We provide registered users access to various applications managed by us. These applications include Document Scanning Apps, Invoice Processing Workflow, Document Management System, Payslip Portal, Time Sheet Processing Software, etc  

    • Use​ ​of​ ​personal​ data
    • Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients to only share personal data with us where it is strictly needed for those purposes.
    • The categories of personal data stored on our application provided to our clients are generally:
    • Personal details (e.g. name, age/date of birth, gender, marital status, country of residence);
    • Contact details (e.g. email address, contact number, postal address);
    • Financial details (e.g. salary and other income and investments, benefits, tax status); and
    • Job details (e.g. role, grade, experience and performance information).

    Security, quality and risk management activities
    We have security measures in place to protect our and our clients’ information (including personal data). Some of the measures we taken to ensure our clients data is protected are mentioned below:

    • The Network and Data Structure are ISO 27001 Certified
    • All the data is stored within UK having following minimum standards:
      • SSAE 16 SOC 1 Type 2 and SOC 2 Type 2 Attestation
      • PCI Data Compliant
      • ISO 27001 Compliant
      • HIPAA and HITECH Compliant
      • Virtual Private Network through private IP address ranges
      • 256 bit AES Encryption
      • Deployment of Anti Malware
      • Multi Factor Authentication
      • Intrusion detection/Distributed Denial of Service (DDoS) Defense
      • Regular Penetration Testing
      • Network Isolation
      • Virtual Networking
      • All the data is stored within UK having following minimum standards:
    • Automated Scans to identify harmful emails
    • Firewalls and other applicable security standards to detect, investigate and eliminate data threats
    • Policies and Procedures to monitor usage of data

    Further, we have procedures in place to monitor the quality of our applications and manage risks in relation to our client engagements. We collect and hold personal data as part of our client engagement and acceptance procedures.

    • Data Retention

    We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Personal data will be retained for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a contact, which is for the duration of our relationship with a contact or their organisation) and then deleted in line with our deletion and retention policies.
    Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights.

    • When and how we share personal data and locations of processing

    Further details about the processors (such as IT service providers) used by Corient and locations of processing are provided here. We may use other organisations to help us deliver our services as agreed with our client on an engagement-specific basis.