Legal

Privacy Policy

Last updated: 6 July 2026

1. Introduction

Dassae Ltd, trading as Assura ("Assura", "we", "us" or "our"), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our compliance assessment platform and related services (the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us, including:

2.2 Information Collected Automatically

When you access the Service, we automatically collect certain information, including:

2.3 Information from Third Parties

We may receive information about you from third parties, including:

3. How We Use Your Information

We use the information we collect to:

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, our legal bases for processing your personal data include:

Legal Basis Purpose
Contract Performance To provide the Service you have requested and manage your account
Legitimate Interests To improve our services, prevent fraud, and ensure security
Consent To send marketing communications and use certain cookies
Legal Obligation To comply with applicable laws and regulations

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including courts, law enforcement, or government agencies.

5.3 Business Transfers

If Assura is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control of your personal information.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. Data Retention

We retain your personal information for as long as necessary to:

6.1 Retention Schedule

Data Category Retention Period
Account Information Duration of account + 30 days after deletion request
Assessment Data Duration of account + 90 days after deletion
Payment Records 7 years (UK tax/accounting requirements)
Audit Logs 3 years for security and compliance
Marketing Consent Records Duration of consent + 3 years after withdrawal
Support Communications 2 years after resolution

When you close your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain certain information for legal or legitimate business purposes as outlined above.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

8. Your Rights and Choices

8.1 Your Rights (GDPR/UK GDPR)

If you are in the EEA or UK, you have the following rights:

To exercise these rights, contact us at privacy@assurasec.com. We will respond within 30 days.

8.2 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us. Note that you may still receive transactional or administrative emails.

8.3 Cookies

Most browsers allow you to control cookies through their settings. You can also use our cookie consent tool to manage your preferences. Note that disabling certain cookies may affect the functionality of the Service.

9. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection. When we transfer data internationally, we use appropriate safeguards, including:

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information promptly.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our website and, where appropriate, by email. Your continued use of the Service after any changes indicates your acceptance of the updated policy.

13. Data Protection Officer

If you have questions about this Privacy Policy or our data practices, you may contact our Data Protection Officer at:

14. Supervisory Authority

If you are in the EEA or UK, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law. In the UK, the supervisory authority is the Information Commissioner's Office (ICO).

15. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

16. Data Portability

You can export all your personal data at any time from within your Assura account settings. The export includes your profile information, assessment data, task history, and audit logs in a portable JSON format. To request a data export:

17. Contact Us

For questions or concerns about this Privacy Policy or our data practices, please contact us:

Data Controller:

Dassae Ltd
Company Registration Number: 16994444
Registered Address: Flat 2, 3 Hannington Road, London, England, SW4 0NA, United Kingdom

Dassae Ltd is the data controller responsible for your personal information under this Privacy Policy and the UK Data Protection Act 2018.