GDPR and European Economic Area Notice

Last Updated: May 12, 2021

---

European Economic Area Privacy Policy

AuditFile, Inc. (“AuditFile,” “we,” “us,” “our”) is committed to protecting the privacy of your information.  The following Privacy Policy describes how we collect, use, and disclose information we receive from our users of our website, mobile applications, and products and services (collectively, the “Services”) in the European Economic Area (collectively, “you” or “users”).  For the purposes of compliance with the EU General Data Protection Regulation (GDPR), we will be the “controller” of personal data we receive about you.
 

Effective Date

This Privacy Policy is effective and last updated as of May 12, 2021. 
 

The Information We Collect

We collect different types of information from users.
Personal Data  means any information relating to an identified or identifiable natural person.  Examples of Personal Data we collect from users include first and last names, company name and address, email address, telephone number, username and password for accessing your AuditFile account, IP addresses, and mobile device identifier.
Usage Data.  We collect additional information regarding users’ activities on our website, mobile app, and software application.  For instance, when you view a section of our website or application that does not require you to log in with unique user credentials or start conversations with us using our software application, we may collect anonymous Usage Data that may not reasonably be used to identify you as the source.  Usage Data includes “click stream” activity, such as when you click on a banner advertisement; the type of Internet browser and computer operating system you are using; the location from which you are accessing the website; the URL of the website from which you linked to our website; and the areas of our website you visited.
 

How We Collect Information

We collect Personal Data when you voluntarily provide such information through the website or other communications.  For example, we receive Personal Data when you visit our website, create an online user account, submit a membership application, subscribe to receive our communications, register for events, submit various online forms, and contact us via telephone, mail, or email. We automatically record Usage Data on our server logs that your browser transmits when you use the website.  We also collect Usage Information about how you access and interact with the website through the use of automated tracking technology, such as cookies.  Please find more information about our use of cookies below.

How We Use and Disclose Information

General Uses and Disclosures.  We use and share the information we collect from users for the purposes described below.  To perform the following tasks, AuditFile may transfer your data to countries outside the European Economic Area using appropriate safeguards when necessary.  When necessary, we will obtain your consent before using your data for these purposes.

• Provision of Services to Website and Mobile Application Users.  If you use our website or mobile application, we will your information to process and respond to your requests, comments, inquiries, and other forms you submit through our websites.
• Provision of Services to Customers.  If you are a AuditFile customer, we will use your information to support our delivery of products and services to you.
• Improving our Services.  We use your information to enhance our understanding of our users’ preferences and improve our services, websites, and mobile applications accordingly.
• Disclosures to Service Providers.  We share your information with third-party service providers that assist us with hosting and maintaining AuditFile’s websites and applications, processing payment card information, analyze online activity on our websites and applications, marketing our services, and managing our daily business operations and delivery of products and services. We share only the minimum amount of Personal Data with these service providers that they need to perform their tasks.  We also enter into contracts with these service providers that require them to protect the Personal Data.
• Compliance with Legal Obligations.  We will share your information with law enforcement, government officials, regulatory agencies, or other parties when we are required to do so by applicable law.  We will also disclose your information to comply with a judicial proceeding, court order, subpoena, or legal process.
• Protection of Individual’s Vital Interests.  In emergency situations, we will use or share your information when doing so is necessary to protect an interest that is essential for an individual’s life.
• Other Legitimate Interests.  We will use and disclose your information when necessary for AuditFile’s legitimate interests, as long as such interests are not overridden by our users’ interests, rights, and freedoms with respect to their Personal Data.

 

How to Withdraw Your Consent

At any time, you may withdraw consent you have provided to AuditFile for using, disclosing, or otherwise processing your Personal Data.  You may withdraw your consent by emailing AuditFile at [email protected], and following the instructions in our communication to you. Please note that your withdrawal of consent to process certain Personal Data about you (1) may limit our ability to deliver membership benefits and services to you, and (2) does not affect the lawfulness of our processing activities based on your consent before its withdrawal.
 

