Privacy Policy

Effective Date: March 1, 2020
Last Updated: July 10, 2024

This Privacy Policy (the “Privacy Policy”) governs all aspects of A-LIGN’s collection, use, maintenance, and disclosure of personal information and personal data as defined in the relevant data privacy laws (the “Personal Data”) from all users (each a “User” and collectively, “Users”) of its corporate website and its services, including A-LIGN’s proprietary compliance management software system and any further modifications thereto (“A-SCEND”).

Introduction

A-LIGN is a leading cybersecurity and compliance professional services firm providing audit and attestation services. A-LIGN is comprised of Price and Associates CPAs, LLC d/b/a A-LIGN Assurance, a licensed certified public accounting firm registered with the Public Company Accounting Oversight Board (“PCAOB”), A-LIGN Compliance and Security, Inc., and its affiliates and subsidiaries (“A-LIGN”), which are collectively referred to as A-LIGN throughout this policy. Also, when this Privacy Policy refers to A-LIGN the wider A-LIGN group of companies is meant. Depending on which entity is responsible for the processing of Personal Data and the underlying systems, the A-LIGN affiliate and/or A-LIGN are the data controllers of Personal Data as defined herein, which means they determine what Personal Data is needed and how it is used. Unless specifically stated otherwise herein, this Privacy Policy applies to A-LIGN.

The purpose of this policy is to provide users with transparency with respect to A-LIGN’s collection and use of Personal Data, including while using A-SCEND. A-LIGN is committed to protecting the confidentiality of information entrusted to it by users and has prepared this Privacy Policy to inform Users of A-LIGN’s practices and policies concerning the collection, use, processing, maintenance and disclosure of Personal Data. Below you will find the contents of this policy by section.

CONTENTS OF THIS POLICY

  1. Personal Data Collection
  2. What Personal Data We Collect
  3. Personal Data We Use
  4. Legal Bases for Processing
  5. Data Retention
  6. Disclosure of Personal Data
  7. Safeguards
  8. Enforcement and Dispute Resolution
  9. Rights of the Data Subject Residing in the European Union or to which GDPR applies
  10. Privacy Policy for California Residents
  11. Opting Out and Unsubscribing from the Mailing List
  12. International Personal Data Transfers
  13. Children’s Data
  14. Changes to Policy
  15. Contact Information
  16. Disclaimer

1. Personal Data Collection

HOW WE COLLECT PERSONAL DATA

You have supplied your Personal Data:

  • We collect Personal Data such as a first and last name, phone number, email address, and other contact information when you send us a message through our website or when you or your company register with A-SCEND or when you submit Personal Data for obtaining access to A-SCEND or when you choose, or are provided with, a username, password, or any other piece of information as part of our security procedures.
  • When a user subscribes to a mailing list.
  • When a user registers for a webinar, event and/or whitepaper.
  • Through resume submissions, contracting and/or employment inquiries.

You have accessed our websites or A-SCEND:

  • We may collect information using analytics tools, including when you visit our websites or log in to A-SCEND. The data we receive is dependent upon your privacy settings in your browser.

We provide you services:

  • We may collect your Personal Data if you are part of an entity that we provide or receive services from.
  • We may also collect Personal Data when you upload, share send or input Personal Data through A-SCEND or our services.

You use A-SCEND and its integration features and automated evidence collection:

  • We may receive data from third parties, such as: cloud hosting providers; analytics providers; advertising networks; search information providers; providers of technical, payment and supply services, information brokers or aggregators.

The information is public:

  • We may collect information about you through governmental agencies that publish public records and other publicly available resources, including websites, or through various social media platforms, for example, by liking us on Facebook, following us on Twitter, LinkedIn, or other social networks. The data we receive is dependent upon your privacy settings with the social network.

