controller: The Astreya entity with which you have a primary relationship, such as the entity that entered into a Services contract with you, provided you with marketing or promotional communications, or is the primary entity in the region where you access our Site, will act as the data controller for purposes of this Notice. In most cases, this will be Astreya Partners, LLC, unless we inform you otherwise.

1. Legal Basis for Processing:
   Please see above for the legal basis on which we rely for the collection, processing, and use of personal data.
2. Your Data Protection Rights
   Under applicable data protection laws, you may exercise certain rights regarding your personal data:
   
   • Right to Access. You have the right to obtain confirmation from us whether we are processing your personal data and related information, as well as the right to obtain a copy of your personal data undergoing processing.
   • Right to Data Portability. You may receive your personal data, that you have provided to us, in a structured, commonly-used, and machine-readable format, and you may have the right to transmit it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract, and the processing is carried out by automated means.
   • Right to Rectification. You have the right to request the rectification of inaccurate personal data and to have incomplete data completed.
   • Right to Objection. You have the right to object to the processing of your personal data in certain cases.
   • Right to Restrict Processing. You may request that we restrict the processing of your personal data in certain cases.
   • Right to Erasure. You may request that we erase your personal data in certain cases.
   • Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we commit to cooperate and comply, respectively, with the advice of the panel established by the EU Data Protection Authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC), with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. 
   • Right to Refuse or Withdraw Consent. If we ask for your consent to process your personal data, you are free to refuse. If you have provided consent, you may withdraw it at any time without adverse consequences. The lawfulness of any processing carried out before the withdrawal of your consent will not be affected. 
   • Right to Not Be Subject to Automated Decision-making. The types of automated decision-making referred to in Article 22(1) and (4) of the EU/UK General Data Protection Regulation (“GDPR”) do not take place in connection with your personal data. Should this change, we will inform you of the reasons for and logic behind any such decision, its significance, and its potential consequences. You will also have the right to request human intervention, express your point of view, and contest the decision. 

You may exercise these rights by contacting us using the details provided above. Please note that we may decline to act on certain requests where permitted by law, for example, if fulfilling the request would infringe upon the rights or freedoms of others or conflict with our legal obligations.

C. International Transfers of Personal Data

Due to the global nature of our operations, some of the recipients described in this Notice may be located in countries outside the European Economic Area (EEA), Switzerland, or the United Kingdom that do not offer an adequate level of data protection as defined by applicable data protection laws in those regions.

Transfers of personal data within the Astreya Group or to third parties in such countries are conducted using valid data transfer mechanisms, which may include the EU Standard Contractual Clauses (SCCs) and/or the UK Addendum, Binding Corporate Rules (BCRs), approved codes of conduct or certification mechanisms, statutory derogations, or other lawful transfer mechanisms recognized by the EEA, Swiss, or UK authorities.

Certain third countries have been officially recognized by the EEA, Swiss, and UK authorities as providing an adequate level of protection, and in such cases, no additional safeguards are required.

For more information on how we transfer personal data, or to request a copy of the applicable data transfer mechanism, please contact us using the contact information provided above.

Astreya Group complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as set forth by the U.S. Department of Commerce.

Data Protection Officer: The contact details for our data protection officer are as follows:

Attention:
The Data Protection Officer, Astreya Partners, LLC.
2033 Gateway PL, Ste 500, San Jose CA 95110
Email ID: privacy@astreya.com

12. Supplemental Information for Other Regions

• Canada: Personal data, as defined in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) will be collected, stored, used, and/or processed by the Astreya Group in accordance with the Astreya Group’s obligations under PIPEDA.
• Japan: Personal data collected, stored, used, and/or processed by the Astreya Group, as described in this Notice, is collected, stored, used, and/or processed in accordance with Japan’s Act on the Protection of Personal Information (“APPI”).
• Singapore: Personal data collected, stored, used and/or processed by the Astreya Group, as described in this Notice, is collected, stored, used, and/or processed in accordance with the Astreya Group’s obligations under the Personal Data Protection Act 2012 (“PDPA”).
• United Kingdom: Personal data collected, stored, used, and/or processed by the Astreya Group, as described in this Privacy Notice, is collected, stored, used, and/or processed in accordance with the Astreya Group’s obligations under the UK Data Protection Act 2018, as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, as amended, superseded or replaced (“U.K. GDPR”).
• India: Personal data collected, stored, used and/or processed by the Astreya Group, as described in this Notice, is collected, stored, used, and/or processed in accordance with the Astreya Group’s obligations under the Personal Data Protection Act (“DPA”).

13. English Version Controls

Non-English translations of this Notice are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version shall be authoritative and shall control. 

14. Astreya Partners, LLC Group

This Privacy Notice applies to the following affiliated entities within the Astreya Group:

• Astreya Partners, LLC
• Astreya Partners, Inc.
• Astreya Partners Canada Inc.
• Astreya Partners Mexico, S. de R.L. de C.V.
• Astreya Limited (United Kingdom)
• Astreya Consultancy Ireland Ltd
• Astreya Consultancy Ireland Limited, Spółka z o.o. (Poland Branch)
• Astreya GmbH (Switzerland)
• Astreya Consultancy India Private Ltd
• Astreya Partners, LLC operating as Astreya PHP (Philippine Branch)
• Astreya Japan Godo Kaisha (Japan)
• Astreya Asia Pacific Pte Ltd (Singapore)
• Astreya Pty Limited (Australia)
• Astreya Partners Taiwan LLC
• Astreya Partners Malaysia Sdn. Bhd.
• Astreya Consultancy South Africa (Pty) Ltd
  

Links to Other Sites

This Site may contain links to third-party websites. While we strive to link only to sites that uphold high standards and respect for privacy, we are not responsible for the content or privacy practices of such sites. Users who choose to access other websites through links on this Site should review the privacy policies and terms of use of those websites before using their services.

Privacy Notice Updates

From time to time, we may revise this Privacy Notice to reflect changes in our practices, legal requirements, technological advancements, or business initiatives. Please review this page periodically to stay informed about how we protect your personal information.
We are committed to continuously improving our Services, which are dynamic and may evolve over time. As new features are introduced, some may involve the collection of additional personal data. If we begin collecting substantially different types of personal information or materially change how we handle your data, we will update this Privacy Notice accordingly.

Terms of Use and Acceptance

Access to and use of this Site is conditioned upon your acceptance of all the terms and conditions set forth in this Notice, without modification or reservation of any kind.

IMPORTANT: If you do not agree to any of the foregoing terms and conditions, or if you are not authorized to accept them, please do not use or access this Site.