How We Use Cookies and Other Technology

To enhance your experience with our websites, many of our pages use “cookies.” Cookies are text files that are placed on your computer to store your preferences or for other record-keeping purposes. Cookies and other user tracking mechanisms (e.g., local shared objects), by themselves, do not tell us your email address or other personally identifiable information unless you choose to provide this information to us by, for example, registering at our websites. However, once you choose to furnish us with personally identifiable information, this information may be linked to the data stored in the cookie or other tracking mechanism. We may use cookies and other user tracking mechanisms, including “persistent cookies”, which will remain on your computer even after you close your browser, to understand website usage and to improve the content and offerings on our websites. For example, we may use cookies to personalize your experience at our website (e.g., to recognize you by name when you return to our website), and to save your password in password-protected areas. We also may use cookies to offer you products, programs, or services. While most browsers are set to accept cookies and other tracking devices by default, you can set yours to refuse tracking devices or to alert you before accepting them. However, by disabling tracking devices, you may not have access to the entire set of features of our websites. Your browser manufacturer has information on changing the default setting for your specific browser. AuditFile also uses standard Internet technology, such as web beacons and similar technologies, to track your use of the websites or to track your response to email messages that we send you in connection with the Services. Web beacons (sometimes called transparent GIFs, clear GIFs, or web bugs) are small strings of code that provide a way for us to deliver a small graphic image (usually invisible) on a web page or in an email. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page where the web beacon is placed. AuditFile may use web beacons to improve your experience with the Services, including to provide you with content customized to your interests and to understand whether users read email messages and click on links contained within those messages so that the websites can deliver relevant content. Our web beacons may collect some contact information (for example, the email address associated with an email message that contains a web beacon). We use analytics software to allow us to better understand the functionality of our mobile applications on your mobile devices. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.
 

Your Rights

You have the following rights under the GDPR:

• To access the Personal Data we maintain about you
• To be provided with information about how we process your Personal Data
• To correct your Personal Data
• To have your Personal Data erased
• To object to or restrict how we process your Personal Data
• To request your Personal Data to be transferred to a third party

To exercise the above rights, please contact us at the information we provide below.  We will consider and process your request within a reasonable period of time.  Please be aware that under certain circumstances, the GDPR may limit your exercise of these rights.
 

Retention of Personal Data

We will retain your Personal Data only as long as necessary to process request or other submission, fulfill the terms of our service contract with you, and comply with applicable law.
 

Security of Personal Data

Unfortunately, no data transmitted over or accessible through the Internet can be guaranteed to be 100% secure. As a result, while we attempt to protect all Personal Data, we cannot ensure or warrant that Personal Data will be completely secure from misappropriation by hackers or from other nefarious or criminal activities, or in the event of a failure of computer hardware, software, or a telecommunications network.  We will notify you in the event we become aware of a security breach involving your Personal Data (as defined by applicable law) stored by or for us.
 

How to File a Complaint

You may file a complaint regarding this Privacy Policy or our privacy practices by contacting us at the information we provide below.  Additionally, you may file a complaint with EU data protection authorities (DPAs).  Please contact us to be directed to the appropriate DPA contact(s).
 

Data Protection Officer

We have appointed a Data Protection Officer to oversee our GDPR compliance efforts.  You may reach the Data Protection Officer at [email protected].

Privacy Shield Frameworks

AuditFile complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. AuditFile has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. AuditFile is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

In compliance with the Privacy Shield Principles, AuditFile commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact AuditFile at:

By Mail:
Office of The Data Protection Office for AuditFile, Inc.
C/O Goodwin Procter LLP
3 Embarcadero Center
28th Floor
San Francisco, CA 94111
United States of America

By Telephone:
+1 888 502 7002

By Email:
[email protected]

AuditFile has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, AuditFile will provide EU end users a binding arbitration option before the Privacy Shield Panel. AuditFile acknowledges that any final decision by the Privacy Shield Panel is a legally binding decision, enforceable in US courts. In cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield, AuditFile is potentially liable.

To effectively process data on behalf of a client to serve the client’s needs, AuditFile may need to share that data with certain third parties or sub-processors. In such instances, AuditFile will execute any needed contracts, clauses or addendums to ensure that any third-party agents that it engages to process personal data does so in a manner that is consistent with the Privacy Shield Principles.

Comments and Questions

If you have a comment, question, or requested related to the Privacy Policy, please reach us at [email protected].
 

Updates to the Privacy Policy

We may periodically revise the Privacy Policy in our sole and absolute discretion to reflect changes in the law or our business practices.  If we revise the Privacy Policy, we post the updated Privacy Policy on our website.  Changes to the Privacy Policy will become effective and will apply to the information collected starting on the date we post the revised Privacy Policy.