Review your data rights now: verify and request a copy of the portion stored by Ashby, and set your preferred notification channels. Our process ensures you see processing dates, sources of data, and the exact scope we rely on, within 30 days of a valid request.

To exercise your rights, follow these steps: submit a formal request through our privacy portal, include your contact details, and specify the data type you need or the portion you want. We verify your identity and ensure you retain control over your assets; you’ll receive a clear timeline and a plain-language answer.

Updates to our policies arrive with concise summaries and practical examples. This combined approach reduces reliance on jargon, clarifies obligations, and aligns the organization with privacy laws. You’ll find change notices in the privacy center and monthly digests.

Interviews with the privacy team explain how to apply your rights in real situations. In these conversations we show how compliance is built into workflows, how you can limit data collection at the source, and how to exercise objection or deletion. We highlight the need to document consent streams and to address unsolicited data requests.

We spell out the obligations of the organization and your rights: access, correction, deletion, data portability, and processing limits. We describe how we protect assets, enforce strong access controls, and share data only with partners who meet our security standards and your consent preferences. If a policy is violated, you can file a complaint through our privacy portal.

Ashby Privacy Policy: Data Protection & Your Rights; How can you access correct or delete your personal information

To access correct or delete your personal information, sign in to your Ashby account and use Privacy controls to view, copy, or remove data. If you cannot access controls, contact us to lodge a data rights request; this enables us to verify your identity and proceed with your instructions. Therefore, enable the controls in your account to streamline the process.

Your rights and how to exercise them

Across Ashby websites, data processing occurs collectively with processors in switzerland and within the united network managed from herts. visitors understand that data used for statistics supports security and site improvements. To exercise rights, contacting our privacy team enables identity verification and prevents access by others. Further, you can request a copy of your data to understand the information held and the purpose behind it. If you disagree, lodge a grievance and we address it with a written response posted to you. The period for responding follows the applicable law and company policy.

RightWhat it enablesHow to exerciseNotes
AccessView data held about youSign in and use Privacy controls or contact our privacy team to verify identityIncludes information used for operating purposes and statistics
Copy (data portability)Obtain a machine-readable copyRequest a copy; we provide in a portable formatData can be moved to another service
DeleteRemove personal data not required for purposeSubmit a deletion request; identity verification requiredSome data retained for legal reasons or grievance handling
CorrectionUpdate inaccurate dataUse Privacy controls or contact us; we perform updateUpdates apply to accounts and related systems
GrievanceRaise concerns about processingLodge grievance via contact or form; we investigateWe post outcomes where appropriate

What personal data Ashby collects and why

Limit non-essential data collection by adjusting your privacy preferences in your Ashby account and in your browser to control what is collected and stored.

Below is a clear, concrete breakdown of the data we collect, why we collect it, and where it is used, so you can decide what you wish to share and how it affects your experience.

  1. Identifiers and contact details

    • What: your name, email address, postal address, phone number, and username. Some fields are required to create and manage your account.
    • Why: to identify you, communicate important updates, provide personalized support, and fulfill orders or requests.
    • Where/When: collected during sign-up, profile updates, and when you post content or contact support.

  2. Content you post and messages you say

    • What: text you submit, comments, reviews, messages in chats, and any content you posted in public or semi-public areas.
    • Why: to enable interactions, deliver requested features, and address your wishes or questions.
    • Where/When: during posting, replying to inquiries, and when you engage with community features.

  3. Technical and usage data

    • What: device type, operating system, browser, language, IP address, time stamps, cookies, and unique identifiers.
    • Why: to ensure security, protect accounts, and improve performance and reliability.
    • Where/When: during visits to our sites and when you interact with features that perform processing.

  4. Usage data and visits

    • What: pages you visit, features used, session duration, and referral sources.
    • Why: to understand how services are used, tailor experiences, and address particular needs you have during your journey with us.
    • Where/When: recorded as you navigate our site and while you perform activities that require processing.

  5. Transactional and financial data

    • What: payment status, invoices, refunds, and transaction IDs.
    • Why: to complete purchases, process payments, and provide receipts and order history.
    • Where/When: during purchases, refunds, and customer service interactions related to transactions.

  6. Location data

    • What: approximate location based on IP or device settings.
    • Why: to tailor content and comply with regional requirements.
    • Where/When: during use of certain features or services that rely on location context.

  7. Business data and partner interactions

    • What: information about businesses or partners you interact with through Ashby.
    • Why: to support collaborations, provide coordinated services, and address business-related needs.
    • Where/When: during negotiations, onboarding, or joint activities with partners.

Addition to these categories, we address details on consent and control. Some processing depends on the purpose and may rely on reasonable safeguards. When data is shared, it is limited to what is necessary and protected by security measures.

Why we collect data and how we use it

We collect data to perform services, enforce our terms, and comply with legal obligations. In addition, we use data to prevent abuse, investigate issues, and improve products for a better user experience. If you posted content or interacted with our services, we may reference that activity to tailor recommendations and communications. When requested by you or as required by law, we address details with the appropriate authority.

