Privacy Policy

Assent Is Committed to Protecting Your Personal Information

This privacy policy was last updated: July 12, 2021

Assent Compliance & Website Privacy Policy

Assent Compliance has developed Personal Identifiable Information management practices that comply with global privacy regulations and align to industry standards and best practices. "Personal Identifiable Information” (PII) means any information relating to an identified or identifiable individual, such as (but not limited to) a name, an identification number, location data, or an online identifier.

This privacy policy explains how Assent Compliance collects, uses, and protects your PII when you:

  • Interact or use our websites, including downloading materials from our resources page or requesting a demo.
  • Register and/or attend any of our events, webinars, or conferences (collectively "Events").
  • Interact or use our Supplier Portal, including responding to assessments and client questionnaires.
  • Use any of our products, services, or applications (including any trial) (collectively the "Services") in any manner.

Information Collected Through the Website

With the user’s consent, the Assent website uses cookies to collect the PII users provide us when they interact with our website. This includes (but is not limited to): name, email, username, and password when filling out an online form, creating an account, or registering for our events, webinars, or conferences; IP address; location data; use of the site such as pages visited, links clicked, text entered, and mouse movements; referring URL; browser; operating system; and Internet Service Provider.

The PII collected through cookies is only used to recognize the user's computer, to assist the user in navigating the website, to capture visit trends, and to help Assent improve the website.

Managing Cookies

The Assent Compliance website enables visitors to consent to the collection of PII through cookies.

Visitors to the Assent Compliance website outside of the European Union (EU) can opt-out of receiving cookies via the button below. Visitors accessing the website from the EU will be automatically opted out. Those visitors can manage their preferences to consent to cookies when they visit the site. The Assent Website Privacy Statement applies regardless of the "Do Not Track" setting on the user's browser.

You can manage your cookie preferences through the link below. However, opting out of cookies may disable some features of our site.

Interactions With Our Site

When you contact us through our site or fill out an online form, we collect the personal information you provide, such as your name and email address.

Privacy Practices of Other Websites

To provide you with increased value, Assent may include third-party links on our website. These linked sites have separate and independent privacy policies. We encourage you to read the privacy statements of each and every website that requests PII from you. While Assent has no control over the privacy policies of websites to which it links, to protect the integrity of its website, it expressly welcomes any feedback about these linked sites (including if a specific link does not work).

Children

The Assent Compliance website is intended for a general audience and does not knowingly collect PII from anyone under the age of 13.

Information Collected Through the Supplier Portal

In the course of its business activities, Assent collects information through our Supplier Portal that individuals provide during Assent's assessment of supply chains, with respect to due diligence procedures. This includes information that enables Assent to perform services for its clients, such as questionnaire responses and the business contact information for the individual providing the responses. The individuals providing this information are responding to an inquiry by a particular client of Assent, to whom they are a supplier. Assent's clients are responsible for ensuring the validity of consent from individuals providing responses to the questionnaires.

Data may be made available to other Assent customers through the Supplier Portal, in aggregate form, for the purposes of maximizing use, and reuse of data in anonymized form. Assent never shares PII without consent and does not collect consumer data.

Data Collected Through Assent Services

Assent's web-based software and services collect PII via email, SMS, telephone, web-based forms, or other means of communication individuals use to interact with Assent. The information collected includes (but is not limited to): name, email address, username and password, IP addresses, location data, use of the service, payment information, usage data in relation to the services, and other information.

Location of Data Storage

Assent stores and processes PII on computers located in Canada, Germany, Ireland, and the United States. Canadian, United States, and EU privacy laws apply according to where the information is stored and customer instructions. Wherever it stores PII, Assent ensures, through contractual clauses, that the information will be protected with a comparable level of safeguards. Assent stores information on AWS and uses Google services for file sharing and email services. Both AWS and Google are located in the United States and are EU-U.S. Privacy Shield certified.

How Do We Use Your Personal Information?

