
This privacy notice (the “Privacy Notice or “Notice””) describes how we collect, store, use, and share your personal information and explains your rights in relation to your information. In this Privacy Notice, when we say “you” and “your” we mean a visitor to our website, a person who we have identified as a potential client / who has contacted us about our products and services (Prospects), or if you are a registered contact for one of our clients (Client Representatives). Note the use of personal information as part of delivering our services is subject to our clients’ privacy notices.
This Privacy Notice has been written in alignment with the requirements of the General Data Protection Regulation (GDPR), the UK GDPR, Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), South Africa’s Protection of Personal Information Act (POPIA), Canada’s Personal Information protection and Electronic Documents Act (PIPEDA) and India’s Digital Personal Data Protection Act (DPDPA).
When we say ‘we’, ‘us’ or ‘our’ in this Privacy Notice we are referring to VikingCloud Audit & Certification, LLC (“VAC”), a Delaware limited liability company (registered number 6678455) whose registered office is at 111 North Wabash Ave., Suite 100 #3290, Chicago, IL 60602.
We collect information from you in a variety of ways, such as when you:
We may also receive leads from other suppliers. When we acquire information from these sources, we will notify you on the source.
Your employer may also share your details with us if they have nominated you to manage the services we provide to them (i.e., you’re a Client Representative / named as a contact in our contracts).
The information we collect is:
Worldwide, a number of data protection and privacy laws require organizations to process personal information only where we have a 'lawful basis' (a legal justification for the collection, storage and further use of personal information, as outlined in your local law). In the table below, you can see more details on legal bases under the GDPR, which is aligned to LGPD and POPIA.
Where we process your personal information based on consent under the GDPR (or similar laws such as LGPD or POPIA), the requirements for consent means consent can only be used in specific circumstances (where people have free choice, and their information can be deleted at any time).
Where we are using non-GDPR standard consent, such as within Canada and India, we imply your consent by providing you with this Privacy Notice at the point of collecting your personal information. However, please note that if you withdraw your consent, we may not delete your information if we have a good reason for keeping it.
| Reason for using your personal information: | Legal ground: |
|---|---|
Website Monitoring If you provide your consent via our cookie tool, we will set and access cookies and UTMs (a type of tracking technology) when you visit our website. See our Cookie Notice for more information. Call recording for Conversation Intelligence Where you have provided your consent, we record sales calls and use artificial intelligence (AI) tools to transcribe and analyze the conversation. We use this analysis to monitor, evaluate and improve the quality, consistency and effectiveness of our sales communications and customer engagement. The AI system processes the audio recording to:
The sentiment analysis is intended to help us understand how our communications are received and to improve service delivery. The call recording, transcript, and AI-generated insights are stored within our Customer Relationship Management (CRM) systems and linked to your business contact profile, together with other professional contact details and interaction history that we hold about you (see “What kinds of information do we collect about you?” for further information). Your call data and associated AI outputs are not used to train, retrain, or improve the underlying AI models | Consent Under EU laws, we can only use non-essential cookies (such as analytics cookies) if we receive your consent. We rely on your consent to record sales calls and to use artificial intelligence (AI) tools to transcribe and analyze the conversation. At the start of the call, you will be asked to confirm whether you agree to the recording and AI-based analysis. If you do not provide consent, the call will not be recorded. You may withdraw your consent at any time during the call or, post call, by contacting us using the details set out in the “Contact” section. |
Legal Duties We may disclose or share your personal information to comply with a legal obligation, such as a court order. Where we do so we’ll only provide the minimum information needed to comply. | Necessary for compliance with a legal obligation Your personal information may be processed to meet any legal obligations we are subject to. |
Protecting Life We may disclose your information to the police or other authorities if we have serious concerns about you or another’s wellbeing. | Necessary to protect vital interests This will usually only apply to protect someone’s life. |
We also use your information when we have a ‘legitimate interest’ and this does not unfairly impact you or your privacy rights. Each activity is assessed, and your rights and freedoms are considered to make sure that we are not being intrusive or doing anything beyond your reasonable expectations.
We will assess the information we need, so we only use the minimum amount. If you want further information about processing under legitimate interests, you can contact us using the details in the Contact section of this Privacy Notice.
You also have the right to object to any use of your information where we use ‘legitimate interests’ as a lawful basis. We will reassess our interests and yours, considering your individual circumstances. If we have a very strong reason for the use of your information, we may continue to use your information.
We use ‘legitimate interests’ in the following circumstances:
| Reason for using your personal information: | Legitimate interest(s): |
|---|---|
Sales & Marketing Events Where we acquire your information from events and conferences, our salespeople will contact you about our products and services and we will add you to our email marketing list. | We need to promote our products and services to run a successful business. |
Analysis and management reporting We analyze and report on our sales activities. Where we do so, we do this to produce aggregated reports - i.e., facts and figures, which no longer contain personal information. Key KPIs which are analyzed relate to matters such as the success of our sales activities. We also analyze who attended our webinars and attendance times to assess and improve such activities. | We need to analyze and assess our performance to optimize our resources. |
Relationship Management Client Representative If you are a Client Representative, we will use your contact details to keep in touch about the services. This will mainly be data your employer is responsible for, but if it’s not a core part of the agreement, then we’re responsible for this use of your data. ZoomInfo We use ZoomInfo to ensure our CRM records remain accurate (we share your name, role, and employer as well as business contact details). | We need to keep in touch with our clients to ensure you are happy and our products and services are fulfilling your business needs (i.e., for retention purposes). |
Technical security and support Logs are automatically reviewed to produce alerts for manual review, with alerts being generated if there are indications of errors, problems with our technology, or security concerns. Logs often include usernames, emails, activities, and the dates and times of these. | We need to ensure the security of our systems and our information, as well as make sure our technology is working effectively / as intended. |
At present, we do NOT respond to Do Not Track signals your browser sends. But you can use our cookie tool to let us know your preferences.
