There is information provided to us anytime you visit our website or engage in other online activities, such as using our solutions. In most cases, this information is collected based on our legitimate interests in making sure our website or other online activities function properly or that we are providing the user experience to you that we wish to provide. If it is based on our legitimate interest, we have determined that our business interest in gathering this information does not have a significant impact on your rights. In other activities, we may rely on your consent. If so, you have the ability to refuse consent or change your mind. These options are discussed in more detail below. We have tried to be comprehensive, but if you have any questions, please do not hesitate to contact us. We keep this information for as long as we have a business relationship or potential relationship with you.

We process information you provide, such as your name, email address, company where you work, phone number, job function, job title, country, and any comments you provide. Given that we are a business-to-business (B2B) company, we do this in order to respond to your request for information or resources or, in our legitimate interest, to collect information in order to reach out to you for potential business interest. We may reach out to you with marketing communications using the information you submit in these online forms. You can easily opt out of future communications using the opt-out link provided in the emails sent to you. If you do opt-out, but then complete another form, you are essentially canceling your opt-out.

We use browser session and persistent cookies. Session cookies are temporary cookies that are erased from your device’s memory when you close your Internet browser or turn your computer off where persistent cookies are stored on your device until they expire, unless you delete them before that time. We group browser cookies on our site into three categories, which you can manage through our “Cookie Consent Manager” – and you can return to this Cookie Consent Manager at any time to change your preferences.n

• Required cookies: These cookies are necessary to enable the basic features of this site to function, such as allowing images to load or allowing you to select your cookie preferences.
• Functional cookies: These cookies allow us to analyze your use of the site to evaluate and improve our performance. They may also be used to provide a better customer experience on this site. For example, remembering your log-in details or providing us information about how our site is used.
• Advertising cookies: These cookies may be used to disclose data with advertisers so that the ads you see are more relevant to you, allow you to disclose certain pages with social networks, or allow you to post comments on our site.

• Some cookies may be placed by third party service providers who perform some of these functions for us.
• In addition, there are browser settings which you can set in your internet browser, such as Internet Explorer, Google Chrome, or Mozilla FireFox, which can also address cookies and trackers. Sometimes these settings contradict what you may choose on a website. For example, if you set your browser settings to refuse all non-essential cookies, then when you visit our page and make a cookie selection – that preference is stored as a cookie and per your browser settings, may override your selection. This means the site won’t remember your selection on your next visit and you may have to make a selection every visit. This may be frustrating and is not something we do deliberately. There are many efforts underway by companies, technology, lawmakers, and others to make this a better user experience for everyone – and we at TrustArc are active in trying to make this an easier process.
• The Global Privacy Control (GPC) is another technological tool that may be used to control your cookies and tracking preferences. To learn more about the GPC, please download and use a browser supporting the GPC browser signal clicking here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.
• To the extent these online tracking technologies are deemed to be a “sale” / “share” (which includes targeted advertising, as defined under the applicable laws) under applicable U.S. state laws, you can opt-out of these online tracking technologies by submitting a request via a form at this link: Do Not Sell or Share My Personal Information. For further information on the privacy rights of U.S. residents, please see our notice for U.S. residents page.

We automatically gather server log file information when you visit our websites. This includes IP address, browser type, referring and exit web pages, and your operating system. We do this based on our legitimate interest in making sure our website operates as intended or to identify what may need to be changed.

In order to administer our website and our technical solutions and to understand how our website visitors navigate through our websites and technical solutions, we monitor our website and solutions based on our legitimate interest to continuously improve the experience for our users. We may further analyze information we gather online to improve the online experience, resources, and tools we provide to our users. This is also based on our legitimate interest to provide appropriate materials or user experiences.

