Privacy Policy

ASTRA’s Privacy Policy is for people who:
  • Receive information about ASTRA
  • Visit the ASTRA website (
  • Attend ASTRA events (either in person or on-line).

This privacy notice sets out the ways in which the ASTRA programme gathers, uses, stores and shares your data. It also sets out how long we keep your data and what rights you have in relation to your data under the General Data Protection Regulation 2018 (GDPR).

Where do we get your data from?

We collect data from the following sources:

  • Emails and verbal conversations with you
  • Cookies on the ASTRA website, which are linked to Google Analytics (
  • If you join the ASTRA team in any role.
What data do we have?

We collect the following data from you:

  • Email address
  • First name, last name, title
  • Job title
  • Organisation
  • Photograph, if requested (for the website)
  • Photograph, if requested (at face-to-face meetings*)
  • Biography, if requested (for the website)

We collect the following data through the ASTRA website, which is linked to Google Analytics:

Cookies are used to see how visitors interact with the site. These aggregate anonymous data about users, such as your interests, gender, demographics and internet/device connections.

We will also collect Special Category Data regarding dietary requirements and accessibility requirements for specific events, when applicable.

(* By assembling for a group photo, we assume you consent to your photograph being used.)

What is our legal basis for processing your data?

By using your data, we are able to:

  • Send you further information on our programme and keep you informed about activities that are taking place
  • Improve the experience of visitors to our website
  • Highlight your contribution to the research programme, by including you on the website.
How do we use your data?

We use your data to:

  • Send you information regarding our programme activities, events and research findings
  • Improve the ASTRA website experience.
Website profiles

For those actively involved in the research programme, we will display a profile for you on the website (your name, job title, organisation, photograph and biography, if applicable). We will request this information specifically, so you know how and when it will be used.

We only share your data with:

  • Key ASTRA collaborator contacts involved in the programme
  • Google Analytics, when analysing the performance of the website
  • On the website, with your permission under your own profile.
How do we keep your data secure?

The ASTRA programme takes information security seriously. We have implemented appropriate technical and organisational measures to protect personal data and special category data. Access to information is restricted on a need-to-know basis, and security arrangements are regularly reviewed to ensure their continued suitability.

ASTRA uses University of York IT security solutions. For further information, please visit:

How do we transfer your data safely internationally?

In certain circumstances, it is necessary to transfer your personal data (including special category data) outside the European Economic Area. In respect of such transfers, ASTRA will comply with our obligations under Data Protection Law and ensure an adequate level of protection for all transferred data.

How long will we keep your data?

Your data will be kept for the duration of ASTRA and only any longer if specifically requested.

What rights do you have in relation to your data?

Under GDPR, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You also have a right to withdraw consent. If you would like to exercise any of these rights, or if you have any questions about this privacy notice, please contact us:

Right to Complain

If you are unhappy with the way ASTRA has handled your personal data, you have a right to complain to the Information Commissioner’s Office. To find out how to do this, please visit