Version: 01/06/2021

Astrato is a software platform which provides data visualisation and analysis services.

Astrato is owned and operated by Vizlib Ltd, a company incorporated in England and Wales (registration number: 10431702) having its registered office at Vizlib Ltd, 25 North Row, Mayfair, London, England, W1K 6DJ (“we”, “us” or “Vizlib”). We attach great importance to protecting and respecting your privacy.

We are committed to protecting your personal data and privacy. The purpose of this policy is to inform you of our practices regarding the collection, use and sharing of personal data that is provided to us through your use of the Astrato services, products or website.

We understand the importance of the General Data Protection Regulation (GDPR), both as enacted under EU law and as retained in UK domestic law, and we try constantly to apply it to its fullest extent.

In our Privacy Notice we use a few GDPR terms; the understanding of these terms is essential, in order to better understand your rights and our Privacy Notice. Below you will find some terms as defined in the GDPR:

Personal data:

any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;


any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;


the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;


a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

(i) Personal data & Sources of data

This Privacy Notice applies to personal data provided by our clients (which may include the organisation, firm or entity for whom you work) and their staff, and any third party suppliers whose data we process. In this notice “you” refers to any individual whose personal data we hold or process.

For the vast majority of Astrato services, Vizlib is categorised as a controller when it collects data for processing, for instance for license key controls, service performance and improvement, technical assistance/support or client contact purposes.

Wherever the Astrato services enable a user to submit user-generated content when using the service, Vizlib is not the controller of any personal data contained in such content. We hold this information as a data processor. The relevant user of our service is the controller for this data. Our terms require that such users process this data in accordance with applicable data legislation. In our Terms & Conditions this is defined as “Collaborator Personal Data” and the processing of Collaborator Personal Data by us will be governed by the terms of our Data Processing Agreement (“DPA”). If you are using the service as an individual subscriber (as defined in our Terms & Conditions) then, unless otherwise agreed, we will be the controller of Collaborator Personal Data.


More specifically, the following data is (or might be) provided directly by you (or on your behalf by the organisation, firm or entity for whom you work) when using Astrato and such data may constitute personal data:


Furthermore, we automatically collect data via the Astrato website IP addresses, connection data, types and versions of Internet browsers used, types and versions of your browser plugins, data about your browsing path on our website, the content that you access or view, the search terms used, download errors, the length of time that certain pages are viewed, the advertising ID of your device, the interactions with the page and any number of pages. By provisioning of its cloud services, we automatically collect: IP address, license key, hashed userid, version and type of extension used. Among the technologies used to collect this information, we use cookies. For more information, consult the “cookies” section of this Privacy Notice.


We may receive personal data about you from third sources. This is the case when you use one of our resellers in order to have access to Astrato products and services or in case of online payment for our products. In the second case, we may provide you with another payment solution. Please, contact us.
If we obtain your personal data from the organisation, entity or firm for whom you work or from any other third party, your privacy rights under this Privacy Notice are not affected and you are still able to exercise the rights contained within this notice.

You do not have to supply any personal data to us however in practice we may be unable to provide our services to you without personal data (for instance we will need contact information in order to communicate with you or your organisation). You may withdraw our authority to process your personal data (or request that we restrict our processing) at any time but there are circumstances in which we may need to continue to process personal data (please see below).

(ii) Processing purposes

In order to be more transparent, we want to share with you our processing purposes:

Please note that we do not collect data for commercial purposes that are not related to Astrato products & services, or other products and services operated by Vizlib.

We do not use your personal data for any reason that is not compatible with the purposes it was collected.

Astrato is a Business to Business software and it is not addressed to children! No personal data of children is intentionally collected! If we realize that a child has provided personal information, we will delete it with no delay.

We do not knowingly collect and process special categories of personal data. However, we cannot guarantee that personal data within a special category will not be generated by a user of our service and then stored on our database. This data is irrelevant to the services provided by us and incompatible with our processing purposes.

(b) Lawful basis & purpose limitation

Your data is collected for specified, explicit and legitimate purposes. Any processing made by us is compatible with the following purposes. We have determined a LAWFUL BASIS for each processing purpose, in order to process your data.


a legitimate interest in this context means a valid interest we have in processing your personal data which is not overridden by your interests in data privacy and security. Astrato is a SaaS platform that provides you with online services and products. We have a legitimate interest in processing our users’ personal data because without such data we cannot provide our services or support services. License checks, which require the use of personal data, are necessary to protect our products especially in relation to usage limitation and intellectual property rights. If users choose to submit user-generated content when using our services (which may include personal data), then we have a legitimate interest in storing this data so it can be viewed by other users at the time of posting and referred back to in future. Upgrades to our services and products affect the usage of our services, even under the freemium model.

(i) Our commitment


Adequate, relevant and limited to what is strictly necessary in relation to the processing purposes. When ordering a service, we only ask you to provide data that is necessary in order to provide you with our services or products.


