Privacy Notice

At AuditBoard, Inc., we are committed to respecting your privacy. A reference in this Privacy Notice to “AuditBoard”, “we”, “us”, or “our” is a reference to AuditBoard, Inc.

About AuditBoard

AuditBoard is a leading provider of risk management applications for audit, risk and compliance professionals. This means AuditBoard customers - companies and organizations - use our software applications to manage enterprise, assurance and compliance risks.

To learn more about AuditBoard products, visit our Product page.

AuditBoard's business model

We operate a Software-as-a-Service (SaaS) business model for enterprise customers, meaning we do not sell our customers’ users’ data or monetize that data by selling advertising. Instead, we sell subscriptions to our services. Our customers control the data they and their end users put into our services and how it is used. How we use and disclose our customer representatives’ data is described in more detail below.

If you use the AuditBoard platform as part of your business or you are an entity that has an agreement with AuditBoard (collectively, an “Organization”), that Agreement will supersede this Privacy Notice in the event of any overlap or conflict with this Privacy Notice.

What does this Privacy Notice Cover?

Some data protection laws in various jurisdictions distinguish between “controllers” and “processors” of personal data. While other jurisdictions may use different terminology, the concept typically remains the same. A controller decides why and how to process personal data. A processor only processes information on behalf of a controller based on the controller’s instruction; the processor does not make decisions about personal data. AuditBoard may be either a controller or a processor depending on the scenario.

This Privacy Notice applies when AuditBoard is the data controller of your personal data (unless a different AuditBoard privacy notice is displayed when we collect your personal data), and explains how AuditBoard collects, uses, and shares your personal data for its own purposes. This Privacy Notice may apply to you when you:

• Visit an AuditBoard website that links to this Privacy Notice
• Interact with AuditBoard as a representative of a company that has (or is considering) a business relationship with AuditBoard (e.g., you are a customer or our service provider)
• Create or use an account offered directly by AuditBoard (as opposed to an account offered by our customers)
• Register for or attend an AuditBoard marketing, learning, or training event or webinar
• Provide us feedback about our products or services (e.g., user research surveys and interviews)
• Receive sales or marketing communication from us, including emails or telephone calls

This Privacy Notice does not cover how we process personal data on behalf of our customers as a processor. If you are an employee or an end user of an organization that uses an AuditBoard product or service and you have questions or concerns about the personal data your organization holds in AuditBoard about you (when AuditBoard is a processor), please direct your request to that organization. AuditBoard cannot respond directly to your request.

If you are an AuditBoard employee or job applicant, information about how we use and protect your information is communicated to you in a separate notice.

If you have any questions or concerns about our use of your personal data, then please contact us using the Contact Information provided at the bottom of this Privacy Notice.

Quick Links

We recommend that you read this Privacy Notice in full to ensure you are fully informed; however, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link below to jump to that section.

• How we collect and use your personal data
• Disclosing your personal data
• Protecting your personal data
• Transferring your personal data internationally
• Retaining your personal data
• Minors
• Your privacy rights
• Contact Information
• Changes to this Privacy Notice

How we collect and use your personal data

AuditBoard collects and uses your personal data for various reasons. When we do so, we will use it in accordance with applicable laws.

Some jurisdictions, including the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland, require a legal basis—a reason why AuditBoard is legally allowed to collect and use your personal data.

Below, we describe (1) in what instances we collect your data, (2) the categories of data we collect in those instances, (3) our purposes for collection, and (4) the legal bases for collection. If we need to collect other personal data from you, we will explain which information we need and why at the time we collect it.

Information provided by you

Sometimes, we may ask you to provide personal data voluntarily; for example, we may ask you to provide your contact details to create an account with us (AuditBoard Community), to subscribe to marketing communications from us, and/or to submit inquiries to us. In some cases, we may combine the information you provide.

• When you request information from us

  When you fill out a contact form or otherwise contact us to express interest in obtaining information about AuditBoard or our services, we may ask you to provide us with your contact information such as:

  • Your name (first and last)
  • Business email
  • Telephone number
  • Company name
  • Job level
  • Functional role
  • Location (city, state, country)

  Purpose and Legal Basis: We process your personal data in reliance on our legitimate interests or your consent (where required by law) to:

  • Fulfill your request and communicate with you
  • Provide you with information about our products (including telemarketing calls and marketing emails in accordance with your marketing preferences)

• If you are our customer or prospective customer

  If you are a representative of a company that has (or is exploring) a business relationship with AuditBoard, we may collect your business contact information including:

  • Your name (first and last)
  • Business email
  • Telephone number
  • Company name

  If you contact AuditBoard for support related to your organization’s use of our products, services, or events, we will also collect information about the reason for your inquiry and any other information you choose to provide us.

