GDPR and European Economic Area Notice
Last Updated: May 12, 2021
The Information We CollectWe collect different types of information from users.
Personal Data means any information relating to an identified or identifiable natural person. Examples of Personal Data we collect from users include first and last names, company name and address, email address, telephone number, username and password for accessing your AuditFile account, IP addresses, and mobile device identifier.
Usage Data. We collect additional information regarding users’ activities on our website, mobile app, and software application. For instance, when you view a section of our website or application that does not require you to log in with unique user credentials or start conversations with us using our software application, we may collect anonymous Usage Data that may not reasonably be used to identify you as the source. Usage Data includes “click stream” activity, such as when you click on a banner advertisement; the type of Internet browser and computer operating system you are using; the location from which you are accessing the website; the URL of the website from which you linked to our website; and the areas of our website you visited.
How We Use and Disclose InformationGeneral Uses and Disclosures. We use and share the information we collect from users for the purposes described below. To perform the following tasks, AuditFile may transfer your data to countries outside the European Economic Area using appropriate safeguards when necessary. When necessary, we will obtain your consent before using your data for these purposes.
- Provision of Services to Website and Mobile Application Users. If you use our website or mobile application, we will your information to process and respond to your requests, comments, inquiries, and other forms you submit through our websites.
- Provision of Services to Customers. If you are a AuditFile customer, we will use your information to support our delivery of products and services to you.
- Improving our Services. We use your information to enhance our understanding of our users’ preferences and improve our services, websites, and mobile applications accordingly.
- Disclosures to Service Providers. We share your information with third-party service providers that assist us with hosting and maintaining AuditFile’s websites and applications, processing payment card information, analyze online activity on our websites and applications, marketing our services, and managing our daily business operations and delivery of products and services. We share only the minimum amount of Personal Data with these service providers that they need to perform their tasks. We also enter into contracts with these service providers that require them to protect the Personal Data.
- Compliance with Legal Obligations. We will share your information with law enforcement, government officials, regulatory agencies, or other parties when we are required to do so by applicable law. We will also disclose your information to comply with a judicial proceeding, court order, subpoena, or legal process.
- Protection of Individual’s Vital Interests. In emergency situations, we will use or share your information when doing so is necessary to protect an interest that is essential for an individual’s life.
- Other Legitimate Interests. We will use and disclose your information when necessary for AuditFile’s legitimate interests, as long as such interests are not overridden by our users’ interests, rights, and freedoms with respect to their Personal Data.
How to Withdraw Your ConsentAt any time, you may withdraw consent you have provided to AuditFile for using, disclosing, or otherwise processing your Personal Data. You may withdraw your consent by emailing AuditFile at [email protected], and following the instructions in our communication to you. Please note that your withdrawal of consent to process certain Personal Data about you (1) may limit our ability to deliver membership benefits and services to you, and (2) does not affect the lawfulness of our processing activities based on your consent before its withdrawal.
Your RightsYou have the following rights under the GDPR:
- To access the Personal Data we maintain about you
- To be provided with information about how we process your Personal Data
- To correct your Personal Data
- To have your Personal Data erased
- To object to or restrict how we process your Personal Data
- To request your Personal Data to be transferred to a third party
Retention of Personal DataWe will retain your Personal Data only as long as necessary to process request or other submission, fulfill the terms of our service contract with you, and comply with applicable law.
Security of Personal DataUnfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while we attempt to protect all Personal Data, we cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network. We will notify you in the event we become aware of a security breach involving your Personal Data (as defined by applicable law) stored by or for us.
Data Protection OfficerWe have appointed a Data Protection Officer to oversee our GDPR compliance efforts. You may reach the Data Protection Officer at [email protected]
In compliance with the Privacy Shield Principles, AuditFile commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact AuditFile at:
Office of The Data Protection Office for AuditFile, Inc.
C/O Goodwin Procter LLP
3 Embarcadero Center
San Francisco, CA 94111
United States of America
+1 888 502 7002
AuditFile has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, AuditFile will provide EU end users a binding arbitration option before the Privacy Shield Panel. AuditFile acknowledges that any final decision by the Privacy Shield Panel is a legally binding decision, enforceable in US courts. In cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield, AuditFile is potentially liable.
To effectively process data on behalf of a client to serve the client’s needs, AuditFile may need to share that data with certain third parties or sub-processors. In such instances, AuditFile will execute any needed contracts, clauses or addendums to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles.