We have entered into agreements with our clients to govern the provision and receipt of our services, including how we collect and process personal data on their behalf. We have no direct relationship with the individuals whose personal data we process under the direction of our clients (‘end users’) and our clients are responsible for ensuring that their end users are provided with appropriate information about the intended collection and use of their personal data.

Where we process your personal data, we will be acting as a data processor for our client. We will process that personal data in accordance with the terms of our agreement with that client and their lawful instructions as well as in accordance with the legal obligations placed upon us as a data processor.


This Privacy Policy pertains solely to the use of the Thinking Board® Website (the "Site") (www.thinkingboard.ipitsi.com). For the purpose of the Data Protection Act 1998 (the “DPA”), the data controller is the Independent Audit Limited (“we”, “us”) of 4 Bury Street, London, EC3A 5AW, United Kingdom. In this Privacy Policy, “personal data” means any information relating to an identified or identifiable individual, such as your name, address, telephone number and other biographical information. This Privacy Policy describes how we collect, use and share personal data that you provide when you use the Site in accordance and in compliance with relevant legislation, including the DPA and other relevant European privacy legislation.

In addition to this Privacy Policy, you also should review the Site Terms of Use. By accessing and using the Site, you accept, without limitation or qualification, the Privacy Policy and Terms of Use, and agree to be bound by them. If you do not accept and agree to the Privacy Policy and Terms of Use, refrain from accessing our Site.

With the Site constantly evolving, the Privacy Policy and Terms of Use may also change. Whenever there are changes, the modified Privacy Policy or Terms of Use will be posted on this Site and will be effective at that time. Each time they change, the version number displayed at the top of the page also will change. Consequently, each time you access or use the Site, you accept and agree to the most current Privacy Policy and set of Terms of Use. It is your responsibility to be aware of any such changes.


If you use the Site to login, participate in questionnaires, or otherwise submit personal data, you are consenting to the use of such data in accordance with this Privacy Policy.

Additionally, the Site may contain links to other websites, such as independentaudit.com, which are subject to their own privacy policies. As a user of links, it is your responsibility to understand those third parties’ privacy policies. Once you leave our Site using links, we have no control over information that is submitted to or collected by any third parties and are not responsible for other websites.

User access

Each company subscriber has a designated Company Administrator(s) who is responsible for managing the company’s users within Thinking Board®. The Company Administrator(s) has access to add authorised users by adding user email addresses into Thinking Board®. Once a user has been added, an email invitation will be sent to the user for account activation. The addition and deletion of authorised users within Thinking Board® is the sole responsibility of the Company Administrator(s).

Collection of personal data

In order to provide the services offered within the Site, we will collect and process personal data about users such as, but not limited to, first and last name, email address, and business information, including job title and role. In addition, we will store and process any other personal biographical information which users upload to the Site from time to time. Personal data is stored at an Amazon Web Services data centre located in Ireland.

In order to log in to the Site, users must provide their email address for authentication purposes. Once the Company Administrator has added a user to Thinking Board® as an authorised user, the user will receive an email with instructions to activate his or her account. Once the account has been activated, the user will have the opportunity to create and confirm an account password and update his or her personal details within my profile. Company Administrator(s) do not have access to user passwords.


By participating in reviews within Thinking Board®, please be advised that personal data within a user’s profile may be viewable by other individuals within the same company. This includes information such as, but not limited to, a user’s role, position, and questionnaire responses. Users’ questionnaire responses will not be tied to a user’s name or email address; however, it could be possible that the responses could be identifiable based on a user’s role or any other profiling field that has been set up in the system.

Collection of information through cookie use

The Site utilises “cookie” files for authentication and user verification purposes. Cookies are necessary for the Site to work properly. A cookie is an element of data that a website can send to your browser, which may then be stored on your hard drive. If you do not agree, then you can choose to not receive a cookie file by enabling your web browser to refuse cookies or to prompt you before you accept a cookie. However, features on the Site will not function if you do not allow cookies.