2. What Information and Data We Collect

When you submit information to our website, or send us an email, or enter into a contract with us, or register with A-SCEND, or when you submit them for obtaining access to A-SCEND, or when you choose, or are provided with, a username, password, or any other piece of information as part of our security procedures, we may collect the following Personal Data:

  • First and last name
  • Phone number
  • Email address
  • Security questions and other information to provide user account maintenance and
  • Other contact information in response to surveys about our service offerings

In addition, when a user browses our website, or when you use A-SCEND, we may collect:

  • Cookies
  • Geolocation information
  • Mobile / device information
  • Browser information
  • Operating system
  • IP address
  • Technical information such as referral websites, browsing history, crash, and system error issues

3. Personal Data We Use

A-LIGN may use Personal Data it has collected through its website and service offerings as well as through your use of A-SCEND for any of the following:

  • To provide services to Users or clients of A-LIGN or one of its subsidiaries, affiliates and business partners.
  • To determine users’ interest in services or to inform Users about services offered by A-LIGN or one of its subsidiaries, affiliates and business partners.
  • To customize a Users’ preferences to enhance a User’s experience with A-LIGN or one of its subsidiaries, affiliates and business partners.
  • To customize ads to Users according to User preferences and settings.
  • To provide technical, quality control and perform maintenance to A-SCEND, our website and internal systems.

4. Legal Bases for Processing

LEGITIMATE INTEREST

The processing is based on our legitimate interests or the legitimate interests of our subsidiaries and affiliates to continuously operate, improve and/or personalize our services and develop new services, monitor the usage of our website, and ensure the security and detect any frauds and abuse, unless the requirement to protect the individual’s personal data overrides those legitimate interests.

CONSENT

You have provided express consent to the processing of your Personal Data for the specific purposes by explicitly ticking the relevant buttons, where applicable, and by voluntarily filling in and providing your Personal Data.

CONTRACT

Processing is required for the performance of a contract in which A-LIGN has been engaged to perform services.

5. Data Retention

We retain Personal Data for as long as reasonably necessary to fulfill the purpose for which it was originally collected unless a longer retention period is required based on applicable law, regulation, and/or professional standards.

6. Disclosure of Personal Data

A-LIGN uses all information collected from a User for internal purposes only.  We may share your Personal Data with our subsidiaries and affiliates.

Furthermore, A-LIGN may, from time to time, disclose Personal Data about a user to other persons or entities that perform services on behalf of A-LIGN (“Service Providers”), but only when:

  • The Service Provider has agreed to use such information solely for the purposes of providing services to A-LIGN;
  • The Service Provider agrees to protect such information in the same manner as the policies set forth in this policy statement;
  • A-LIGN needs to share the user’s information to provide the service the user has requested;
  • A-LIGN needs to send the information to a Service Provider who works on behalf of A-LIGN to provide a service to you.

Unless A-LIGN informs a user otherwise, a service provider does not have any right to use the Personal Data A-LIGN provides to them beyond what is necessary to assist A-LIGN, or in response to a legal obligation including without limitation a subpoena, court order or A-LIGN believes that the law requires disclosure, or where the information is currently in the public domain.

Upon lawful requests by public authorities, governmental agencies, law enforcement agencies, or other third parties in order to comply with any law, court order, legal request, or other legal process, including to meet national security or law enforcement requirements, A-LIGN may disclose Personal Data as required by law.

A-LIGN does not and will not sell, share or rent your Personal Data to anyone in exchange for monetary compensation. We may disclose your Personal Data by allowing certain third parties (such as online advertising services, advertising networks and social networks) to collect Personal Data via automated technologies on our websites for cross-context behavioral advertising purposes. 

We may sell or share for cross-context behavioral advertising purposes the following categories of personal information about you to online advertising services, advertising networks and social networks: identifiers, online activity and inferences as described in our California Consumer Privacy Statement representing an Attachment to this Privacy Policy, an integral part hereto.

7. Safeguards

A-LIGN holds personal data in the United States currently.  A-LIGN keeps a user’s Personal Data for as long as A-LIGN determines necessary to fulfill the objective for which it was collected. Personal Data is maintained on A-LIGN systems that are protected using industry standard security measures to ensure the confidentiality, availability, and integrity of the Personal Data. Unfortunately, however, A-LIGN cannot and does not guaranty that the information submitted to, maintained by, or transmitted from A-LIGN is or will always be completely secure, as transmission of information over the internet is oftentimes susceptible to potential interception, misuse, willful and/or negligent acts or omissions, misrouting, or possible loss.

