ASAPP Privacy Notice

2. Information We Collect

‍

We collect personal information directly from you when you visit our Site or interact with us through our marketing and business activities. We do not receive or process personal data from our Customers’ end users under this Notice.

‍

Information You Provide to Us

‍

• Contact via email: name, email address, and any other personal information included in your message. We use this information solely to respond to your inquiry.
• Business contacts and potential Customers encountered through our marketing activities (events, conferences, business meetings): name, business email address, job title, employer name, and phone number. We use this information to manage our business relationships and market our B2B products and services.

‍

Information Collected Automatically

When you visit our Site, we automatically collect the following categories of internet or network activity data to administer and improve the Site:

‍

• Browser type and operating system
• Pages viewed on the Site
• Number of links clicked within the Site
• State or country from which you accessed the Site
• Date and time of your Site visit
• Number of return visits
• Web page you linked from

‍

We use Google Analytics (operated by Google LLC) to collect and analyze this information for the purpose of administering and improving our Site. Data may be aggregated and anonymized for reporting purposes. Google Analytics may transfer and process data in the United States. For more information on how Google uses data, visit https://policies.google.com/privacy. For cookie-specific details, see our Cookie Notice below.

‍

Information Received from Third Parties

For business development and marketing purposes, we may receive the following categories of business contact information from third-party sources: name, business email address, job title, employer name, and professional contact details. These are obtained from advisory firms and publicly available professional resources such as LinkedIn. We use this information solely for B2B marketing and business development activities. This is data about business professionals in their professional capacity; we do not receive consumer data or end-user data from our Customers under this Notice.

3. How We Use Your Personal Information

‍

We use the personal information we collect only for the following purposes, each linked to a lawful basis under applicable law. We do not use personal information for purposes beyond those stated without first providing notice and, where required, obtaining consent:

‍

• Communicating with you in response to your inquiries (lawful basis: legitimate interests / performance of pre-contractual steps)
• Providing marketing materials, product information, and other content you have requested (lawful basis: legitimate interests / consent where required by law)
• Facilitating your navigation through the Site (lawful basis: legitimate interests)
• Marketing our B2B products and services to business professionals (lawful basis: legitimate interests for B2B marketing; consent where required by applicable law)
• Administering, operating, and improving our Site (lawful basis: legitimate interests)
• Diagnosing and resolving technical problems with our Site (lawful basis: legitimate interests).
• Uses described in our Cookie Notice(lawful basis: consent for non-essential cookies; legitimate interests for strictly necessary cookies)Uses described in our

‍

We collect and process only the personal information that is adequate, relevant, and limited to what is necessary for the purposes described above (data minimisation). If we intend to process your personal information for a purpose materially different from those stated, we will notify you before doing so and, where required by applicable law, seek your consent.

4. How We Share Your Information

‍

We disclose your personal information only with selected recipients for specific purposes. We do not sell your personal information. We do not share it with third parties for their own direct marketing purposes. All third-party recipients are contractually bound to protect your personal information and use it only for the purposes for which it is disclosed to them.

‍

Service Providers and Other Third Parties

‍

1. Technology service providers who host and operate our Site and IT infrastructure (including cloud hosting providers and website analytics services such as Google Analytics), for the purpose of Site operation and improvement
2. Marketing and CRM technology providers (such as email marketing and customer relationship management platforms) that we use to manage our B2B marketing activities and business contact database
3. All third-party service providers are contractually bound to protect your personal information and to use it only for disclosed purposes. Where required by law, we execute Data Processing Agreements with these providers

‍

ASAPP Affiliates and Subsidiaries; Business Transactions

‍

• Corporate affiliates or subsidiaries of ASAPP, for the purposes described in this Notice, subject to this Privacy Notice

‍

For Compliance and Regulatory Purposes

‍

• As required by law, including responses to lawful requests from public authorities, subpoenas, or similar legal proceedings
• In good faith when necessary to protect our rights, your safety, or the safety of others, or to investigate fraud
• To comply with applicable data protection laws, including the EU/UK GDPR and the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”)

‍

Note: ASAPP’s obligations as a HIPAA Business Associate arise under individual service-level DPAs with healthcare customers. Those obligations are not governed by this website privacy notice.

‍

SMS Messaging

ASAPP uses SMS messaging for marketing communications. Users must opt in via the ASAPP opt-in form. Mobile numbers will not be sold, rented, or shared with third parties for marketing or any other purposes. Users may opt out of receiving SMS communications at any time by replying STOP or by contacting hello@asapp.com.

‍

Disclosure in the Event of Merger, Sale, or Other Asset Transfers

In the event of a merger, acquisition, sale of assets, or similar business transaction, your personal information may be transferred. The acquiring entity will be subject to this Privacy Notice and applicable data protection laws. We will provide notice of any material change to how your personal information is handled before it takes effect.

