Continuum GRC Privacy Policy

Updated August 10, 2025

As outlined in Continuum GRC's Global Code of Conduct: "We respect the confidentiality and privacy of our clients, our people, and others with whom we do business."

Overview

Continuum GRC is committed to protecting the privacy of individuals and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Privacy Rights Act (CPRA), and other relevant regulations. This Privacy Policy outlines how Continuum GRC and its affiliates (collectively, “Continuum GRC,” “we,” “us,” or “our”) collect, use, store, and disclose personal information when you interact with our website (https://www.auditmachine.com/), mobile applications (e.g., Continuum GRC ITAM App), or other services (collectively, “Services”).

“Personal information” refers to any non-public information that identifies, relates to, describes, or can reasonably be linked to an individual. By using our Services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you choose not to provide the requested personal information, your ability to use our Services may be limited or impaired.

This policy applies to all personal information processed by Continuum GRC, including data transferred from the European Union (EU), European Economic Area (EEA), or within the United States, in compliance with GDPR and CPRA principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. Certain personal information may also be subject to more specific privacy policies, consistent with applicable laws and professional standards.

Data Controller

The data controller for personal information collected through our Services is the Continuum GRC entity in your country or the entity to which you submit your data. Personal information may be shared with other Continuum GRC member firms within our global network to fulfill the purpose for which it was provided. By submitting data through our Services, you explicitly consent to the cross-border transfer of your data as necessary to meet your requests.

Data Collection

We collect only the personal information you voluntarily provide through our Services. This may include:

• Identifying Information: Name, job title, company address, email address, phone number, fax number, IP address, and analytical data related to website usage.
• Purpose of Collection: We collect this information to:
  • Register users for specific areas of our Services.
  • Facilitate the use of our proprietary applications.
  • Respond to inquiries or distribute requested materials.
  • Process job applications or resumes.
  • Analyze and improve user experience through site analytics.
• Optional Information: Demographic details (e.g., gender, occupation) are not actively sought but may be provided during job applications or surveys. Non-mandatory information requests will be clearly indicated at the point of collection.
• Transactional Data: When purchasing publications or services, we may collect order details and payment information (e.g., credit card details) to process transactions and facilitate delivery.
• User Communications: Emails or messages sent through our Services will include your screen name, email address, and any additional information you provide.
• Sensitive Information: Continuum GRC does not seek sensitive information (e.g., race, political opinions, religious beliefs, health, or criminal records) unless required for legal or recruitment purposes. If you provide such information, you explicitly consent to its use as described in this policy or at the point of disclosure.

Use of Data

Personal information is used solely for the purposes for which it was collected, including:

• Processing orders for publications or services.
• Managing job applications or resumes.
• Administering mailing lists, surveys, quizzes, or event registrations.
• Responding to inquiries or facilitating participation in forums or discussions.
• Delivering premium online services or event-related content.

Data is not shared with third parties for unrelated purposes or without your consent, except as described below. If excessive or irrelevant data collection is suspected, please contact us at legal@continuumgrc.com.

Marketing and Communications

We may use your personal information for marketing purposes (e.g., newsletters or promotional materials) only if you explicitly opt in, such as through our “join our mailing list” initiative. You may unsubscribe from marketing communications at any time by following the instructions provided in the communication or contacting webmaster@continuumgrc.com.

Cookies and Analytics

We use cookies and similar technologies to enhance your experience on our Services. Cookies are small text files stored on your device to save preferences, streamline navigation, or track usage. For example, cookies may store registration details to avoid repeated logins.

• Cookie Management: Most browsers allow you to decline cookies. Refusing cookies may limit some functionality but will not prevent general navigation of our Services. You may delete cookies from your device after your visit.
• Analytics: We collect anonymized data (e.g., IP addresses, browser types, or domains) for statistical analysis to improve our Services. This data is shared with third-party analytics providers solely for reporting purposes and is not linked to identifiable individuals.

Third-Party Disclosures

Personal information is disclosed to third parties only under the following circumstances:

• As required by law (e.g., subpoenas, court orders).
• With your explicit consent.
• To fulfill requests for publications, subscriptions, or event services.
• To maintain the technical health and functionality of our Services.

For example, when ordering publications listed on third-party platforms (e.g., Amazon.com), only the selected publication’s details are shared. You will need to register separately on the third-party platform, and we encourage you to review their privacy policies.

Continuum GRC does not sell or share personal information for consumer marketing purposes or host third-party mailings unless explicitly authorized.

Third-Party Links

Our Services may link to external websites not operated by Continuum GRC. These sites are subject to their own privacy policies, which you should review before providing personal information. Continuum GRC is not responsible for the privacy practices of linked websites.

Data Retention

We retain personal information only as long as necessary to fulfill the purpose for which it was collected or to comply with legal obligations. For example:

• Mailing addresses for white papers are typically not retained.
• Contact information for registrations is kept until the request is fully serviced or you request deletion.
• Resumes are retained only until they are no longer under consideration or deemed outdated by our Human Resources team.

You may request the deletion of your personal information by contacting webmaster@continuumgrc.com.

Your Choices

Registration is not required to access most areas of our Services. However, certain premium features or secure transactions may require a user ID and password. You may voluntarily provide personal information and can opt out of mailing lists or other registrations by following the provided instructions or contacting us.

Under GDPR, CPRA, and other applicable laws, you have the right to:

• Access your personal information.
• Correct inaccuracies in your data.
• Request deletion of your data.
• Opt out of data sharing or marketing communications.

To exercise these rights, update your information through the registration process or contact webmaster@continuumgrc.com.

Security

We implement industry-standard security measures, including Secure Socket Layer (SSL) technology, to protect personal information from loss, misuse, or unauthorized access. Only authorized Continuum GRC personnel with confidentiality agreements may access personal information. While we strive to protect your data, no system is entirely secure, and we encourage you to safeguard your account credentials.

Children’s Privacy

Our Services are not directed at children under 16 years of age. We do not knowingly collect or maintain information from individuals under 16. If we become aware of such data, we will promptly delete it.

Policy Updates

Continuum GRC may update this Privacy Policy at any time. Changes will be effective upon posting, with the updated date displayed at the top of this policy. We will notify users of significant changes by prominently displaying a notice on our homepage (https://www.auditmachine.com/) for at least two weeks.

Contact Us

For questions, concerns, or to exercise your data protection rights, please contact:

• Email: legal@continuumgrc.com or webmaster@continuumgrc.com
• Website: https://www.auditmachine.com/

We are committed to addressing your inquiries and ensuring compliance with applicable privacy laws.