Introduction
Provectus Consulting Limited (“we”, “us”, or “our”) is committed to protecting the privacy of our customers and users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services.
- Information We Collect
2.1. Personal Information
2.1.1. User Account Information
• Full Name: First and last name of the user.
• Email Address: Primary email used for account creation, login, and communication or two-factor authentication.
• Phone Number: Contact number for login, customer support or two-factor authentication.
• Username: Unique identifier within the platform.
• Password: Stored in a hashed and encrypted format.
• Professional information (e.g., job title, company name)
2.1.2. Usage Data
• User IP Address: For identifying the user’s network or for security purposes.
• User Browser Type and Version: For optimizing user experience and troubleshooting.
• User Operating System: For compatibility and support reasons.
• User Device Type: Information about whether access is from mobile, desktop, etc.
• User Log Data: Includes timestamps, login attempts, logout times, and page visits.
• User Feature Usage: Data on how users interact with specific features within the platform.
• User Access Time & Location: Geolocation and time stamps of logins and usage.
2.1.3. Communication Data
• User Messages & Chat: Where the platform and customer support avail messaging features for communication between users.
• Support Tickets: Information shared when a user contacts customer support.
• Email Correspondence: Content of emails exchanged with the company.
2.1.4. Marketing and Analytics Data
• Newsletter Subscriptions: Opt-ins for email newsletters or product updates.
• Marketing Preferences: Information on how the user wishes to be contacted for marketing purposes.
• Survey Responses: Data provided in feedback or satisfaction surveys.
• Cookies and Tracking Technologies: Data from cookies, pixel tags, or beacons for analytics and targeted advertising.
• Referral Data: How the user was referred to the platform (e.g., from a marketing campaign).
2.1.5. Security and Authentication Data
• Two-Factor Authentication Information: Phone numbers or authentication app data.
• Security Questions and Answers: If used for password recovery.
• API Tokens: If accessing the service programmatically.
2.1.6. Compliance Data
• Government IDs or Business Licenses: In cases where legal identification or verification is required.
• Records for Regulatory Compliance: If applicable (e.g., GDPR, CCPA, HIPAA).
2.1.7. Employee and Contractor Information
• Employee Identifiers: For Organization’s employees or contractors using the platform.
• Role-Based Permissions: Data on which users have certain permissions or roles within the platform.
2.1.8. Third-Party Integrations
• Third-Party Accounts: Information from third-party services (e.g., Google, Microsoft) where the platform integrates with external services.
• OAuth Tokens: Authentication tokens from third-party services to access integrated tools.
2.1.9. Audit Logs
• Action History: Logs of changes made within the platform (e.g., updates to user data, configurations).
2.2. Organizational tied to user(s)
2.2.1. General Information
• Company Name: Name of the user organization(s)
• Company Address: Mailing address of the business (street, city, state, country).
• Organizational Email Addresses: Of representatives for account management or support.
• Organizational Phone Numbers: For communication and support purposes.
• Organizational Tax Identification Number: If required for invoicing or compliance.
2.2.2. Billing Information
• Organizational Credit Card Information: Card number, expiration date, CVV (stored securely and tokenized)
• Organizational Billing Address: Address associated with the payment method.
• Organizational Purchase History: Records of payments, transactions, and invoices.
• Organizational VAT/Tax Numbers: For applicable regions or businesses.
2.3. Content Data (Information input into our platform)
• Background check data
• Compliance checklists
• Conflicts of interest disclosures
• Litigation details
• Risk assessments
• Policy acknowledgments
• Third-party documentation
• Shareholder and board information
• Website Usage
• Information related to purchasing and setting up a subscription on our platform
- How We Use Your Information
We use the personal and organizational information we collect for various purposes, including but not limited to the following:
3.1. Providing and Maintaining Our Services
• To create and manage user accounts, authenticate logins, and provide access to the platform.
• To ensure the proper functioning and security of the services, including troubleshooting, monitoring, and technical support.
• To deliver updates, new features, or service-related notifications that improve the user experience.
3.2. Improving and Personalizing User Experience
• To analyze user activity, preferences, and feedback to enhance and optimize platform performance.
• To tailor content, product features, and functionality based on individual and organizational usage patterns.
• To implement machine learning and AI-driven recommendations based on user behavior to provide a more personalized experience.
3.3. Processing Transactions and Managing Accounts
• To process payments, manage subscriptions, and send invoices, receipts, and transaction-related notifications.
• To maintain accurate financial records and provide businesses with detailed billing reports.
• To manage user roles and permissions, ensuring authorized access to specific features or data within the platform.
3.4. Communicating with Users About Our Services
• To send important service-related communications, such as updates on security, performance, or changes in terms.
• To provide customer support, address user inquiries, and resolve any issues related to the use of the platform.
