Data Privacy Framework Notice
Effective: June 6, 2025
EU-U.S, Swiss-U.S., and UK Extension to Data Privacy Framework
AuditBoard, Inc. (for this section referred to as “AuditBoard”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. AuditBoard has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. AuditBoard has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Data Privacy Framework Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
AuditBoard is responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. AuditBoard complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over AuditBoard’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, AuditBoard may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, AuditBoard commits to refer unresolved complaints concerning our handling of Non-HR personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to an EU Data Protection Authority or the UK Information Commissioner’s Office. For clarity, Non-HR data includes all personal data processed by AuditBoard on behalf of its customers. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.edpb.europa.eu/about-edpb/about-edpb/members_en (EU DPAs), https://ico.org.uk/make-a-complaint/uk-extension-to-the-eu-us-data-privacy-framework-complaints-tool/ (UK ICO) or https://www.edoeb.admin.ch/en/data-protection-services (Swiss FDPIC) for more information or to file a complaint. The services of the EU DPA, UK ICO or Swiss FDPIC are provided at no cost to you.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.