The Privacy Notice was last updated on: February 17, 2023
At AuditBoard, Inc., we are committed to respecting your privacy. A reference in this Privacy Notice to “AuditBoard”, “we”, “us”, or “our” is a reference to AuditBoard Inc. This AuditBoard Privacy Notice (“Privacy Notice”) describes how we collect, use, disclose, transfer, and store your Personal Data (as defined herein) for the activities described below, including when you visit an AuditBoard website that links to this Privacy Notice (“Website”), when you attend our marketing and events both online and offline (“Events”), when you apply for a job at AuditBoard, and for our business account management. This Privacy Notice describes your choices and rights related to your Personal Data. Personal Data means personally identifiable information, which may include but is not limited to your first and last name, mailing addresses (home and business), phone number, and email address.
If you have any questions or concerns about our use of your Personal Data, then please contact us using the Contact Information provided at the bottom of this Privacy Notice.
We recommend that you read this Privacy Notice in full to ensure you are fully informed; however, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link below to jump to that section.
- AuditBoard as a Service Provider
- Personal Data We Collect
- How We Use Your Personal Data
- Disclosure of Data
- International Data Transfers
- Data Retention
- Your Rights Over Your Personal Data
- Legal Basis for Processing Personal Data
- Privacy Policies of Third-Party Services and Third-Party Websites
- Contact Information
- Legal Disclaimer
AuditBoard as a Service Provider
AuditBoard is headquartered in the United States and our customers are organizations such as businesses that use our software solutions and services (“Service” or “Services”) to process audit, risk and compliance information, which may include some Personal Data of our customers’ end users and employees (“Customer Data Subjects”). AuditBoard processes Personal Data about these Customer Data Subjects in our enterprise cloud application only according to our customers’ instructions as a “processor” or “service provider” and this Privacy Notice does not apply. Personal Data shared with AuditBoard through the use of integrations (included within the Service) is considered as data that the customer is the controller of and included in the definition of Customer Data Subjects.
If you are a Customer Data Subject and have questions or want to exercise any of your rights regarding your Personal Data, you should direct your inquiry to the relevant AuditBoard customer. If you contact AuditBoard directly for these purposes, we are required to inform the relevant AuditBoard customer (if we can identify them from the contact details you provided).
If you use the AuditBoard platform as part of your business or you are an entity that has an agreement with AuditBoard (collectively, an “Organization”), that Agreement will supersede this Privacy Notice in the event of any overlap or conflict with this Privacy Notice.
Personal Data We Collect
AuditBoard is the controller of your Personal Data under this Privacy Notice, unless expressly specified otherwise. Under this Privacy Notice, we collect Personal Data about you from a variety of sources, including directly or automatically from you, from third party sites and businesses, as well as from publicly available information.
Personal Data We Collect Directly from You
As a visitor, you may be asked or choose to provide us with your Personal Data on some areas of our Website, such as:
- First name
- Last name
- Business email
- Telephone number
- Company name
- Job level
- Functional role
- Location (city, state, country)
Some areas of the Website (such as the AuditBoard Community), require you to create a user account. As part of your user account, you may choose to provide us with additional information, such as but not limited to username, area of expertise and social media profiles.
If you register to attend a AuditBoard-sponsored Event, we may require certain data, including:
- First name
- Last name
- Business email
- Telephone number
- Company Name
- Billing information (in some instances)
In some instances, we may also request the type of data listed below:
- Dietary preferences
- Emergency contact and medical conditions
- Shirt size
Customer Account Management
We collect business contact information for account management purposes related to the use of AuditBoard software-as-a-service applications or professional services.
End User Account Management
If you have registered for an account directly with AuditBoard (for example, to access the AuditBoard Community or Learning Academy) we collect the account registration information you give us (for example, your name and email) and your profile information (for example, your company name). Additionally, we collect name, company, and email address to manage AuditBoard webinar registrations for customers and partners. You may have the option to personalize your account with additional information.
Recording Sales Calls
We may record sales phone calls, video calls, teleconferences and web conferences (including audio and video content) for quality assurance, training purposes, as well as improving our sales processes and making our sales calls more impactful. We may analyze the content of our calls using data analytics tools to gain better insights into our interactions with customers.
