US Site Visit U.S. Site

Privacy Policy

Astroscale Privacy Policy

Each of Astroscale Holdings Inc. and its subsidiaries (collectively, “Astroscale” or “Group”, and each, a “Group Company”) is committed to protect Personal Information (as defined below) in all aspects of corporate activities.

As set out below, this privacy policy (the “Privacy Policy”) establishes our internal rules and procedures primarily based on the General Data Protection Regulation No 2016/679 (the “GDPR”). In addition, each Group Company shall make every effort to comply with local laws and regulations, including Personal Information Protection Act of Japan, the GDPR as implemented in the United Kingdom, the Colorado Privacy Act and Protection of Privacy Law of Israel.

Personal Information 

“Personal Information” shall mean information relating to living individuals which can identify a specific individual by name, date of birth, or other description contained in such information (including such information as will allow easy reference to other information and will thereby enable the identification of the individual).

Acquisition of Personal Information 

Astroscale shall acquire Personal Information in a legitimate, legal and fair manner.

Using Personal Information

Astroscale shall specify and notify the relevant individuals of the purpose of use and shall strictly use Personal Information within the scope.

Security Management Measures of Personal Information 

Astroscale shall make every effort to prevent the loss, destruction, alteration, compromise of or illegal access to Personal Information. As a security measure, Astroscale shall appoint an officer to supervise the implementation of this Privacy Policy and ensure the effectiveness of its security management scheme. Astroscale shall offer trainings to corporate directors, officers and employees to enhance compliance.

Provision of Personal Information to Third Parties 

Astroscale shall not, except in the cases set out below, provide any Personal Information to a third party without the prior consent of the individual to whom it relates.

If Astroscale provides Personal Information to a third party on one of the following grounds, it shall  supervise the third party to take necessary measures to protect the information and prevent data breaches, unauthorized accesses, intentional or unintentional data losses and any other misconducts:

  • when Astroscale provides Personal Information to an entity to which Astroscale’s business is commissioned or with which it conducts business jointly, in each case to the extent necessary for the purpose of use;
  • in the occurrence of a succession of business following a corporate event such as merger, demerger, business transfer or business purchase pursuant to relevant laws and regulations; or
  • when otherwise  required or permitted under the applicable laws and regulations .

Disclosure of and Amendments to Personal Information 

If an individual requests to disclose, amend or delete Personal Information, Astroscale shall, in accordance with the applicable law, promptly respond to such requests.

Astroscale Privacy Policy for GDPR 

  1. Our Privacy Statement 

The protection of your personal data (as defined below) is of great importance to Astroscale. This Privacy Policy therefore intends to inform you about how the Group Companies, acting as data controller, collect and process your personal data that you submit or disclose to us. We also act as data controller when we process your personal data received or obtained through third parties. Unless otherwise specified or notified to you, we will process personal data in accordance with the GDPR.

Definitions:

In this Privacy Policy,

“controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; and

“processor” means a legal or a natural person, agency, public authority, or any other body who processes personal data on behalf of a data controller.

We encourage you to read this Privacy Policy carefully. If you do not wish your personal data to be handled by us as set out in this Privacy Policy, please do not provide us with your personal data. Please note that in such a case, we may not be able to perform the purpose of the data collection, you may not have access to and/or be able to use some features of the website, and your customer experience may be impacted.

  1. How Do We Use Your Personal Data?

We will always process your personal data based on one of the legal bases provided for in the GDPR.

We may collect and process your personal data for the purposes detailed below, so that we can pursue our legitimate interests and provide you with adequate services or supports:

  • to ensure that content from our website is presented in the most effective manner for you;
  • to complete your application, enrolment or registration to our events, seminars, promotions or campaigns and ensure your access to our premises or websites;
  • for recruitment purposes; and
  • to answer your inquiry or provide information.

We will process your data for these specified, explicit and legitimate purposes, and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your personal data for as long as it is necessary for us to comply with our legal obligations, to ensure that we provide an adequate service, and to support its business activities.

  1. What Types of Personal Data Do We Use?

For the purposes specified under this Privacy Policy, we may collect one or more of the following categories of personal data as needed:

  • Name, Surname
  • Email address (personal / business)
  • Address (home / business)
  • Telephone / mobile phone number
  • Age (eg for on-site kids events, student campaigns)
  • Recruitment information (e.g., CV, academic / vocational certificates, marital status, date of birth, citizenship / country of domicile, reference letters).

We can obtain such personal data either directly from you when you decide to communicate such data to us (i.e., when you fill in forms displayed on the website) or indirectly where such personal data is provided to us by your electronic communication terminal equipment or your internet browser. We ensure that the personal data processed is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

  1. How Do We Share Your Personal Data?

We may share your personal data with Group Companies and with third parties in accordance with the GDPR. Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing.

We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our customers, guests, employees, operations, premises or properties.

Data Transfers:

Such disclosures may involve transferring your personal data out of the European Union to the following country: Japan, United Kingdom, Israel and United States of America. These countries may change due to changes in our business environment and European Commission’s GDPR adequacy decisions.

Such transfer may take place, for instance, recruitment / human resource purposes including inter-group transfers or referring a candidate to another Group Company upon consent of the candidate and for the performance of contractual terms with business partners. For each of these transfers, we make sure that we provide an adequate level of protection to the data transferred according to the GDPR, in particular by entering into standard contract clauses as defined by the European Commission.

  1. Our Records of Data Processes

We handle records of all processing of personal data in accordance with the obligations established by the GDPR (or equivalent local privacy laws of Group Companies of a country that has received an adequacy decision by European Commission), both where we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the GDPR (or equivalent) and cooperate with the supervisory authorities as required.

  1. Security Measures

We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.

We use appropriate technical or organisational measures to achieve this level of protection.

We will retain your personal data for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  1. Notification of Data Breaches to Supervisory Authorities

In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you.

  1. Processing Likely to Result in High Risk to Your Rights and Freedoms

We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms. If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational safeguards are in place in order to proceed with it.

In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations.

  1. Your Rights

You have the following rights regarding personal data collected and processed by us.

  • Information regarding your data processing: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you.
  • Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain related information.
  • Rectification or erasure of personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data. You may also have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply.
  • Restriction on processing of personal data: You may have the right to obtain from us the restriction of processing of personal data, when certain legal conditions apply.
  • Object to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, when certain legal conditions apply.
  • Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain conditions apply.
  • Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, insofar as this produces legal or similar effects on you, when certain conditions apply.

If you intend to exercise such rights, please refer to the contact section.

If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with a Data Protection Supervisory Authority.

  1. Links to Other Sites

We may propose hypertext links from the website on which this policy is stated to third-party websites or internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.

  1. Updates to Privacy Policy

We may revise or update this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy. If we make changes which we believe are significant, we will inform you through the website to the extent possible and seek your consent where applicable.

For any questions or requests relating to this Privacy Policy, please use the inquiry form below.

(Updated August 2023)