IMPORTANT NOTICE All information and data which you input when using the Software and Services will be accessible to, and may be viewed by, other “Authorised Users” using the Software and Services under the Commercial Licence, as well as the Commercial Licensee itself.
SCOPE OF POLICY
For the purpose of the Data Protection Law, the data controller in respect of the data contained within the AuditComply platform will be the separate corporate Customers, namely, the organisation which has purchased the user or manager licence you are permitted to use in order to gain access to the Software, Documents or Services. It is therefore the Customer which determines the nature and manner in which data is processed under the broad framework provided by AuditComply’s online platform and mobile app. AuditComply may in its limited role come to use, remotely access, display, alter, maintain and analyse the Customer’s Data (which may include some of your personal data).
INFORMATION WE MAY COLLECT FROM YOU
We may collect the following data and different data types:
Each time you visit our Sites or use the platform we may automatically collect the following information:
o Technical information, including the type of computer or device you use, a unique device identifier (for example, your Device’s mobile number or UUID number), mobile network information, your operating system, the type of browser you use and time zone setting; o details of your use of any of Software or Services or your visits to any of Our Sites including, but not limited to, traffic data, location data, internet protocol (IP) addresses, internet service provider (ISP), clickstream data, browser type and language, viewed and exit pages and date or time stamps weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
WHERE WE STORE YOUR INFORMATION
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. These staff may be engaged in the fulfilment of your request, order or reservation, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to the potential transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated with no less protection than it would receive if transferred and stored within the EEA: we adhere to the data security principle at Article 5 of the GDPR.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password that enables you to access the Software or the Services you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may collect and store personal data on your Device using application data caches and browser web storage (including HTML 5) and other technology.
THE USES MADE OF YOUR INFORMATION
We use information held about you for the purposes of system administration to improve our Software, to enable both AuditComply and the Customer to fulfil each other’s legal and contractual duties to each other and third parties, and to maintain high quality access, usage and customer support services. We may associate Device Information with Submitted Information and will treat the combined information as personal data in accordance with this policy for as long as it is combined. We may also use the details you have provided from time to time to contact you in relation to the Services or Software we provide, unless you have opted out of being contacted for such purposes.
OUR LAWFUL BASES FOR USING YOUR INFORMATION
You will notice that we insist on very clear, affirmative action from you to signify your consent to our processing your personal data. We also have a compelling need to process your data in order to fully perform our contract for making the platform available to you as an end user. We will also process your date where we need to comply with other legal obligations – for example connected with regulatory requests. In addition, AuditComply will not collect or process any data in relation to anyone unless we are satisfied that we have a legitimate interest in doing so (in adherence to the GDPR). This means that we will continually assess our legitimate business needs against the three legal tests which are designed to satisfy the legitimate interest requirements under Data Protection Law:
Our legitimate interests are prudently counterbalanced by the constant right of individuals to make a data access request to us (such as an objection to processing).
ADHERENCE TO MODERN PRIVACY PRINCIPLES
When using your information AuditComply respects the core principles of data protection set out in Article 5 of the GDPR. These are:
The “transparency” principle – we accept the fairness and transparency required by modern Data Protection Law.
The “data minimisation” principle – we take no more data from people than we need in order to run our business appropriately.
The “accuracy” principle –we keep your records up to date.
The “retention” principle – we make sure that we store your data on our servers and archives for no longer than is necessary, to minimise risks to you and us.
The “data security” principle – we take security of data seriously to avoid our business, customer data or payment data being compromised in any way.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
We may disclose your personal information to third parties:
RETENTION OF YOUR INFORMATION
We will keep your information as long as permitted for our legitimate business purposes and for any retention period that we are legally required to meet. Our current practice is not to hold customer or end-user personal data beyond 30 days after the Services or Software have ceased to be provided. Personal data which AuditComply considers to be of less relevance to the performance of a contract, such as miscellaneous correspondence or telephony records, may be deleted earlier.
YOUR RIGHTS OVER YOUR INFORMATION
You have the right to obtain confirmation that your personal data is being processed, have access to your personal data, and other supplementary information – (as provided in this legally compliant privacy notice). Accordingly, AuditComply will provide details of the information we hold about you on request.
AuditComply will rectify any personal data that is inaccurate or incomplete. If any inaccurate personal data has been disclosed to third parties, AuditComply will inform them of the rectification where possible.
You have a right to have personal data erased and to prevent processing in specific circumstances, as refined by the Data Protection Act 2018. For example, where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed or when you withdraw consent or when you object to the processing and there is no overriding legitimate interest for continuing the processing.
You can require us to restrict the processing of your personal data. For example where you contest the accuracy of the personal data, we will pause and re-consider the processing until the accuracy of the personal data has been verified or where you have objected to the processing and AuditComply is considering whether its legitimate grounds override your rights.
You have the right not to be subject to solely automated decisions and where we make such automated decisions, a right to have a person review the decision.
This refers to your right to obtain a transferable copy of your information we hold about you.
This right triggers at any time where our processing of your data is based on consent. Linked to this you have the right to object to the processing of data where the processing is based on either the conditions of public interest or our legitimate business interests. Furthermore, you have the right to prevent processing that is likely to cause unwarranted substantial damage or distress to you.
We will provide you with a copy of the personal data undergoing processing in electronic emailable form. Any additional copies will incur a fee to cover our reasonable costs. To make a subject access request, the individual should send the request to our Data Protection Officer contactable at email@example.com
We use the following cookies:
You can find more information about the individual cookies we use and the purposes for which we use them by emailing firstname.lastname@example.org
Any third party cookies we use will be governed by their own terms and privacy policies, so you should read these before giving your consent to enable these third party cookies.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of Our Sites.