If AuditBoard collects any other personal data from you, we will explain which data and why we need it at the time we collect it.
Personal Data Obtained from Third-Party Sources
AuditBoard may also collect business contact information about you from other sources including third parties from whom we have purchased business contact information and from publicly accessible websites, such as your company’s website, professional network services, or press releases. Business contact information may include:
- First name
- Last name
- Business email
- Telephone number
- Company name
- Job level
- Functional role
- Business street address
- Online identifier
- Employment history
In some instances, AuditBoard may combine Personal Data you have provided to us with Personal Data collected from other sources as described above. We use this data for our internal customer analytics, to identify prospective customer marketing opportunities, and to improve the relevance of our Website content and our advertising.
AuditBoard discloses applicant Personal Data for its own business purposes to the following recipients:
- Affiliates and Subsidiaries. AuditBoard transfers and discloses Personal Data between AuditBoard group companies and its affiliates, in the US and other countries, including outside your country of residence, and will be stored and processed manually and electronically through global systems and tools for the purposes above.
- Service Providers. Personal Data may be disclosed with companies that help us run our business by processing Personal Data on behalf of AuditBoard or its applicants and candidates for hiring purposes. Such companies include, but are not limited to, recruitment services, data storage services, background check services, email, IT service.
How We Use Your Personal Data
To Contact You
AuditBoard uses the data we collect about you to provide AuditBoard Websites, services, and support. For example, if you provide data to us in a “Contact Us” form, we will use your data to respond to the request.
AuditBoard uses your Personal Data and information about your activity on our websites to contact you for marketing purposes (including by phone or email) in accordance with your marketing preferences, including to contact you about product announcements, newsletters, and details on upcoming Events. We also use it to send administrative information, such as notices related to products, services, or policy changes.
To Plan and Manage Events
If you register for or attend an Event, AuditBoard uses your data for Event planning and management, including registration, billing, and connecting with other Event attendees, or to contact you further about relevant products and services in accordance with your marketing preferences. Any information you provide about emergency contacts, dietary preferences or medical conditions would be used only for your safety and health purposes.
For Improvements Purposes
AuditBoard uses the Personal Data we collect to understand how our websites and services are being used and to make improvements. For example, we may solicit your feedback about your experience using our services, and ways that we can improve those services. In addition, we may use the search queries entered into the AuditBoard Community to improve search capabilities or performance. Additionally, we use questions posted or comments on AuditBoard Community to enrich the content or help guide future enhancements to our products and services. We use third party services to view aggregated information about end user usage and interactions.
For Security and Investigations
AuditBoard may use your Personal Data by tracking use of our Website to diagnose Website technical problems, as well as to prevent, detect, mitigate, and investigate potential security issues, as well as fraudulent or illegal activity.
For Education, Training, and Webinars
If you participate in a AuditBoard-offered education, training course, or webinar, your enrollment and attendance information will be recorded to track and potentially report your participation and completion. We may use this information to recommend additional content.
Diclosure of Data
Affiliates and Service Providers
We may share your information with third party service providers to perform functions on our behalf. For example, outsourced customer care agents such as answering service providers and analytics providers. Your information will be treated as private and confidential by such service providers and not used for any other purpose than we authorize.
We may share information you share in using our Website among our subsidiaries or other websites that we own or control, but such sharing of information is always governed under the terms of this Privacy Notice.
Webinars, Events, and Other Activities
AuditBoard may offer the following solely or jointly with third parties or partners: webinars, Events, whitepaper downloads, or other services related to AuditBoard offerings or services. We may share your contact information and interests in these offerings or services with these approved third parties and your data will be governed by that third party’s privacy notice if we do so.
When you attend an Event (either sponsored by AuditBoard or one where AuditBoard is a participating vendor) and have your badge scanned, your Personal Data will be shared with AuditBoard, as well as with any partner or third party participating in that Event, and potentially with the entity sponsoring your attendance at the Event. For example, if your badge is scanned as you attend a session at a AuditBoard-sponsored conference, AuditBoard and any co-presenters will have access to that information to understand who was in attendance, and potentially follow up with you on relevant products or services. If you do not want your data shared with AuditBoard or partners in this manner, do not have your badge scanned. If your badge is scanned by a partner or a third party at an event, your data will be governed by that party’s privacy notice.