Data sharing and protection

We share information with service providers, partners, and authorities only as needed to deliver services, protect users, or meet enforcement requirements. We take reasonable steps to keep data protected and do not disclose it beyond what is necessary to perform the stated purposes.

Your rights and how to exercise them

You can exercise your rights to access, update, delete, or restrict processing of your data. If you wish to export your data or move it to another service, you can request portability. If you are unable to change a setting yourself, contact us and we will assist. You can also lodge concerns with a privacy authority if you believe our practices do not address your rights.

Details and options are described in this policy to help you manage what is posted, kept, and processed. Addressed questions about data handling are handled promptly to support your trust and confidence in Ashby.

Where your information comes from and how to verify its accuracy

Start by listing every source of information you rely on and verify each item against your records, giving you a clear understanding of its origin and longer validity before you act.

Sources of information

Data comes from user-provided inputs (forms, account settings, and communications), analytics collected from your time on the site, browser and device signals, and when applicable data from third-party partners. Each item is shown with its source so you can recognize where it originated; if the data concerns others, we separate it to protect privacy. Specifically, we track consent choices, preferences, and contact history. The data from analytics includes timestamps and interaction patterns that help us understand behavior while limiting exposure of sensitive details. This data is collected using approved technologies, using your consent and the controls you have in your browsers and through the essex centre privacy settings. As said in our policy, we shall document the retention period for each source and the specific fields involved, so you can see below what is stored and for how long. In our essex centre, spring audits verify that sources are linked to the right records, and we exercise care to minimize loss from cross-sourcing. Browsers and cookies provide signals used for personalisation, and you have control over what you share. If a source is unclear, you can request a review; contacting our privacy team is supported and there is no charge for basic verification.

Verifying accuracy and responses

To verify accuracy, compare each data item to your own records–account details, recent communications, and the consent you gave. Specifically, verify fields like email, name, preferences, and contact history, and confirm the source tag matches the original submission or partner feed. If you find a discrepancy, you may request corrections; we shall update the data and show the changes in the data path shown to you. There are several ways to verify, including cross-checking with logs and analytics and by contacting the team for a data path summary. The retention period for data is defined by source and kept only as long as needed to fulfil the purpose. In essex centre operations, we perform spring checks to keep accuracy high. If you have requested data exports, you will receive them via a secure download; there is no charge for this service. You retain control over how data is used and can exercise your rights to review, correct, or delete information at any time. To start, use the contact options below or the data-check link in the policy to initiate a review.

How to request access to your data (DSAR) with Ashby

Submit your DSAR through the Ashby website Privacy section using the "Access to data" form. Include your full name, a current email address, and any identifiers tied to your Ashby account to verify your right to access data stored by Ashby and our first-party services.

Ashby collects data from visitors, employment records, and users of our services. Your DSAR covers data Ashby processes directly and data we share with partners to deliver site and service functionality. You may request access to general data categories, including contact details, employment information, communications, site and device logs, and uses data stored in backups over the past years. If data has changed, mention the period to search and any devices or apps you used to interact with Ashby, so we can locate the relevant records as part of the review.

To make a complete request, specify the scope (which accounts, which site or service, incl third-party integrations) and your preferred format (downloadable file or secure link). Provide enough detail to identify the relevant records and minimize the need to review unrelated data. If you want to disable certain processing during the DSAR period, note that some services may be limited as a result. You can also specify whether you want a collective export covering multiple services or a focused set of records regarding a specific topic.

Submit the request via our site once more: go to privacy and select Access to data. We may contact you during verification to confirm your identity; the peverel team handles the verification process and will keep you informed at every step. If you are contacted for clarification, respond promptly to keep the process moving. If you need further guidance regarding the data types in scope, our team can provide a concise explanation.

What you will receive

You will get a structured export of your data, organized by source and purpose, with a general summary of how it is used. The package includes data collected from your visits, employment records, and interactions with Ashby’s services, along with metadata indicating data sources, processing purposes, and retention periods. Part of the data may be withheld under exemptions described in regulations, and you will receive a clear note about any omissions. Materials are delivered through the Ashby website or via a secure download link, and you can choose to collect or have the data sent to a designated contact by ensuring the address is updated in your profile.

Timelines and verification

Ashby aims to respond within 30 days of receipt, with an extension possible up to 60 days for complex or high-volume requests, including those spanning multiple sites or devices. The clock starts after identity verification and a clearly described request is received. If we need more information, we will contact you. When the data is ready, you will receive a downloadable file and a summary of data categories, sources, and rights regarding them. If you disagree with our response, you can request a review per regulations and our compliance procedures.

How to request deletion or erasure of your data under Ashby policy

Submit your deletion request via the Ashby privacy portal or by mailing a written notice to our privacy team. Include your wish to erase data and specify the scope you seek to remove across systems and settings, including cookies and data visible to visitors.

For physical mail submissions, we may require additional verification steps to protect your rights.