Use of personal data

We collect personal data in order to provide the Thinking Board® service, and to allow users to log in and view their profile information and to complete questionnaires. We also use collected personal data for research purposes, such as to analyse user trends and to measure demographic information, in order to improve our services to you. Additionally, we use collected personal data for benchmarking purposes, including global and industry benchmarking.

If you consent, we may use your email address to contact you by email to provide you with further information about us, our products/services and to promote our Site. This may involve disclosing your personal data to our other offices, or to our affiliates, agents or appointed representatives. If you have already given consent, you may opt out of receipt of such marketing communications from us at any time. For further information please see the “Choice and Opt-Out” section below.

Sharing and disclosure of personal data

In providing our services to you, your personal data may be processed outside of our offices or by our affiliates, agents or appointed representatives which may be located outside the European Economic Area (“EEA”). When we transfer personal data for processing, we will ensure that the personal data are transferred only subject to appropriate protections, as required by the DPA. Additionally, we will enter into an agreement with the office, agent or appointed representative that requires appropriate security measures to be maintained, and personal data to be processed only in accordance with our instructions. No personal data will be used other than for the purpose for which it was originally collected by us.

Please note that selected third parties may require access to your personal data where such third parties provide services to us, for example, website hosting services. In those circumstances those third parties shall be required to enter into an agreement with us that requires appropriate security measures to be maintained and requires the third party to process your personal data solely in accordance with our instructions.

We may also share your personal data in any of the following circumstances:

  • If required to do so by law, regulation or legal process (such as a court order or subpoena);
  • In response to requests by government agencies, such as law enforcement authorities;
  • For the purpose of or in connection with legal proceedings, or otherwise for the purpose of establishing, exercising or defending our legal rights;
  • If disclosure is necessary or appropriate to protect or defend our or a third party’s rights or property, or in connection with an investigation of actual or suspected illegal activity; or
  • If we sell, merge or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation), we may disclose your personal data to the prospective buyer or seller, but only where we have first taken reasonable steps to help ensure the security and confidentiality of your personal data.

Choice and opt-out

We will only use your personal data for direct marketing purposes if you have opted in to receive marketing communications about our products and services from us. If you wish to revoke your consent to the receipt of direct marketing at any time, click the unsubscribe link contained in each marketing email that we send to you, or contact us as described in the “Contact Information” section below.

Security and other

We strive to safeguard and secure the personal data we collect. We have implemented reasonable technical, physical and administrative measures designed to protect your personal data from unauthorised disclosure, use, alteration, destruction and access. Any transmission of personal information over the internet is, however, at your own risk. Technology, such as, but not limited to, Transport Layer Security (TLS), is used to enhance security and reduce risk of loss. Our security practices, processes or technology do not guarantee absolute security of your information and you should take all normal personal precautions such as, but not limited to, not sharing passwords, closing browsers, and not using public networks (e.g., internet cafes, etc.).

It is not possible for subscriber companies to access other company data as the system is based on company-specific logins and passwords.

We will retain your personal data only for so long as necessary to fulfil the purposes for which it was collected, to fulfil a valid business need, and to comply with applicable laws. When your personal data is no longer required, it will be securely destroyed in a manner that will ensure the information is no longer identifiable.

Your rights

You may access, update and correct inaccuracies in your personal data in our custody or control at any time, subject to exceptions prescribed by law. You may also have the right to object to our use of your personal data where it is likely to cause damage or distress. You may revise or delete your personal data by adjusting your account settings or by contacting us directly as provided in the “Contact Information” section below.

Contact information

Users of the Site are encouraged to contact us if they have any questions about our use of personal data, or to report any improvements, suggestions, and any suspected breach of privacy or website security to us. You may contact us using the telephone number, email address, or mailing address below:

Independent Audit Limited

4 Bury Street



United Kingdom

Telephone: +44 (0)20 7220 6580

Email: info@independentaudit.com