Privacy Policies

Assent Is Committed to Protecting Your Personal Information

Privacy Policy Web Privacy Policy GDPR Compliance Process

Website Privacy Statement

This website privacy statement explains how your personal data is collected and used when you visit our website.

What Information Do We Collect?


Assent uses cookies to provide the best possible user experience.

You can manage your cookie preferences through the link below. However, opting out of cookies may disable some features of our site.

How Do We Use Your Information?

We use Personal Data we collect to improve the website or, when you interact with the site, to respond to your requests, and to send you emails about our services and products.

If you do not wish to receive these notifications, you may unsubscribe by following the instructions at the bottom of any and all communications from Assent. Assent commits to abide by international privacy laws by seeking express and unambiguous consent to use Personal Data when required by law.

How Do We Protect Your Personal Data?

In order to protect the Personal Data we collect from you, we take all necessary measures, including keeping our servers and devices in secure areas, maintaining a robust technological infrastructure and implementing information security policies. To learn more, click here to read our Privacy Policy.

Do We Disclose the Information We Collect to Outside Parties?

We never disclose your Personal Data unless it is with your consent or as authorized or required by law.

We may share your Personal Data only with our service providers to enable them to perform services related to the operation and maintenance of our website or for the purpose of sending you the information you have requested. To ensure they protect your Personal Data, we require all Service Providers to sign data protection agreements with Assent Compliance. These agreements also prohibit the Service Providers to sell or share your Personal Data with other third parties.

How Can You Access or Modify Your Information?

You can submit a request to access, edit or remove your Personal Data that we collect and maintain by contacting us at Please allow 30 days for any information modification or deletion requests to be processed.

Privacy Practices of Other Websites

In an attempt to provide you with increased value, we may include third-party links on our website. These linked sites have separate and independent privacy policies. We encourage you to read the privacy statements of each and every website that requests Personal Data from you. As we seek to protect the integrity of our site, we welcome any feedback about these linked sites (including if a specific link does not work).

Where We Keep Your Information

We store information in Canada, Germany, Ireland, and the United States by leveraging AWS and Google data centers.

Questions & Feedback

We welcome your questions or comments about privacy. Please send any and all feedback pertaining to privacy to

Assent Compliance Privacy Policy

This privacy policy explains how Assent Compliance uses and protects personal data it collects through:

  1. Its websites.
  2. Its Supplier Portal.
  3. Its services (Assent Compliance Platform and Assent University), with respect to:
    • Collection and use.
    • Sharing.
    • Retention.
    • Protection.
    • Location.
    • Privacy rights.

"Personal data" means any information relating to an identified or identifiable individual, such as a name, an identification number, location data or an online identifier.

Information Collected Through the Website

The website uses cookies to help Assent better understand how visitors use the site so we can improve it. The cookies collect information such as IP address and location data; use of the site, such as pages visited, links clicked, text entered and mouse movements; and information more commonly collected, such as the referring URL, browser, operating system, and Internet Service Provider.

The personal data collected through cookies is only used to recognize the user's computer, to assist the user in navigating the website, and to capture visit trends.

Visitors to the website outside of the European Union can opt out of receiving cookies via the link below. Visitors accessing the Assent Compliance website from the European Union will be automatically opted out. Those visitors can manage their preferences to consent to cookies when they visit the site. The Assent Website Privacy Statement applies regardless of the "Do Not Track" setting on the user's browser.

With the user's consent, we collect the personal data users provide us when they choose to interact with our website. This includes the user's name, email address, username, and/or password when filling out an online form or creating an account. This information is used to contact the user to provide services requested, or for account authentication purposes.


The Assent Compliance website is intended for a general audience and does not knowingly collect personal data from anyone under the age of 13.

Privacy Practices of Other Websites

While Assent has no control over the privacy policies of websites to which it links, to protect the integrity of its website, it expressly welcomes any feedback about these linked sites (including if a specific link does not work).

