Privacy Policy
Last updated: Jan 9, 2024 8:01 AM
We value your privacy very highly. Please read this Privacy Policy carefully before using the https://compliancescorecard.com Website (the "Website") operated by Compliancerisk.io, Inc. d/b/a Compliance Scorecard, a(n) Corporation formed in New Hampshire, United States ("us," "we," "our") as this Privacy Policy contains important information regarding your privacy and how we may use the information we collect about you.
Your access to and use of the Website is conditional upon your acceptance of and compliance with this Privacy Policy. This Privacy Policy applies to everyone, including, but not limited to: visitors, users, and others, who wish to access or use the Website.
By accessing or using the Website, you agree to be bound by this Privacy Policy. If you disagree with any part of the Privacy Policy, then you do not have our permission to access or use the Website.
What information we collect, where we get this information, how we use this information, what happens if we don't have it, and the legal basis for processing this information
We collect any and all information that you enter on this Website. In the last 12 months, we have collected the following information about individuals using our Website:
Note that we do not use your personal information for the purpose of profiling. Please see the "Your Rights" section below for more information about exercising your privacy rights related to profiling.
With whom we share your personal information
We do not share nor disclose your personal information to any third parties.
How we protect your information
We have implemented the following measures to protect and safeguard your personal information:
- Limiting the amount of personal information that we collect to strictly necessary only;
- Using ssl or other secure connection technologies when receiving or sending personal information beyond internal networks;
- Performing regular risk assessments;
- Mitigating risks by following a risk treatment plan;
- Having comprehensive security policies and procedures;
- Screening all employees with access to personal information;
- Training our employees;
- Requiring our employees to sign confidentiality agreements;
- Encrypting laptops, usbs and other portable media;
- Implementing and monitoring intrusion prevention and detection systems;
- Maintaining up-to-date software and safeguards;
- Performing regular due diligence of vendors;
- Implementing physical security measures;
- Physically and/or logically separating systems containing personal information from public networks such as the internet.
Sale of your information
We do not sell your personal information. Please see the "Your Rights" section below for more information about exercising your privacy rights regarding sales of your personal information.
Our policies and procedures
We have created and maintained the following policies and procedures to aid us in the protection and safeguarding of your information. You may click the link next to the respective policy or procedure to read it.
- Information Classification Policy - https://compliancescorecard.com/category/policies/;
- Bring Your Own Device Policy - https://compliancescorecard.com/category/policies/;
- Teleworking Policy - https://compliancescorecard.com/category/policies/;
- Password Policy - https://compliancescorecard.com/category/policies/;
- Data Disposal and Destruction Policy - https://compliancescorecard.com/category/policies/;
- Clear Desk and Clear Screen Policy - https://compliancescorecard.com/category/policies/;
- Change Management Policy - https://compliancescorecard.com/category/policies/;
- Backup Policy - https://compliancescorecard.com/category/policies/;
- Information Security Policy - https://compliancescorecard.com/category/policies/;
- Access Control Policy - https://compliancescorecard.com/category/policies/;
- Acceptable Use Policy - https://compliancescorecard.com/category/policies/;
- Protection from Malware Policy - https://compliancescorecard.com/category/policies/;
- Training Policy - https://compliancescorecard.com/category/policies/;
- Vendor Management Policy - https://compliancescorecard.com/category/policies/;
- Software Development Life Cycle Policy - https://compliancescorecard.com/category/policies/;
- Testing Policy - https://compliancescorecard.com/category/policies/.
Cookies
A cookie is a small piece of data sent from a website and stored on your device by your browser. This Website collects cookies. Please visit our Cookie Policy to learn more about what cookies we collect, why we collect them, and how to change your cookie settings.
Children's privacy
This Website is intended for use by a general audience and does not offer services to children. Should a child whom we know to be under 18 send personal information to us, we will use that information only to respond to that child to inform him or her that they cannot use this Website. We do not sell the personal information of minors under the age of 16.
Analytics programs
This Website uses Google Analytics to collect information about you and your behaviors. If you would like to opt out of Google Analytics, please visit https://tools.google.com/dlpage/gaoptout/.
Information retention
We retain the following personal information for the following periods of time:
Direct marketing
We use the information that we collect about you for direct marketing purposes. Direct marketing is the act of selling products or services directly to consumers rather than through retailers. You may, at any time, request that we cease to use your information for direct marketing purposes by emailing us at legal@compliancerisk.io.