5. Cookies and Tracking Technology

‍

We use cookies and similar technologies on our Site. Strictly necessary cookies are placed automatically. For visitors from the EEA and UK, we obtain your prior informed consent via our cookie consent banner before placing any non-essential cookies (analytics or functional), in compliance with the EU/UK GDPR and the UK Privacy and Electronic Communications Regulations (“PECR”). You may update your cookie preferences at any time through the cookie settings link in our Site footer.

‍

We honor automated Opt-Out Preference Signals / Global Privacy Control (GPC) plugin configurations for users exercising tracking opt-outs. We do not serve targeted or behavioral advertisements on our Site. We do not use cookies or tracking technologies to share your personal information for cross-context behavioral advertising. If this practice changes, we will update this Notice and provide any required opt-out mechanism.

‍

We use three categories of cookies:

‍

• Strictly Necessary Cookies: Required for core Site functionality (security, network management, accessibility). Cannot be switched off in our systems. No consent is required for these cookies.
• Performance and Analytics Cookies: Used to understand how visitors engage with our Site. We use Google Analytics (Google LLC) to capture pseudonymous usage and device data (such as abbreviated IP addresses and device identifiers) to compile aggregate website performance reports. It does not capture direct identifiers like your name or email address. For EEA and UK visitors, these cookies are placed only with your prior consent. To opt out of Google Analytics tracking across all websites, visit https://tools.google.com/dlpage/gaoptout.
• Functional Cookies: Remember user preferences (e.g., language, region). Deleted automatically when the browser closes or the session expires. For EEA and UK visitors, these cookies are placed only with your prior consent.

‍

To manage or delete cookies, adjust your browser settings or visit www.aboutcookies.org. Note: blocking or disabling cookies may limit your ability to use certain features of our Site.

‍

This Cookie Notice may be updated to reflect changes in data practices or applicable law. Material changes will be indicated by a revised date and, for EEA/UK visitors, by re-requesting consent where required.

6. How We Protect Your Information

‍

ASAPP maintains appropriate administrative, technical, and physical safeguards designed to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Third-party service providers are required to maintain equivalent security measures in accordance with industry standards.

‍

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay, as required by applicable law (including GDPR Article 34). California residents should also be aware that, under California Civil Code §1798.150 (CCPA), you may have the right to bring a civil action in the event of a breach of certain unencrypted personal information resulting from our failure to implement and maintain reasonable security procedures.

‍

Do not send payment card information to us directly via email or any other communications channel, as we do not collect credit card information directly.

7. Minimum Age Requirements

‍

ASAPP’s website is directed exclusively at business professionals. We do not knowingly collect personal information from individuals under the age of 18. Our Site is not intended for minors. If you become aware that a minor has provided us with personal information, please contact us at privacy@asapp.com and we will take prompt steps to delete such information.

8. How Long We Retain Your Information

‍

We retain personal information only for as long as necessary to fulfill the specific purpose for which it was collected. The following category-level retention periods apply:

‍

• Website visitor and analytics data: retained for up to 26 months, after which it is deleted or anonymized (consistent with Google Analytics default retention settings)
• Business contact and marketing data (names, emails, phone numbers from events, LinkedIn, and enquiry forms): retained for the duration of the active business relationship and for up to 3 years thereafter, or until you withdraw consent or object, whichever is earlier
• Compliance and legal obligation records: retained for the period required by applicable law or regulatory guidance, typically 3–5 years
• Legal hold / dispute resolution: retained for the duration of any pending or threatened legal claim, investigation, or regulatory proceeding in which the data is relevant

‍

When personal information is no longer required, we delete or anonymize it securely. Where immediate deletion is not possible (e.g., backup archives), we isolate the data from further active processing and delete it as soon as practicable.

9. Changes to this Notice

‍

We may update this Privacy Notice from time to time. The “Last Updated” date at the top of this Notice indicates when it was last revised. For material changes, we will provide prominent notice on our Site and, where required by applicable law, notify you directly before the changes take effect. For EEA and UK residents, where a material change requires renewed consent, we will seek that consent before the new processing begins. Continued use of our Site after non-material changes does not constitute consent to any change in how we process personal information.

10. Your Privacy Rights

‍

In accordance with applicable law, you — as a website visitor or business contact whose data we process as Data Controller — may have the following rights. These rights apply to personal information ASAPP holds about you in its capacity as Data Controller (i.e., data collected via our Site and marketing activities). They do not apply to data processed by ASAPP on behalf of its Customers, for which you should contact the relevant Customer directly.