TrustArc is a business-to-business (B2B) company, meaning we sell our solutions to other businesses and do not typically engage with general consumers for profit. However, general consumers may engage with us either on behalf of our customers or through other activities, such as webinars. These activities are provided in more detail in this section. We keep this information as long as we have a potential or actual business relationship with you or if there is a legal obligation to keep the information. Where you consented to providing us the information, you may also revoke your consent. Where we do not collect identifying information, we may not be able to remove the information, because we will not know which information you provided.

We process personal information about you based on our legitimate business interests for the following purposes, to which you may exercise your rights to object as described above:

• To investigate complaints or concerns to ensure that such complaints or concerns are addressed appropriately;
• To send optional customer satisfaction surveys once your complaint has been resolved in order to improve our processes;
• To evaluate the characteristics and needs of our customers to improve our solutions; and
• To communicate with you about TrustArc events, industry or privacy-related news to engage with you as a member of the privacy community in which we participate.

If we engage in a general consumer survey, we process your survey responses. You may answer or not when it is presented to you. Withdrawing your consent will not be possible as we do not ask or collect identifying information and only use answers in large groupings, such as all “Yes” or “No” answers to a particular question. We would not be able to pull your answers out.

If you participate in our market or product / services research and surveys – whether delivered by us or a service provider on our behalf – we may process your email address, job title, phone number, survey responses, company name, job function, state, country, relationship with TrustArc, and any comments you provide. We may provide remuneration in exchange, such as a gift card. We conduct online consumer surveys to learn about your views on important privacy-related issues based on our legitimate interest in better understanding the privacy market and to improve our solutions; we do not directly collect any personal information about you when we conduct these surveys, however cookies and data collection technologies may be used to manage the delivery of the surveys. You may choose to respond or not and may opt out of future communications of this nature. In part, this is through our legitimate interest in obtaining your feedback and part through your consent to such activities.

This may include voluntary participation in our customer community offerings, such as online communications, group meetings, and other engagements. You must consent to participate in such activities and if so, can revoke your consent easily by withdrawing from such activities. You must agree to follow the engagement rules, which will vary by the method of engagement.

If you register for or attend our webinars (or other presentations), your IP address and some other technical information may be disclosed with the relevant hosting provider or application, such as GoToMeeting. Where applicable, registration information and any comments or feedback you provide to us will be captured.

If you are invited to be a guest in a TrustArc-hosted or sponsored webinar (or other presentation), your contact information will be processed as part of the production. This generally includes your name, email address, phone number, company name, image, and job title. These programs are recorded and broadcast publicly, as is the nature of such programs, which includes your voice and image and the information you disclose during such programs. Follow-up information for the webinars will be sent to the email address registered and you can opt out at any time. If you do register for another webinar, you will be opted back into communications.

If you request or indicate an interest in information about our solutions or partnership opportunities, we process your name, email address, phone number, job title, information about the company where you work, including its website address, and any comments you provide. We add business information related to the company where you work from third party sources, such as business intelligence providers, information from publicly available sources such as LinkedIn, as well as information about the number and frequency of your interactions with us online and offline, such as at events, webinars, email communications, and our website. We maintain and update this information as we continue to engage with you. Engaging with you once you express interest in our solutions may be based on your consent or our legitimate interests. If we rely on consent, this will be clear to you that you are providing consent because you will complete a form or register for an event. As such, you can cancel your consent using the opt-out link in the emails we send or by contacting us via an individual rights form, email, or phone.

We may send you marketing communications (including sales, information, events, and business development communications) about our solutions, events, or resources that we think may be of interest to you. For these communications, we process your name, phone number, email address, postal address, job title, job function, company name, and information about which of our solutions you use or which may be of interest to you, including any responses you make to such communications. We also process automatic information such as what we collect via cookies, IP address, device type, browser, and if the email was opened.We may also associate other information to the communication for insight such as company size, company financial information, and whether the company is a current or prospective customer. In general, these communications are initiated in our legitimate interest to engage you in business, but if the information was collected through our online forms, you also consented to being contacted. We track these communications to determine whether, when, and the IP address and associated city of, a marketing communication we sent was viewed based on our legitimate interest to effectively manage and improve upon such communications.