Assent collects PII relevant for the purpose of providing the services, specifically to:

  • Process transactions with Assent.
  • Send emails about Assent's services or respond to inquiries.
  • Send emails and updates about Assent services, including newsletters.
  • Provide support for Assent services.
  • Enhance or improve Assent services.
  • Monitor data and user activity to ensure compliance with contractual requirements.
  • Perform any other function reasonably necessary to protect the security or proper functioning of Assent services.
  • With express consent, Assent may post personal testimonials in addition to other endorsements.
  • If a registered user of the service has supplied their email address, Assent may occasionally send an email to promote new features, solicit feedback, or keep the user up to date with Assent and its products.

If you do not wish to receive these communications, you may unsubscribe by following the instructions at the bottom of any and all communications from Assent. Assent commits to abide by international privacy laws by seeking express and unambiguous consent to use PII when required by law.

How Do We Protect Your Personal Information?

The security of the data in Assent Compliance’s custody is ensured through the use of advanced technology and the practices. Assent Compliance regularly reviews its security procedures to ensure this high level of protection is continuously maintained. We have implemented state of the art administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of personal information in our custody and control. To learn more about current practices and policies regarding security and confidentiality, see our Security Practices.

How Can You Access or Modify Your Information?

Assent Compliance has implemented an access request mechanism, whereby individuals may request access to their PII that Assent holds. Assent Compliance reviews impactful global privacy regulations and is committed to implementing technological upgrades and policies, as well as adopting best practices that ensure it remains compliant with emerging regulatory compliance obligations. You can submit a request to access, edit, or remove your PII that we collect and maintain by contacting us at privacy@assentcompliance.com. Please allow 30 days for any information modification or deletion requests to be processed.

Right to Access, Edit & Remove Your Personal Information

Assent will ensure the accuracy of PII and allow individuals the opportunity to correct their PII upon request and as necessary. Assent will also delete, upon request, any inaccurate PII for which consent has been withdrawn.

An access request cannot be accepted if it puts the privacy of others at risk.

Access, correction, and deletion of PII are provided for free, except where the request requires disproportionate technical effort (such as developing a new system or fundamentally changing an existing practice), or would be extremely impractical (for instance, requests concerning information residing on backup systems). In such cases, Assent will charge a fee corresponding to administrative costs and provide justification for the fee.

If the access request relates to PII stored by a client of Assent, the request will be redirected to that client to respond to the individual.

While we will seek to address any request and resolve any complaint regarding this policy, other complaint mechanisms exist. Assent is subject to the investigatory and enforcement powers of many countries, including, but not limited to: the Federal Trade Commission (FTC) in the U.S., the Office of the Privacy Commissioner of Canada in Canada, and the national data protection authorities in Europe. Assent informs individuals of those resources as relevant.

Do We Disclose the Information We Collect to Outside Parties?

Whether collected through the website, the Supplier Portal or Assent services, PII is never shared, sold, or disclosed without consent, except in the rare cases where it is required to do so by law.

Where Assent is required by law to disclose PII, disclosure will only be done upon demonstrated lawful authority to do so and on the basis of legal advice. As permitted by law, Assent may also access or disclose PII when it is reasonable to believe that it is necessary to (i) enforce applicable terms of service, including investigation of potential violations; (ii) detect, prevent, or otherwise address fraud, security, or technical issues; or (iii) protect the rights, property, or safety of users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

Service Providers

We may share PII with service providers to enable them to perform services related to the operation and maintenance of our commercial website, or for the purpose of sending you the informational materials you have requested. Assent may also hire service providers to operate, maintain, repair, or otherwise improve or preserve files or systems.

Service providers only process PII collected by Assent, on Assent's behalf, under Assent's written instructions, and/or under contractual arrangements containing specific clauses that demand the same level of security and protection of the PII shared with them, as provided for by Assent. All service providers engaged by Assent are subject to this policy and to compliance monitoring in that regard.