AuditBoard may disclose Personal Data if we have a good faith belief that such action is necessary to (a) conform to legal requirements or comply with legal processes; (b) protect and defend our rights or property; and/or (c) act to protect the interests of our users or others.
Data/Information Transfers as a Result of Sale of Business
If AuditBoard goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your Personal Data may be among the assets transferred.
When you view the Website, we may store some information on your computer's hard drive. This information will be in the form of a "Cookie". “Cookies” are information files which your web browser places on your computer when you visit a web site.
Most web browsers automatically accept Cookies and session IDs, but you can change your browser to prevent that. Without accepting a Cookie or session ID, your use of the Website and the Service may be affected.
- to authenticate a user as they navigate various parts of the Website. This enables a user to re-visit any Website without having to re-enter information upon each visit Cookies and session IDs may also be used to automate data entry functions. When you submit additional information in a user form, the cookie information is associated with other personal information you submit.
- for information about your device and your usage of the Service through cookies, web beacons, log files or similar technologies, such as IP addresses or other identifiers, which may qualify as Personal Data.
- affiliates may use this information to note different areas of any Website which have recently been accessed through your computer. Information collected in this way may be used to serve advertisements relevant to your interests.
- understanding a visitors behavior to deliver personalized advertising
Please note: The Website is not presently configured to respond to DNT or “do not track” signals from web browsers. We do however provide a cookie preference manager and you can exercise your Cookie preferences through our "Cookie Preferences" manager (link located in the footer of our Website).
AuditBoard also does not share aggregated, de-identified, or statistical information about users, Website visitors (and your use of our Websites and Services) with others for a variety of purposes, including to improve our Services or delivery of the Website. Such information is not Personal Data and is not subject to the restrictions set forth in this Privacy Notice.
International Data Transfers
The Website is hosted in the United States and United Kingdom. If you are user accessing the Website from the European Union, Australia, Asia, Canada or any other region with laws or regulations governing personal data collection, use, and disclosure, that may differ from United States laws, please note that you are transferring your personal data to the United States which does not have the same data protection laws as such other regions. We however, take reasonable and appropriate steps to protect the Personal Data that you share with us from unauthorized access or disclosure. For further information on this, please review the Security section of this Privacy Notice (link to the Security Section below). User information (including Personal Information or “personal data” as defined by foreign laws) collected through the Website may be stored and processed in the United States, and by using the Website, you consent to any such transfer of information outside of your home country.
AuditBoard will retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the Service you have requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible. AuditBoard’s Service features allow customers who are authorized users to determine their own policies regarding storage, access, modification, deletion, sharing, and retention of Personal Data. Customers should regularly check with the admin of the Services for your company about the policies and settings it has in place.
Notwithstanding the foregoing, we may retain Personal Data for longer periods only if such retention is required or necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation.
Your Rights Over Your Personal Data
Depending on where you are located, you may have certain legal rights over the Personal Data we process about you, subject to local privacy laws. These may include, but are not limited to, the right to:
- Obtain information about and access the Personal Data we process about you.
- Have incorrect Personal Data updated.
- Have your Personal Data deleted.
- Restrict the processing of your Personal Data.
- Object to the processing of your Personal Data carried out on the basis of our legitimate interests or for direct marketing purposes.
- Receive a copy of your Personal Data in an electronic and machine-readable format.
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision-Making”). AuditBoard does not perform Automated Decision-Making as part of the processing activities covered by this Privacy Notice but may design marketing campaigns to target individuals based on some Personal Data.
- Receive the categories of sources from whom we collected your Personal Data.
- Opt out of marketing communications at any time. You can update your email subscription settings by clicking on the “Manage your Subscriptions” link in marketing emails we send you or by visiting https://go.auditboard.com/preferences-center.html.
- Complain to a regulator or data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
AuditBoard will not discriminate against you for exercising your rights.
You can exercise the applicable rights by contacting us using the contact information at the bottom of this Privacy Notice.