Communications may also include asking for your review of our solutions from your perspective as a customer or user of our solutions. We do this from our interest in having you evaluate our performance. You may opt-out at any time from marketing emails using the unsubscribe link in the emails.

If you have consented to a recorded telephone call or video conference with TrustArc, we may process your name, email address, job title, image, and voice for analytical purposes to improve our training and customer relationship management and to provide recorded information to our customers upon request. For example, a customer may want a recording of a demo on a particular solution. For any such telephone calls or video conferences, notice of the intent to record will be provided before recording. You may decline recording at any time before or during the meeting, and you may request deletion of the recording at any time. All such recorded meetings will be automatically deleted within 180 days.

We process your name, email address, postal address, company name, billing information (e.g., purchase order number, bank wire information, credit card number), company size, company financial information, and signature along with communication content and any comments or feedback you may provide. Some information about you may come from other individuals. For example, a colleague may tell us that you moved to another company or a different role. Similarly, such information may be available publicly, such as on LinkedIn.

We use this information in order to facilitate the contract execution and to deliver on the contract. We will communicate with you, including via email, about your use of our solutions, obtain your input on new features, functionality, and content, and to provide information about updates to our solutions. We will also communicate with you about TrustArc events, or industry/privacy-related news. We have a legitimate business interest in renewing your subscription-based solutions in order to retain you as a customer or partner along with providing additional solutions you request based on our legitimate business interest and / or contractual obligation to respond to your reasonable requests.

In addition, to better understand the needs of the privacy and business communities we aim to serve, we analyze our interactions with you online and offline. This helps us continue to improve how we provide information and engage specifically with you, including to help us determine when you might be ready to make a purchase based on repeated interactions with TrustArc. We want to understand the business that you work for and your prior experience based on our legitimate interest to tailor our communications with you to improve our engagement with you from a business perspective. We also want to understand your business and privacy-related needs based on our legitimate interest to develop and enhance our solutions to address your needs and to make them more relevant to you. Lastly, we do not make any automated decisions about you that would result in legal or other similarly significant or detrimental effects on you.

TrustArc is a business-to-business (B2B) company, meaning we sell our software solutions to other companies. You may use our solutions because your company purchased our software for their own privacy compliance needs or because you work with a company that does business with our customers. In most cases, this information should be your business information and not your personal information, but we do not control what information our customers enter about you. Below, we provide information in three categories: 1) our customers’ authorized users, 2) the TrustArc platform, and 3) consumer-facing solutions. We develop and / or discontinue solutions based on our business strategy and developments, so not all solutions are detailed below, but apply in a general sense based on how you choose to engage with us.

In the course of using our solutions, we may ask you to provide business information related to the company where you work. Business information may include information about your company’s practices, policies, processes, and supporting documentation. This business information is stored on TrustArc systems, and we use it to provide the solutions you have contracted us to provide and in accordance with the terms and conditions set forth in agreements between TrustArc and your company.

Authorized users or other individuals named in our solutions, such as respondents to customer assessments, fall under the control of the customers’ determinations, meaning TrustArc cannot grant access or delete information without the customers’ permission. We retain this information for the length of the customer contract, deleting it as required by the customer or for a set time period (generally three years from termination) in agreement with the customer. If you are a licensed or other authorized user of our privacy technology platform, we process your name, email address, username, password, IP address, job title, phone number, information about the company where you work, actions you have taken in the applications on the platform or in response to communications, such as record creation, changes, input, responses, analysis, and approvals, and tickets filed on your behalf related to our platform.

