PRIVACY POLICY
PRIVACY POLICY
Introduction
This Privacy Policy explains how ASTRA GLOBAL HOLDING LTD (“the Company”, “we”, “our”, “us”) collects, processes, stores, and protects personal data when users (“you”, “the User”) access our website or use services provided in cooperation with a licensed Financial Institution (“FI”). We comply with the UK Data Protection Act, GDPR (where applicable), and English law.
Data We Collect
Personal Identification Data
We may collect and process the following personal information to identify you and facilitate communication:
Full name
Date of birthResidential addressEmail address
Phone number
Nationality (when required for compliance)Verification & Regulatory Data (AML/KYC)To meet Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and Know Your Customer (KYC/KYB) obligations—performed either by us or the FI—we may collect:
Passport or national ID document
Proof of Address (utility bill, bank statement, etc.)
Corporate documents for legal entities (KYB)Ultimate Beneficial Owner (UBO) informationSource of Funds (SOF) / Source of Wealth (SOW) documentationLive verification, biometric checks, or liveness tests
AML/CTF risk assessments and compliance questionnairesAny additional documentation required by applicable regulationsThis data is essential for onboarding, compliance screening, and security checks mandated by law.
Technical & Website Data
When you access our website, we may automatically collect certain technical information to ensure proper functionality, security, and performance. This includes:
IP addressBrowser type, version, and device information
Operating system and device identifiers
Cookies and similar tracking technologies
Website usage analytics, such as pages viewed, time spent, and interaction data
This information is collected to improve user experience, maintain platform security, and analyze website performance.
Communication Data
We may collect and store communication-related information, including:
Emails exchanged with our teamContact forms submitted via the websiteInternal notes related to your requestsAny other correspondence or inquiriesThis data is used to respond to your questions, support onboarding, and maintain accurate records.
How We Use Your Data
We process personal data for the following purposes:Identity verification and confirming your eligibility to use services provided through the FIAML/KYC/KYB compliance, including legal verification and risk assessment
Communication during onboarding, application review, or support inquiriesReferring your application to the FI for compliance screening and service evaluationImproving our website, optimizing performance, and enhancing user experienceMeeting legal, regulatory, and audit requirements, including mandatory reporting obligationsPreventing fraud, safeguarding security, and ensuring regulatory complianceWe do not sell, trade, or rent your personal data to third parties under any circumstances.
Sharing Data With Third Parties
1. Financial Institution (FI)We share relevant personal and compliance data with the FI for the purposes of:
Onboarding and application review
Conducting AML/KYC/KYB checksVerifying identity and source of funds
Assessing risk and determining account eligibility
Meeting regulatory or supervisory requirementsThe FI independently determines whether to approve or reject a user application based on its regulatory obligations.
2. Regulators / Governing AuthoritiesWe may disclose personal data to supervisory bodies or law enforcement agencies only when legally required, including:To comply with AML/CTF lawsTo respond to court orders or official requestsTo report suspicious activityTo fulfil mandatory regulatory auditsSuch disclosures are made strictly within the boundaries of UK and applicable international law.
3. Service ProvidersWe may engage trusted third-party service providers to support the operation of our website, onboarding processes, and compliance obligations. These providers may include:Identity verification and biometric systemsSecure cloud storage and encrypted data hostingCompliance and AML screening toolsDocument management and onboarding platforms
IT security and website analytics providersAll service providers operate under strict confidentiality agreements and are only permitted to process personal data in accordance with our instructions and applicable data protection laws.AML/KYC ComplianceAs a Payment Agent, we are required to collect, process, and share certain personal and corporate information with the FI to comply with AML/CFT and related regulatory frameworks.
Failure to provide mandatory AML/KYC/KYB documentation may:Prevent onboarding or application referralResult in delaysLead to refusal of serviceThe FI retains full authority to approve, reject, or request additional information based on its regulatory responsibilities.
Data Storage & Retention
All personal data is stored securely using reputable hosting and cloud service providers that meet UK GDPR and industry security standards.We retain personal data for a period of 5–7 years, or longer where required by:
AML/CFT regulationsStatutory or regulatory retention obligations
Ongoing investigations or legal proceedingsOnce the retention period expires, data is permanently deleted or anonymised.
Data Security
We take appropriate technical and organisational measures to safeguard your personal data, including:
Data encryption during transmission and storageStrict access controls and authentication requirements
Firewall, malware, and intrusion-prevention systemsSecure document storage and encrypted communication channelsInternal confidentiality policies for staff and contractorsDespite these measures, no online system is completely risk-free.
Users share information at their own discretion.
User Rights
Under UK GDPR, you may have the following rights regarding your personal data:
Right of access – request a copy of your personal dataRight to rectification – correct inaccurate or incomplete information
Right to deletion/erasure – request deletion where legally permissible
Please note: AML/CFT laws may require us to retain certain data and override deletion requestsRight to restrict processing under specific circumstances
Right to object to certain types of processing
Right to data portability – request transfer of your data to another provider (where applicable)
Requests will be fulfilled subject to identity verification and in accordance with legal requirements.
Cookies
Our website uses cookies and similar technologies for:
Security
User authenticationAnalytics and performance monitoring
Website functionality and improvementsYou may disable cookies through your browser settings;
however, certain features or services may not function correctly if cookies are blocked.
Transfers Outside the UK
If personal data is transferred outside the United Kingdom, such transfers are carried out in accordance with:UK adequacy decisionsStandard Contractual Clauses (SCCs)Additional safeguards required under UK GDPRWe ensure that any international data transfers maintain the same level of protection as required under UK law.
Compliance, Investigations & Fraud Prevention
We may monitor, review, and analyse user activity to:
Detect and prevent fraudIdentify AML/CFT breachesRespond to suspicious or illegal activity
Comply with regulatory reporting obligations
We may share relevant information with the FI, regulators, or law enforcement authorities where legally required.
Such actions may occur without prior notice when
mandated by law or to protect the integrity of the services.
Updates to This Privacy Policy
We may update or modify this Privacy Policy at any time to reflect legal, regulatory, or operational changes.
Updates become effective immediately upon publication on our website.
Continued use of the website constitutes acceptance of the revised Policy.
Contact Information ASTRA GLOBAL HOLDING LTD
Email: support@astra-global-holding-ltd.net
Address: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF
Reg.number: 16359197
These Terms are approved by the Management of the Company.