ASE Global Privacy Statement
We ASE PLC, value your privacy and take the protection of your personal data very seriously. We strictly adhere to applicable law and all data protection regulations. This policy may be updated to adhere to current regulations. The latest version is available here:
Who is responsible for processing your data?
Concord Business Park,
Manchester, M22 0RR, United Kingdom
What kind of data is processed and what is the source of this data?
The primary source for the personal data we process is you, as part of a business relationship (including, but not limited to: registration on our website, requests for reference material, participation in studies, event participation, registration as part of an on-site appointment in one of our offices). Additionally, we process data from publicly accessible sources (including but not limited to: commercial register, media) and data collected or generated to fulfill pre-contractual or contractual obligations (including, but not limited to: creation of online access, application management). “Personal data” is any information that directly or indirectly relates to a natural person.
The personal data processed by us includes master data (including, but not limited to: name, address, private contact details, company-related contact details), your contract or registration data (including, but not limited to: position, date of birth, salary), application information (including, but not limited to: curriculum vitae, certificates) and accounting data (including, but not limited to: invoice details, bank details). In addition, we might, if required for specific purposes, collect information about your financial status (including, but not limited to: credit rating), advertising data (including, but not limited to: product offers, cookies, web analytics), data for business process documentation purposes (including, but not limited to: meeting notes and e-mail traffic), marketing-specific group membership and analysis data as well as data to meet legal requirements.
What purpose do we collect and process your personal data for?
How long is the data stored?
What is the legal basis for processing your personal data?
We process personal data for the following purposes and based on the below legal foundation:
- As part of your consent (Art 6 (1) lit a GDPR):
If you have explicitly consented to storing and processing of your personal data, we will only process it for the purposes specified in the declaration of consent and to the extent agreed therein. You can withdraw your consent at any time. Withdrawal of consent does not affect the legitimacy of data processing up to that point in time.
- To fulfill (pre-) contractual obligations (Art 6 (1) lit b GDPR):
If the processing of your personal data is necessary to fulfill pre-contractual terms or a contract concluded with you, the purpose of the processing corresponds to the purpose regulated in the contract. Details can be given in the associated contract documents, if required.
This applies, among other things, but not exclusively to employees at companies who use one or more of our software product solutions. The retention period of your data is determined by the time your access is active.
- To fulfill legal obligations (Art 6 (1) lit c GDPR):
Legal obligations can require the disclosure of your personal data. Legitimacy is, among others, based on:
- To safeguard legitimate interests (Art 6 Paragraph 1 lit f GDPR):
We process your data to safeguard our legitimate interest, among others for the following purposes:
- Contract and payment management and administration
- Marketing of our services and products
- Development of new products and services
- Quality assurance and improvement of our offer
- Proof of statutory mandated prerequisite check
Your data will be stored for the duration of the business relationship with us, provided that corporate retention requirements do not ask for a longer period and in any case in accordance with Art 6 Paragraph 1 lit f GDPR.
What are your contextual rights?
An objection to data processing under the conditions of Art 21 GDPR is possible at any time.
Furthermore, you have the right to request incomplete personal data to be either completed or deleted. In special, justified individual cases, it is also possible that you object to the processing of complete, correct and lawfully retained and processed personal data (e.g. direct mail) if you no longer want to use associated services etc. Revoking your consent does not affect the legitimacy of the processing carried out up to the point of withdrawal of consent. Please contact our Data Protection/ Information Security Officer in any of the abovementioned cases. If despite our best efforts to ensure you feel comfortable to entrust us with your personal data, you are of the opinion that we are using your data in an impermissible manner, you have the right to lodge a complaint with the Information Commissioners Office (ICO).
How is the data transfer regulated?
Your personal data will only be passed on to third parties if you have given your explicit prior consent, or there is a legitimate interest, or appropriate documentation exists before the data is collected or to fulfill (pre-) contractual and legal obligations (e.g. in the context of official investigations, pending proceedings, to assert, exercise or defend our legal claims, to release data to potential or actual buyers of business areas or assets).
We carefully select our business partners in individual areas of business, who are of course also obliged to act in accordance with data protection regulations and always ensure that data processing and forwarding is carried out exclusively on the basis of the appropriate statutory requirements and related laws. Third-party processors are:
- Companies, in accordance with the consent you have given
- Service providers for order processing (including, but not limited to, service providers for website maintenance, marketing agencies, service providers for quality assurance and IT services)
- Authorities and public bodies if required by law
Is there an obligation to provide data?
The provision of personal data is part of the establishment of a contractual relationship or may be required to process (pre-) contractual business cases. Thus, please note, that a desired contractual relationship or a desired business case processing may not come about if this data is not made available or is not made available to the required extent. Please note that this would not count as a contractual default on our part.
Do we use automated decision-making including profiling?
No, we do not use automated decision-making according to Art 22 GDPR to bring about a decision on business relations.
Website usage-specific and social media-related information on data protection
You can deactivate cookies in your internet browser at any time. Please visit the support pages of your respective browser for details. Please note that some features of our website may not be displayed as intended without activating cookies.
You can manage your cookie preferences by use of the pop-up window on our website. We use third-party software for cookie management. Your consent to the selected cookie setting remains stored in your browser settings until the cookie is deleted or according to the max. retention period set in the cookie management software.
Our social media pages collect anonymous statistical data (for example for the purpose of targeted advertising), which are neither passed on to us or processed by us. For further details, please consult the cookie and website guidelines of the respective platform operator.
In accordance with our internal information security and data protection guidelines, payment data is processed exclusively using SSL (Secure Socket Layer) technology.