  Purpose and Legal Basis: We process your personal data in reliance on our legitimate interests or your consent (where required by law) to:

  • Communicate with you and fulfill your request for information or support
  • Manage your organization’s account, including invoicing and other account-related issues
  • Provide you with information about our products (including telemarketing calls and marketing emails in accordance with your marketing preferences)

• If you are our service provider

  If you are a representative of a company that provides AuditBoard with products or services, we collect your business contact information including:

  • Your name (first and last)
  • Business email
  • Telephone number
  • Company name

  Purpose and Legal Basis: We process your personal information in reliance on our legitimate interests to:

  • Manage your company’s account, including invoicing and other account-related issues
  • Communicate with you and respond to your inquiries

• If you are an end-user of an AuditBoard-owned account

  Typically, when you use AuditBoard through your employer or another AuditBoard customer, your account is controlled and owned by that Organization. In some circumstances, you may register for an account directly with AuditBoard rather than through your Organization – for example, if you register for an account to access the AuditBoard Community, or as a user of our Learning Academy. In those cases, we collect the account registration information you give us:

  • Your name (first and last)
  • Email
  • Your profile information (such as your company name)

  In some cases, you may have the option to personalize your account with additional information such as:

  • A photo
  • Social media profile
  • Other personal data

  For services that require it, we will also collect authentication information such as:

  • Mobile number
  • Email address
  • device type
  • IP address
  • Unique device identification numbers
  • Browser type
  • Performance
  • Other usage and technical information

  If you sign up for training or learning courses delivered by AuditBoard, this Privacy Notice shall apply. We will collect the account registration information, as well as enrollment and attendance information (including when your registration is paid for by an AuditBoard customer or partner).

  Purpose and Legal Basis: We process your personal information to perform or enter contracts or terms of service with you, or if we do not have a contract directly with you, in reliance on our legitimate interests to:

  • Manage your user account in accordance with the applicable terms of service
  • Ensure that you can log in to use our services and access information you need securely and efficiently
  • Deliver requested resources or services to you (including personalized interactions)

• If you register for events and webinars

  When you register for an event or webinar, we may ask you to provide us with your contact information such as:

  • Your name (first and last)
  • Business email
  • Telephone number
  • Company name
  • Your health and safety information such as:
    • Your emergency contact
    • Your dietary preferences
  • and your billing information such as:
    • Your billing name
    • Billing address
    • Credit card number

  Purpose and Legal Basis: We process your personal data with your consent (where required by law), to perform or enter contracts or terms of service with you, or if we do not have a contract directly with you, in reliance on our legitimate interests to:

  • Manage, plan, and host the event, including to send related communications
  • Improve our future events
  • Improve or enhance your (or your Organization’s) experience interacting with AuditBoard
  • Provide you with information about our products (including telemarketing calls and marketing emails, in accordance with your marketing preferences)

• If you participate in research with us or otherwise provide us with feedback

  When you participate in or register for an AuditBoard study, survey, panel, or panel pool, or voluntarily submit certain information to us such as providing AuditBoard with feedback about our products and services, we may ask for certain biographical or demographic information, such as:

  • Your name
  • Email address
  • Contact information
  • Time zone
  • Location
  • Company
  • Employment status
  • Tenure
  • Role
  • Job information
  • Age group
  • Other information relevant to the study

  For certain studies, we may also take photos, videos, or audio recordings (with your permission and in accordance with applicable laws).

