Assent is committed to protecting your personal information.
- Its websites.
- Its Supplier Portal.
- Its services (Assent Compliance Platform, Assent University and the Assent Audit & Inspection Manager), with respect to:
- Collection and use.
- Privacy rights.
"Personal data" means any information relating to an identified or identifiable individual, such as a name, an identification number, location data or an online identifier.
INFORMATION COLLECTED THROUGH THE WEBSITE
The personal data collected through cookies is only used to recognize the user's computer, to assist the user in navigating the website and to capture visit trends.
Visitors to the website are informed up front that they can opt out of the cookies through their web browser settings. The Assent Website Privacy Statement applies regardless of the "Do Not Track" setting on the user's browser.
With the user's consent, we collect the personal data users provide us when they choose to interact with our website. This includes the user's name, email address, username and/or password when filling out an online form or creating an account. This information is used to contact the user to provide services requested, or for account authentication purposes.
The Assent Compliance website is intended for a general audience and does not knowingly collect personal data from anyone under the age of 13.
PRIVACY PRACTICES OF OTHER WEBSITES
While Assent has no control over the privacy policies of websites to which it links, to protect the integrity of its website, it expressly welcomes any feedback about these linked sites (including if a specific link does not work).
DATA COLLECTED THROUGH THE SUPPLIER PORTAL
In the course of its business activities, Assent collects information that individuals provide during Assent's assessment of supply chains, with respect to due diligence procedures. This includes information that enables Assent to perform services for its clients, such as questionnaire responses and the business contact information for the individual providing the responses. The individuals providing this information are responding to an inquiry by a particular client of Assent, to whom they are a supplier. Assent's clients are responsible for ensuring the validity of consent from individuals providing responses to the questionnaires.
Data may be made available to other Assent customers through the Supplier Portal, in aggregate form, for the purposes of maximizing use and reuse of data in anonymized form. Assent will never share personal data without consent and does not collect consumer data.
DATA COLLECTED THROUGH ASSENT SERVICES
Assent's web-based software and services collect personal data via email, SMS, telephone, web-based forms or other means of communication individuals use to interact with Assent. The information collected includes — as necessary — name, email address, username and password, IP addresses, location data, use of the service, as well as payment information, usage data in relation to the services and other information relevant for the purpose of providing the services, specifically to:
- Process transactions with Assent.
- Send emails about Assent's services or respond to inquiries.
- Send emails and updates about Assent services, including newsletters.
- Provide support for Assent services.
- Enhance or improve Assent services.
- Monitor data and user activity to ensure compliance with contractual requirements.
- Perform any other function reasonably necessary to protect the security or proper functioning of Assent services.
With express consent, Assent may post personal testimonials in addition to other endorsements. If a registered user of the service has supplied their email address, Assent may occasionally send an email to promote new features, solicit feedback or keep the user up to date with Assent and its products.
SHARING PERSONAL DATA
Whether collected through the website, the Supplier Portal or Assent services, personal data is never sold or disclosed without consent, except in the rare cases where it is required to do so by law. However, in the course of business, Assent may hire third-party individuals or organizations to help deliver our services. Assent may also hire third parties to operate, maintain, repair, or otherwise improve or preserve files or systems.
In those cases, the third parties only process personal data collected by Assent, on Assent's behalf, under Assent's written instructions, and/or under contractual arrangements containing specific clauses that demand the same level of security and protection of the personal data shared with them, as provided for by Assent. All third parties engaged by Assent are subject to this policy and to compliance monitoring in that regard.
Where Assent is required by law to disclose personal data, disclosure will only be done upon demonstrated lawful authority to do so and on the basis of legal advice. As permitted by law, Assent may also access or disclose personal data when it is reasonable to believe that it is necessary to (i) enforce applicable terms of service, including investigation of potential violations; (ii) detect, prevent, or otherwise address fraud, security or technical issues; or (iii) protect the rights, property or safety of users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
RIGHT TO ACCESS, EDIT & REMOVE YOUR DATA
Individuals may access, edit or remove their personal data by contacting Assent directly at firstname.lastname@example.org.
Assent will ensure the accuracy of personal data and allow individuals the opportunity to correct their personal data upon request and as necessary. Assent will also delete, upon request, any inaccurate personal data or personal data for which consent has been withdrawn.
An access request cannot be accepted if it puts the privacy of others at risk.