Your rights
Depending upon where you reside, you may have the following rights with regard to your personal information:
Exercising your rights
You may exercise the rights specified above by submitting a consumer request to:
Legal Dept.
COO
legal@compliancerisk.io
833-558-4825
19 Lisa Beth Cir Dover, NH
US
If you use our cookie consent banner to exercise your privacy rights, the opt out signal will be applied to your browser. If you opt-out by contacting us as stated above, your preference will be applied to your account and our databases, including offline sales.
We will need to verify your identity prior to effectuating your request. To verify your identity, you will need to provide us with the following information with your request:
- Name;
- Postal / Shipping address;
- Billing address;
- Phone number;
- IP address;
- Email address;
- Device identifier;
- Account name;
- email, phone, address.
Please note that we may be unable to process your request if you do not provide us with the above information.
You may also designate an authorized agent to exercise your rights on your behalf. You may designate an agent via any of the ways used to submit requests on your behalf. We will request the agent to verify that he or she has the authority to submit requests on your behalf. We will do so by asking the agent to submit the following information:
- Valid power of attorney;
- The requester's valid government-issued ID;
- The authorized agent's valid government ID.
Please note that we may not be able to process your request if your designated agent and/or you do not provide us with the above information.
We will respond to most consumer requests within 30 to 45 days of receipt, depending upon where you reside. However, some requests may take longer. We will notify you in writing if we need more time to respond. We have the ability to deny your request(s) if certain exceptions in the law apply. If we do deny your request, we will provide you with the reasons for such denial.
You have the right to appeal a refusal to take action on a rights request. You may file an appeal to us at the contact information provided above. We will respond to most appeal requests within 45 days to 60 days of receipt, depending upon where you reside. However, some requests may take longer. We will notify you in writing if we need more time to respond (up to 90 days total). In our response to your appeal, we will inform you of any actions taken or not taken and the reason(s) as to why. Normally, we do not charge a fee to process or respond to consumer requests. However, we may charge a fee for a second or subsequent request within a 12-month period.
Accountability
The following person is accountable and responsible for our privacy practices and procedures:
Legal Dept.
COO
833-558-4825
legal@gcompliancerisk.io
You may lodge a complaint with us by contacting the person accountable and responsible for our privacy practices and procedures at the contact information above. Residents of Quebec may lodge a complaint with the Office of the Privacy Commissioner of Quebec by filling out this form or calling 1-888-528-7741. Residents of Canada may also lodge a complaint with the Office of the Privacy Commissioner of Canada by visiting this page or calling 1-800-282-1376.
Location of data processing
All data processing activities undertaken by us take place in new hampshire.
Data Protection Officer
Tim Golden is our Data Protection Officer and may be reached via email at legal@compliancerisk.io.
Third-party websites
This Website may contain hyperlinks to websites operated by parties other than us. We provide such hyperlinks for your reference only. We do not control such websites and are not responsible for their contents or the privacy or other practices of such websites. It is up to you to read and fully understand their Privacy Policies. Our inclusion of hyperlinks to such websites does not imply any endorsement of the material on such websites or any association with their operators.
Do Not Track
Do Not Track is a preference you can set on your browser to inform websites that you do not want to be tracked. We do not support Do Not Track ("DNT"). You can either enable or disable Do Not Track by visiting the Preferences or Settings page of your browser.
Changes to Privacy Policy
We reserve the right to amend this Privacy Policy at any time. We will notify you of any changes to this Privacy Policy by posting the updated Privacy Policy to this website or application.
Questions
If you have any questions about this Privacy Policy, please contact us at legal@compliancerisk.io.
Privacy Policy
We value your privacy very highly. Please read this Privacy Policy carefully before using the https://compliancescorecard.com Website (the “Website”) operated by Compliancerisk.io, Inc. d/b/a Compliance Scorecard, a(n) Corporation formed in New Hampshire, United States (“us,” “we,” “our”) as this Privacy Policy contains important information regarding your privacy and how we may use the information we collect about you.
Your access to and use of the Website is conditional upon your acceptance of and compliance with this Privacy Policy. This Privacy Policy applies to everyone, including, but not limited to: visitors, users, and others, who wish to access or use the Website.
By accessing or using the Website, you agree to be bound by this Privacy Policy. If you disagree with any part of the Privacy Policy, then you do not have our permission to access or use the Website.