  Purpose and Legal Basis: Where you have entered into a contract with us, we will process your personal data for the performance of such contract. If we do not have a contract directly with you, or otherwise obtain your consent, we rely on our legitimate interests to:

  • Fulfill the purpose set out in the study or survey
  • Improve your (or your Oorganization’s) experience interacting with AuditBoard
  • Identify the AuditBoard research studies best suited to you based on your attributes and invite you to participate via email
  • Identify potential product improvements or future product developments for the workforce
  • Contextualize your feedback and experience with our products and services so that we can improve them
  • Improve how we conduct research

• If you participate in a sales call, online meeting or product demo with AuditBoard

  We may record sales phone calls and online meetings (including audio and video content where applicable) for training, quality assurance, and administration purposes. This includes analyzing the content of such calls and online meetings using AI-powered tools to gain better insights into our interactions with our customers and prospects. We will always notify you before a call will be recorded and will obtain your consent where required by law. We also collect information about your interaction with product demos (such as demos you access, share, and view with others) to understand your product interests and provide you with more relevant information.

  Purpose and Legal Basis: We process your personal data with your consent where required under applicable law or in reliance on our legitimate interests to:

  • Maintain high-quality sales calls, demos and engagements with prospects and customers
  • Provide training and coaching to our sales teams
  • Generate automated call transcripts
  • Keep our records up to date (for example, in relation to follow-up meetings, sales opportunities, and updating customer contact details)
  • Improve our sales processes and make our sales calls and product demos more impactful

• If you are a website visitor that interacts with our chatbot

  We may collect information you voluntarily share via our website chatbot to process automated responses to fulfill a question or give you information you have requested. You may be asked or you may choose to provide us information such as:

  • Your name
  • Email address
  • Telephone number
  • Company name
  • Location (city, state, country)
  • IP Addresses
  • Any other information you choose to share in the chatbot

  AuditBoard does not collect “sensitive personal information” as a term defined by California law beyond what is necessary to provide your requested services. Accordingly, we do not provide a mechanism to limit or request that we limit our use of sensitive personal information.

  Purpose and Legal Basis: We process your personal data we collect through our Chatbot only for the specific purposes for which it was provided and with your consent or in reliance on our legitimate interest to:

  • Provide our services
  • Provide information about AuditBoard and our services and products
  • Provide support to our Customers

• When you apply for an opportunity of employment or for a role at AuditBoard

  We may request and collect information from you when you submit an application for employment with AuditBoard. So long as we continue to evaluate your application for a role at AuditBoard, we may collect additional information from you directly throughout the hiring process. Information that you may be requested to provide or may share voluntarily include:

  • Your name
  • Email address
  • Your address (including city, state, country and postal code)
  • Telephone number
  • Your resume/CV
  • Your employment history
  • Your education history
  • Your hobbies and interests
  • Social media profiles
  • References (if required)
  • Certain information regarding your authorization to work in the location of the role you are applying for
  • Information required by law to collect, such as:
    • Your gender
    • Your military status
    • Your disability status
  • Information you provide during interviews and discussions with AuditBoard’s Human Resources team or other employees of AuditBoard
  • Any other information you choose to provide regarding your application.

  Purpose and Legal Basis: We process your personal data with your consent where required under applicable law or in reliance on our legitimate interests to:

  • Process your application for employment
  • Review your candidacy and communicate with you directly
  • Consider your candidacy for other available positions at AuditBoard

Information collected automatically

We also collect certain information related to your use of our websites. In some jurisdictions in the United States and countries in the EEA, the UK, and Switzerland, this information may be considered personal data under applicable data protection laws. We may combine this information with personal data provided by you. In particular, we collect the following personal data from you automatically:

• When you access our websites or content

  When you visit our websites, we collect information about your device and your usage. The information collected may include:

  • Your IP address
  • Device type
  • Unique device identification numbers
  • Browser type
  • Broad geographic location (for example, country or city-level location based on your public IP address)
  • Performance
  • Other usage and technical information

  We also collect information about how you interact with our websites (for example, referring web page, pages visited, features used), emails, content, or other features (for example, when you open a marketing email or click on an embedded link, or if you watch videos on our site, or interact with/message using our chat function). Some of this information may be collected using cookies and similar tracking technology, as further explained in our Cookie Notice. We do not collect “sensitive personal information” as the term is defined by California law beyond what is necessary to provide your requested services. Accordingly, we do not provide a mechanism for you to request that we limit our use of sensitive personal information.

  Purpose and Legal Basis: We process your personal data in reliance on our legitimate interests or with your consent (where required by law) to:

  • Better understand the visitors who come to our websites, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our websites to our visitors.
  • Provide, operate, and maintain our websites, including providing access to content you have requested and displaying country-specific information.
  • Protect the security and prevent misuse of our websites and services by tracking use of our websites and services, verifying accounts and activity, investigating suspicious activity, and enforcing our terms and policies

• If you are an end user of an AuditBoard product through an AuditBoard customer

  When you use our products and services through your employer we log certain systems usage information automatically. This information may include system-generated identifiers such as:

  • IP address
  • Browser type and version
  • Whether service tasks and notifications complete
  • Date and time stamps
  • Details about which of our products you are using

  We do not identify you from this system's usage information unless your Organization first provides us with instructions to do so, and provides us with certain information about your end-user account. This may happen in the context of a customer support request (e.g., when you or your organization ask us to help you resolve an issue you are having with our products and services).

  Purpose and Legal Basis: To the extent our systems usage information is treated as personal data under applicable data protection laws, we process this personal data in reliance on our legitimate interests to:

  • Provide and maintain the functionality of services and products you and/or your Organization request
  • Assess and analyze your (and your Organization’s) experience interacting with AuditBoard’s services
  • Undertake research and development in light of this assessment in order to improve performance of the services
  • Protect the security and prevent misuse of our services by investigating suspicious activity and enforcing our terms and policies

Information obtained from other sources

We also collect information about you from other sources including third parties, individuals at your company, or publicly available sources. We may combine this information with personal data provided by you. Specifically, we collect personal data from the following other sources:

• From third party sources.

  AuditBoard may collect business contact information about you from other sources including AuditBoard partners, co-sponsors of events attended by AuditBoard, third parties from whom we have purchased business contact information, and from publicly accessible websites, such as your company’s website, professional network services, or press releases. Business contact information may include: first name, last name, business email, telephone number, company name, job level, functional role, business street address, and online identifier, as well as previous employers and roles. The way in which these third parties collect personal information is detailed in their own privacy policies, available on their websites.

  Purpose and Legal Basis: We process your personal data in reliance on our legitimate interests or with your consent (where required by law) to:

  • Provide you with information about our products (including telemarketing calls and marketing emails, in accordance with your marketing preferences)
  • Understand our market and identify potential customer opportunities

• From your organization.

  We also may receive information about you from your Organization for the purposes of obtaining or providing services or to recommend individuals to participate in our research studies. For example, another individual at your Organization may provide us with your business contact information so that we can give you access to training materials purchased by your Organization, or to grant you certain administrative privileges. If your company is an AuditBoard service provider, your company may also provide us with your name and email address so that we can contact you about the services your organization supplies to us.

  Purpose and Legal Basis: We process your personal data in reliance on our legitimate interests to:

  • Communicate with you about the goods and services provided
  • Manage your (or your company’s) account and provide the requested services to you or your company

Disclosing your personal data

AuditBoard may share or make accessible your personal data to third parties as follows:

• AuditBoard Affiliates: AuditBoard may disclose any of the categories of personal data described above to affiliates of AuditBoard where necessary to fulfill a request you have submitted or for customer support, marketing, technical operations, event registration, and account management purposes.
• Service providers: AuditBoard may disclose the categories of personal data described above to third party service providers or vendors contracted to provide services on our behalf (for example, IT and hosting, data analytics, event services, customer support, call recording, chatbot technology, data enrichment, email fulfillment, and payment services). These third party service providers may use personal data we provide to them only as instructed by AuditBoard.
• Event Sponsors and Partners: When you participate in webinars, events, and other activities where AuditBoard collaborates with third parties such as sponsors and event organizers, we may disclose the information described under “if you register for events and webinars” above, such as your contact information and interests in these offerings or services to these approved third parties to communicate with you.
• AuditBoard partners: AuditBoard may share your personal data with certain partners that offer supplementary services to those provided by AuditBoard, such as partners that resell AuditBoard services, to the extent you consent to such sharing (where required by applicable law) or direct us to intentionally interact with such third parties.
• Advertising: When you visit our website, we may enable third parties to use cookies and other trackers to show you ads on third party websites that are more relevant to you. Please see our Cookie Notice for more information about the types of cookies we use or click “Cookie Preferences” (link located in the footer of our Website) to set your preferences and opt-out of targeted advertising.
• Additional disclosures: AuditBoard may disclose personal data if we have a good faith belief that such action is necessary to (a) conform to legal requirements or comply with legal processes; (b) protect and defend our rights or property; and/or (c) act to protect the interests of our users or others. If AuditBoard goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personal data may be among the assets transferred. AuditBoard may also ask for your consent to disclose your information to other unaffiliated third parties that are not described elsewhere in this statement. In accordance with California law, AuditBoard does not “sell” or “share” personal data, unless otherwise noted within this policy (e.g., at the time of a merger or acquisition).