We do not collect information relating to minors. Therefore. we do not sell or share the personal information of consumers under 16 years of age.
We share your personal information with other organizations. The organizations we share personal information with are as follows;
The information that we process about you will be stored in the United States. It may also be stored or accessed by authorized individuals who operate in a variety of countries, or who work for us or for one of our suppliers.
If you are based in the EU, the UK or Switzerland, we need to have specific protections in place to transfer your information to another country. We also need to let you know which methods we use.
Please contact us if you would like more information on our SCCs.
If you are based in a country outside of the countries above, there may be local obligations we have to meet. See below for details of the additional controls which we will apply to protect your information:
Unless otherwise set out in this Privacy Notice, any information we process about you will be retained by us until we no longer need it for the purposes for which it was collected, as set out in this Privacy Notice. We will base that decision on criteria, including:
We will review and delete or destroy personal information on a regular basis. If we are unable, using reasonable endeavors, to delete or destroy personal information, we will ensure that the personal information is encrypted or protected by security measures so that it is not readily available or accessible by us.
Automated decisions are decisions made by a computer or AI system without a human being directly involved. Profiling is the use of information about you to analyze or predict certain aspects, such as your likely reactions, preferences, or behavior.
When you provide your consent to call recording and AI analysis during sales calls, the AI system performs profiling by analyzing your tone of voice and the words you use to generate a sentiment assessment. This assessment categorizes interactions as positive, neutral, or negative, helping our team understand how the conversation is perceived.
The insights generated by AI are not used to make automated decisions that have legal or significant effects on you. They are solely used to assist our colleagues in monitoring calls, identifying potential issues, and improving the quality of our sales and service interactions. A human colleague reviews the AI insights and decides how to act on them.
We align to the International Standard for Information Security (ISO27001) as well as that relating to Privacy (ISO27701). This involves setting up a system to manage risks around both information security and data protection / privacy, as well as putting in place measures and objectives to keep improving.
An example of a measure we take is to enforce TLS1.2 (when transferring information externally / to our suppliers). TLS1.2 is a network protocol for encrypting information in transit.
Access to your information is only provided to our people who have a need to know. We implement role-based access control so only those with a relevant role are given permission. We audit access on a regular basis.
There are several rights available under global data protection and privacy laws. These do not usually require any fee, and we must respond within one (1) calendar month in most circumstances.
Not all rights apply in all situations, and some regions have different timeframes. If you require further details of timeframes and what applies in your jurisdiction, please contact our Global Data Protection Manager using the Contact details below.
The easiest way to exercise any of your rights is to enquire if a right is applicable in a specific circumstance or to check what timescales apply would be to contact our Data Protection Team as set out below.
If we need further information to comply with your request, including any identification, we will let you know. However, wherever possible, we will seek to identify you by way of information we already have; for example, if you contact us via the email address that you have registered with us, we will not normally need anything further (except if the data or the nature of the request is sensitive).
You have the right to ask for access to and receive copies of your personal information. You can also ask us to provide a range of information relating to how we collect/use your information.
If you believe the personal information we hold about you is inaccurate or incomplete, you can ask us to correct that information.
In some circumstances, you have the right to ask us to delete and/or anonymize personal information we hold about you.
In some circumstances, you are entitled to ask us to restrict the processing of your personal information. This means we will stop using your personal information, but we will not delete it. Or you could ask us not to delete your information.
You have the right to ask us to provide your personal information in a format that allows you to share your personal information with another provider.
You are entitled to object to us processing your personal information if the processing is based on legitimate interests. You also always have the right to object to our use of your information for marketing purposes.
If you exercise your privacy rights, we will never discriminate against you for making a request. Under the CCPA, we are legally obliged to not discriminate in response to requests.
This Privacy Notice was last updated on 5 June 2026.
Any changes we may make to the Privacy Notice will be posted on this page and, where appropriate, notified by email. Please check back frequently to see any updates or changes.
Our Data Protection Team can be contacted using the following email address: dataprotectionprivacy@vikingcloudcertification.com or alternatively by writing to us on the 1st Floor Block 71A, The Plaza, Park West Business Park, Dublin 12, Ireland.
Questions, comments, and requests regarding the Privacy Notice are welcomed and should be sent to dataprotectionprivacy@vikingcloudcertification.com .
If you have any concerns about the ways in which we process your personal information, we encourage you to contact us. In many countries you also have a right to complain to the relevant supervisory authority. However, most regulators require that you contact us first so that we can address your concerns.
Please see below for details of the relevant regulators: