PRIVACY POLICY

Approved: ASTONS MANAGEMENT CONSULTANCIES EST

Business Address: Sheikh Zayed Road, World Trade Center-1, Park
Place Tower, Office A-01, Dubai, UAE
Director: Sarmad Ahmad Khan
“February 16, 2024

1. General Provisions

1.1    This Personal Data Processing Policy (hereinafter “Policy”) is issued and applied by ASTONS MANAGEMENT CONSULTANCIES EST (hereinafter “Operator”) in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) of April 27, 2016 (hereinafter “GDPR”).

 

1.2    Concepts related to the processing of personal data used in the text of the Policy shall be interpreted in the sense in which they are given in Article 3 of the Law and GDPR provisions, unless otherwise directly derived from the text of the Policy.

 

1.3    All issues related to the processing of personal data not regulated by this Policy shall be resolved in accordance with the applicable UAE legislation in the field of personal data.

 

1.4    This Policy:

   1.4.1    establishes the rules for the Operator’s processing of personal data provided by customers who use the websites:

   https://www.astons.com

   https://astonscyprus.com/

   https://astonsturkey.com/ and its separate subdomains to receive services (hereinafter – Users and the Site respectively);

   1.4.2    determines the purposes, legal basis, procedure and scope of the processed personal data;

   1.4.3    contains information about the implemented requirements for the protection of processed personal data;

   1.4.4    determines the procedure of interaction with the subjects of personal data in case of their requests.

 

1.5    The text of the Policy is available to Users on the Internet at the following addresses:

   https://www.astons.com/policy

   https://astonscyprus.com/policy

   https://astonsturkey.com/policy

 

1.6    Ignorance of the conditions set forth in this Policy is not a basis for the User to make any claims against the Operator. 

 

1.7    In case of disagreement with the terms of the Policy, the User shall immediately cease any use of the Website.

2. User's consent to the processing of personal data

2.1    The User accepts the terms of the Policy and gives the Operator informed and informed consent to the processing of his/her personal data under the conditions stipulated by the Policy and the Law:

   2.1.1    When filling in the form on the Website – for personal data that the User provides to the Operator by filling in the form located on the Website. The User shall be deemed to have provided consent to the processing of his/her personal data at the moment of clicking the “Submit” button (or a button with a similar name);

   2.1.2    When using the Site in any way – for personal data that are automatically transferred to the Operator in the process of using the Site using the software installed on the User’s device. The User shall be deemed to have provided consent to the processing of his/her personal data at the moment he/she starts using the Site.

 

2.2    The User’s consent to the processing of personal data by the Operator shall be valid from the date of granting consent to the processing of personal data (clause 3.1 of the Policy) and for the period necessary to achieve the purposes of personal data processing.

 

2.3    The User has the right to withdraw consent to the processing of personal data in the form and manner provided for in Section 12 of the Policy.

3. Conditions for the provision of personal data by the User

3.1 The Operator generally does not verify the accuracy of personal data provided by users and does not exercise control. The risk of providing unreliable personal data, including the provision of third party data as one’s own, is borne by the subject of personal data.

 

3.2 The Operator assumes that the User provides reliable and sufficient personal information on the issues offered in the forms of the Website, and keeps this information up to date.

 

3.3 The User is familiarized with this Policy, expresses his informed and informed consent to it.

4. Personal Data. The Operator processes the following personal data:

4.1    Surname, first name;

 

4.2    Mobile phone number;

 

4.3    E-mail address;

 

4.4    Data of accounts in social networks and electronic services (links to User’s profiles in VKontakte, Facebook, Linkedin, Skype, Google, Twitter, etc.); 

 

4.5    The Operator may access, collect and use technical and other information related to Users for the purposes defined in the Policy. Technical information is not personal data, however, the Operator uses cookies that allow to identify Users. Technical information is also understood as information that is automatically transmitted to the Operator in the process of the User’s use of the Website using the software installed on the User’s device, namely:

   4.5.1    Data on the User’s activity on the Internet, in particular, the pages visited, the date and time of URL-transitions, etc.;

   4.5.2    Information about the device and browser with which the User accessed the Internet: IP-address and (if the User accesses the Site from a mobile device) the type of device and its unique identifier;

   4.5.3    data on interaction with the Operator’s advertisements displayed outside the resource, their number, frequency and depth of viewing. 