  1. First, gather details about the data types you want deleted: your personal details, contact information, recruitment records, preferences, and any copy stored in other parts of the system. Note the date you provided the data and where it appears (account, forms, cookies settings).
  2. Prepare and submit the request through the portal or your mailing address. In your note, describe the parts of your data you sought to delete and, if applicable, your consent status for processing.
  3. We require verification of your identity before acting. Provide identifiers and, if requested, a copy of an ID to prevent unauthorized deletions.
  4. After submission, you will receive a reference number and an expected timeline for processing. We will reach you with updates as the request moves through the lanes of our workflow.
  5. We process within a reasonable time and erase or anonymize data in active systems. You will receive a confirmation copy of the actions taken, and any data addition that cannot be deleted will be handled in line with retention requirements.

If any data appears inaccurate, contact us to correct it during the erasure process. Ashby follows united, principles-related privacy rights and provides clear channels via the same settings to reach the team with questions about date, scope, or cookies preferences.

How Ashby verifies your identity before processing privacy requests

Verify the requester with a layered identity check before processing any privacy request. To fulfill your rights, Ashby requires at least two independent signals: direct verification via a one-time code sent to your registered contact and a corroborating detail held in our system. If the signals differ or are unavailable, we pause processing unless you provide alternative verification. Below you will find the next steps and updates.

Identity verification steps

Further checks may include an anonymised review of documents or a brief interview; we strive for a quick outcome while protecting your data. We require at least two independent signals and may request a copy of an ID if needed. If you cannot provide the requested proof, we reject the request and explain the reason and any next steps. We do not rely on social data alone; if we use any social information, we obtain your explicit consent and limit usage to verification. This includes further privacy research activities conducted with your permission to improve processes.

During verification, analytics help assess risk and evaluate whether to proceed. We may reference information we have already received to speed checks, while keeping data as restricted as possible. We apply strategic risk controls to align with policy and protect both sides. The data held for verification is stored securely and is temporary; it may be deleted after the process concludes. The term mean is defined in our glossary to clarify verification outcomes.

Data handling and transparency

Data used for verification remains within a secured system and is shared only with authorized personnel for the purpose of fulfilling your request. We may hold logs of verification steps for a limited period and may provide a copy of the verification record upon request. If you request portability, we offer a direct export of your data in a structured, machine-readable format, which includes the data you provided and verification results. Any charge for specialized or expedited requests is disclosed upfront; updates on status appear below and you can adjust or cancel the request at any time. Data is kept in line with our retention requirements and is deleted when no longer necessary to support your privacy rights.

What to expect after submitting a data access or deletion request

After your data access or deletion inquiry is sent, we acknowledge receipt within a short timeframe and begin verification to confirm your identity and needs.

We gather only the minimum information needed and keep handling limited to what is necessary to fulfill your rights. This is our responsibility to protect their data while we verify the scope of your inquiry. For reference, see httpswwwashbycouk.

Updates occur within an appropriate timeframe, and you will be informed fully of the next steps. Specifically, we verify the scope of the data involved. If the verification shows a broader scope, we may add steps. In addition, we may ask for proof to support the inquiry. We may involve teams incl privacy specialists and a social channel group to confirm the context of your interaction, while keeping data handling limited to the needs of the case. Processing depends on complexity and any cross-border considerations; we verify all elements before confirming the outcome. If the review takes longer, we inform you.

When action is complete, you will receive a concise summary of what was done and what remains limited, if any. If you need to make a further change, you can send another inquiry; we will handle it with the same care and respond in the same timeframe. We keep a secure log of steps to support accountability and enable future rights actions.

How to contact Ashby for privacy questions or to file a complaint

Use the dedicated privacy contact lane on Ashby’s site: submit via the privacy form or email [email protected] with the subject line “Privacy Question” or “Complaint”. If you clicked a notification or are using the app, the system routes your message to our privacy team to speed handling.

When you submit, include your full name, a contact method, and indicate whether you are the data subject or an authorized representative. Provide a concise text description of the issue, the data involved (e.g., identity data, physical attributes, devices), the period or post dates, and any relevant assets or features. Mention any third-party processors or social integrations, the party with whom you interacted, and the lane where the data flow occurs. If available, attach supporting documents or screenshots.

We handle inquiries under the applicable data protection framework and under the law that applies to your region. We shall acknowledge receipt within two business days and provide a reasonable timeline for resolution, typically 14 days for straightforward requests and up to 30 days for complex cases. If additional information is required to verify your identity, we will request it promptly and keep data minimization in mind. We may also request information regarding the context of processing to ensure accuracy.

During review, we may contact the relevant consenting parties if needed and explain options to modify or withdraw consent where available. For analytical processing or other features tied to your account, we outline purposes and the right to restrict processing. If the issue involves third-party assets or data shared with others, we describe how those parties may be informed or how data access is limited.

Post-resolution, you may elect to post a summary of the result in your Ashby account or request a copy of the response. If the matter concerns your identity data rights, we provide steps to access, rectify, or delete information. If you remain dissatisfied, you may escalate to the supervisory authority applicable to your region; we will provide guidance and the reference ID for your submission. We keep a secure record of the process and use what we learn to improve the privacy framework and related service delivery.