8. Enforcement and Dispute Resolution

A-LIGN will investigate and attempt to resolve all disputes and complaints regarding our use and disclosure of Personal Data in accordance with this Privacy Policy.

If you are a resident of the European Union and your concern with A-LIGN has not been addressed satisfactorily, or if you believe we are not processing your Personal Data in accordance with applicable law or in accordance with this Privacy Policy, you have the right to file a complaint with the Data Protection Authority in the member state in which you reside.

9. Rights of the Data Subject Residing in the European Union or to which GDPR applies

Residents of the European Union have certain rights under European data protection law with respect to Personal Data, including the right to request access to, correct, amend, delete, limit the use of, object to or withdraw your consent for the processing of your Personal Data at any time. They may also have the right to receive a copy of your personal information in a commonly used and machine-readable format and to transmit such information to another controller (data portability).

If you are a resident of the European Union and would like to submit a Data Subject Access Request, please send us an email at [email protected] .

A-LIGN will respond in accordance with applicable laws and professional standards applicable to A-LIGN. We are open about the Personal Data we collect and have implemented mechanisms to enable you to exercise any rights you might have with respect to your Personal Data.

After receiving your request and sufficient information to verify your identity, we will provide you with a copy of the Personal Data we have about you which you are entitled to receive under applicable law. We will also confirm the purposes for which such Personal Data is being used, its recipients and the origin of the information.

You may write to us at any time requesting amendments to certain Personal Data that you consider to be incorrect or irrelevant, or to request that we block, erase or otherwise remove your Personal Data. We will update, block, erase or remove your Personal Data upon request in line with applicable law.

You may at any time ask us to delete your Personal Data. We will consider and where necessary comply with your request in accordance with applicable law, as explained above.

10. Privacy Policy for California Residents

A-LIGN adopted the California Consumer Privacy Statement which supplements the information contained herein and represents an Attachment to this Privacy Policy, an integral part hereto. The California Consumer Privacy Statement applies solely to personal information as defined in the relevant data privacy laws collected about California consumers, such as our website visitors, attendees of our webinars and events, representatives of our business customers and business partners, and job applicants.

To submit an access, correction, or deletion request, please contact us at [email protected] or call us at 1-888-702-5446. To opt-out of the sale or sharing of your personal information, follow the instructions provided in this Do Not Sell or Share My Personal Information link. To submit a request as an authorized agent on behalf of a consumer, please contact [email protected].

11. Opting Out and Unsubscribing from the Mailing List

All our marketing communications contain an easy way to opt out from receiving future messages, such as a link through which you can unsubscribe.

If you would like to opt out of receiving marketing messages, you may use the unsubscribe link contained in the messages you have received, or alternatively you may send A-LIGN an email at [email protected].

Nevada, Virginia, Colorado, Connecticut, Utah, Texas, Oregon and, beginning on October 1, 2024, Montana  residents may also have the right to opt-out of the use of their personal information for targeted advertising (including online behavior advertising) and/or opt-out of the sale of their personal information by clicking this Do Not Sell or Share My Personal Information link or calling us at 888-702-5446 or please contact [email protected].

12. International Personal Data Transfers

A-LIGN complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.  A-LIGN has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ .

A-LIGN commits to resolve complaints about our collection or use of your Personal Data. If you have any questions, complaints and/or other concerns, please first contact us at: [email protected].

You may also lodge a complaint with your local data protection authority or with the Data Protection Authority in Bulgaria, namely the Commission for Personal Data Protection, at [email protected] .

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, A-LIGN commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

A-LIGN has further committed to refer unresolved complaints with regard to Personal Data other than human resources data to International Centre for Dispute Resolution, International Division American Arbitration Association (“ICDR-AAA”), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://go.adr.org/dpf_irm.html and www.dataprivacyframework.gov for more information or to file a complaint.  The services of the ICDR-AAA are provided at no cost to you.

The Federal Trade Commission has jurisdiction over compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF for A-LIGN.

