Privacy Policy

AuditComply is a Northern Ireland company with its registered office at 17A Ormeau Avenue, Belfast, BT2 8HD.  As a data processor in respect of the AuditComply platform we provide to customers and end-users (but also as a data controller of our own internal information) we are committed to protecting and respecting the latest standards in respect of your privacy as the same are enshrined under Data Protection Law.   This privacy policy sets out the basis on which any personal data we collect will be used as well as outlining the cookies that we will use when you access our websites. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

IMPORTANT NOTICE   All information and data which you input when using the Software and Services will be accessible to, and may be viewed by, other “Authorised Users” using the Software and Services under the Commercial Licence, as well as the Commercial Licensee itself.

SCOPE OF POLICY

This policy (together with our end-user licence agreement – EULA) applies to your use of the Software and the Documents, any of the Services, and your visits to the websites at which we may host any of the Services, Software or Documents (Our Sites).  Unless otherwise defined in this Privacy Policy, the terms used herein will have the meaning given to them in the EULA.

For the purpose of the Data Protection Law, the data controller in respect of the data contained within the AuditComply platform will be the separate corporate Customers, namely, the organisation which has purchased the user or manager licence you are permitted to use in order to gain access to the Software, Documents or Services.  It is therefore the Customer which determines the nature and manner in which data is processed under the broad framework provided by AuditComply’s online platform and mobile app. AuditComply may in its limited role come to use, remotely access, display, alter, maintain and analyse the Customer’s Data (which may include some of your personal data).

INFORMATION WE MAY COLLECT FROM YOU

By clicking on the “Accept” button in respect of the EULA you consent to the use of your personal data by the Customer but also by AuditComply and to the terms of the privacy and cookie policy set out herein.  If you do not agree to the terms of the EULA licence, and therefore this privacy and cookie policy, we do not permit you to have, use or access any license for the purpose of using AuditComply’s Software, Documents or Services.  YOU MUST NOT IN SUCH CIRCUMSTANCES CLICK “Accept” or proceed to use the any of the foregoing.

We may collect the following data and different data types:

Each time you visit our Sites or use the platform we may automatically collect the following information:

o Technical information, including the type of computer or device you use, a unique device identifier (for example, your Device’s mobile number or UUID number), mobile network information, your operating system, the type of browser you use and time zone setting; o details of your use of any of Software or Services or your visits to any of Our Sites including, but not limited to, traffic data, location data, internet protocol (IP) addresses, internet service provider (ISP), clickstream data, browser type and language, viewed and exit pages and date or time stamps weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.

WHERE WE STORE YOUR INFORMATION

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. These staff may be engaged in the fulfilment of your request, order or reservation, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to the potential transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated with no less protection than it would receive if transferred and stored within the EEA: we adhere to the data security principle at Article 5 of the GDPR.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access the Software or the Services you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to Our Sites or the data transmitted when using the Services or the Software. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. All data will be held in servers managed by our third party hosting provider Amazon Web Services (AWS. and held subject to the following terms and conditions – https://aws.amazon.com/service-terms/ and privacy policy – https://aws.amazon.com/privacy/. Direct access to the data will only be given to our third party hosting provider and shall also be locked down to an internal internet protocol accessible only from within the network of our third party hosting provider.

We may collect and store personal data on your Device using application data caches and browser web storage (including HTML 5) and other technology.

THE USES MADE OF YOUR INFORMATION

We use information held about you for the purposes of system administration to improve our Software, to enable both AuditComply and the Customer to fulfil each other’s legal and contractual duties to each other and third parties, and to maintain high quality access, usage and customer support services. We may associate Device Information with Submitted Information and will treat the combined information as personal data in accordance with this policy for as long as it is combined. We may also use the details you have provided from time to time to contact you in relation to the Services or Software we provide, unless you have opted out of being contacted for such purposes.

OUR LAWFUL BASES FOR USING YOUR INFORMATION

You will notice that we insist on very clear, affirmative action from you to signify your consent to our processing your personal data.  We also have a compelling need to process your data in order to fully perform our contract for making the platform available to you as an end user. We will also process your date where we need to comply with other legal obligations – for example connected with regulatory requests.  In addition, AuditComply will not collect or process any data in relation to anyone unless we are satisfied that we have a legitimate interest in doing so (in adherence to the GDPR).  This means that we will continually assess our legitimate business needs against the three legal tests which are designed to satisfy the legitimate interest requirements under Data Protection Law:

  1. Identifying our legitimate business interests – We are a commercial enterprise servicing a growing market for compliance services. We believe our business interests are aligned with modern customer-demands and attitudes towards auditing, reporting, and providing best in class business information to client companies.
  2. The necessity of processing an individual’s data is clear to us.  We primarily collect customer and end user information, then store, file, review and use it for the purposes of the platform, its maintenance, and the discharge of our contractual and other duties We also process personal data in order to fulfil our customer contracts, grow our business, make optimal use of online facilities such as our website, enhance the AuditComply brand, provide excellent customer services, and improve the engagement experience for all our end-users, customers and stakeholders (including prospective customers and end-users). We realise the severe limitations to our aims which would result if we were not able to process personal data as we do.  We have researched the market and conclude there is a distinct lack of any other less intrusive means to deliver the above interactions, customer services, brand enhancement, and benefits for individuals than via the data-processing we currently conduct.
  3. We have weighed the balance of the rights and interests of our business with interests of our end-users, customers, and stakeholders to have their privacy specially protected.  We are aware from our growing customer base that they have a good understanding of the value of our relationship with them and that they reasonably expect us contact, engage, and communicate with them.  Furthermore, we have considered the impact of our types of data processing in relation to individuals (from having emails, names, IP addresses, and other contact data). When compared with other industries and other kinds of data processing which can involve a lot of sensitive personal data we take the view that there is marginal or no harm or risk to the rights and freedoms of the valued customers and contacts we have at AuditComply.

Our legitimate interests are prudently counterbalanced by the constant right of individuals to make a data access request to us (such as an objection to processing).

ADHERENCE TO MODERN PRIVACY PRINCIPLES

When using your information AuditComply respects the core principles of data protection set out in Article 5 of the GDPR. These are:

The “transparency” principle – we accept the fairness and transparency required by modern Data Protection Law.

The “data minimisation” principle –  we take no more data from people than we need in order to run our business appropriately.

The “purpose limitation” principle – we only collect data for the clear range of uses and purposes we have set out in this privacy policy.

The “accuracy” principle –we keep your records up to date.

The “retention” principle – we make sure that we store your data on our servers and archives for no longer than is necessary, to minimise risks to you and us.

The “data security” principle – we take security of data seriously to avoid our business, customer data or payment data being compromised in any way.

DISCLOSURE OF YOUR INFORMATION

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.

We may disclose your personal information to third parties:

RETENTION OF YOUR INFORMATION

We will keep your information as long as permitted for our legitimate business purposes and for any retention period that we are legally required to meet. Our current practice is not to hold customer or end-user personal data beyond 30 days after the Services or Software have ceased to be provided.   Personal data which AuditComply considers to be of less relevance to the performance of a contract, such as miscellaneous correspondence or telephony records, may be deleted earlier.

YOUR RIGHTS OVER YOUR INFORMATION

This privacy policy provides you with information on the purpose for collecting and use of your personal data.

You have the right to obtain confirmation that your personal data is being processed, have access to your personal data, and other supplementary information – (as provided in this legally compliant privacy notice).  Accordingly, AuditComply will provide details of the information we hold about you on request.

AuditComply will rectify any personal data that is inaccurate or incomplete. If any inaccurate personal data has been disclosed to third parties, AuditComply will inform them of the rectification where possible.

You have a right to have personal data erased and to prevent processing in specific circumstances, as refined by the Data Protection Act 2018. For example, where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed or when you withdraw consent or when you object to the processing and there is no overriding legitimate interest for continuing the processing.

You can require us to restrict the processing of your personal data. For example where you contest the accuracy of the personal data, we will pause and re-consider the processing until the accuracy of the personal data has been verified or where you have objected to the processing and AuditComply is considering whether its legitimate grounds override your rights.

You have the right not to be subject to solely automated decisions and where we make such automated decisions, a right to have a person review the decision.

This refers to your right to obtain a transferable copy of your information we hold about you.

This right triggers at any time where our processing of your data is based on consent. Linked to this you have the right to object to the processing of data where the processing is based on either the conditions of public interest or our legitimate business interests.  Furthermore, you have the right to prevent processing that is likely to cause unwarranted substantial damage or distress to you.

We will provide you with a copy of the personal data undergoing processing in electronic emailable form.  Any additional copies will incur a fee to cover our reasonable costs. To make a subject access request, the individual should send the request to our Data Protection Officer contactable at help@auditcomply.com

CHANGES TO PRIVACY POLICY

Any changes we may make to our privacy policy in the future will be posted on this page without further recourse or notice to you. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the Documents, Software or the Services.

We refer you to the Data Protection Addendum of the EULA (section 12) which is incorporated by reference into this privacy policy.

COOKIES

Our Services use cookie files which are stored on the hard drive of your device to allow us to distinguish you from other users of our Services and obtain information about your general internet usage. This helps us to provide you with an optimal experience when use our Sites and also allows us to improve them. By accessing our Sites, and using our Documents, Software or Services, you are agreeing to our use of cookies.

We use the following cookies:

You can find more information about the individual cookies we use and the purposes for which we use them by emailing help@auditcomply.com

Any third party cookies we use will be governed by their own terms and privacy policies, so you should read these before giving your consent to enable these third party cookies.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of Our Sites.

CONTACT

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to help@auditcomply.com.