How AIAC collects, processes and safeguards information across its accreditation and registry operations.
AIAC collects information necessary to assess accreditation candidates, operate the public registry and respond to enquiries. This includes identification data, corporate documentation, beneficial ownership records and correspondence.
Processing is based on the legitimate institutional interest of operating an independent accreditation authority, the contractual basis of accreditation engagements, and applicable legal and regulatory obligations.
Information is used to evaluate eligibility, perform AML / CTF due diligence, issue and maintain certificates, publish registry entries within defined disclosure parameters and communicate with stakeholders.
AIAC shares information only with accredited assessors, supervisory partners, and competent authorities where required by law. AIAC does not sell personal data.
Records are retained for the duration of the accreditation relationship and for a defined period thereafter to satisfy supervisory and audit obligations.
Technical and organizational safeguards are applied to protect the confidentiality, integrity and availability of information held by AIAC.
Depending on jurisdiction, individuals may have rights of access, correction, restriction or objection. Requests may be addressed to info@aiacauthority.org.