Privacy Policy

Assent & Website Privacy Policy

Assent has developed Personal Identifiable Information management practices that comply with global privacy regulations and align with industry standards and best practices. “Personal Identifiable Information” (PII) means any information relating to an identified or identifiable individual, such as (but not limited to) a name, an identification number, location data, or an online identifier.

This privacy policy explains how Assent collects, uses, and protects your PII when you:

• Interact or use our websites, including downloading materials from our resources page or requesting a demo
• Register and/or attend any of our events, webinars, or conferences (collectively “Events”)
• Interact or use our Supplier Portal, including responding to assessments and client questionnaires
• Use any of our products, services, or applications (including any trial) (collectively the “Services”) in any manner

Information Collected Through the Website

With the user’s consent, the Assent website uses cookies to collect the PII users provide us when they interact with our website. This includes (but is not limited to): name, email, username, and password when filling out an online form, creating an account, or registering for our events, webinars, or conferences; IP address; location data; use of the site such as pages visited, links clicked, text entered, and mouse movements; referring URL; browser; operating system; and Internet Service Provider.

The PII collected through cookies is only used to recognize the user’s computer, to assist the user in navigating the website, to capture visit trends, and to help Assent improve the website.

Managing Cookies

The Assent website enables visitors to consent to the collection of PII through cookies.

Visitors to the Assent website outside of the EU can opt out of receiving cookies via the button below. Visitors accessing the website from the EU will be automatically opted out. Those visitors can manage their preferences to consent to cookies when they visit the site. The Assent Website Privacy Statement applies regardless of the “Do Not Track” setting on the user’s browser.

You can manage your cookie preferences through the link below. However, opting out of cookies may disable some features of our site.

Interactions With Our Site

When you contact us through our site or fill out an online form, we collect the personal information you provide, such as your name and email address.

Privacy Practices of Other Websites

To provide you with increased value, Assent may include third-party links on our website. These linked sites have separate and independent privacy policies. We encourage you to read the privacy statements of each and every website that requests PII from you. While Assent has no control over the privacy policies of websites to which it links, to protect the integrity of its website, it expressly welcomes any feedback about these linked sites (including if a specific link does not work).

Children

The Assent website is intended for a general audience and does not knowingly collect PII from anyone under the age of 13.

Information Collected Through the Supplier Portal

In the course of its business activities, Assent collects information through our Supplier Portal that individuals provide during Assent’s assessment of supply chains, with respect to due diligence procedures. This includes information that enables Assent to perform services for its clients, such as questionnaire responses and the business contact information for the individual providing the responses. The individuals providing this information are responding to an inquiry by a particular client of Assent, to whom they are a supplier. Assent’s clients are responsible for ensuring the validity of consent from individuals providing responses to the questionnaires.

Data may be made available to other Assent customers through the Supplier Portal, in aggregate form, for the purposes of maximizing the use, and reuse of data in anonymized form. Assent never shares PII without consent and does not collect consumer data.

Data Collected Through Assent Services

Assent’s web-based software and services collect PII via email, SMS, telephone, web-based forms, or other means of communication individuals use to interact with Assent. The information collected includes (but is not limited to): name, email address, username and password, IP addresses, location data, use of the service, payment information, usage data in relation to the services, and other information.

Location of Data Storage

Assent stores and processes PII on computers located in Canada, Germany, Ireland, and the U.S. Canadian, U.S., and EU privacy laws apply according to where the information is stored and customer instructions. Wherever it stores PII, Assent ensures, through contractual clauses, that the information will be protected with a comparable level of safeguards. Assent stores information on AWS and uses Google services for file sharing and email services. Both AWS and Google are located in the U.S. and are EU-U.S. Privacy Shield certified.

How Do We Use Your Personal Information?

Assent collects PII relevant for the purpose of providing the services, specifically to:

• Process transactions with Assent
• Send emails about Assent’s services or respond to inquiries
• Send emails and updates about Assent services, including newsletters
• Provide support for Assent services
• Enhance or improve Assent services
• Monitor data and user activity to ensure compliance with contractual requirements
• Perform any other function reasonably necessary to protect the security or proper functioning of Assent services
• With express consent, Assent may post personal testimonials in addition to other endorsements
• If a registered user of the service has supplied their email address, Assent may occasionally send an email to promote new features, solicit feedback, or keep the user up to date with Assent and its products

If you do not wish to receive these communications, you may unsubscribe by following the instructions at the bottom of any and all communications from Assent. Assent commits to abide by international privacy laws by seeking express and unambiguous consent to use PII when required by law.

How Do We Protect Your Personal Information?

The security of the data in Assent’s custody is ensured through the use of advanced technology and the practices. Assent regularly reviews its security procedures to ensure this high level of protection is continuously maintained. We have implemented state of the art administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of personal information in our custody and control. To learn more about current practices and policies regarding security and confidentiality, see our Security Practices.

How Can You Access or Modify Your Information?

Assent has implemented an access request mechanism, whereby individuals may request access to their PII that Assent holds. Assent reviews impactful global privacy regulations and is committed to implementing technological upgrades and policies, as well as adopting best practices that ensure it remains compliant with emerging regulatory compliance obligations. You can submit a request to access, edit, or remove your PII that we collect and maintain by contacting us at privacy@assent.com. Please allow 30 days for any information modification or deletion requests to be processed.

Right to Access, Edit & Remove Your Personal Information

Assent will ensure the accuracy of PII and allow individuals the opportunity to correct their PII upon request and as necessary. Assent will also delete, upon request, any inaccurate PII for which consent has been withdrawn.

An access request cannot be accepted if it puts the privacy of others at risk.

Access, correction, and deletion of PII are provided for free, except where the request requires disproportionate technical effort (such as developing a new system or fundamentally changing an existing practice), or would be extremely impractical (for instance, requests concerning information residing on backup systems). In such cases, Assent will charge a fee corresponding to administrative costs and provide justification for the fee.

If the access request relates to PII stored by a client of Assent, the request will be redirected to that client to respond to the individual.

While we will seek to address any request and resolve any complaint regarding this policy, other complaint mechanisms exist. Assent is subject to the investigatory and enforcement powers of many countries, including, but not limited to: the Federal Trade Commission (FTC) in the U.S., the Office of the Privacy Commissioner of Canada in Canada, and the national data protection authorities in Europe. Assent informs individuals of those resources as relevant.

Rights under California Consumer Privacy Act (CCPA)

As a California resident, you may request that Assent complete the following actions based on your rights under the CCPA:

If you would like to request access to information that Assent currently possesses about you, please send an email to privacy@assent.com.

• Right to request deletion — You may request that Assent delete personal information that has been collected about you and that we inform our service providers to do the same. If you would like to exercise your right to delete please send an email to privacy@assent.com

• Right to non-discrimination — You cannot be denied goods or services or provided a different quality of goods or services after exercising your rights under the CCPA. However, because personal information is necessary for Assent to provide you with a service, we may not be able to complete that transaction if certain rights are exercised. If you request that personal information be removed you may not be able to continue participating in the services offered by Assent Inc. If you are not sure how your request may affect your access to the software and services provided by Assent please contact us at privacy@assent.com

Do We Disclose the Information We Collect to Outside Parties?

Whether collected through the website, the Supplier Portal or Assent services, PII is never shared, sold, or disclosed without consent, except in the rare cases where it is required to do so by law.

Where Assent is required by law to disclose PII, disclosure will only be done upon demonstrated lawful authority to do so and on the basis of legal advice. As permitted by law, Assent may also access or disclose PII when it is reasonable to believe that it is necessary to (i) enforce applicable terms of service, including investigation of potential violations; (ii) detect, prevent, or otherwise address fraud, security, or technical issues; or (iii) protect the rights, property, or safety of users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

Service Providers

We may share PII with service providers to enable them to perform services related to the operation and maintenance of our commercial website, or for the purpose of sending you the informational materials you have requested. Assent may also hire service providers to operate, maintain, repair, or otherwise improve or preserve files or systems.

