Asanto Privacy Policy 2025

Asanto Privacy Notice 2025

Last updated: November 2025

This privacy notice outlines how Asanto, operated by Investment Discounts On Line Limited (part of the Legal & General Group), processes personal data in accordance with the UK GDPR and ICO guidance. It incorporates insights from our Records of Processing Activities (RoPA) and Data Protection Impact Assessments (DPIAs).

Who are we?

Investment Discounts On Line Limited trading as Asanto (“we”, “us”, “our”) provides a Software as a Service (SaaS) platform in a business-to-business (B2B) environment.

Data Processor: For subscriber-hosted customer journeys and platform services.
Data Controller: For internal operations such as helpdesk, CRM, invoicing, onboarding, and B2B marketing.

What This Notice Covers

This notice applies to:

Potential and existing subscribers
Business contacts and users of the Asanto platform
Visitors to our B2B website

What is personal information?

Personal information refers to data that identifies a living individual, such as:

Name, address, email, phone number
Financial details
Business contact information
Preferences and usage data

Special category data (e.g. health) and criminal conviction data may be processed by subscribers, not by Asanto directly.

What information do we hold?

We may collect and process the following types of information about our users.

Type of data	Description	Examples of how we use it
Personally Identifiable Information	This is the personal information which you provide to us to use the Asanto service, including use of our 3rd party helpdesk (theidol.freshdesk.com)	Provision of information requested Managing and servicing our business relationship Business to business marketing
Aggregated Data	We collect anonymised data, as agreed with subscribers, which does not contain any personally identifiable information.	Provided the communication content remains neutral and linked to the original quote, Phase 1 can be considered compliant from both a data privacy and marketing-consent perspective. Should the content evolve to include promotional elements, it will need to be reassessed against PECR marketing requirements Analytics, service improvement
Website Data	We automatically collect details about your visits to our website (Asanto.com) via cookies and other tracking technology.	Product enhancement
Contractual Data	Payment and credit details	Invoicing, account management
Preferences	Marketing choices	Business to business marketing
Public Data	Openly available business info	Relationship management

Where do we get our information from?

Information you give us directly (when you fill in online forms, contact us by phone or e-mail or request information regarding our products and service). We may record phone calls for our mutual protection, to meet our contractual obligations and to improve our customer service standards.
Information we collect about you or receive from other sources.

This could be information you provide to us electronically, information we get from a third party or from publicly available sources such as (Companies House). For more information on how we use cookies, please check our cookie policy which can be found on our website.

How do we use your information?

We use personal data to:
Create and manage subscriber accounts
Provide platform services and support
Fulfil contractual obligations
Improve our services through analytics
Comply with legal and regulatory requirements
Communicate updates and changes
For system administration needs.
For any other purpose that we have agreed with you from time to time.

Using your information in accordance with data protection laws

Data protection laws require us to meet certain conditions before we are allowed to use your personal information in the way we describe in this privacy notice. We take these responsibilities extremely seriously. To use your personal information, we will rely on the following conditions, depending on the activities we are carrying out:

Providing our contracts & services to you: We will process your personal information to carry out our responsibilities resulting from any commercial agreements or contracts you have entered into with us and to provide you with the information, products, and service you have asked from us, which may include online services. This includes using your information to improve the quality of the products and service, and to notify you of any changes to your requests. (e.g. service delivery)
Complying with applicable laws: We may process your personal information to comply with any legal obligation we are subject to. (e.g. fraud prevention)
Legitimate interests: To use your personal data for any purpose described in this privacy notice, we will rely on a condition known as “legitimate interests”. It is in our legitimate interests to collect your personal data as it provides us with the information that we need to provide our services to you more effectively. We may use your information to:
Develop, test, and manage our products and service.
Study and manage how our professional business clients use the products and services from us.
This requires us to carry out an assessment of our interests in using your personal data against the interests you have as a citizen and the rights you have under data protection laws.
The outcome of this assessment will determine whether we can use your personal data in the ways described in this privacy notice. We will always act reasonably and give full and proper consideration to your interests in carrying out this assessment.
Consent: We may process your personal information for different purposes where you have provided your consent to do so. (e.g. marketing, special category data)
Criminal Conviction Data: We may process this type of information solely for the purpose of preventing fraud.

Subscribers are responsible for ensuring lawful processing of their customer data.

Automated Decision-Making and Profiling

Some subscriber journeys may involve automated decisions (e.g. underwriting, pricing). Subscribers must inform their customers and document the logic and impact.

Data Retention

Subscribers define their own retention policies.
Asanto supports automated deletion via scripts.
B2B enquiries are retained for 12 months

We will only keep your personal information after this period if there is a legitimate and provable business reason to do so.