• To deliver promotional and marketing materials, where consent has been provided, including newsletters, product updates, and special offers.
3.5. Ensuring Compliance with Legal and Regulatory Requirements
• To comply with local and international regulations, including data protection laws like GDPR, CCPA, or industry-specific regulations (e.g., HIPAA for healthcare).
• To retain records of user consent and privacy-related preferences, and to enable users to exercise their rights under applicable laws (e.g., data access, correction, or deletion requests).
• To provide information to law enforcement or government agencies as required by law.
3.6. Detecting and Preventing Fraud or Misuse of Our Services
• To monitor and analyze usage patterns to detect, investigate, and mitigate fraudulent activity, unauthorized access, or breaches of our terms.
• To implement security measures such as multi-factor authentication, encryption, and anomaly detection for safeguarding user accounts and data.
• To prevent the misuse of our platform, ensuring compliance with our terms of service and acceptable use policies.
3.7. Enhancing Security and Performance Monitoring
• To log data such as IP addresses, device identifiers, and access times for the purposes of ensuring system integrity and identifying potential security threats.
• To conduct audits, monitor usage, and investigate security incidents or vulnerabilities within the platform.
• To perform regular updates and maintenance on the system infrastructure to ensure service reliability and uptime.
3.8. Aggregating and Anonymizing Data for Analytics and Reporting
• To aggregate usage data and anonymize personal identifiers for the purpose of creating reports and insights on platform performance, user trends, and business intelligence.
• To share non-personally identifiable information with partners, analysts, or advertisers for the purposes of improving our services and expanding our business offerings.
• To conduct research and development activities, improving the overall functionality and competitiveness of the platform. - Data Sharing and Disclosure
We respect your privacy and are committed to handling your personal and organizational information with care. We only share your information in the following circumstances and with appropriate safeguards:
4.1. Third-Party Service Providers
We may share your information with trusted third-party service providers who assist us in operating, maintaining, and enhancing our services. These third parties are bound by strict confidentiality agreements and are only permitted to use your data for specific purposes, such as:
• Payment Processors: To facilitate billing, payments, and refunds securely.
• Cloud Hosting and Storage Providers: To host data and ensure platform uptime and availability.
• Analytics and Performance Tools: To help us analyze how our services are used, optimize user experience, and improve our offerings.
• Customer Support Services: To assist in delivering timely support and resolving technical or service-related issues.
• Email Service Providers: For delivering transactional emails, notifications, or marketing materials (where consent is given).
All third-party partners are carefully selected and regularly reviewed to ensure compliance with applicable data protection laws, including GDPR, CCPA, and others as required.
4.2. Legal and Regulatory Authorities
We may disclose your personal information to governmental, regulatory, or legal authorities as required by law or in response to valid legal processes, such as:
• Compliance with Laws: When required to comply with local, national, or international regulations, statutes, court orders, or subpoenas.
• Protection of Rights: To defend, protect, or exercise our legal rights or the rights of our users, or to investigate, prevent, or take action regarding potential violations of our terms of service.
• Fraud and Security: To address potential security threats, fraud, or unlawful activities and to protect the safety of our users and the public.
4.3. Business Partners with Your Consent
With your explicit consent, we may share your information with select business partners or affiliates for specific purposes, such as:
• Co-Marketing Initiatives: If you participate in joint promotions, webinars, or events co-hosted by our business partners.
• Third-Party Integrations: When you choose to integrate our platform with third-party applications or services (e.g., CRM systems, project management tools), we may share relevant data to facilitate such integrations.
• Customization and Personalization: To enhance your experience with personalized content or product recommendations, with your consent.
In all cases, we ensure that our business partners adhere to appropriate data protection standards and that any data shared is done so with your explicit knowledge and approval.
4.4. In Connection with Business Transfers (Merger, Acquisition, or Sale of Assets)
In the event of a corporate transaction, such as a merger, acquisition, consolidation, asset sale, or financing, your information may be transferred as part of the business assets. In such circumstances:
• We will take reasonable steps to notify you before any personal information becomes subject to a different privacy policy.
• Any acquiring entity will be required to continue to honor the commitments we have made regarding your privacy unless you are notified of any material changes.
4.5. Aggregated and Anonymized Data
We may share aggregated, anonymized, or de-identified data with third parties for purposes such as analytics, research, benchmarking, or industry reporting. This data does not contain any personally identifiable information (PII) or any data that can be used to re-identify individuals or organizations.
4.6. Internal Sharing
We may share data within our own organization or with affiliates, subsidiaries, or parent companies for legitimate business purposes, such as:
• Managing your account or providing enhanced services.
• Internal reporting, research, and service optimization.
• Compliance with legal and regulatory obligations applicable to the group.