Service providers only process PII collected by Assent, on Assent’s behalf, under Assent’s written instructions, and/or under contractual arrangements containing specific clauses that demand the same level of security and protection of the PII shared with them, as provided for by Assent. All service providers engaged by Assent are subject to this policy and to compliance monitoring in that regard.

Subprocessors

Assent currently uses third-party subprocessors to provide infrastructure and other supporting services for our platform. A subprocessor is a third-party data processor engaged by Assent who has or potentially will have access to or process and/or store customer or supplier data. Assent performs diligence to evaluate their privacy, security, and confidentiality practices, and executes an agreement implementing its applicable obligations. Service providers who could come into contact with PII adopt Standard Contractual Clauses (SCCs) and a data processing agreement to be in compliance with the EU General Data Protection Regulation (GDPR). See, for reference, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Infrastructure Subprocessors

Assent may use the following subprocessors for hosting services or to provide other infrastructure that helps with delivery of our services:

Supplier Services Subprocessors

Assent leverages the following subprocessors to perform supplier services that may obtain PII:

International Transfer Mechanism

Assent offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the EU, and the UK, and other international transfers of PII.

Scope of Application of GDPR to Assent

Assent is a supply chain data management company that, through compliance reviews performed on behalf of its clients, may hold PII, including data that identifies the location of individuals. This PII is only used as it relates to a compliance assessment or business relationships. Assent collects data directly from individuals in the course of these supplier assessments.

The most sensitive PII held by Assent is employee data. Assent does not perform PII profiling or data mining. Assent’s privacy policies provide clear and comprehensive information on the PII management processes it employs. Individuals using the Assent website are alerted to the company’s practices through easy access to this Privacy Policy.

Assent processes PII exclusively as necessary under the instructions of its customers. Assent ensures that it collects the minimum PII required to fulfill its services and maintains a retention schedule whereby PII transferred by customers is destroyed once service to that customer is complete.

EU & UK Representative Information

Assent Inc., which processes the personal data of individuals in the European Union (EU), European Economic Area (EEA), and United Kingdom (UK), in either the role of “data controller” or “data processor”, has appointed DataRep as its Data Protection Representative for the purposes of EU GDPR in the EU/EEA and The Data Protection Act 2018/UK GDPR (as amended) in the UK.

If Assent Inc. has processed or is processing your data, you may be entitled to exercise your rights under GDPR with respect to that personal data. For more details on the rights you have with respect to your personal data, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.

DataRep has locations in each of the 27 EU countries, the UK, and Norway and Iceland in the European Economic Area (EEA). If you want to raise a question to Assent or otherwise exercise your rights with respect to your personal data, you may do so by:

• Sending an email to DataRep at assent@datarep.com;
• Contacting DataRep via online web form at www.datarep.com/assent; or
• Mailing your inquiry to DataRep at the most convenient address for your location (linked here)
• PLEASE NOTE: When mailing inquiries, it is ESSENTIAL that you mark letters for “DataRep” and not “Assent Inc.”, otherwise the inquiry may not be received.

DataRep’s Privacy Policy can be viewed at www.datarep.com/privacy-policy

Changes

This privacy policy is updated as necessary to reflect Assent activities that may entail collection and use of PII, as well as the measures developed to protect it. We post updates to this page and encourage you to review our Privacy Policy regularly to stay informed.

Addressing Questions & Feedback

Assent addresses questions and concerns through its privacy office. Assent has appointed a Data Protection Officer (DPO) to ensure and demonstrate compliance with GDPR. Assent has formed a Privacy Committee that includes a cross-functional team responsible for drafting and rolling out policies, procedures, training, and awareness campaigns throughout the company. Individuals interested in contacting Assent’s Privacy Committee for any reason may do so by emailing us at privacy@assent.com. Should a challenge be logged with a supervisory authority for further investigation, Assent is prepared to fully cooperate with the data protection authorities.

All queries regarding privacy at Assent are directed to the data protection officer via email at privacy@assent.com or via postal mail at:

Assent Inc.
Attn: Data Protection Officer
525 Coventry Road
Ottawa, ON, K1K 2C5

Assent makes every effort to respond in a timely and satisfactory manner. For more information, contact privacy@assent.com.