Privacy Policies

Assent is Committed to the Privacy of Your Personal Information

Privacy Policy Web Policy

Website Privacy Statement

This website privacy statement explains how your Personal Data is collected and used when you visit our website.

What Information Do We Collect?

Cookies

When you visit our websites, we use cookies to collect information such as your IP address, location data and the pages visited. Our purpose for collecting this information is to better understand how you use our site and to improve it.

You can opt-out of cookies through the privacy settings on your browser. That will disable, however, some features of our site.

Interactions with our site

When you contact us through our site or fill out an online form, we collect the personal information you provide such as your name and email address.

How Do We Use Your Information?

We use Personal Data we collect to improve the website or, when you interact with the site, to respond to your requests, and to send you emails about our services and products.

If you do not wish to receive these notifications, you may unsubscribe by following the instructions at the bottom of any and all communications from Assent. Assent commits to abide by international privacy laws by seeking express and unambiguous consent to use Personal Data when required by law.

How Do We Protect Your Personal Data?

In order to protect the Personal Data we collect from you, we take all necessary measures including keeping our servers and devices in secure areas, maintaining a robust technological infrastructure and implementing information security policies. To learn more click here to read our Privacy Policy.

Do We Disclose the Information We Collect to Outside Parties?

We never disclose your Personal Data unless it is with your consent or as authorized or required by law.

We may share your Personal Data only with our service providers to enable them to perform services related to the operation and maintenance of our website or for the purpose of sending you information you have requested. To ensure they protect your Personal Data, we require all Service Providers to sign data protection agreements with Assent Compliance. These agreements also prohibit the Service Providers to sell or share your Personal Data with other third parties.

How Can You Access or Modify Your Information?

You can submit a request to access, edit or remove your Personal Data that we collect and maintain by contacting us at privacy@assentcompliance.com. Please allow 30 days for any information modification or deletion requests to be processed.

Privacy Practices of Other Websites

In an attempt to provide you with increased value, we may include third-party links on our website. These linked sites have separate and independent privacy policies. We encourage you to read the privacy statements of each and every website that requests Personal Data from you. As we seek to protect the integrity of our site, we welcome any feedback about these linked sites (including if a specific link does not work).

Where we keep your information

We store information in Canada and the United States through Google and AWS, who are both EU-US Privacy Shield certified.

Questions & Feedback

We welcome your questions or comments about privacy. Please send any and all feedback pertaining to privacy to privacy@assentcompliance.com.

ASSENT COMPLIANCE PRIVACY POLICY

This privacy policy explains how Assent Compliance uses and protects personal data it collects through:

  1. Its websites.
  2. Its Supplier Portal.
  3. Its services (Assent Compliance Platform; Assent University Classroom; and Assent Audit & Inspection Manager), with respect to:
    • Collection and use.
    • Sharing.
    • Retention.
    • Protection.
    • Location.
    • Privacy rights.

"Personal data" means any information relating to an identified or identifiable individual, such as a name, an identification number, location data or an online identifier.

INFORMATION COLLECTED THROUGH THE WEBSITE

The website uses cookies to help Assent better understand how visitors use the site so we can improve it. The information cookies collect includes IP address and location data; use of the site, such as pages visited, links clicked, text entered and mouse movements; and information more commonly collected, such as the referring URL, browser, operating system and Internet Service Provider.

The personal data collected through cookies is only used to recognize the user's computer, to assist the user in navigating the website and to capture visit trends.

Visitors to the website are informed up front that they can opt out of the cookies through their web browser settings. The Assent Website Privacy Statement applies regardless of the "Do Not Track" setting on the user's browser.

With the user's consent, we collect the personal data users provide us when they choose to interact with ourwebsite. This includes the user's name, email address, username and/or password when filling out an onlineform or creating an account. This information is used to contact the user to provide services requested, or foraccount authentication purposes.

CHILDREN

The Assent Compliance website is intended for a general audience and does not knowingly collect personal data from anyone under the age of 13.

PRIVACY PRACTICES OF OTHER WEBSITES

While Assent has no control over the privacy policies of websites to which it links, to protect the integrity of its website, it expressly welcomes any feedback about these linked sites (including if a specific link does not work).

DATA COLLECTED THROUGH THE SUPPLIER PORTAL

In the course of its business activities, Assent collects information that individuals provide during Assent's assessment of supply chains, with respect to due diligence procedures. This includes information that enables Assent to perform services for its clients, such as questionnaire responses, as well as the business contact information for the individual providing the responses. The individuals providing this information are responding to an inquiry by a particular client of Assent, to whom they are a supplier. Assent's clients are responsible for ensuring the validity of consent from individuals providing responses to the questionnaires.

