1. Data Controller
Auditra is a division of Ransen Group LLC, domiciled in Florida, United States, powered by Involve LLC. For the purposes of this policy, Auditra acts as data processor on behalf of the organizations that contract its services, who act as data controllers.
2. Data Collected
- Contact and corporate data: name, email address, phone number, position, company name and business activity of those who request information or contract services.
- Platform operational data: the nature of the service involves the processing of identity data, financial documentation, transactional information, third-party and employee background records, and reports received through the ethics channel. In all cases, such data is processed on behalf of and under the instructions of the client organization.
- Identity verification data: the onboarding process uses specialized providers for document and biometric verification. Auditra does not store raw biometric data.
- Browsing data: IP address, browser type and browsing behavior on the site, in accordance with our Cookie Policy.
3. Purpose of Processing
Data is used exclusively for the provision of contracted services, compliance with legal and regulatory obligations, platform security and, with prior consent, commercial communications. Data processed within the platform is maintained strictly within each client organization's environment.
4. Legal Basis
Processing is based, as applicable, on contractual performance, compliance with legal obligations (including AML/CFT regulations), the legitimate interest of the controller and the data subject's consent.
5. Recipients
Auditra does not sell or trade personal data. Data may be accessed by: service providers bound by contractual confidentiality obligations, Ransen Group LLC for internal administrative purposes, competent authorities upon legal request, and the client organization in its capacity as data controller.
6. Retention
Data is retained for the duration of the contractual relationship and, thereafter, for the periods required by applicable regulations.
7. Security
Appropriate technical and organizational measures are implemented commensurate with the risk, including encryption in transit and at rest, role-based access control and periodic audits.
8. International Transfers
Data may be processed in the United States or in jurisdictions where service providers operate. In such cases, appropriate contractual safeguards are implemented.
9. Data Subject Rights
Depending on the applicable jurisdiction, data subjects may exercise rights of access, rectification, erasure, objection, restriction and portability by contacting privacy@auditra.com. California residents have the rights provided under the CCPA/CPRA. European Union residents have the rights provided under the GDPR, including the right to lodge a complaint with the competent supervisory authority.
10. Minors
The services are not directed at individuals under 18 years of age. Data from minors is not intentionally collected.
11. Amendments
This policy may be updated periodically. The current version will always be available on the website.
12. Contact
Auditra — a division of Ransen Group LLC powered by Involve LLC