See the steps we ensure your privacy and protection with Ideanote
Customer may audit Ideanote’s compliance with its obligations under this Addendum up to once per year and on such other occasions as may be required by European Data Protection Legislation, including where mandated by Customer’s Supervisory Authority. Ideanote will contribute to such audits by providing Customer or Customer’s Supervisory Authority with the information and assistance reasonably necessary to conduct the audit.
If a third party is to conduct the audit, Ideanote may object to the auditor if the auditor is, in Ideanote’s reasonable opinion, not independent, a competitor of Ideanote, or otherwise manifestly unsuitable. Such objection by Ideanote will require Customer to appoint another auditor or conduct the audit itself.
To request an audit, Customer must submit a detailed proposed audit plan to Ideanote at least eight (8) weeks in advance of the proposed audit date and any third party auditor must sign a customary non-disclosure agreement mutually acceptable to the parties (such acceptance not to be unreasonably withheld) providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. Ideanote will review the proposed audit plan and provide Customer with any concerns or questions (for example, any request for information that could compromise Ideanote security, privacy, employment or other relevant policies). Ideanote will work cooperatively with Customer to agree on a final audit plan. Nothing in this Policy shall require Ideanote to breach any duties of confidentiality.
If the controls or measures to be assessed in the requested audit are addressed in an SOC, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Customer’s audit request and Ideanote has confirmed there are no known material changes in the controls audited. Customer agrees to accept such report in lieu of requesting an audit of such controls or measures.
The audit must be conducted during regular business hours, subject to the agreed final audit plan and Ideanote’s safety, security or other relevant policies, and may not unreasonably interfere with Ideanote business activities.
Customer will promptly notify Ideanote of any non-compliance discovered during the course of an audit and provide Ideanote any audit reports generated in connection with any audit under this Section 5.4, unless prohibited by European Data Protection Legislation or otherwise instructed by a Supervisory Authority. Customer may use the audit reports only for the purposes of meeting Customer’s regulatory audit requirements and/or confirming compliance with the requirements of this Addendum.
Any audits are at Customer’s expense. Customer shall reimburse Ideanote for any time expended by Ideanote or its Third Party Subprocessors in connection with any audits or inspections at Ideanote’s then-current professional services rates, which shall be made available to Customer upon request. Customer will be responsible for any fees charged by any auditor appointed by Customer to execute any such audit. Nothing in this Addendum shall be construed to require Ideanote to furnish more information about its Third Party Subprocessors in a connection with such audits than such Third Party Subprocessors make generally available to their customers.