Our policies and agreements governing the use of Astrada's services.
Last updated: July 23, 2024
Fidel Limited, DBA Astrada ("Astrada", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you ("personal information") and information regarding our use of cookies and similar technologies in relation to the Service (as defined below).
Astrada provides the following components to third party providers of transaction data-enabled services ("Clients") for the enrollment of cards and the sharing of relevant transaction data: (i) the enrollment SDK, the API, any related software or websites (such as www.astrada.co ("Site")) made available by Astrada to support services to the Clients ("Services").
Please ensure that you have read and understood how we collect, store, use and disclose your personal information as described in this Privacy Policy.
Astrada is the controller responsible for the personal information we hold about you (except as otherwise stated below). If you have any questions about this Privacy Policy or how we use your personal information, please contact us using the details set out in section 9 below.
Processing for access to the Site. The table below sets out the categories of personal information we may collect in relation to providing the Site Services, how we use that information and the corresponding legal basis which we rely on to process the personal information.
If you choose not to provide personal information, we may not be able to provide you with the Services or respond to your other requests.
| Category of data subject | Category of information | How we use it | Legal basis |
|---|---|---|---|
| Clients | Contact information and basic personal and professional details. Such as name, phone number, address, e-mail address. | We use this information to operate, maintain and provide the features and functionality of the Service. We use this information to communicate to respond to Client queries and to send service-related emails or notifications. | Performance of a contract and legitimate interests, namely administering the Service. |
| Clients, visitors to the Site | Contact information and basic personal and professional details. Such as name, phone number, address, e-mail address. | We use this information to send news, alerts and marketing communications in accordance with the recipient's stated preferences. We use this information to monitor and improve the Service and our business. | Consent and legitimate interests, namely to administer and improve the Service. |
| Clients, visitors to the Site | Correspondence, comments and feedback, e.g. by email, user surveys responses or feedback provided on the Site. | We use this information to monitor and improve the Service, and to address your questions, issues and concerns. | Legitimate interests, namely administering the Service and communicating in connection with those questions. |
| Clients, visitors to the Site | Location information. A device's IP address may help us determine an approximate location. | We may use an approximate location to ensure content on our Service is relevant to the city or country from which the Services are being accessed. | Legitimate interests, namely to tailor our Service to the user. |
| Clients, Merchants, visitors to the Site | Preferences. Preferences set for notifications, marketing communications and how our Service is displayed. | We use this information to provide notifications, send marketing communications and display our Service in accordance with your choices. | Legitimate interests, namely ensuring the user receives the correct communications. |
Processing of data that includes transaction information.
| Category of data subject | Category of information | How we use it | Legal basis |
|---|---|---|---|
| Clients, Client customer, End Users | Payment and transaction information. Information such as payment information, including Client or Client customer or End User credit card or bank account details. | We use this information to facilitate transactions. Transaction information is used to support features of spend management services provided by the Client. We use this information to detect and prevent fraud. | Performance of a contract and legitimate interests, namely the detection and prevention of fraud. |
Processing for analytics purposes. We also automatically collect personal information indirectly about how you access and use the Service.
| Category of data subject | Category of information | How we use it | Legal basis |
|---|---|---|---|
| Clients, visitors to the Site | Information about how the Services are accessed and used, such as analytics information. This includes the website visited prior to the Site, how frequently Services are accessed, session duration, email engagement, and multi-device access. | We use this information to determine products and services that may be of interest for marketing purposes and to analyse the efficacy of our sales strategies. We use this information to monitor and improve our Service. | Legitimate interests, namely for sales and marketing purposes and to improve the Service. No transaction data is used for sales or marketing purposes. |
| Clients, Merchants, visitors to the Site | Technical information about user devices and software, such as IP address, browser type, Internet service provider, operating system, date and time stamp. | We use this information to present the Service to users on their device and to enhance and personalise the user experience. We use this information to monitor and improve the Service. | Legitimate interests, namely to tailor the Service to our users and to improve the Service generally. |
Processing for the Astrada Service. In relation to the Astrada Service, the table below sets out the information we collect about cardholders ("End Users"). Please note that we are not the controller of information collected about End Users. The Client or Client customer is the controller of this personal information.
| Category of data subject | Category of information | How we use it |
|---|---|---|
| End Users | Payment card information. A subset of your payment card information (name, PAN, expiry date, issuer country, and CSC) when you link your payment card to a service supported by a Client program. | We use this information to operate, maintain and provide to Clients the features and functionality of the Service. |
| End Users | Transaction information. A subset of information relating to transactions made using an enrolled payment card which has been linked to a Client's program. | We use this information to operate, maintain and provide to Clients the features and functionality of the Service. |
We may link or combine the personal information we collect about you and the information we collect automatically. This allows us to provide you with a personalized experience regardless of how you interact with us.
We may anonymize and aggregate any of the personal information we collect (so that it does not identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, improving the Service and developing new products and features. We may also share such anonymized information with others.
As required in accordance with how we use it, we will share your personal information with the following categories of recipients:
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored on secure servers. We take all reasonable steps and follow generally accepted industry standards to ensure that the personal information we hold is protected from misuse, interference, loss, unauthorized access, modification or disclosure by the use of various methods including access limitation, and industry-standard Secure Socket Layer (SSL) encryption technology. We take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up-to-date, relevant and stored securely. Security safeguards include data encryption, firewalls, and physical access controls to building and files. Astrada's systems are certified as Level 1 PCI compliant and all data retention and credit card information is maintained in accordance with the PCI standards as determined by the PCI Security Standards Council.
International transfers of your personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the European Economic Area ("EEA"), Switzerland or the UK, your personal information may be processed outside of the EU (or a jurisdiction deemed adequate by the European Commission) including in the United States; these international transfers of your personal information will be made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission or the UK, as appropriate. If you wish to enquire further about these safeguards used, please contact us using the details set out in section 9 below.
Retention of your information. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.
In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:
If you wish to exercise one of these rights, please contact us using the details set out in section 9 below.
You also have the right to lodge a complaint to your local data protection authority. If you are based in the EU, information about how to contact your local data protection authority is available at: ec.europa.eu. If you are in the UK, information about how to contact the Information Commissioner's Office is at ico.org.uk.
The Service may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
The Service is not directed at persons under 16 and we do not knowingly collect personal information from children. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us.
We may update this Privacy Policy from time to time and so you should review this page periodically. When we change this Privacy Policy in a material way, we will update the "last updated" date at the top of this Privacy Policy. Changes to this Privacy Policy are effective when they are posted on this page.
You can contact us with any query related to this Privacy Policy by emailing us at support@astrada.co.