 

4.6 The Operator does not process:

   4.6.1    biometric personal data (information that characterizes physiological and biological features of a person, on the basis of which his/her identity can be established),

   4.6.2    special categories of personal data (relating to race, nationality, political views, religious or philosophical beliefs, state of health, intimate life).

5. Legal bases of personal data processing

Processing of Users’ personal data is carried out on the following legal grounds: in respect of personal data of European Union (EU) citizens using the Operator’s services, as well as in respect of personal data of citizens of other states temporarily or permanently residing in the territory of the EU countries using the Operator’s services in the EU, is determined in accordance with GDPR. In terms of GDPR, the Operator acts as a Data Controller.

6. Purposes of personal data processing

The Operator processes personal data of Users exclusively for the following purposes:

 

6.1    Establishment and maintenance of communication between the User and the Operator, consulting on the provision of services.

 

6.2    Fulfillment of the Operator’s obligations to the User, with whom a service contract has been concluded by accepting the Public offer to conclude a service contract.

 

6.3    The Operator shall send advertising messages to the User’s e-mail address; targeting of advertising materials, if the User has consented to such mailing.

 

6.4    The User has the right to object to data processing for direct marketing purposes, including profiling, insofar as it is related to direct marketing. The objection shall be sent to the Operator by the User in accordance with Section 12 of this Policy.

 

6.5    Improvement of the quality of User service and modernization of the Operator’s Website by processing inquiries and requests from the User.

 

6.6    Statistical and other research based on anonymized information provided by the User.

7. Processing of personal data

7.1    Personal data shall be processed using automated systems.

 

7.2    The processing of the User’s personal data includes the following actions by the Operator: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.

 

7.3    Collection of the User’s personal data is carried out in the cases specified in clause 3.1 of the Policy.

 

7.4    Storage of personal data is carried out (depending on which event occurs first):

   7.4.1    until they are deleted by the User;

   7.4.2    until the moment of their destruction by the Operator – in case the User withdraws consent to the processing of personal data or requests the destruction of personal data;

   7.4.3    until the consent expires or the purposes of personal data processing are achieved.

 

7.5    Dissemination of personal data may be carried out by the Operator only in the following cases:

   7.5.1    In order to place the feedback about the services provided by the Operator, left by the Users, in various sources of information.

   7.5.2    The Operator has the right to transfer personal data to third parties. 

 

7.6    Purposes of personal data transfer:

   7.6.1    Optimization by the Operator of the mailing of messages of informational and advertising nature. In this case, the following personal data of Users are transferred to the third party: name, telephone number; e-mail address. 

   7.6.2    Sending informational mailings to Users. In this case, the following personal data of Users are transferred to a third party: name; e-mail address. Each newsletter gives the User the opportunity to opt out of receiving such newsletters.

   7.6.3    Fulfillment of the terms and conditions of the agreement to the Users of the Website with the involvement of third parties.

 

7.7    List of permitted methods of personal data processing: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction. A third party is prohibited to transfer and disseminate personal data.

 

7.8    Destruction of personal data shall be carried out by the Operator in the following cases:

   7.8.1    receipt of the User’s withdrawal of consent to the processing of personal data; 

   7.8.2    receipt of a request from the User to destroy personal data; 

   7.8.3    expiration of the consent;

   7.8.4    expiration of the period of storage of personal data in accordance with the agreements between the Operator and the User.

8. Measures applied by the Operator to protect personal data

The Operator takes necessary and sufficient legal, organizational and technical measures to protect information provided by Users from illegal or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties. Such actions include, in particular:

 

8.1    Appointing a person responsible for the processing of personal data; 

 

8.2    Applying organizational and technical measures to ensure the security of personal data during their processing in information systems;

 

8.3    Control over the facts of unauthorized access to personal data and taking measures to prevent such incidents in the future;

 

8.4    Control over the measures taken to ensure personal data security and the level of protection of personal data information systems.