Data may be made available to other Assent customers through the Supplier Portal, in aggregate form, for the purposes of maximizing use and re-use of data in anonymized form. Assent will never share personal data without consent.

DATA COLLECTED THROUGH ASSENT SERVICES

Assent's web-based software and services collect personal data via email, SMS, telephone, web-based forms or other means of communication individuals choose to interact with Assent. The information collected includes, as necessary, name, email address, username and password, IP addresses, location data, use of the service, as well as payment information, usage data in relation to the services and other information relevant for the purpose of providing the services, specifically to:

  • Process transactions with Assent.
  • Send emails about Assent's services or respond to inquiries.
  • Send emails and updates about Assent services, including newsletters.
  • Provide support for Assent services.
  • Enhance or improve Assent services.
  • Monitor data and user activity to ensure compliance with contractual requirements.
  • Perform any other function reasonably necessary to protect the security or proper functioning of Assent services.

With express consent, Assent may post personal testimonials in addition to other endorsements. If a registered user of the service has supplied their email address, Assent may occasionally send an email to promote new features, solicit feedback or keep the user up to date with Assent and its products.

SHARING PERSONAL DATA

Whether collected through the website, the Supplier Portal or Assent services, personal data is never sold or disclosed without consent, except in the rare cases where it is required to do so by law. However, in the course of business, Assent may hire third party individuals or organizations to help deliver our services. Assent may also hire third parties to operate, maintain, repair, or otherwise improve or preserve files or systems.

In those cases, the third parties only process personal data collected by Assent, on Assent's behalf, under Assent's written instructions, and/or under contractual arrangements containing specific clauses that demand the same level of security and protection of the personal data shared with them, as provided for by Assent. All third parties engaged by Assent are subject to this policy and to compliance monitoring in that regard.

Where Assent is required by law to disclose personal data, disclosure will only be done upon demonstrated lawful authority to do so and on the basis of legal advice. As permitted by law, Assent may also access or disclose personal data when it is reasonable to believe that it is necessary to (i) enforce applicable terms of service, including investigation of potential violations; (ii) detect, prevent, or otherwise address fraud, security or technical issues; or (iii) protect the rights, property or safety of users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

RIGHT TO ACCESS, EDIT AND REMOVE YOUR DATA

Individuals may access, edit or remove their personal data by contacting Assent directly at privacy@assentcompliance.com.

Assent will ensure the accuracy of personal data and allow individuals the opportunity to correct their personal data upon request and as necessary. Assent will also delete, upon request, any inaccurate personal data or personal data for which consent has been withdrawn.

An access request cannot be accepted if it puts the privacy of others at risk.

Access, correction and deletion of personal data are provided for free, except where the request requires disproportionate technical effort (such as developing a new system or fundamentally changing an existing practice), or would be extremely impractical (for instance, requests concerning information residing on backup systems). In such cases, Assent will charge a fee corresponding to administrative costs and provide justification for the fee.

If the access request relates to personal data stored by a client of Assent, the request will be redirected to that client to respond to the individual.

While we will seek to address any request and resolve any complaint regarding this policy, other complaint mechanisms exist. Assent is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) in the U.S., the Office of the Privacy Commissioner of Canada in Canada and the national data protection authorities in Europe. Assent informs individuals of those resources as relevant.

SECURITY MEASURES FOR ALL PERSONAL DATA

Assent applies necessary physical, technological and administrative measures to protect personal data at the level appropriate to its sensitivity. These include:

  • Entry-exit registration of visitors.
  • Secure areas for the protection of servers and devices.
  • Use of SSL Certificates to protect users against unauthorized access.
  • Policies governing the management and protection of personal data, made easily accessible and distributed to staff for implementation.
  • Risk management plans, threat identification and mitigation measures.

LOCATION OF DATA

Assent stores and processes personal data on computers located in Canada and the United States. This means Canadian and United States privacy laws apply according to where the information is stored. Wherever it stores personal data, Assent ensures, through contractual clauses, that the information will be protected with a comparable level of safeguards. For example, Assent stores information on AWS servers and uses Google services for file sharing and email services. Both AWS and Google are located in the United States and are EU-US Privacy Shield certified.

CHANGES

This privacy policy is updated as necessary to reflect Assent activities that may entail collection and use of personal data, as well as the measures developed to protect it.

ADDRESSING QUESTIONS OR CONCERNS

Assent addresses questions and concerns through its privacy office. All queries regarding privacy at Assent are directed to the data protection officer via email at privacy@assentcompliance.com or via postal mail at:

Assent Compliance, Inc.
Attn: Data Protection Officer
525 Coventry Road
Ottawa, ON, K1K 2C5

Assent makes every effort to respond in a timely and satisfactory manner.

© 2018 Assent Compliance Inc.