Privacy Policy

How we Collect, Process and Use Personal Information

We are committed to respecting and protecting your privacy. We only collect and process personal information from you when we need it to provide you with services or information you have asked for.

Our Privacy Policy is informed by the EU General Data Protection Legislation Regulation (GDPR), with effect from 25 May 2018. This policy statement is not in any sense a summary of the law. For details of the legislation and what it means, please see the ICO Guide to the GDPR, or read the GDPR full text.

What information do we collect?

  1. Using this Website. We do not store cookies or any other personally identifiable information on your computer while you are browsing this website. As is standard internet practice, Apache server logs[i] are kept of all interactions with the Astralsound website. We are not able to identify any individual from these logs and your use of this website alone. However, the IP address of the device you are using is recorded, and if you were to use the same device to send us an email or submit a form from one of our web pages we would then be able to associate that IP address with your message. We have never previously associated IP addresses with contact from users in that way, and have no intention of doing so in the future, but the fact that we could do so means that an IP address might in those circumstances become personally identifiable information.

    We also use web analytic software, which analyses user-activity on the Astralsound website. This also uses IP addresses, but to preserve anonymity the last three digits of the IP address are not recorded, and no personally identifiable information is collected.

    The search term(s) entered by users of our Site Search application are logged. No personal information is recorded or associated with this process.

    Information provided by these facilities is used to make general improvements to content, presentation and navigation tools on this website. It is not used to affect what any individual sees.

  2. Contacting Us. We record and process any personal information you give us when you contact us.

    If you contact us by email or online form, the IP address of the device you are using is included in email or form headers. All our online forms require the use of a single session cookie[ii], which does not contain any personally identifiable information.

    If you contact us by phone, the phone number you are calling from is displayed on our handsets and logged by our telecom supplier unless it is withheld by your supplier or you have withheld it by some other means. Generally, however, we will only make a note of phone number(s) you tell us, not those from which you have called us.

    A recording of any voicemail message you leave will be emailed to us.

  3. Doing Business with Us. We record the name, postal address, email address and contact phone number(s) of everyone to whom we provide goods or services. When taking payment for goods or services, we record the bank or credit/debit card details you use to pay us. No record is kept of card security numbers.

Why do we collect personal information?

  1. To Provide Goods and Services. In order to provide the range of services we offer we need to know who our clients are, how to contact them, and where goods or services are to be provided. Because our business is primarily rental, for security we also need our clients to provide enough information to confirm their identity and place of residence.
  2. To Provide Quotations. A written quotation may form the basis of a contract, so we need the same information to provide a quotation that we would require to enter and fulfil the contract.
  3. To Take Payment. In common with all credit/debit card merchant account holders, we are unable to process card payments without details specified by our account provider.
  4. To Meet Legal Requirements. We are obliged to keep business records, including invoice copies that contain client details. We are also obliged to maintain and monitor the security of our data systems, including the Astralsound website.

How do we use personal information?

Other than for security and legal requirements (see above), we only use personal information for the specific purpose(s) you give it. We do not ask for consent to send you details of future promotions or offers because we do not send them. We will never use information you have given us for marketing or other forms of unsolicited contact.

How is information kept secure?

All information we receive electronically is transmitted using end-to-end encryption, so that it cannot be viewed or intercepted during transmission. It is stored locally in encrypted form, using robust and unique access passwords that are not shared with any other people, organisations or devices. Passwords are changed periodically. Backup copies of all files are kept following the same protocols on separate encrypted hard drives.

Our systems are protected by a hardware firewall, and by up-to-date anti-virus and firewall software.

Sharing personal information

We will not disclose your personal information to or share it with anyone, unless:

  1. We need to confirm details you have given us (for example, to confirm credit/debit card details with your card supplier);
  2. We are obliged to do so by statutory duty, jurisdiction, warrant, or court order;
  3. We must do so to protect or enforce our own rights (for example, when hired equipment is not returned);
  4. We have your freely-given, informed and express consent.

How long do we keep information?

We aim to keep personal information only for as long as it is likely to be required. Obviously this will depend on the information's purpose, so that while a regular client's details may be retained indefinitely, details of a speculative enquiry will only be retained for a short period. Voicemail messages are deleted by our telecom provider after 30 days, and we usually delete any emailed copies of these as soon as we have noted their contents.

To comply with HMRC guidelines, information that forms part of our tax records (including invoice copies) may be retained for up to eight years from the invoice date.

What rights do you have?

As well as having confidence that we keep your details secure, you are entitled to know what information we have about you. You are entitled to correct that information if it contains an error or has changed, and to ask us to delete it if we have no legitimate reason to keep it. Note, however, that for data security reasons we will need proof of your identity before we can disclose anything about you, or make changes to your record.

If you have given us consent to use your details for any specific purpose not covered here, you are entitled to withdraw that consent at any time, in which case all you need to do is let us know.

  1. Our server logs include, in Combined Log Format, all that are available of the following data (you can find further information on Apache server logs from documents provided on the Apache website):

    %h

    The IP address of the client (your computer or other device) that made the request to our server.

    %1

    If the action was performed by an authenticated user (i.e. someone who has a user-account on our server), their userid.

    %u

    If accessing a password-protected document, the user-id of the person requesting the document.

    %t

    The time (day, month, year, hour, minute, second) the server finished processing the request.

    \"%r\"

    The request line. This comprises the METHOD (e.g. GET, POST), the requested resource (e.g. /examplepage.htm), and the protocol (e.g. HTTP/1.0).

    %>s

    The status code (e.g. 200 - success, 301 - permanent redirect, 404 - not found).

    (%b

    The size (in bytes) of the object returned to the client (your browser).

    \"%{Referer}i\"

    The referrer HTTP request header. This give the site (e.g. Google) that the client (your browser) reports having been referred from.

    \"%{User-agent}i\"

    The identifying information that the client (your) browser reports about itself.
  2. Opening a page containing one of our online forms will create a single PHP session-cookie associated with www.astralsound.com and named ‘FORMID’ in your browser's cookies folder. Its sole purpose is to retain session information while a user completes and submits the form, and it has no security or privacy implications for users. It should automatically delete when you close your browser, but you can safely delete it manually at any time after your successful form submission (you may need to consult your browser's literature for how to locate and delete individual cookies). If you submit more than one form (or submit the same form more than once) the file will be overwritten by the latest submission, and it contains no information that can subsequently be used to identify you or your device, or for any other purpose.

    Currently, the only pages containing online forms are our Contact page and pages opened by selecting Get a Quotation.

[Top of Page]