Privacy notice Asteria AB
General
This privacy notice describes how Asteria AB (“Asteria”, “we”, “our”, “us”) processes your personal data when you visit our website, use our services or when we otherwise process your personal data.
Data controller
Asteria is the data controller for the processing of your personal data in connection with the provision of our services to you. You can reach us as follows:
Asteria AB
- Sveavägen 45, 1tr
- 111 34 Stockholm, Sweden
- info@asteria.ai
- Organization ID 556990–0888
- EU VAT ID SE 556990088801
- Swedish Financial Supervisory Authority ID 51073
How do we collect your data?
When signing up for, or using, our services, such as (but not limited to) Asteria Smart Cash Flow, you may share bank account data and/or accounting software data with us. Bank data is shared through interfaces such as PSD2 or similar. Accounting software data is shared through API when approving Asteria access or when locally installing software that initiates data transfer to Asteria.
What data about you do we process and why?
When signing up for, or using, our services, such as (but not limited to) Asteria Smart Cash Flow, you can share both bank account data and accounting software data.
The purpose of sharing data with Asteria is for Asteria to deliver insights about your financials to you. The more data you share, the more insight is shared.
We need access to your financial data to be able to deliver insight to you about your financial status.
Under no circumstances does Asteria take ownership of your data. Your data is, and remains, yours.
Legal basis for processing
The user agreement that you approve when signing up for our services is the legal basis for Asteria to process your data and may include personally identifiable data. The approval is consent for Asteria to process personally identifiable information.
The consent to Asteria to access your data when connecting bank account or accounting software is the legal basis for Asteria to process your data.
Technical description of the service
Asteria Smart Cash Flow provides the user with a financial overview of the company’s cash flow. The service connects to bank account interfaces (i.e., PSD2 interfaces) through API to fetch bank account data, and to accounting software through API or through local installation, to fetch accounting data. Bank account data and accounting data is downloaded to Asteria servers. The data is processed with the purpose of giving the user a financial overview of the company and its cash flow. The service shows the user graphs and summaries of cash flow and important features for the company. The service may also give the user insight and advice to change the company’s future cash flow. The service analyses financials such as (but not limited to) deposits, withdrawals, invoices, mobile payments, invoices, and other receivables, etc. The data may be clustered and forecasting models may be used to indicate future financials.
Asteria Smart Cash Flow is offered on Asteria’s website and white-labeled by partners to Asteria, such as (but not limited to) Företagskollen offered by Swedbank and the Savings Banks.
Asteria Integrations enable companies that want to access financial data to access several endpoints through Asteria. Companies using Asteria Integrations may offer clients the chance to share bank account and accounting data with them. Asteria may be a sub-processor of personally identifiable data for companies that sign up to Asteria Integrations services used by a company.
How long do we keep your data?
Your data is stored with Asteria for the duration of the use of our services. If you chose to terminate the service(s), your data is deleted. Asteria may retain backups of your data for up to 14 days, after which the backups are deleted.
With whom do we share your data?
Asteria is using IBM Cloud for providing hardware and software to host our services. Your data is processed with IBM Cloud in Frankfurt am Main, Germany.
Asteria is using services from Kayako, Groove and Telness for support to users. If you have contacted Asteria support while using our services, some data may be processed with aforementioned service providers, such as (but not limited to), email address and telephone number for Asteria to contact you, organization ID, your message to Asteria and any personally identifiable information that you have entered.
Where do we process your data?
We always aim to process your personal data within the EU/EEA. However, in certain situations, such as when we share your information with, for example, an IT provider operating outside the EU/EEA, your personal data may be processed outside the EU/EEA. If and when your data is processed outside the EU/EEA, we ensure that there is an adequate level of protection and that appropriate safeguards are put in place (for example through the use of the European Commission’s standard contractual clauses).
Asteria is using IBM Cloud in Frankfurt am Main, Germany. Your data is stored and processed there. In the unlikely event of downtime or service interruption, Asteria may take precaution to transfer your data to another IBM Cloud center such as in the United Kingdom of Great Britain and Northern Ireland. All data is stored encrypted and Asteria is managing encryption keys.
Asteria is using Kayako and Groove for support tickets. If you have contacted Asteria’s support, Kayako and Groove may process a small part of your data for Asteria to be able to contact you and solve your support ticket.
Your rights as a data subject
As a data subject, you have certain rights in relation to the processing of your personal data. If you wish to exercise any of them, please contact us via privacy@asteria.ai .
- Right of access: You have the right to obtain information about the personal data we process about you, including the purpose of the processing and the legal basis for the processing.
- Right to rectification: If you believe that we are processing inaccurate personal data about you, you can ask us to rectify it.
- Right to restrict processing: You can request that we restrict the processing of your personal data. This may be relevant, for example, if we have inaccurate data about you and you do not want the processing to continue until we have corrected the data.
- Right to erasure/right to be forgotten: You can request that we delete your personal data. While we will comply with such request to the extent required by applicable law, please note that despite your request, we may continue to process certain data (such as data that we need to retain to protect our legal interests or that we are required by law to retain).
- Right to object: In the context of processing personal data based on legitimate interest, you have the right to object to the use of your personal data. If your privacy interests outweigh our interests in processing certain data, we will stop processing such data.
- Right to data portability: You may also have the right to access the personal data you have provided to us in a structured, commonly accepted and machine-readable format, and the right to transmit the data to another controller.
Want to know more?
If you have any questions about our processing of your personal data, contact us via privacy@asteria.ai
If you are not happy with us
If you are not satisfied with how we process your personal data, you are welcome to contact us via privacy@asteria.ai. You can also contact the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, www.imy.se, imy@imy.se).
This privacy notice is valid as of April 2023.