Cookies and Tracking

Cookies and tracking technologies (e.g. SessionCam, SMS links) may be used. Subscribers are responsible for cookie deployment and consent on their D2C sites.

Children’s Data

The Asanto platform is not intended for children. Subscribers must ensure compliance if targeting children or vulnerable individuals.

Who do we share your personal information with?

We will only disclose your information to:

Other companies within Investment Discount Online Limited, third-party suppliers, and contractors for the purposes listed under “How do we use your information?” above.
Our government (e.g., HMRC) and law enforcement or fraud prevention agencies, and your regulators.

Additionally, we may disclose your personal information to third parties:

If we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
If we, or substantially all our assets, are acquired by a third party, in which case personal data held by us about our professional business clients will be one of the transferred assets.
In order to enforce or apply the terms of any contract we have with you.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
To protect all parties from financial crime, we may be required to verify the identity of new and sometimes existing professional business clients. This may be achieved by using reference agencies to search sources of information relating to you (an identity search). This will not affect your credit rating. If this fails, the business may need to approach you to obtain documentary evidence of identity.
In accordance with business agreements, we may perform credit checks on professional business clients.

Third-Party Processors

We work with trusted third parties:

AWS (hosting)
Twilio (SMS)
Verisk (medical screening)
Freshdesk (support)
CDL (vehicle lookup)

Transfers outside the UK/EEA are safeguarded using Standard Contractual Clauses (SCCs).

Fraud prevention

The business may need to check your details with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We may also share information about you with other organisations and public bodies, including police and we may check and/ or file your details with fraud prevention agencies and databases.

Investment Discounts On Line Limited and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

Managing credit and credit related accounts or facilities.
Recovering debt.
Checking details of professional business clients.

Investment Discounts On Line Limited and other organisations may access and use from other countries the information recorded by fraud prevention agencies. Please contact the Asanto team at support@asanto.com if you wish to receive the relevant details of the fraud prevention agencies:

Address: Investment Discounts On Line Limited, Eden Business Park, Penrith, Cumbria, CA11 9FB.

Transferring your data outside the EU

For subscribers within the European Economic Area (EEA) the data we collect from you will be transferred to, and stored by, third-party suppliers, at a destination within the European Economic Area (“EEA”). We will take all reasonably necessary steps to make sure that your data is treated securely and in accordance with this privacy notice.

Should we want to transfer or store data outside the EEA we will provide you with the details.

For subscribers located outside of the European Economic Area (EEA) the data we collect from you will be transferred to, and stored by, third-party suppliers, at a destination outside the European Economic Area (“EEA”). We will take all reasonably necessary steps to make sure that your data is treated securely and in accordance with this privacy notice.

Your rights

You have rights under data protection law that relate to the way we process your personal data. More information on these rights can be found on the Information Commissioner’s website. If you wish to exercise any of these rights, please get in touch with us by emailing support@asanto.com.

Your Rights
1	The right to access the personal data that we hold about you.
2	The right to make us correct any inaccurate personal data we hold about you.
3	The right to make us erase any personal data we hold about you. This right will only apply where for example: We no longer need to use the personal data to achieve the purpose we collected it for. You withdraw your consent if we are using your personal data based on that consent. Where you object to the way we use your data, and there is no overriding legitimate interest.
4	The right to restrict our processing of the personal data we hold about you. This right will only apply where for example: You dispute the accuracy of the personal data we hold. You would like your data erased, but we require to hold it in order to stop its processing. You have the right to require us to erase the personal data but would prefer that our processing is restricted instead. Where we no longer need to use the personal data to achieve the purpose, we collected it for, but you need the data for legal claims.
5	The right to object to our processing of personal data we hold about you (including for the purposes of sending marketing materials to you).
6	The right to receive personal data, which you have provided to us, in a structured, commonly used, and machine-readable format. This right only applies to personal data that you have provided to the “data controller” by way of a contract or consent..
7	The right to withdraw your consent, where we are relying on it to use your personal data.

Your Right to Complain

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Website: https://ico.org.uk/
Address: First Contact Team, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Contacting Us About Your Personal Data

Legal & General Group has appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. theidol.com has appointed a Data Privacy Manager (DPM) to liaise with the Group DPO and manage day-to-day data protection matters.

If you have any questions about this privacy notice or how we handle your personal information, please contact:

Data Privacy Manager
Email: datacontroller@theidol.com
Address: theidol.com, The Edge, Eden Business Park, Penrith, Cumbria, CA11 9FB

If you need to contact Legal & General’s Group DPO directly:

Group Protection Officer
Email: Data.Protection@landg.com
Address: 1 Coleman Street, London, EC2R 5AA