Privacy Notice


This privacy notice explains what information we collect when you access our website, how the information is used and disclosed, how you can control the use and disclosure of your personal information and how we protect it. Also this notice discloses the privacy practices for https://astraone.io . This privacy notice applies solely to information collected by this web site. It will notify you of the following:

  1. What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared.
  2. What choices are available to you regarding the use of your data.
  3. The security procedures in place to protect the misuse of your information.
  4. How you can correct any inaccuracies in the information.

Purpose of this notice:

This Privacy Notice provides mandatory information as required under Articles 13 and 14 of the European General Data Protection Regulation (GDPR) regarding the transparency of personal data processing. Definitions of certain terms within this notice are explained in the appendix.

Who we are?

AstraOne LLC and its affiliates, including Hybrid Adtech Inc, Hybrid Adtech GmbH, Hybrid Adtech sp. z o.o. and services offered on third-party sites, such as advertising services. AstraOne LLC Hybrid Adtech Inc, Hybrid Adtech GmbH, Hybrid Adtech sp. z o.o. are subsidiaries company of Konglomerat LTD

What information do we collect?

We have a lot of sites connected to our systems. We show ads on the site, by integrating our codes there. Also we are connected with other different ad companies on a tech level, to get audience segmentation of each user, and to provide sites with demand if we don‟t have enough. We do use audience targeting in our Advertising Dasboard to show right ads to right users

We do not collect any Personal Identifiable Information (PII) data from our user or visitor. We may collect the following categories of information for the purposes explained below.

How We Collect Your Information?

Personal Data should be collected only from the Data Subject unless one of the following apply:

How do we use collected information?

We use this data to help our Advertisers identify and serve ads to you that are more relevant to you. We also use this data to operate, improve and enhance our services including enhancing the data points we or our Advertising Partners have about a particular user, browser, or device, or to target, optimize, cap, or synchronize advertising.

We, as well as Third Parties that provide content, advertising or other functionality on our Services, may use Cookies, pixel tags and other technologies (“Technologies”) to automatically collect information through the Services. We use Technologies that are essentially small data files placed on your computer, tablet, mobile phone or other devices (referred to collectively as a "device") that allow us to record certain pieces of information whenever you visit or interact with our sites, services, applications, messaging, and tools and to recognize you across devices.

How do we Share and Process collected information?

We will not share your information with any third party outside of our organization and affiliates, other than as necessary to fulfill your request,

a. Data Processing

AstraOne provides targeted advertising services for our advertiser clients ("Advertisers"). When Identifiable Natural Person visits a website operated by an Advertiser or a third party site where we could serve an ad to you, we may collect some or all of the data described in 3.3.1. hybrid.ai uses that data as well as other data described below to help Advertisers provide ads to Identifiable Natural Persons that are more relevant to them.

AstraOne uses the Personal Data of its Contacts for the following broad purposes:

The use of a Advertiser‟s information should always be considered from their perspective and whether the use will be within their expectations or if they are likely to object. For example, it would clearly be within a Advertiser‟s expectations that their details will be used by hybrid.ai to respond to a Advertiser request for information about the products and services on offer. However, it will not be within their reasonable expectations that AstraOne would then provide their details to Third Parties for marketing purposes. Each AstraOne Entity will Process Personal Data in accordance with all applicable laws and applicable contractual obligations. More specifically, AstraOne will not Process Personal Data unless at least one of the following requirements are met:

There are some circumstances in which Personal Data may be further processed for purposes that go beyond the original purpose for which the Personal Data was collected. When making a determination as to the compatibility of the new reason for Processing, guidance and approval must be obtained from the hybrid.ai representative before any such Processing may commence.

In any circumstance where Consent has not been gained for the specific Processing in question, AstraOne will address the following additional conditions to determine the fairness and transparency of any Processing beyond the original purpose for which the Personal Data was collected:

b. Special Categories of Data

AstraOne will only Process Special Categories of Data (also known as sensitive data) where the Data Subject expressly consents to such Processing or where one of the following conditions apply:

Further conditions, including limitations, based upon national law related to the Processing of genetic data, biometric data or data concerning health.In any situation where Special Categories of Data are to be Processed, prior approval must be obtained from the Office of Data Protection and the basis for the Processing clearly recorded with the Personal Data in question. Where Special Categories of Data are being Processed, Meta Privacy will adopt additional protection measures. Each Meta Privacy Entity may also adopt additional measures to address local custom or social expectation over the Processing of Special Categories of Data.

c. Children’s Data

Children are unable to Consent to the Processing of Personal Data for information services. Consent must be sought from the person who holds parental responsibility over the child. However, it should be noted that where Processing is lawful under other grounds, Consent need not be obtained from the child or the holder of parental responsibility. Should any AstraOne Entity foresee a business need for obtaining parental consent for information society services offered directly to a child, guidance and approval must be obtained from the hybrid.ai representative before any Processing of a child‟s Personal Data may commence.

d. Data Quality

Each AstraOne Entity will adopt all necessary measures to ensure that the Personal Data it collects and Processes is complete and accurate in the first instance, and is updated to reflect the current situation of the Data Subject.