Protecting your personal data

Wherever your personal data may be held with AuditBoard, we take reasonable and appropriate steps to protect the personal data that you share with us from unauthorized access or disclosure. AuditBoard uses commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of personal data and applicable processing activity, such as data encryption, and enforcement of least privilege and need-to-know principles. We train our employees on data handling practices. We believe the security of your information is a serious issue and we are committed to protecting the information we receive from you. Although AuditBoard complies with its legal obligations with respect to security of your personal data and while we attempt to ensure the integrity and security of personal data, please note that no method of transmission over the internet, or method of electronic storage, is completely secure.

Please note that data that is transported over an open network, such as the internet or e-mail, may be accessible to anybody. We cannot guarantee the confidentiality of any communication or material transmitted via such open networks. When disclosing any personal information via an open network, you should remain mindful of the fact that it is potentially accessible to others, and consequently, can be collected and used by others without your consent.

Transferring your personal data internationally

AuditBoard operates as a global business and complies with applicable legal requirements when we need to transfer, store or process your personal data in a country outside your jurisdiction.

We take appropriate safeguards to protect your privacy, your fundamental rights and freedoms, and the ability to exercise your rights. For example, if we transfer personal information from the EEA, the UK, or Switzerland to another country such as the United States, we will implement an appropriate data transfer solution such as entering into “standard contractual clauses” approved by the European Commission or competent governmental authority (as applicable) with the data importer.

Retaining your personal data

AuditBoard will retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the Service you have requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

AuditBoard’s Service features allow customers who are authorized users to determine their own policies regarding storage, access, modification, deletion, sharing, and retention of personal data. Customers should regularly check with the admin of the services for your company about the policies and settings it has in place.

Notwithstanding the foregoing, we may retain personal data for longer periods only if such retention is required or necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation.

Minors

AuditBoard’s products and services (including our website) are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such data. If you become aware that a child has provided us with personal data, please contact us at privacy@auditboard.com.

Your privacy rights

Depending on where you are located and how you interact with AuditBoard, you may have certain legal rights over the personal data we process about you, subject to local privacy laws.

These may include the right, depending on your jurisdiction, to:

• Obtain information about and access the personal data we process about you
• Have incorrect personal data updated
• Have your personal data deleted
• Restrict the processing of your personal data
• Object to the processing of your personal data carried out on the basis of our legitimate interests or for direct marketing purposes
• Receive a copy of your personal data in an electronic and machine-readable format
• Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision-Making”) Receive the categories of sources from whom we collected your personal data
• Opt out of marketing communications at any time. You can update your email subscription settings by clicking on the “Manage your Subscriptions” link in marketing emails we send you or by visiting https://go.auditboard.com/preferences-center.html
• Complain to a regulator or data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority

AuditBoard will not discriminate against you for exercising your rights.

You can exercise the applicable rights by contacting us using the Contact Information at the bottom of this Privacy Notice.

If your personal data has been submitted to us by or on behalf of an AuditBoard customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly.

Contact Information

Please contact us if you have any questions/comments about this Privacy Notice or any of our privacy practices, or you wish to exercise your rights, you can contact AuditBoard's Data Protection Officer, Anthony Plachy, at privacy@auditboard.com or by mail at:

AuditBoard, Inc.
Attention: Privacy
12900 Park Plaza Drive
Suite 200
Cerritos, CA 90703
USA

Toll Free: 1 (877) 769-5444

Changes to this Privacy Notice

This Privacy Notice may be amended or revised from time to time at the discretion of AuditBoard. Changes to this Privacy Notice will be posted on the website and links to the Privacy Notice will indicate that the notice has been changed or updated. If we propose to make any material changes, we will provide notice in accordance with law prior to the change becoming effective. We encourage you to periodically review this Privacy Notice for the latest information on our privacy practices.