Accurate and kept up to date; if we become aware that it is processing any inaccurate data it is erased or rectified without delay. Please consult your rights.


Data is stored no longer than is necessary for the processing purposes; Personal data collected by us from our clients and their users is kept during the entire duration of the contractual relationship and for the following 12 months. At the end of this retention period, such data is completely erased from all media and backups.

We will hold information for suppliers for up to 7 years from the date on which our agreement with that supplier terminated.


Your data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. Please consult the security section of this Privacy Notice.

(ii) Your Rights

We take appropriate measures to provide you with any information related to your data and your rights. We also want to facilitate the exercise of your data rights. Please contact us at, if you have any questions or you want to exercise any of your rights (see below); we will respond to your request as soon as possible and no later than a month after receiving your request.

Please note that any reasonable information queries related to your data or the exercise of your rights is free of charge!


You have the right to obtain confirmation as to whether or not your personal data is being processed.

In addition to that, you have the right to access your personal data and obtain information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, your GDPR rights, any available information as to the source of your data and finally the existence of automated decision-making, including profiling. Furthermore, in case of transfer to a third country, you have the right to be informed about measures of security relating to the transfer.

In order to exercise your right to access your personal data, we shall provide a copy of the personal data undergoing processing.

A number of the above questions are answered in the present Privacy Notice. Although, within a month from your request you will receive a copy of specific information about your personal data. Be aware that we will ask you to provide proof of identity, in order for you to exercise your rights.


You have the right to demand rectification of inaccurate personal data and complete any incomplete personal data.


You have the right to make a request about the erasure of your personal data or request that your personal data be transferred or exported to another organisation. This right is not absolute and must be based on specific circumstances. You should be aware that we may reject your request if we deem this appropriate in accordance with applicable data protection legislation. For more information, please do not hesitate to contact us.


You may have the right to obtain restriction of processing for specific reasons mentioned in the GDPR (as enacted under UK domestic law) and or the Data Protection Act 2018. For more information, please do not hesitate to contact us. We shall inform you before the restriction of processing is lifted.


You have the right to receive your data in a structured, commonly used and machine-readable format, in order to transmit it to another service provider. To exercise your data portability right you can request that your data be transmitted directly to the service provider that you shall indicate to us, if technically possible.


You can at any time object to processing of your personal data. As of such request, we shall no longer process your data. To exercise this right you must provide us with an objection on grounds that are related to your situation in particular.


At any time, you may withdraw any permission you have given us to process your personal data. For example, you can request that your personal data will not be used to contact you for direct marketing purposes. You also have the right to request that your personal data will not be used for profiling purposes.


If you are not satisfied with the way we apply rules under any applicable data protection legislation or if we do not respect the one-month response time previously announced, please be aware that you have the right to lodge a complaint with a supervisory authority; The supervisory independent authority in the United Kingdom is the ICO (Information Commissioner’s Office).

(iii) Subcontractors & Data transfers

We keep your personal data in the European Union. However, it is possible that personal data we collect through our online platform or as part of our services will be transferred to other countries, some of which may have less protective personal data protection legislation. This is particularly the case regarding data transmitted to any subcontractors located outside the UK and the EU, in particular in the United States.

Subcontractors are called processors by the GDPR. Where we work with subcontractors outside the UK or the EU (if any), we have contracts with processors that provide sufficient guarantees about data protection, respect the GDPR and only act on our instructions.

There are certain additional circumstances in which we may disclose your personal data to third parties, as follows:

(iv) Security measures:

We take the necessary precautions by having implemented appropriate technical and organisational measures to preserve the security and confidentiality of personal data, in particular to prevent any accidental, unauthorised or unlawful access, disclosure, alteration, loss or destruction.

If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to our management team and/or the Information Commissioner’s Office (ICO) as is deemed necessary. If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as reasonably possible.

(v) Summary of commitment

(vi) Cookies

Cookies are small texts used to store information on web browsers. They are used in particular to store and receive identifiers and other information on devices.

Please refer to our Cookies policy by clicking here:

(vii) Password confidentiality

For your own safety, keep your password secret and do not communicate it to anyone.

(viii) Links to 3rd party websites

The present Privacy Notice does not concern web links that lead to 3rd party websites. When it comes to your personal data, please remember to consult those 3rd party privacy policies.

(ix) Updates to our Privacy Policy

We regularly review our Privacy Notice. We will post details of any changes to our policy on our website to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties. Please ensure you check the website regularly for any updates.

(x) Contact details

If you need to contact us about our privacy policy, if you have suggestions in order to improve it, if you want to exercise your rights or make a request, please write to us:

Address: Vizlib Ltd, 25 North Row, Mayfair, London, England, W1K 6DJ

You have the right to lodge a complaint with a supervisory authority; The supervisory independent authority in the United Kingdom is the ICO (Information Commissioner’s Office).

Book a demo

Leave your details and we’ll be in touch shortly to discuss how you can use Astrato to live query data analytics anytime in the cloud.