The measures adopted by AstraOne to ensure data quality include:

e. Digital Marketing

As a general rule hybrid.ai will not send promotional or direct marketing material to an AstraOne website visitors or platform users through digital channels such as mobile phones, email and the Internet, without first obtaining their Consent. Any AstraOne Entity wishing to carry out a digital marketing campaign without obtaining prior Consent from the Data Subject must first have it approved by AstraOne representative. Where Personal Data Processing is approved for digital marketing purposes, the Data Subject must be informed at the point of first contact that they have the right to object, at any stage, to having their data Processed for such purposes. If the Data Subject puts forward an objection, digital marketing related Processing of their Personal Data must cease immediately and their details should be kept on a suppression list with a record of their opt-out decision, rather than being completely deleted. It should be noted that where digital marketing is carried out in a „business to business‟ context, there is no legal requirement to obtain an indication of Consent to carry out digital marketing to individuals provided that they are given the opportunity to opt-out.

Who receives your Personal Data?

Using data for Profiling Purposes:

As a matter of principle, your personal data will not be processed automatically with the objective of evaluating certain personal aspects (profiling). In the event that we should process your personal data with the objective of conducting profiling, we will, if required by law, specifically inform you of this and of your rights in this respect.


You may Opt-Out of any future contacts from us at any time by clicking the following button

What Data Protection Principles we follow?

AstraOne has adopted the following principles to govern its collection, use, retention, transfer, disclosure and destruction of Personal Data:

Personal Data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject. This means, AstraOne must tell the Data Subject what Processing will occur (transparency), the Processing must match the description given to the Data Subject (fairness), and it must be for one of the purposes specified in the applicable Data Protection regulation (lawfulness).

Personal Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This means AstraOne must specify exactly what the Personal Data collected will be used for and limit the Processing of that Personal Data to only what is necessary to meet the specified purpose.

Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This means AstraOne must not store any Personal Data beyond what is strictly required.

Personal Data shall be accurate and, kept up to date. This means AstraOne must have in place processes for identifying and addressing out-of-date, incorrect and redundant Personal Data.

Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is Processed. This means hybrid.ai must, wherever possible, store Personal Data in a way that limits or prevents identification of the Data Subject.

Personal Data shall be processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful Processing, and against accidental loss, destruction or damage. AstraOne must use appropriate technical and organizational measures to ensure the integrity and confidentiality of Personal Data is maintained at all times.

The Data Controller shall be responsible for, and be able to demonstrate compliance. This means AstraOne must demonstrate that the six Data Protection Principles (outlined above) are met for all Personal Data for which it is responsible.

What legal basis do we have for processing your personal data?

According to Article 6 of the GDPR at least one of these must apply whenever your personal data is processed:

How do we secure personal data?

No data transmissions over the Internet can be guaranteed to be 100 percent secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to AstraOne is done at your own risk. However, AstraOne uses website security measures consistent with current best practices to protect its website, email and mailing lists. These measures include technical, procedural, monitoring and tracking steps intended to safeguard data from misuse, unauthorized access or disclosure, loss, alteration or destruction.

We realize there can be incidents of misuse or unauthorized program incursions, as almost every website, service and user encounters. In those instances, our goals are to move quickly to isolate the problem, ensure or restore proper functionality and minimize any inconvenience to our users. As appropriate and necessary, AstraOne will notify the relevant authorities of these incidents of misuse or unauthorized program incursions of the AstraOne website. We use technical and organizational security measures to protect the data we have under our control against accidental or intentional manipulation, loss or destruction and against access by unauthorized persons. Our security procedures are continually enhanced as new technology becomes available.

We take precautions to protect your information. When we collect any information via the website, your information is protected both online and offline. Wherever we collect any information that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for "https" at the beginning of the address of the web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

Data Transfers (Internal and Within Third Parties):

We may transfer the information we collect about you to countries other than the country where we originally collected it for the purposes of storage and processing of data and operating our services. Those countries may not have the same data protection laws as your country. However, when we transfer your information to other countries, we will protect that information as described in this Privacy Notice and take steps, where necessary, to ensure that international transfers comply with applicable laws. For example, if we transfer your information from the European Economic Area to a country outside it, such as the United States, we will seek to take additional steps such as entering into EU compliant data transfer agreements with the data importer where necessary.

