GDPR and European Economic Area Notice

Last Updated: May 12, 2021



European Economic Area Privacy Policy

AuditFile, Inc. (“AuditFile,” “we,” “us,” “our”) is committed to protecting the privacy of your information.  The following Privacy Policy describes how we collect, use, and disclose information we receive from our users of our website, mobile applications, and products and services (collectively, the “Services”) in the European Economic Area (collectively, “you” or “users”).  For the purposes of compliance with the EU General Data Protection Regulation (GDPR), we will be the “controller” of personal data we receive about you.
 

Effective Date

This Privacy Policy is effective and last updated as of May 12, 2021. 
 

The Information We Collect

We collect different types of information from users.
Personal Data  means any information relating to an identified or identifiable natural person.  Examples of Personal Data we collect from users include first and last names, company name and address, email address, telephone number, username and password for accessing your AuditFile account, IP addresses, and mobile device identifier.
Usage Data.  We collect additional information regarding users’ activities on our website, mobile app, and software application.  For instance, when you view a section of our website or application that does not require you to log in with unique user credentials or start conversations with us using our software application, we may collect anonymous Usage Data that may not reasonably be used to identify you as the source.  Usage Data includes “click stream” activity, such as when you click on a banner advertisement; the type of Internet browser and computer operating system you are using; the location from which you are accessing the website; the URL of the website from which you linked to our website; and the areas of our website you visited.
 

How We Collect Information

We collect Personal Data when you voluntarily provide such information through the website or other communications.  For example, we receive Personal Data when you visit our website, create an online user account, submit a membership application, subscribe to receive our communications, register for events, submit various online forms, and contact us via telephone, mail, or email. We automatically record Usage Data on our server logs that your browser transmits when you use the website.  We also collect Usage Information about how you access and interact with the website through the use of automated tracking technology, such as cookies.  Please find more information about our use of cookies below.

How We Use and Disclose Information

General Uses and Disclosures.  We use and share the information we collect from users for the purposes described below.  To perform the following tasks, AuditFile may transfer your data to countries outside the European Economic Area using appropriate safeguards when necessary.  When necessary, we will obtain your consent before using your data for these purposes.
 

How to Withdraw Your Consent

At any time, you may withdraw consent you have provided to AuditFile for using, disclosing, or otherwise processing your Personal Data.  You may withdraw your consent by emailing AuditFile at gdpr@auditfile.com, and following the instructions in our communication to you. Please note that your withdrawal of consent to process certain Personal Data about you (1) may limit our ability to deliver membership benefits and services to you, and (2) does not affect the lawfulness of our processing activities based on your consent before its withdrawal.
 

How We Use Cookies and Other Technology

To enhance your experience with our websites, many of our pages use “cookies.” Cookies are text files that are placed on your computer to store your preferences or for other record-keeping purposes. Cookies and other user tracking mechanisms (e.g., local shared objects), by themselves, do not tell us your email address or other personally identifiable information unless you choose to provide this information to us by, for example, registering at our websites. However, once you choose to furnish us with personally identifiable information, this information may be linked to the data stored in the cookie or other tracking mechanism. We may use cookies and other user tracking mechanisms, including “persistent cookies”, which will remain on your computer even after you close your browser, to understand website usage and to improve the content and offerings on our websites. For example, we may use cookies to personalize your experience at our website (e.g., to recognize you by name when you return to our website), and to save your password in password-protected areas. We also may use cookies to offer you products, programs, or services. While most browsers are set to accept cookies and other tracking devices by default, you can set yours to refuse tracking devices or to alert you before accepting them. However, by disabling tracking devices, you may not have access to the entire set of features of our websites. Your browser manufacturer has information on changing the default setting for your specific browser. AuditFile also uses standard Internet technology, such as web beacons and similar technologies, to track your use of the websites or to track your response to email messages that we send you in connection with the Services. Web beacons (sometimes called transparent GIFs, clear GIFs, or web bugs) are small strings of code that provide a way for us to deliver a small graphic image (usually invisible) on a web page or in an email. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page where the web beacon is placed. AuditFile may use web beacons to improve your experience with the Services, including to provide you with content customized to your interests and to understand whether users read email messages and click on links contained within those messages so that the websites can deliver relevant content. Our web beacons may collect some contact information (for example, the email address associated with an email message that contains a web beacon). We use analytics software to allow us to better understand the functionality of our mobile applications on your mobile devices. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.
 

Your Rights

You have the following rights under the GDPR: To exercise the above rights, please contact us at the information we provide below.  We will consider and process your request within a reasonable period of time.  Please be aware that under certain circumstances, the GDPR may limit your exercise of these rights.
 

Retention of Personal Data

We will retain your Personal Data only as long as necessary to process request or other submission, fulfill the terms of our service contract with you, and comply with applicable law.
 

Security of Personal Data

Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while we attempt to protect all Personal Data, we cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network.  We will notify you in the event we become aware of a security breach involving your Personal Data (as defined by applicable law) stored by or for us.
 

How to File a Complaint

You may file a complaint regarding this Privacy Policy or our privacy practices by contacting us at the information we provide below.  Additionally, you may file a complaint with EU data protection authorities (DPAs).  Please contact us to be directed to the appropriate DPA contact(s).
 

Data Protection Officer

We have appointed a Data Protection Officer to oversee our GDPR compliance efforts.  You may reach the Data Protection Officer at gdpr@auditfile.com.

Privacy Shield Frameworks

AuditFile complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. AuditFile has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. AuditFile is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

In compliance with the Privacy Shield Principles, AuditFile commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact AuditFile at:

By Mail:
Office of The Data Protection Office for AuditFile, Inc.
C/O Goodwin Procter LLP
3 Embarcadero Center
28th Floor
San Francisco, CA 94111
United States of America

By Telephone:
+1 888 502 7002

By Email:
gdpr@auditfile.com

AuditFile has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, AuditFile will provide EU end users a binding arbitration option before the Privacy Shield Panel. AuditFile acknowledges that any final decision by the Privacy Shield Panel is a legally binding decision, enforceable in US courts. In cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield, AuditFile is potentially liable.

To effectively process data on behalf of a client to serve the client’s needs, AuditFile may need to share that data with certain third parties or sub-processors. In such instances, AuditFile will execute any needed contracts, clauses or addendums to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles.

Comments and Questions

If you have a comment, question, or requested related to the Privacy Policy, please reach us at gdpr@auditfile.com.
 

Updates to the Privacy Policy

We may periodically revise the Privacy Policy in our sole and absolute discretion to reflect changes in the law or our business practices.  If we revise the Privacy Policy, we post the updated Privacy Policy on our website.  Changes to the Privacy Policy will become effective and will apply to the information collected starting on the date we post the revised Privacy Policy.