- For Audit Firms
- For Businesses
- For Audit Firms
- For Businesses
Privacy Policy
Global Audit Solutions (“GAS”, “us’ or “we”) is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights in relation to personal data. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
GAS processes personal data for numerous purposes. Our policy is to be transparent about why and how we process personal data.
Legal Basis for Processing Your Personal Data
In order to process your personal information, we rely on various legal grounds as required by your local laws. The following processing conditions serve as our basis:
- Legitimate Interests: We process your personal data to effectively provide you with information and services, as well as to lawfully operate our businesses. Additionally, we consider the legitimate interests of our clients who rely on our professional services for their organization’s operations, as long as these interests do not interfere with your rights. Furthermore, we have a legitimate interest in improving our businesses, services, and offerings, including the development of new GAS technologies (provided they do not compromise your rights).
- Legal Obligations: We may process your personal information to fulfill our legal obligations under specific laws, regulations, or professional bodies that govern our services. For certain services, we are legally obligated to provide them in a particular manner.
- Contractual Performance: When we have a contractual arrangement with you, we process your personal data to fulfill our obligations under that agreement.
- Consent: In cases where no other processing condition is available, we will process your personal information if you have explicitly agreed to it for the relevant purpose.
Security
We have implemented industry-standard technology and operational security measures to safeguard personal information from loss, misuse, alteration, or destruction. Access to personal information is limited to authorized individuals who have agreed to maintain its confidentiality.
While we employ appropriate security measures upon receiving your personal data, please note that the transmission of data over the internet, including via email, is never completely secure. While we strive to protect personal data, we cannot guarantee the absolute security of data transmitted to or by us.
Transfers of personal data
If we process your personal information, it may be transferred to and stored in countries outside of your country of residence, including those outside the European Economic Area (EEA) and countries without specific laws protecting personal information.
When collecting your personal information within the EEA, any transfer outside the EEA will only occur under the following circumstances:
Where we collect your personal information within the EEA, transfer outside the EEA will be only:
- Adequate Protection: We will transfer your personal data to a recipient in a country that provides an adequate level of protection for personal information.
- EU-Approved Agreements: Transfers may take place under an agreement that meets the requirements set by the European Union for the transfer of personal data to data processors or data controllers outside the EEA, such as the use of standard contractual clauses approved by the European Commission.
We may disclose or transfer the personal data we collect to third-party contractors, subcontractors, subsidiaries, and affiliates. These third parties support the GAS in providing services and assist in managing our IT systems. Examples of such third-party contractors include identity management providers, website hosting and management services, data analysis firms, data backup and security service providers, and cloud storage services. Our IT infrastructure’s servers are located in secure data centers worldwide, and personal data may be stored in any of these locations.
Our policy is to engage only with third-party providers that are committed to maintaining appropriate levels of security and confidentiality. These providers process personal information solely as instructed by GAS and are bound by the same obligations regarding security and data protection when using subcontractors.
Under the following circumstances, we may also disclose personal information:
- Professional Advisers: We may share personal data with professional advisers, such as law firms, when necessary to establish, exercise, or defend our legal rights or to seek advice related to our business operations.
- Explicit Request: Personal information may be disclosed when explicitly requested by you.
- Publication or Reference Materials: If you request publications or reference materials, we may disclose personal information to deliver them to you.
- Conferences or Events: Personal information may be disclosed to facilitate conferences or events hosted by third parties.
- Legal and Regulatory Obligations: We may disclose personal information to law enforcement agencies, regulatory bodies, government agencies, and professional organizations as required by applicable laws, regulations, or when necessary to comply with legal obligations. GAS may also review and utilize personal information to determine if disclosure is required or permitted.
Your Rights Regarding Personal Data
Under your local law, you may have certain rights regarding the personal information we hold about you. These rights include:
- Confirmation and Access: You have the right to obtain confirmation of whether we process personal data about you, receive a copy of your personal data, and obtain additional information about how and why we process your personal data.
- Rectification and Completion: If your personal data is inaccurate or incomplete, you have the right to request its amendment or rectification. We will ensure that any incomplete personal data is completed.
- Deletion: You have the right to request the deletion of your personal data in specific cases, such as when the data is no longer necessary for the purposes it was collected and processed, when you withdraw consent (and there is no other legal basis for processing), when you object to processing for direct marketing purposes, when your personal data has been unlawfully processed, or when we have a legal obligation to erase your personal data.
- Restriction of Processing: You have the right to request the restriction of processing in certain cases, such as when you contest the accuracy of your personal data, when your personal data has been unlawfully processed but you prefer restriction instead of deletion, when your personal data is no longer necessary but you require it for legal claims, or when you have objected to processing based on our legitimate interests, pending verification of whether our legitimate grounds override your interests.
- Objection to Processing: You have the right to object to the processing of your personal data when it is based on our legitimate interests or when the processing is for direct marketing purposes.
- Data Portability: If our lawful basis for processing your personal data is consent or the necessity for the performance of a contract, and the processing is carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format. You may also have the right to request that we transmit this data to another organization, where technically feasible.
- Withdrawal of Consent: If we process personal data based on your consent, you have the right to withdraw your consent at any time. However, please note that we generally rely on legal bases other than consent for processing personal data.
- Complaints: If you believe that the processing of your personal data violates the law, you may have the right to lodge a complaint with the data protection regulatory authority responsible for enforcing data protection laws in your country of residence or work, or where the alleged infringement occurred.