If your Personal Data has been submitted to us by or on behalf of a AuditBoard customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly (see AuditBoard as a Service Provider section above for further information).
Legal Basis for Processing Personal Data
Our legal grounds for collecting and using your Personal Data as described in this Privacy Notice fall into the following four categories.
Consent: In some cases, we ask you for your consent to process your Personal Data, such as when we need your consent for marketing purposes. You can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. If you would like to withdraw your consent, you can do so by contacting us as provided in the Contact Information section below.
Legitimate Interest: We process certain data for the legitimate interests of AuditBoard, our affiliates, our partners, or our customers. These legitimate interests include, for example, contacting you to provide support or sending you marketing information (subject to applicable law); detecting, preventing, and investigating illegal activities and potential security issues; and maintaining and improving the Website and mobile applications. We will rely on our legitimate interests for processing Personal Data only after balancing our interests and rights against the impact of the processing on individuals.
Performance of a Contract: Sometimes we process Personal Data to perform our obligations under an agreement with you. For example, we use payment information you provide when you register for an Event to process your payment.
Other Legal Bases: In some cases, we may have a legal obligation to process your Personal Data, such as in response to a court or regulator order. We also may need to process your Personal Data to protect vital interests, or to exercise, establish, or defend legal claims.
Wherever your Personal Data may be held with AuditBoard, we take reasonable and appropriate steps to protect the Personal Data that you share with us from unauthorized access or disclosure. AuditBoard uses commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of Personal Data and applicable processing activity, such as data encryption, and enforcement of least privilege and need-to-know principles. We train our employees on data handling practices. We believe the security of your information is a serious issue and we are committed to protecting the information we receive from you. Although AuditBoard complies with its legal obligations with respect to security of your Personal Data and while we attempt to ensure the integrity and security of Personal Data, please note that no method of transmission over the Internet, or method of electronic storage, is completely secure.
Please note that data that is transported over an open network, such as the Internet or e-mail, may be accessible to anybody. We cannot guarantee the confidentiality of any communication or material transmitted via such open networks. When disclosing any personal information via an open network, you should remain mindful of the fact that it is potentially accessible to others, and consequently, can be collected and used by others without your consent.
Privacy Policies of Third-Party Services and Third-Party Websites
AuditBoard is not responsible for the privacy practices of third party websites (even if we offer links to third party websites at the Website) and these third parties are under no obligation to comply with this Privacy Notice. Before visiting a third party website and before providing any information to the party that operates or advertises on that third party website, users should review the privacy notice and practices of that website to determine how information that they collect from their users will be handled. Please further note, depending on a user's particular interaction with our websites (e.g. users who solely navigate one of our websites versus users who use the services offered through the Website), different portions of this Privacy Notice may apply to users at different times.
AuditBoard does not knowingly allow any visitors or users under the age of eighteen (18) to use or otherwise access to the Website. AuditBoard does not wish to collect any Personal Data (or any information at all) from any persons under 18 years old. In any case, you affirm that you are over the age of 13, as THE WEBSITE IS NOT INTENDED FOR CHILDREN UNDER 13 WHO ARE UNACCOMPANIED BY HIS OR HER PARENT OR LEGAL GUARDIAN.
Please contact us if you have any questions or comments about this Privacy Notice or any of our privacy practices. You can contact AuditBoard's data protection officer at firstname.lastname@example.org or by mail at:
Attention: Privacy Officer
12900 Park Plaza Drive
Cerritos, CA 90703
The Website operates "AS-IS" and "AS-AVAILABLE," without warranties of any other kind. We are not responsible for events beyond our direct control. This Privacy Notice is governed by the laws of the State of California, excluding conflicts of law principles. Any legal actions against AuditBoard, Inc. arising out of or related to the Website or any services offered therefrom must be commenced in the county of Los Angeles in the state of California in the United States of America. AuditBoard reserves the right, at our discretion, to change, modify, add or remove portions of this Privacy Notice at any time. If AuditBoard changes any portions of its Privacy Notice, it will revise the date at the top of this Privacy Notice. AuditBoard encourages users to periodically review this Privacy Notice to remain informed of any such changes.