Home/Legal/Privacy Policy

Privacy Policy

Last updated: January 15, 2025

1. Introduction

The African Standards, Trade & Investment Accreditation Commission (“ASTIAC,” “we,” “our”) is committed to protecting the privacy of applicants, accredited entities, and website visitors. This Privacy Policy explains how we collect, use, store, and protect your personal information in connection with our accreditation services and website.

2. Information We Collect

We collect the following categories of information:

  • Identity Data: Full name, date of birth, nationality, government-issued identification documents.
  • Organizational Data: Company name, registration number, jurisdiction, beneficial ownership structure, governance documents.
  • Contact Data: Email address, phone number, postal address.
  • Financial Data: Financial statements, proof of funding sources (required for AML/CTF compliance).
  • Technical Data: IP address, browser type, device information, and usage data collected through cookies and analytics tools.

3. How We Use Your Information

We use your information for the following purposes:

  • Processing and evaluating accreditation applications.
  • Conducting AML/CTF screening and due diligence as required by international regulations.
  • Issuing and managing accreditation certificates.
  • Maintaining the ASTIAC Global Registry of accredited entities.
  • Communicating with you about your application, certificate status, or account.
  • Improving our services and website functionality.
  • Complying with legal and regulatory obligations.

4. Legal Basis for Processing

We process personal data on the basis of: (a) contractual necessity - to provide our accreditation services; (b) legal obligation - to comply with AML/CTF regulations; (c) legitimate interests - to maintain the integrity of our accreditation registry; and (d) consent - where explicitly obtained for marketing communications.

5. Data Sharing

We may share your data with: (a) compliance screening providers for AML/CTF verification; (b) regulatory authorities when required by law; (c) third-party verification requesters (limited to accreditation status confirmation only); and (d) professional advisors including auditors and legal counsel. We do not sell personal data to third parties.

6. Data Security

We implement industry-standard technical and organizational security measures including encryption at rest and in transit, access controls, regular security audits, and staff training. All application data is processed through secure, certified infrastructure.

7. Data Retention

Personal data submitted for accreditation is retained for a minimum of five (5) years after the expiry or revocation of accreditation, as required by AML/CTF record-keeping obligations. Website usage data is retained for up to two (2) years.

8. Your Rights

Depending on your jurisdiction, you may have the right to: access your personal data; request correction of inaccurate data; request erasure (subject to legal retention requirements); object to processing; and data portability. To exercise these rights, contact accreditation@astiac.org.

9. International Transfers

ASTIAC operates globally. Your data may be transferred to and processed in jurisdictions outside your country of residence, including the United States. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

10. Contact

For privacy-related inquiries, contact our Data Protection Officer at accreditation@astiac.org or write to: ASTIAC, 651 North Broad Street, Suite 206, Middletown, Delaware 19709, USA.