Security Policy

We take security seriously.

Broniec Associates is a global services company that provides a comprehensive payables auditing service to companies of varying size across all industries.  We take the security of client data, employee and applicant information and personal information collected through our web site, very seriously and have implemented policies and procedures, as well as a combination of hardware and software, to ensure this data and personal information is kept secure and protected while in our possession.  We have taken steps to ensure the integrity of our internal computers and network and have confirmed the validity of our processes by submitting to and receiving a certificate for an AICPA SOC 2 Type 1 Report.

EU-U.S. Privacy Shield Framework

Broniec Associates complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  Broniec Associates has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.

In compliance with the Privacy Shield Principles, Broniec Associates commits to resolve complaints about our collection or use of personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Broniec Associates at:

Scott Levine
Chief Information Security Officer, Broniec Associates


Bob Sheppard,
CTO, Broniec Associates

Individuals have the right to access their personal information and to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, by contacting us using the Contact link on this web site, by contacting the individuals listed above, or by sending their request to

We will not sell, share, or rent personal information transferred from the European Union and Switzerland to the United States to any third party. If we change this policy in the future, we will alert affected individuals and provide them with an opt-out or opt-in choice before we share their data with third parties, or before we use it for a purpose other than which it was originally collected or subsequently authorized.

Broniec Associates has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. Under certain conditions, more fully described on the Privacy Shield website, individuals may invoke binding arbitration when other dispute resolution procedures have been exhausted.

In the context of an onward transfer, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf.  The Privacy Shield organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit

Broniec Associates is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Client Data

In the course of providing a comprehensive payables audit, Broniec Associates collects electronic downloads from our clients. Obtaining this data is important to our ability to deliver the highest level of service to our clients, and we recognize that our clients expect us to treat this information appropriately.

The data we collect from our clients comes primarily from a download of accounts payable and purchasing transactions provided by our clients’ IT Departments.  In addition, depending on the services required, Broniec Associates may obtain additional data from third party sources such as freight payment or procurement card providers.

Clients should not upload, transfer or otherwise provide any private data to Broniec Associates. Private data includes any non-public, personally identifiable information (PII) of or about an individual person, including, without limitation, personal financial information, residence addresses, phone numbers and protected health information (as defined under HIPPA). If we do receive private data from a client, unless otherwise agreed upon by Broniec Associates and the client, we will delete this information upon receipt and will not be responsible for any actions or inactions arising out of our receipt of the private data.

Our Use of Client Data

Broniec Associates may use the data our clients provide to us to:

  • Administer, facilitate and manage the client’s relationship with Broniec Associates.
  • Contact the client’s vendors by post, telephone, electronic mail, facsimile, etc., with inquiries about the client’s account(s);
  • Provide the client with information (such as value-added reports), recommendations, or advice concerning services offered by Broniec Associates; and
  • Facilitate our internal business operations, including assessing and managing results.

If our client’s relationship with Broniec Associates ends, Broniec Associates will continue to treat the client’s data, to the extent we retain it, as described in this policy

Disclosures of Client Data within Broniec Associates

In order to provide efficient and reliable services and to improve product and service options available to our clients, authorized Broniec Associates employees in more than one department within Broniec Associates may be given, or given access to, data the client provides.

Disclosures of Client Data to Third Parties

Broniec Associates does not disclose our clients’ data to third parties, except as described in this policy. Third party disclosures are limited to sharing the client’s data with third-party service providers that provide professional, technical, legal or accounting advice to Broniec Associates.  Our third-party service providers are required to maintain the confidentiality of the client’s data to the extent they receive it and to use the client’s data only in the course of providing the services and only for the purposes that Broniec Associates dictates.

We may also disclose our clients’ data:

  • Pursuant to the client’s express consent;
  • With a buyer or other successor in the event of a merger, divesture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Broniec Associates’ assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which information held by Broniec Associates about our clients in among the assets transferred; and
  • To third parties when responding to a subpoena or similar legal process, to otherwise cooperate with law enforcement or regulatory authorities, to protect our rights or property or enforce any agreement between the client and Broniec Associates.

Our clients should know that Broniec Associates will not sell their data.

Information Security: How We Protect Client Privacy

Broniec Associates is committed to protecting the privacy and confidentiality of our clients’ data. We limit access to client data to authorized Broniec Associates employees .  We also maintain physical, electronic and procedural safeguards to protect our clients’ data against loss, misuse, damage or modification and unauthorized access or disclosure.

Other Privacy Policies or Statements

This policy provides a general statement of the ways in which Broniec Associates protects client data. Clients may, however, in connection with specific products or services offered by Broniec Associates, be provided with privacy policies or statements that supplement this policy. In the event of any conflict between this policy and any supplemental privacy policies or statements, the supplemental policy will prevail.

Personal Information Collected through Our Website

Individuals may provide us with PII on our web site,, when requesting information on Broniec Associates’ services, or requesting consideration for employment.  This information will be used to provide the individual the requested information and for subsequent follow-ups.

Additionally, “Clickstream”, cookies or similar data (e.g. information regarding the frequency of individuals’ access to private Broniec sites) may be automatically collected and shared internally within Broniec Associates in order to assess the usage, value and performance of our online products and services.

Employee and Applicant Information

We may collect PII, including Social Security numbers, from individuals that apply or interview for employment, and from employees.  The only Sensitive Personal Information we collect from employees is related to race, and this is collected solely to comply with US EEOC reporting requirements.  PII is kept private and secure, and Broniec Associates does not disclose this information to outside parties (other than as required by law, such as EEOC reporting) without the individual’s permission (in writing) unless directed to do so by legal order.

With regards to employees, PII is processed only as required to provide services and benefits as part of the employee’s employment with Broniec Associates.  At any time, an employee may request that their PII not be processed by submitting their request in writing to our Human Resources Department.  However, such a request may mean that certain benefits of employment are not available to the employee.

Employees are welcome to review their own personnel file in Broniec Associates’ offices in the presence of a member of the Human Resources Department or the Branch Manager.  Requests for changes to any information contained in the employee’s personnel file should be submitted in writing to the Human Resources Department.

Applicants for employment that were not hired can request that their information be removed from our systems by submitting their request to

Links to Other Websites

We are not responsible for any practices employed by websites linked from our website, nor their information or content. When an individual uses a link to go from our website to another website, this policy is no longer in effect and the individual’s browsing and interactions are subject to that website’s own rules and policies.


If you have any questions, requests, or concerns about any personal information you have provided to our clients, you should first contact the client directly.  If you need assistance with this process, you may contact Broniec Associates at

Changes to this Policy

This policy may be changed from time to time to reflect changes in our practices concerning the collection and use of client data. This version of the Policy is effective December 18, 2019.

If you require further information regarding our privacy policies and practices, please contact:

Scott Levine
Chief Information Security Officer, Broniec Associates


Bob Sheppard
CTO, Broniec Associates

Schedule Your Contingency-Based Audit Today

Get Started