PROCESSING YOUR PERSONAL DATA
We have entered into agreements with our clients to govern the provision and receipt of our services, including how we collect and process personal data on their behalf. We have no direct relationship with the individuals whose personal data we process under the direction of our clients (‘end users’) and our clients are responsible for ensuring that their end users are provided with appropriate information about the intended collection and use of their personal data.
Where we process your personal data, we will be acting as a data processor for our client. We will process that personal data in accordance with the terms of our agreement with that client and their lawful instructions as well as in accordance with the legal obligations placed upon us as a data processor.
Additionally, the Site may contain links to other websites, such as independentaudit.com, which are subject to their own privacy policies. As a user of links, it is your responsibility to understand those third parties’ privacy policies. Once you leave our Site using links, we have no control over information that is submitted to or collected by any third parties and are not responsible for other websites.
Each company subscriber has a designated Company Administrator(s) who is responsible for managing the company’s users within Thinking Board®. The Company Administrator(s) has access to add authorised users by adding user email addresses into Thinking Board®. Once a user has been added, an email invitation will be sent to the user for account activation. The addition and deletion of authorised users within Thinking Board® is the sole responsibility of the Company Administrator(s).
Collection of personal data
In order to provide the services offered within the Site, we will collect and process personal data about users such as, but not limited to, first and last name, email address, and business information, including job title and role. In addition, we will store and process any other personal biographical information which users upload to the Site from time to time. Personal data is stored at an Amazon Web Services data centre located in Ireland.
In order to log in to the Site, users must provide their email address for authentication purposes. Once the Company Administrator has added a user to Thinking Board® as an authorised user, the user will receive an email with instructions to activate his or her account. Once the account has been activated, the user will have the opportunity to create and confirm an account password and update his or her personal details within my profile. Company Administrator(s) do not have access to user passwords.
By participating in reviews within Thinking Board®, please be advised that personal data within a user’s profile may be viewable by other individuals within the same company. This includes information such as, but not limited to, a user’s role, position, and questionnaire responses. Users’ questionnaire responses will not be tied to a user’s name or email address; however, it could be possible that the responses could be identifiable based on a user’s role or any other profiling field that has been set up in the system.
Collection of information through cookie use
Use of personal data
We collect personal data in order to provide the Thinking Board® service, and to allow users to log in and view their profile information and to complete questionnaires. We also use collected personal data for research purposes, such as to analyse user trends and to measure demographic information, in order to improve our services to you. Additionally, we use collected personal data for benchmarking purposes, including global and industry benchmarking.
If you consent, we may use your email address to contact you by email to provide you with further information about us, our products/services and to promote our Site. This may involve disclosing your personal data to our other offices, or to our affiliates, agents or appointed representatives. If you have already given consent, you may opt out of receipt of such marketing communications from us at any time. For further information please see the “Choice and Opt-Out” section below.
Sharing and disclosure of personal data
In providing our services to you, your personal data may be processed outside of our offices or by our affiliates, agents or appointed representatives which may be located outside the European Economic Area (“EEA”). When we transfer personal data for processing, we will ensure that the personal data are transferred only subject to appropriate protections, as required by the DPA. Additionally, we will enter into an agreement with the office, agent or appointed representative that requires appropriate security measures to be maintained, and personal data to be processed only in accordance with our instructions. No personal data will be used other than for the purpose for which it was originally collected by us.
Please note that selected third parties may require access to your personal data where such third parties provide services to us, for example, website hosting services. In those circumstances those third parties shall be required to enter into an agreement with us that requires appropriate security measures to be maintained and requires the third party to process your personal data solely in accordance with our instructions.
We may also share your personal data in any of the following circumstances:
- If required to do so by law, regulation or legal process (such as a court order or subpoena);
- In response to requests by government agencies, such as law enforcement authorities;
- For the purpose of or in connection with legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights;
- If disclosure is necessary or appropriate to protect or defend our or a third party’s rights or property, or in connection with an investigation of actual or suspected illegal activity; or
- If we sell, merge or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation), we may disclose your personal data to the prospective buyer or seller, but only where we have first taken reasonable steps to help ensure the security and confidentiality of your personal data.
Choice and opt-out
We will only use your personal data for direct marketing purposes if you have opted in to receive marketing communications about our products and services from us. If you wish to revoke your consent to the receipt of direct marketing at any time, click the unsubscribe link contained in each marketing email that we send to you, or contact us as described in the “Contact Information” section below.
Security and other
We strive to safeguard and secure the personal data we collect. We have implemented reasonable technical, physical and administrative measures designed to protect your personal data from unauthorised disclosure, use, alteration, destruction and access. Any transmission of personal information over the internet is, however, at your own risk. Technology, such as, but not limited to, Transport Layer Security (TLS), is used to enhance security and reduce risk of loss. Our security practices, processes or technology do not guarantee absolute security of your information and you should take all normal personal precautions such as, but not limited to, not sharing passwords, closing browsers, and not using public networks (e.g., internet cafes, etc.).
It is not possible for subscriber companies to access other company data as the system is based on company-specific logins and passwords.
We will retain your personal data only for so long as necessary to fulfil the purposes for which it was collected, to fulfil a valid business need, and to comply with applicable laws. When your personal data is no longer required, it will be securely destroyed in a manner that will ensure the information is no longer identifiable.
You may access, update and correct inaccuracies in your personal data in our custody or control at any time, subject to exceptions prescribed by law. You may also have the right to object to our use of your personal data where it is likely to cause damage or distress. You may revise or delete your personal data by adjusting your account settings or by contacting us directly as provided in the “Contact Information” section below.
Users of the Site are encouraged to contact us if they have any questions about our use of personal data, or to report any improvements, suggestions, and any suspected breach of privacy or website security to us. You may contact us using the telephone number, email address, or mailing address below:
Independent Audit Limited
4 Bury Street
Telephone: +44 (0)20 7220 6580