4.7. Your Data Protection Rights
We take steps to ensure that any third parties who receive your information act in accordance with applicable data protection laws and safeguard your personal data. Where required, we will obtain your explicit consent before sharing your personal information. You have the right to:
• Withdraw consent to data sharing at any time (where consent is required).
• Request access to, or deletion of, personal information that has been shared with third parties.
• Inquire about the specific third parties with whom your data has been shared.
We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.
- Data Protection and User Rights
We are committed to safeguarding your personal information and ensuring that you retain control over your data. This section explains how we protect your data and the rights you have concerning the personal information we collect and process.
5.1. Data Protection Measures
We use a variety of industry-standard security measures to protect your personal data from unauthorized access, misuse, disclosure, alteration, and destruction. These include, but are not limited to:
• Encryption: We encrypt personal data both in transit and at rest using secure technologies (e.g., SSL/TLS, AES encryption) to prevent unauthorized access.
• Access Control: Only authorized personnel with legitimate business needs have access to personal data, and all access is logged and monitored.
• Multi-Factor Authentication: For enhanced security, we employ multi-factor authentication to protect user accounts.
• Data Minimization: We only collect the minimum amount of personal data necessary for the purposes outlined in this policy.
• Regular Audits and Monitoring: We conduct regular security audits and employ monitoring tools to detect and mitigate any vulnerabilities or threats.
• Incident Response: In the event of a data breach, we have a detailed incident response plan to notify affected users and relevant authorities as required by law.
5.2. User Rights and Choices
Depending on your location and applicable data protection laws, you may have the following rights regarding your personal information:
5.2.1. Right to Access
You have the right to request access to the personal information we hold about you. This includes:
• Details of what data we are processing.
• The purposes for which the data is being used.
• Third parties with whom the data has been shared.
5.2.2. Right to Rectification
If any of your personal information is inaccurate or incomplete, you have the right to request that we correct or update it without undue delay.
5.2.3. Right to Erasure (“Right to Be Forgotten”)
You may request the deletion of your personal data in certain circumstances, including when:
• The data is no longer needed for the purpose for which it was collected.
• You have withdrawn your consent (if consent was the basis for processing).
• You object to the processing and there is no overriding legitimate interest to continue processing.
Please note that we may retain certain data if it is necessary for legal obligations or legitimate business purposes (e.g., record-keeping, tax obligations).
5.2.4. Right to Data Portability
You have the right to request a copy of the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to request that we transmit this data directly to another controller, where technically feasible.
5.2.5. Right to Restriction of Processing
You can request the restriction of the processing of your personal information in certain cases, such as:
• – If you contest the accuracy of the data.
• – If the processing is unlawful but you oppose the deletion of the data.
• – If you have objected to processing and are awaiting verification of whether legitimate grounds override your request.
5.2.6. Right to Object
You may object to the processing of your personal data based on legitimate interests, direct marketing, or automated decision-making. We will cease processing unless we can demonstrate compelling legitimate grounds for the processing, or if it is required for legal reasons.
5.2.7. Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent will not affect the lawfulness of any processing conducted before your withdrawal.
5.2.8. Right to Lodge a Complaint
If you believe that our processing of your personal data violates applicable data protection laws, you have the right to file a complaint with a data protection supervisory authority in your jurisdiction.
5.3. Exercising Your Rights
You can exercise your rights at any time by contacting us at privacy@assentvalise.com or through your account settings on our platform where applicable. Please provide sufficient information to verify your identity before we process your request. We will respond to all legitimate requests within the legally mandated time frames, typically within 30 days.
- Data Retention and Deletion
We retain your personal information only for as long as necessary to:
• Provide our services
• Fulfill the purposes for which it was collected
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements
Once the retention period has expired, we will securely delete or anonymize your personal data. You may request deletion of your information, subject to any legal requirements that mandate retention of certain data. We will honor such requests to the extent permitted by law. - International Data Transfers
As part of providing our services, your data may be transferred to, stored in, or processed in countries outside your own, including countries that may not have equivalent data protection laws. In such cases:
• We ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful mechanisms, are in place to protect your data.
• We comply with applicable data protection laws to ensure the security of your personal information during international transfers. - Automated Decision-Making and Profiling
We may use automated decision-making, including profiling, to analyze user behavior or to provide personalized services. However:
• You have the right not to be subject to decisions based solely on automated processing, unless the decision is necessary for the performance of a contract or you have provided explicit consent.
• You may request human intervention, express your point of view, or contest decisions made through automated processes. - Changes to This Privacy Policy
We may update this policy periodically. We will notify you of any significant changes and obtain consent where required. - Contact Information
For any questions or concerns regarding this Privacy Policy, please contact us at:
Provectus Consulting Limited
privacy@assentvalise.com
Last updated: 1st August 2024
Version: 1.01