Access, correction and deletion of personal data are provided for free, except where the request requires disproportionate technical effort (such as developing a new system or fundamentally changing an existing practice), or would be extremely impractical (for instance, requests concerning information residing on backup systems). In such cases, Assent will charge a fee corresponding to administrative costs and provide justification for the fee.
If the access request relates to personal data stored by a client of Assent, the request will be redirected to that client to respond to the individual.
While we will seek to address any request and resolve any complaint regarding this policy, other complaint mechanisms exist. Assent is subject to the investigatory and enforcement powers of many countries, including, but not limited to: the Federal Trade Commission (FTC) in the U.S., the Office of the Privacy Commissioner of Canada in Canada and the national data protection authorities in Europe. Assent informs individuals of those resources as relevant.
SECURITY MEASURES FOR ALL PERSONAL DATA
Assent applies necessary physical, technological and administrative measures to protect personal data at the level appropriate to its sensitivity. These include:
- Entry-exit registration of visitors.
- Secure areas for the protection of servers and devices.
- Use of SSL Certificates to protect users against unauthorized access.
- Policies governing the management and protection of personal data, made easily accessible and distributed to staff for implementation.
- Risk management plans, threat identification and mitigation measures.
LOCATION OF DATA
Assent stores and processes personal data on computers located in Canada and the United States. This means Canadian and United States privacy laws apply according to where the information is stored. Wherever it stores personal data, Assent ensures, through contractual clauses, that the information will be protected with a comparable level of safeguards. For example, Assent stores information on AWS and Rogers servers, and uses Google services for file sharing and email services. Both AWS and Google are located in the United States and are EU-U.S. Privacy Shield certified. Rogers is a Canadian company and Assent has entered into a data processing agreement with the organization as a subprocessor. Canadian privacy laws have been deemed to provide adequate protection of individuals rights by the European Union privacy authorities.
ADDRESSING QUESTIONS OR CONCERNS
Assent addresses questions and concerns through its privacy office. All queries regarding privacy at Assent are directed to the data protection officer via email at email@example.com or via postal mail at:
Assent Compliance Inc.
Attn: Data Protection Officer
525 Coventry Road
Ottawa, ON, K1K 2C5
Assent makes every effort to respond in a timely and satisfactory manner.
WEBSITE PRIVACY STATEMENT
This website privacy statement explains how your personal data is collected and used when you visit our website.
WHAT INFORMATION DO WE COLLECT?
You can opt out of cookies through the privacy settings on your browser. However, that will disable some features of our site.
INTERACTIONS WITH OUR SITE
When you contact us through our site or fill out an online form, we collect the personal information you provide, such as your name and email address.
HOW DO WE USE YOUR INFORMATION?
We use Personal Data we collect to improve the website or, when you interact with the site, to respond to your requests, and to send you emails about our services and products.
If you do not wish to receive these notifications, you may unsubscribe by following the instructions at the bottom of any and all communications from Assent. Assent commits to abide by international privacy laws by seeking express and unambiguous consent to use Personal Data when required by law.
HOW DO WE PROTECT YOUR PERSONAL DATA?
DO WE DISCLOSE THE INFORMATION WE COLLECT TO OUTSIDE PARTIES?
We never disclose your Personal Data unless it is with your consent or as authorized or required by law.
We may share your Personal Data only with our service providers to enable them to perform services related to the operation and maintenance of our website or for the purpose of sending you the information you have requested. To ensure they protect your Personal Data, we require all Service Providers to sign data protection agreements with Assent Compliance. These agreements also prohibit the Service Providers to sell or share your Personal Data with other third parties.
HOW CAN YOU ACCESS OR MODIFY YOUR INFORMATION?
You can submit a request to access, edit or remove your Personal Data that we collect and maintain by contacting us at firstname.lastname@example.org. Please allow 30 days for any information modification or deletion requests to be processed.
PRIVACY PRACTICES OF OTHER WEBSITES
In an attempt to provide you with increased value, we may include third-party links on our website. These linked sites have separate and independent privacy policies. We encourage you to read the privacy statements of each and every website that requests Personal Data from you. As we seek to protect the integrity of our site, we welcome any feedback about these linked sites (including if a specific link does not work).
WHERE WE KEEP YOUR INFORMATION
We store information in Canada and the United States by leveraging Rogers, Google and AWS data centers. All of our United States sub-processors are EU-U.S. Privacy Shield certified.