Data Collected Through the Supplier Portal

In the course of its business activities, Assent collects information that individuals provide during Assent's assessment of supply chains, with respect to due diligence procedures. This includes information that enables Assent to perform services for its clients, such as questionnaire responses and the business contact information for the individual providing the responses. The individuals providing this information are responding to an inquiry by a particular client of Assent, to whom they are a supplier. Assent's clients are responsible for ensuring the validity of consent from individuals providing responses to the questionnaires.

Data may be made available to other Assent customers through the Supplier Portal, in aggregate form, for the purposes of maximizing use and reuse of data in anonymized form. Assent will never share personal data without consent and does not collect consumer data.

Data Collected Through Assent Services

Assent's web-based software and services collect personal data via email, SMS, telephone, web-based forms or other means of communication individuals use to interact with Assent. The information collected includes — as necessary — name, email address, username and password, IP addresses, location data, use of the service, as well as payment information, usage data in relation to the services and other information relevant for the purpose of providing the services, specifically to:

  • Process transactions with Assent.
  • Send emails about Assent's services or respond to inquiries.
  • Send emails and updates about Assent services, including newsletters.
  • Provide support for Assent services.
  • Enhance or improve Assent services.
  • Monitor data and user activity to ensure compliance with contractual requirements.
  • Perform any other function reasonably necessary to protect the security or proper functioning of Assent services.

With express consent, Assent may post personal testimonials in addition to other endorsements. If a registered user of the service has supplied their email address, Assent may occasionally send an email to promote new features, solicit feedback or keep the user up to date with Assent and its products.

Sharing Personal Data

Whether collected through the website, the Supplier Portal or Assent services, personal data is never sold or disclosed without consent, except in the rare cases where it is required to do so by law. However, in the course of business, Assent may hire third-party individuals or organizations to help deliver our services. Assent may also hire third parties to operate, maintain, repair, or otherwise improve or preserve files or systems.

In those cases, the third parties only process personal data collected by Assent, on Assent's behalf, under Assent's written instructions, and/or under contractual arrangements containing specific clauses that demand the same level of security and protection of the personal data shared with them, as provided for by Assent. All third parties engaged by Assent are subject to this policy and to compliance monitoring in that regard.

Where Assent is required by law to disclose personal data, disclosure will only be done upon demonstrated lawful authority to do so and on the basis of legal advice. As permitted by law, Assent may also access or disclose personal data when it is reasonable to believe that it is necessary to (i) enforce applicable terms of service, including investigation of potential violations; (ii) detect, prevent, or otherwise address fraud, security or technical issues; or (iii) protect the rights, property or safety of users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

Right to Access, Edit & Remove Your Data

Individuals may access, edit or remove their personal data by contacting Assent directly at

Assent will ensure the accuracy of personal data and allow individuals the opportunity to correct their personal data upon request and as necessary. Assent will also delete, upon request, any inaccurate personal data or personal data for which consent has been withdrawn.

An access request cannot be accepted if it puts the privacy of others at risk.

Access, correction and deletion of personal data are provided for free, except where the request requires disproportionate technical effort (such as developing a new system or fundamentally changing an existing practice), or would be extremely impractical (for instance, requests concerning information residing on backup systems). In such cases, Assent will charge a fee corresponding to administrative costs and provide justification for the fee.

If the access request relates to personal data stored by a client of Assent, the request will be redirected to that client to respond to the individual.

While we will seek to address any request and resolve any complaint regarding this policy, other complaint mechanisms exist. Assent is subject to the investigatory and enforcement powers of many countries, including, but not limited to: the Federal Trade Commission (FTC) in the U.S., the Office of the Privacy Commissioner of Canada in Canada and the national data protection authorities in Europe. Assent informs individuals of those resources as relevant.

Security Measures for All Personal Data

Assent applies necessary physical, technological and administrative measures to protect personal data at the level appropriate to its sensitivity. These include:

  • Entry-exit registration of visitors.
  • Secure areas for the protection of servers and devices.
  • Use of SSL Certificates to protect users against unauthorized access.
  • Policies governing the management and protection of personal data, made easily accessible and distributed to staff for implementation.
  • Risk management plans, threat identification and mitigation measures.

Location of Data

Assent stores and processes personal data on computers located in Canada, Germany, Ireland, and the United States. This means Canadian, United States, and EU privacy laws apply according to where the information is stored, and per customer instructions. Wherever it stores personal data, Assent ensures, through contractual clauses, that the information will be protected with a comparable level of safeguards. For example, Assent stores information on AWS and uses Google services for file-sharing and email services. Both AWS and Google are located in the United States and are EU-U.S. Privacy Shield certified.


This privacy policy is updated as necessary to reflect Assent activities that may entail collection and use of personal data, as well as the measures developed to protect it.

Addressing Questions or Concerns

Assent addresses questions and concerns through its privacy office. All queries regarding privacy at Assent are directed to the data protection officer via email at or via postal mail at:

Assent Compliance Inc.
Attn: Data Protection Officer
525 Coventry Road
Ottawa, ON, K1K 2C5

Assent makes every effort to respond in a timely and satisfactory manner.

GDPR Compliance Process

Assent Compliance has developed personal data management practices that comply with global privacy regulations and align to industry standards and best practices.

This webpage highlights the practices Assent Compliance has implemented with regard to its management of Personally Identifiable Information (PII).

Scope of Application of GDPR to Assent Compliance

Assent is a supply chain data management company that, through compliance reviews performed on behalf of its clients, may hold PII, including data that identifies the location of individuals. This personal data is only used as it relates to a compliance assessment or business relationships. Assent collects data directly from individuals in the course of these supplier assessments.

The most sensitive personal data held by Assent is employee data. Assent does not perform personal data profiling or data mining.

GDPR Compliance at Assent


Assent Compliance’s privacy policies provide clear and comprehensive information on the personal data management processes it employs. Individuals using the Assent Compliance website are alerted to the company’s practices through easy access to the Website Privacy Statement and the Privacy Policy.


The Assent Compliance website enables visitors to consent to the collection of personal data through cookies. The scope and extent of collection and processing is made clear in Assent Compliance’s Privacy Policy.

Visitors to the Assent Compliance website may manage their cookie preferences via the link provided below.


Assent Compliance processes personal data exclusively as necessary under the instructions of its customers. Assent Compliance ensures that it collects the minimum personal data required to fulfill its services, and maintains a retention schedule whereby personal data transferred by customers is destroyed or anonymized once service to that customer is complete.


The security of the data in Assent Compliance’s custody is ensured through the use of advanced technology and the practices described in the Privacy Policy. Assent Compliance regularly reviews its security procedures to ensure this high level of protection is continuously maintained. To learn more about current practices and policies regarding security and confidentiality of the Services, please see our Security Practices.

Individual Rights

Assent Compliance has implemented an access request mechanism, whereby individuals may request access to their personal data that is held by Assent Compliance. Assent Compliance reviews impactful global privacy regulations and is committed to implementing technological upgrades and policies, and adopting best practices that ensure it remains compliant with emerging regulatory compliance obligations.

Internal Compliance

Assent Compliance has appointed Russell Frederick as the company’s Data Protection Officer (DPO) to ensure and demonstrate compliance with GDPR. Russell has formed a Privacy Committee that includes a cross-functional team responsible for drafting and rolling out policies, procedures, training and awareness campaigns throughout the company. Individuals interested in contacting Assent Compliance’s Privacy Committee for any reason may do so by emailing us at Should a challenge be logged with a supervisory authority for further investigation, Assent Compliance is prepared to fully cooperate with the data protection authorities.

For more information, contact

© 2021 Assent Compliance Inc.