‍

• Know / Access: Request access to the personal information we hold about you in our capacity as Data Controller, including a portable copy in a commonly used machine-readable format. Residents of certain U.S. states may request disclosure of the categories and specific pieces of personal information collected about them in the preceding 12 months.
• Correct: Request correction of inaccurate or incomplete personal information. We will use commercially reasonable efforts to honor correction requests promptly.
• Delete: Request deletion of your personal information, subject to legal exceptions (e.g., legal hold obligations).
• Opt-Out: Request to opt out of certain processing activities. ASAPP does not sell personal information. ASAPP does not share personal information for cross-context behavioral advertising. If you believe a sharing activity has occurred, please contact us at privacy@asapp.com.
• Restrict / Object: Request restriction of, or object to, our processing of your personal information where processing is based on legitimate interests.
• Appeal: Appeal our decision to decline to process your request. We will review all appeals and respond within the timeframes required by applicable law.
• Withdraw Consent: Withdraw your consent to our processing of your personal information at any time. Withdrawal applies to future processing only and does not affect the lawfulness of processing before withdrawal.
• Non-Discrimination (CCPA): Residents of certain U.S. states have the right not to receive discriminatory treatment for exercising their privacy rights. ASAPP will not deny services, charge different prices, or provide a different level of service as a result of you exercising your privacy rights.

‍

To exercise any of these rights, please email privacy@asapp.com. We will acknowledge your request within 10 business days and respond in full within 45 days (U.S.) or one month (UK or EU), extendable by a further two months where necessary with prior notice. We may require you to verify your identity before processing your request. Authorized agents may submit requests on behalf of consumers of certain U.S. states subject to verification of authorization. We cannot respond to requests if we are unable to verify identity.

A1. Data Controller Identity

‍

The Data Controller for personal information collected through this Site and through ASAPP’s marketing activities is:

‍

• ASAPP, Inc., One World Trade Center, 80th Floor, New York, NY 10007, USA
• Email: privacy@asapp.com.

‍

ASAPP acts as Data Processor, not Data Controller, for personal information processed on behalf of its Customers as part of delivering its products and services. That processing is governed by the applicable DPA. Enquiries about such processing should be directed to the relevant Customer.

A2. Purposes and Legal Bases for Processing

‍

We process personal information only where we have a legal basis under EU/UK GDPR. Our legal bases, mapped to each processing activity, are:

‍

• Legitimate interests (Article 6(1)(f) GDPR): operating and improving our Site; B2B marketing to business professionals; fraud prevention and security. Our legitimate interests have been assessed against your interests and fundamental rights and do not override them.
• Consent or Legitimate Interests (Article 6(1)(a) GDPR): placing non-essential cookies (analytics and functional); direct email marketing to EEA/UK individuals in accordance with applicable law. You may withdraw consent at any time without detriment (see Section 10).
• Legal obligation (Article 6(1)(c) GDPR): responding to lawful requests from authorities; compliance with applicable data protection, tax, and other regulatory requirements.

‍

Personal information may be transferred to and stored in the United States, where ASAPP’s headquarters and IT systems are located. See Section A3 regarding international transfer safeguards.

A3. Transfer of Personal Information to Other Countries

‍

ASAPP is based in the United States. Where personal information is transferred from the EEA or UK to the US or other third countries, we rely on: (a) EU Standard Contractual Clauses (SCCs) adopted by the European Commission, as updated from time to time, for transfers from the EEA; and (b) the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs for transfers from the UK. Copies of the applicable transfer mechanisms are available on request by emailing privacy@asapp.com.

A4. Data Subject Rights

‍

The following rights apply to personal information held by ASAPP in its capacity as Data Controller (i.e., data collected via our Site and marketing activities). They do not apply to data ASAPP processes as a Data Processor on behalf of its Customers — for that data, please contact the relevant Customer directly. Identity verification is required before responding to any data subject request. We will respond within one month, with a possible extension of two further months for complex or numerous requests (we will notify you of any extension within one month of receipt).

‍

GDPR rights include:

‍

1. Right of Access – Request access to the personal information we hold about you and how it is used and shared.
2. Right to Rectification – Request correction of inaccurate or incomplete personal information without undue delay.
3. Right to Data Portability – Request a copy of your data in a structured, machine-readable format for transfer to another entity.
4. Right to Erasure – Request deletion of your personal information where it is no longer necessary, where consent has been withdrawn, or where processing is unlawful.
   
5. Right to Restriction of Processing – Request that we suspend active processing in specified circumstances (e.g., accuracy is disputed, processing is unlawful but you oppose erasure, data is needed for legal claims).
6. Right to Object – Object to processing based on legitimate interests. We will cease processing unless we can demonstrate an overriding legitimate purpose.
7. Objection to Marketing – Object to processing for direct marketing at any time. ASAPP does not share personal information with third parties for marketing purposes and does not engage in automated profiling.
8. Withdrawal of Consent – Withdraw consent at any time by emailing privacy@asapp.com. Withdrawal applies to future processing only.

‍

To exercise any of these rights, please email privacy@asapp.com.

‍

Complaints: We encourage you to contact us first so we can resolve your concern directly. If you remain dissatisfied, you have the right to lodge a complaint with the relevant supervisory authority. For EEA residents, this is the data protection authority in your country of residence. For UK residents, the relevant authority is the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Tel: +44 (0) 303 123 1113; https://ico.org.uk.