If your complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms as provided in the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

In the context of an onward transfer, A-LIGN has responsibility for the processing of Personal Data it receives under privacy principles including the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. A-LIGN shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

13. Children’s Data

We define a child as a natural person who is under the age of 16 years old. We do not collect children’s data, whether knowingly, actively, or otherwise, and we do not actively market to children. If we discover that we have collected a child’s data, the data is deleted immediately.

Where we know a child is above the age of 16, but considered a minor under applicable law, we will obtain parental/guardian consent prior to using that child’s personal information.

14. Changes to the Policy

A-LIGN reserves the right to update this Privacy Policy periodically to keep up with regulatory and industry standards. If there is a substantial change in the way we use Personal Data, any such changes shall be effective from the date of posting of any revisions hereto to our websites as well as to any existing information then being retained by A-LIGN. In certain circumstances, we may need to request your consent to continue to process your Personal Data, based on any changes in our processing basis, methods and/or interest.

15. Contact Information

Please direct all inquiries regarding this privacy policy or our data collection and processing practices to our Data Protection Officer at: [email protected].  

DPO MAILING ADDRESS

Mrs. Diana Milkova
A-LIGN’s Data Protection Officer
245 Slivnitsa Blvd, 4th floor
Sofia 1202
Bulgaria

CORPORATE MAILING ADDRESS

A-LIGN
400 North Ashley Drive, Suite 1325
Tampa, Florida 33602

16. Disclaimer

A-LIGN is the owner and controller of this website. We do not consent to the use and/or reproduction of the content and information on this website without our consent, pursuant to applicable copyright law.

A-LIGN is not responsible, nor do we have control of third-party websites/links to and from our website.

CALIFORNIA CONSUMER PRIVACY STATEMENT

Effective Date: January 1, 2023

This California Consumer Privacy Statement (“Statement”) supplements our Privacy Policy and is an integral part thereto. This Statement applies solely to personal information collected about California consumers, such as our website visitors, attendees of our webinars and events, representatives of our business customers and business partners, and job applicants. This Statement does not apply to A-LIGN’s personnel.

This California Consumer Privacy Statement uses certain terms that have meanings given to them in the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) and its implementing regulations (collectively, the “CCPA”).

Notice of Collection and Use of Personal Information

We may collect (and may have collected during the 12-month period prior to the Effective Date of this Statement) the following categories of personal information about you:

A. Identifiers: identifiers such as a real name, alias, postal address, unique personal identifier (such as device identifiers; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number; unique pseudonym; user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, Internet Protocol address, email address, account name and login credentials (including security questions and other information for user account maintenance), Social Security number, driver’s license number, passport number and other similar identifiers.

B. Additional Data Subject to Cal. Civ. Code § 1798.80: signature, credit card number, debit card number, bank account number and other financial information,state identification card number, and education information.

C. Protected Classifications: characteristics of protected classifications under California or federal law, such as gender, race, age, sex, national origin, marital status, disability, citizenship status, and military and veteran status.

D. Commercial Information: commercial information, including products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies.

E. Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history and information regarding your interaction with websites, applications or advertisements.

F. Geolocation Data: IP addresses;

G. Employment Information: professional or employment-related information, such as business contact information, résumé information, occupation details, education details, certifications and professional associations, previous employment details, pre-employment screening and background check information, including criminal records information.

H. Education Information: education information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).

I. Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

We may use (and may have used during the 12-month period prior to the effective date of this Statement) the categories of personal information listed above for the purposes described in the A-LIGN Privacy Policy and for the following business purposes as described in the CCPA:

  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytics services, providing storage, or providing similar services;
  • Providing advertising and marketing services to you, except for cross-context behavioral advertising (which is addressed in the Sale or Sharing of Personal Information Section below);
  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;
  • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us;
  • Helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes;
  • Debugging to identify and repair errors that impair existing intended functionality;
  • Undertaking internal research for technological development and demonstration;
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us;
  • Managing career opportunities with us; and
  • Managing our relationships with current or prospective partners, corporate customers and vendors and other business partner personnel.

A-LIGN does not use or disclose sensitive personal information with the purpose of inferring characteristics about consumers.

Retention of Personal Information

We will retain your personal information for the time period reasonably necessary to achieve the purposes described in the A-LIGN Privacy Policy and this Statement, or any other notice provided at the time of collection, taking into account our legal obligations and our records retention requirements. 

