IAOB Data Privacy and Protection

24 Aug 2021


In compliance with Regulation (EU) 2016/679, General Data Protection Regulation ('GDPR') and other applicable data protection laws, regulations, and policies, the IAOB has developed our IAOB website in accordance with appropriate and required data protection and privacy principles. To the full extent possible, the IAOB has implemented appropriate safeguards to ensure your personal data is collected only to the extent necessary to provide the product/services you request or require of us, and to reduce any personal risk to you in the unlikely event of a data breach. We do this through industry best practices, including encryption, tokenization, and more. The IAOB is also committed to providing transparent information regarding your rights related to the information we collect, including – whenever possible – the ability to review and amend any information you provide and any additional information we collected from you as a result of your use of our services.

Data controller

The IAOB (referred to as 'we', 'us', 'our' in this policy) is the Data Controller of all personal information that is collected by or through our website and used for the benefit of the IAOB customers.

EU Data Protection Rights

GDPR grants all EU natural persons several data protection rights. For more information about these rights, please visit our EU Data Protection Rights page. The policy below outlines how we will support you in exercising these rights.

The information we collect/process and why:

Our websites and related services collect and process needed personal information for the following reasons:

  1. So that we can provide you with the products and services you purchase or use on our website. (In other words, it is necessary to perform our contract with you.)
  2. So that we can better understand, through statistical analysis, who visits our website and provide better products/services.
  3. So that we can provide you with recommendations on additional products/services you can purchase from us.
  4. So that we can comply with legal requirements and protect ourselves from legal liability.

We collect general aggregate telemetry data whenever anyone visits our website including:

  1. Name, organization name, billing address, email address, telephone number.
  2. IP Address, computer/web browser configuration
  3. Language preference, time zone settings
  4. Access history
  5. Any information you provide while using our products/services (such as answers to survey's, work files, notes, etc.)

Personal information, listed above, is processed in conjunction with your creation and use of an account with us. Without providing us with this personal data as requested/required, you will not be able to use (or successfully use) the products and services on this website; it is a requirement necessary (1) to enter into a contract with us, (2) for us to fulfill our contract with you, and (3) for us to meet our applicable statutory requirements.

How we use your personal data:

In addition to allowing the proper functioning of this website, your information may be used or transmitted as follows:

  1. Your information may be reviewed, either individually or in aggregate, by members of our staff to support you and our company in the provision of products and services.
  2. Your information may be reviewed, either individually or in aggregate, by organizations that are partnered with us (e.g. industry groups, regulatory bodies, training providers, proctoring service providers, etc.) to create, support, manage, or qualify/certify the products or services we provide.
  3. Some of your information may be reviewed, either individually or in aggregate, by designated contact people at your employer.
  4. Some of your information may be collected and provided to us by third-party services that collect telemetry data on our behalf.
  5. Some of your information may be transferred to our payment provider(s), associated financial institutions, and your bank, to facilitate the processing of payments for any purchases made on our site.
  6. Some of your information may be provided to governmental agencies if we are legally required to do so.

If our company were to be sold or acquired, your personal data may be provided to the purchasing entity. However, your personal information will not be shared with (except as noted above) and will not be sold to third-parties.

International data transfer

We are located outside of the EU and Asia, and we operate servers in many countries around the world. Some of which are not in the European Economic Area (“EEA”) (such as Canada and USA) and your personal information may be transferred between these servers. While countries outside the EEA may not always have strong data protection laws, your data will be treated with the same high degree of safeguards (and in line with EU law on data protection), regardless of the country where we collect, store, or process your data. Our partners, including payment processors and those providing telemetry services, may also operate servers around the world, but our selection of these partners is based on their compliance with the same data protection principles and legal requirements we adhere to.

Data retention, access, rectification, and erasure

When you create an account on this website, this account will remain active until you indicate that you wish to close it. Data collected related to your use of products and services on this website will be retained and securely associated with your account. When you close your account with us, we must retain certain personal information for a period no less than seven (7) years to comply with legal and financial requirements imposed on us. We may also securely archive this information both to ensure compliance and for aggregate statistical analysis.

To the extent possible, notwithstanding limitations related to intellectual property and our legal requirements, we will provide you with access to the information you provide in our system through the 'Account' and/or 'Profile' section(s) of our websites. If you notice an error in the information you provide to us, or that we collected from you, we will either provide you with tools to directly correct this information through the aforementioned sections of our websites, or support you in the correction process when you contact our Customer Support Team (contact_us@iaob.org).

You may request to have your account closed and personal information erased by contacting our Customer Support Team (contact_us@iaob.org). Notwithstanding the aspects we must preserve for legal and financial reasons, as outlined above, we will promptly remove any/all unnecessary personal data from our system within 30 days.

Cookies and site tracking

This site uses cookies, and other similar browser technology, to enable us to improve our service to you and to support certain essential aspects of our sites’ functionality (please view the IAOB Cookie Policy).

Cookies are small text files that are transferred to your computer's hard drive through your web browser to enable us to recognize your browser and track visitors to our site. A cookie contains an identifier that allows us to recognize your computer and/or account when you travel around our site, helping you accomplish your purchase or task. Most Web browsers automatically accept cookies, but, if you wish, you can change these browser settings by accepting, rejecting and deleting cookies. The 'help' portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. If you choose to change these settings, you may find that certain functions and features will not work as intended. The cookies we use do not detect any information stored on your computer.

For more information about cookies and how to stop cookies being installed visit the following website: http://www.allaboutcookies.org. (NOTE: This is a third-party informational website not managed by the IAOB or its partners.)

Your rights

If you have concerns related to our application of this policy and data protection principles, we invite you to contact us at contact_us@iaob.org. We will make every effort to remedy the situation promptly and to our mutual satisfaction.

You will not have to pay a fee to access your personal information (or to exercise any of your legal rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In the unlikely event of a data breach that compromises some or all the personal information you provided on this website (including any breach that impacts processing organizations we rely on), we will notify you and applicable authorities within 72 hours of being made aware of the situation and make every effort to promptly rectify the situation. We do not store or process sensitive personal data (such as credit card details, or other categories outlined in Regulation (EU) No 2016/679 Article 9) on our servers.

Notification for Revisions to this Document

This document may be updated periodically to further clarify our data protection policies and provisions. In the event we make a change to this document that significantly impacts the personal information we process or impacts your rights as it relates to this data, we will contact all account holders through the email address we have on file.