Subprocessors

Assent currently uses third-party subprocessors to provide infrastructure and other supporting services. A subprocessor is a third-party data processor engaged by Assent who has or potentially will have access to or process and/or store customer or supplier data. Assent performs diligence to evaluate their privacy, security, and confidentiality practices, and executes an agreement implementing its applicable obligations. Service providers who could come into contact with PII adopt Standard Contractual Clauses (SCCs) and a data processing agreement to be in compliance with the European Union General Data Protection Regulation (GDPR). See, for reference, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

Infrastructure Subprocessors

Assent may use the following subprocessors for hosting services or to provide other infrastructure that helps with delivery of our services:

Name Purpose Location International Transfer Mechanism Additional Safeguards
Amazon Web Services Platform hosting U.S., Canada, Germany SCC https://aws.amazon.com/security/

Supplier Services Subprocessors

Assent leverages the following subprocessors to perform supplier services that may obtain PII:

Name Purpose Location International Transfer Mechanism Additional Safeguards
84CodesAB (RabbitMq) Message Queue Service Sweden SCC https://www.cloudamqp.com/legal/security_policy.html
Atlassian (Jira) Project management infrastructure United States SCC https://www.atlassian.com/trust/security
Google Email service provider and file sharing infrastructure United States SCC https://cloud.google.com/security/privacy
Grafixoft Contractors (Development and Infrastructure) Bulgaria SCC https://www.grafixoft.com/privacy-policy/
Onetrust Cookie/Consent/Preference Management United States SCC Onetrust Security
Pendo Platform usage analytics United States SCC https://www.pendo.io/data-privacy-security/
PBD-BPO Solutions Region Specific Supplier Support Philippines SCC https://www.prominentoutsource.com/contact-us/#
Zendesk Customer support system United States SCC https://www.zendesk.com/product/zendesk-security/

International Transfer Mechanism

Assent offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the EU, and the UK, and other international transfers of PII.

Scope of Application of GDPR to Assent Compliance

Assent is a supply chain data management company that, through compliance reviews performed on behalf of its clients, may hold PII, including data that identifies the location of individuals. This PII is only used as it relates to a compliance assessment or business relationships. Assent collects data directly from individuals in the course of these supplier assessments.

The most sensitive PII held by Assent is employee data. Assent does not perform PII profiling or data mining. Assent Compliance’s privacy policies provide clear and comprehensive information on the PII management processes it employs. Individuals using the Assent Compliance website are alerted to the company’s practices through easy access to this Privacy Policy.

Assent Compliance processes PII exclusively as necessary under the instructions of its customers. Assent Compliance ensures that it collects the minimum PII required to fulfill its services and maintains a retention schedule whereby PII transferred by customers is destroyed once service to that customer is complete.

Changes

This privacy policy is updated as necessary to reflect Assent activities that may entail collection and use of PII, as well as the measures developed to protect it. We post updates to this page and encourage you to review our Privacy Policy regularly to stay informed.

Addressing Questions & Feedback

Assent addresses questions and concerns through its privacy office. Assent Compliance has appointed Russell Frederick as the company’s Data Protection Officer (DPO) to ensure and demonstrate compliance with GDPR. Russell has formed a Privacy Committee that includes a cross-functional team responsible for drafting and rolling out policies, procedures, training, and awareness campaigns throughout the company. Individuals interested in contacting Assent Compliance’s Privacy Committee for any reason may do so by emailing us at privacy@assentcompliance.com. Should a challenge be logged with a supervisory authority for further investigation, Assent Compliance is prepared to fully cooperate with the data protection authorities.

All queries regarding privacy at Assent are directed to the data protection officer via email at privacy@assentcompliance.com or via postal mail at:

Assent Compliance Inc.
Attn: Data Protection Officer
525 Coventry Road
Ottawa, ON, K1K 2C5

Assent makes every effort to respond in a timely and satisfactory manner. For more information, contact privacy@assentcompliance.com.

© 2021 Assent Compliance Inc.