Sources of Personal Information 

During the 12-month period prior to the Effective Date of this Statement, we may have obtained personal information about you from the following categories of sources:

  • Directly from you, such as when you apply to a job online, subscribe to our mailing list, register for our webinars, events and/or whitepapers, or otherwise contact us
  • From your devices, such as when you interact with our website, products, and other online services
  • Online advertising services and advertising networks
  • Social networks
  • Data brokers
  • Recruiting and talent agencies
  • Job references, such as your employers

Sale or Sharing of Personal Information

We do not sell or share your personal information in exchange for monetary compensation. We may disclose your personal information by allowing certain third parties (such as online advertising services, advertising networks and social networks) to collect personal information via automated technologies on our websites for cross-context behavioral advertising purposes.

Under California law, these kinds of disclosures may be considered a “sale” when the personal information is exchanged for non-monetary consideration, or “sharing” when the personal information is disclosed for cross-context behavioral advertising purposes. You have the right to opt out of these types of disclosures of your information.

We may sell or share for cross-context behavioral advertising purposes (and may have sold or shared during the 12-month period prior to the Effective Date of this Statement) the following categories of personal information about you to online advertising services, advertising networks and social networks:

  • Identifiers
  • Online Activity
  • Inferences

We do not have actual knowledge that we sell or share the personal information of minors under 16 years of age.

Disclosure of Personal Information

During the 12-month period prior to the Effective Date of this Statement, we may have disclosed the following categories of personal information about you for a business purpose to the following categories of third parties:

Categories of Personal InformationCategories of Third Parties
Identifiers·       Vendors who provide services on our behalf
·       Online advertising services and advertising networks
·       Social networks
·       Data brokers
·       Job references, such as your employers
Additional Data Subject to Cal. Civ. Code § 1798.80·       Vendors who provide services on our behalf
Protected Classifications·        Vendors who provide services on our behalf
·        Government entities
Online Activity·     Our affiliates and subsidiaries
·     Vendors who provide services on our behalf
·     Advertising services
·     Advertising networks
·     Social networks
Geolocation Data·       Internet service providers
Employment Information·       Our affiliates and subsidiaries
·       Vendors who provide services on our behalf
·       Professional services organizations, such as auditors and law firms
·       Business partners
·       Operating systems and platforms
·       Government entities
·       Data brokers
Education Information·       Our affiliates and subsidiaries
·       Vendors who provide services on our behalf
·       Operating systems and platforms
·       Data brokers
Inferences·     Advertising services
·     Advertising networks
·     Social networks

In addition to the categories of third parties identified above, during the 12-month period prior to the Effective Date of this Statement, we may have disclosed personal information about you to government entities (e.g., in response to law enforcement requests) and third parties in connection with corporate transactions (e.g., mergers, acquisitions, joint venture, reorganization, divestitures, dissolution or liquidation).

California Consumer Privacy Rights

You have certain choices regarding your personal information, as described below.

Access: You have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold or shared about you.

Correction: You have the right to request that we correct the personal information we maintain about you, if that information is inaccurate.

Deletion: You have the right to request that we delete certain personal information we have collected from you.

Opt-Out of Sale or Sharing: You have the right to opt-out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising purposes.

How to Submit a Request

To submit an access, correction, or deletion request, please contact us at [email protected] or call us at 1-888-702-5446. To opt-out of the sale or sharing of your personal information, follow the instructions provided in this link Do Not Sell or Share My Personal Information. To submit a request as an authorized agent on behalf of a consumer, please contact [email protected].

Verifying Requests

To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you request access to or correction or deletion of your personal information, we may require you to provide information to help us identify you and verify your identity, depending on the nature of your relationship with A-LIGN, including name, address, phone number or other information to verify your identity. In addition, we require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.

If you designate an authorized agent to make a request on your behalf, we require that you verify your identity as set forth above. We also may require you to provide the authorized agent a written confirmation that you have authorized the agent to act on your behalf and the scope of such authorization.

Additional Information

If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by us.  To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.  For questions or concerns about our privacy policies and practices, please contact us as described in the “Contact Information” section of our Privacy Policy.