AstraOne entities may transfer Personal Data to internal or Third Party recipients located in another country where that country is recognized as having an adequate level of legal protection for the rights and freedoms of the relevant Data Subjects. Where transfers need to be made to countries lacking an adequate level of legal protection (i.e. Third Countries), they must be made in compliance with an approved transfer mechanism AstraOne Entities may only transfer Personal Data where one of the transfer scenarios list below applies:

Each AstraOne Entity will only transfer Personal Data to, or allow access by, Third Parties when it is assured that the information will be processed legitimately and protected appropriately by the recipient. Where Third Party Processing takes place, each hybrid.ai Entity will first identify if, under applicable law, the Third Party is considered a Data Controller or a Data Processor of the Personal Data being transferred.

Where the Third Party is deemed to be a Data Controller, the AstraOne Entity will enter into, in cooperation with the Office of Data Protection, an appropriate agreement with the Controller to clarify each party‟s responsibilities in respect to the Personal Data transferred.

Where the Third Party is deemed to be a Data Processor, the AstraOne Entity will enter into, in cooperation with the Office of Data Protection, an adequate Processing agreement with the Data Processor. The agreement must require the Data Processor to protect the Personal Data from

further disclosure and to only Process Personal Data in compliance with AstraOne instructions. In addition, the agreement will require the Data Processor to implement appropriate technical and organizational measures to protect the Personal Data as well as procedures for providing notification of Personal Data Breaches.

When a hybrid.ai Entity is outsourcing services to a Third Party (including Cloud Computing services), they will identify whether the Third Party will Process Personal Data on its behalf and whether the outsourcing will entail any Third Country transfers of Personal Data. In either case, it will make sure to include, in cooperation with the Office of Data Protection, adequate provisions in the outsourcing agreement for such Processing and Third Country transfers. Meta Privacy has a „Standard Provisions for Outsourcing Agreement‟ document that should be used for guidance. ##How Long Do We Retain Your Personal Data?

We retain Personal Data about you for as long as need for legal basis or you consent to do so or as otherwise necessary to provide the Services to you and improve the Services for all users generally. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally. If your personal data is no longer required for the performance of contractual or regulatory obligations, it will be erased on a regular basis unless further processing is necessary, for instance, for preserving particular evidence under the applicable data protection laws and regulations or in the context of legal statutes of limitation.

What Rights Do You Have Regarding Your Personal Data?

You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email . Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

AstraOne will always fully respect your rights regarding the processing of your personal data, and has provided below the details of the person to contact if you have any concerns or questions regarding how we process your data, or if you wish to exercise any rights you have under the GDPR. All requests received for access to or rectification of Personal Data must be directed to the AstraOne representative, who will log each request as it is received. A response to each request will be provided within 30 days of the receipt of the written request from the Data Subject. Appropriate verification must confirm that the requestor is the Data Subject or their authorised legal representative. Data Subjects shall have the right to require AstraOne to correct or supplement erroneous, misleading, outdated, or incomplete Personal Data.

Complaints Handling:

Data Subjects with a complaint about the Processing of their Personal Data, should put forward the matter in writing to the Office of Data Protection. An investigation of the complaint will be carried out to the extent that is appropriate based on the merits of the specific case. The hybrid.ai representative will inform the Data Subject of the progress and the outcome of the complaint within a reasonable period. If the issue cannot be resolved through consultation between the Data Subject and the hybrid.ai representative, then the Data Subject may, at their option, seek redress through mediation, binding arbitration, litigation, or via complaint to the Data Protection Authority within the applicable jurisdiction.

Breach Reporting

Any individual who suspects that a Personal Data Breach has occurred due to the theft or exposure of Personal Data must immediately notify AstraOne representative providing a description of what occurred. Notification of the incident can me made via e-mail , or by using the anonymous incident reporting form at . AstraOne representative will investigate all reported incidents to confirm whether or not a Personal Data Breach has occurred. If a Personal Data Breach is confirmed, the AstraOne representative will follow the relevant authorised procedure based on the criticality and quantity of the Personal Data involved. For severe Personal Data Breaches, the AstraOne management will initiate and chair an emergency response team to coordinate and manage the Personal Data Breach response.

How to contact us?

If you have any questions about this GDPR Privacy Notice or our data practices generally, please contact us using the following information:


For all request concerning the security of your data you can contact our data protection officer at [email protected]

External Data Protection Officer and contact information:

If you have a particularly sensitive request, please contact our Data Protection Officer by postal mail, as communication by e-mail can always be flawed by security vulnerabilities.