9. Limitation of liability

9.1    The Operator is not responsible for possible misuse of personal data and causing any damage to the User, which occurred due to:

   9.1.1    technical failures in the software and in technical means and networks beyond the Operator’s control;

   9.1.2    due to intentional or not intentional use of the Website not for their direct purpose by third parties;

   9.1.3    illegal actions of third parties to access the Website data, including personal data.

 

9.2    The Operator is not responsible for the procedure of use of the User’s Personal Data by third parties with whom the User interacts within the framework of using the Website.

 

9.3    The Operator does not check whether there is a special regime for processing of the User’s Personal Data. If the User is a citizen of the European Union countries or a citizen of other states, temporarily or permanently residing in the territory of the EU countries and accesses the Site from the European countries, the Operator shall take all reasonable measures to ensure compliance with such requirements of the legislation on personal data protection. For this purpose, the User shall notify the Operator of the existence of a special regime of protection of his/her personal data by contacting the Operator’s e-mail address [email protected].

10. Rights of Users

The User has the right:

 

10.1    At its own discretion, provide personal data to the Operator for their processing on the terms and conditions specified in the Policy;

 

10.2    Address to the Operator with demands, including on clarification of personal data; on blocking or destruction of personal data, if such data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing. The request shall be made in accordance with the procedure provided for in Section 11 of the Policy;

 

10.3    On the basis of a request, receive information from the Operator regarding the processing of his/her personal data.

 

10.4    As part of the personal data processing processes subject to GDPR, the User has the right to request the Operator to unload his/her personal data in order to transfer them to the information systems of other data controllers (in terms of Article 4.7 of GDPR).

11. Addresses of Users

11.1    Users have the right to send to the Operator their requests and demands (hereinafter – Appeals), including those regarding the use of their personal data, as well as withdrawal of consent to the processing of personal data. The Appeal may be sent in the following ways:

   11.1.1    In writing to the Operator’s address (Section 14 of the Policy);

   11.1.2    In the form of an electronic document (scan, photocopy of the document). The document must be sent from the User’s e-mail address specified by the User during registration on the Website or in the agreement as an authorized e-mail address, to the Operator’s e-mail address: [email protected].

 

11.2 The Address sent by the User shall contain the following information:

   11.2.1    User’s surname and first name;

   11.2.2    Information confirming the User’s participation in the relationship with the Operator (in particular, the User’s login and password on the Website);

   11.2.3    The essence of the Application;

   11.2.4    Signature of the User or his/her legal representative.

 

11.3    The Operator considers the User’s Appeal in the following order: 

   11.3.1    The Address is registered in the User’s Addresses Register; 

   11.3.2    The presence of all mandatory details of the Application is checked; 

   11.3.3    The validity of the Application is checked;

   11.3.4    A response to the Appeal is provided. Depending on the essence of the Appeal, the answer to it should contain:

   11.3.5    the information requested by the User about the processed personal data;

   11.3.6    a reasoned refusal to provide the requested information about the processed personal data;

   11.3.7    notification of actions to be performed with the User’s personal data upon the User’s Request; 

 

11.4 The Response to the Application shall be sent in the form corresponding to the form of the User’s application, unless the form of the Response to the Application is not specified in the Application.

12. Change of the Policy

12.1    The Operator reserves the right to make changes to the Policy. The User is obliged to familiarize himself with the text of the Policy each time he uses the Website.

 

12.2    The new edition of the Policy comes into force from the moment of its posting in the corresponding section of the Operator’s website. Continued use of the Site or its services after publication of the new edition of the Policy means acceptance of the Policy and its terms by the User. In case of disagreement with the terms of the Policy, the User shall immediately stop using the Site and its services.

13. Information about the Operator:

ASTONS MANAGEMENT CONSULTANCIES EST

Business Address: Sheikh Zayed Road, World Trade Center-1, Park

Place Tower, Office A-01, Dubai, UAE

Director: Sarmad Ahmad Khan

Mail: [email protected]