For individuals at our customer companies or potential customer companies, we process this information to provision and de-provision your account on our platform; authenticate you to enable you to access your account on our platform, including adding users of the solution; provide customer service and support, and investigate issues that you raise; deliver our assurance programs and solutions to you, including provision of our seals, where applicable; resolve disputes related to your organization’s privacy practices; provide alerts in the platform based on your implementation; and help you build, implement, manage, and demonstrate your privacy program and practices using our solutions. We may further analyze the use of our solutions, and characteristics of the companies that use our solutions (e.g., by size and industry sector) to help us understand and make decisions about customer and market needs, to improve our solutions, to design new solutions, and to inform partnership and business development decisions.

In order to engage with our solutions, you will either be an authorized user as described above or a non-system user that our customer sends you information to complete. For example, a customer may send you a vendor assessment or you may be a business process owner for the customer and need to complete a data inventory or Data Protection Impact Assessment. In both cases, we are a vendor (a processor/subprocessor) to our customers and the customer is the one responsible for determining their processing purpose and choosing to communicate with you. If you have any questions, you may contact us or the customer to learn more.

TrustArc acquired Nymity in 2019 and provides these services through our TrustArc platform. In most cases, the uses and purposes are the same as those listed just above in the platform. However, in some instances, the customers may disclose such information to other individuals. The authorized users may enter your information into our platform to send you materials or may download the materials and send them directly. We are a vendor (processor) to our customers and their use of your information is based on their determinations. If you have any questions, you may contact the customer or us for more information.

Some of our solutions that customers use are consumer-facing, such as Individual Rights Manager or Cookie Consent Manager. If you are a consumer interacting with any of our solutions, we are a vendor (processor) to our customers. As such, the customers are the ones who determine the processing purpose and use your information through our platform. In most cases, we anticipate that their basis for processing your information is consent, but you will need to confirm that with the customers. We use our own solutions, so in that case, we are the “customer” if you engage with Cookie Consent Manager on our website or submit a request through Individual Rights Manager.

• Individual Rights Manager
  When you submit an individual rights request using a form, we process your name, email address, residence, type of request, the individual type you select on the form, any comments you provide, and any additional information customers need to verify your identity. When you submit a request to another company that has implemented our Individual Rights Manager, we process the information you provide in the form implemented by that company, and we support the management of your request by the company as well as retrieval of information responsive to your request. Communications related to an individual rights request, including more information needed or providing the data requested will be managed through the platform, using an TrustArc’s email server hosted in either Frankfurt, Germany, or Virginia. Although we allow our customers to customize the categories of personal information they wish to collect, we neither recommend nor know of the collection of the category of sensitive personal information.

• Cookie Consent Manager
  If you have given your consent through our Cookie Consent Manager (CCM) we process your full IP address at initiation to infer your location and serve your the correct cookie banner. After this, we immediately pseudonymized the IP address to record your consent choice (opt-in or opt-out), storing it in our CCM application at our data center in Dublin, Ireland for 13 months. When you first visit our website, we drop a browser-specific cookie. Additionally, session cookies will be set by the ad networks listed in our preference manager to honor your preferences if you choose not to receive interest-based advertising. Our cookie only knows your last set of preferences and does not reflect the current state of cookies on your browser. If you clear your browser history, which includes clearing the opt-out cookies set by companies, we will not be able to identify you or honor your previous preferences when you return to this site from that specific browser. You will need to re-access the opt-out tool to reset your preferences.
  The connection between your browser or device and any other personal information we may have is not “known” to us until you provide more information. Some of our customers may “know” who you are across browsers or devices based upon the personal information they have collected. In those instances, our customer may direct us to collect and store in its CCM instance an identifier (e.g., IP address) it uses to identify you across browsers or devices. You may want to visit our customers’ website or contact them to learn more about their data privacy practices.

• Consent Preference Manager
  If a customer of TrustArc has implemented our Consent & Preferences Manager, we process any data related to you collected by this customer to help them manage your consent and preferences. This data may include various categories of personal information selected by the customer. Although we allow our customers to customize the categories of personal information they wish to collect, we neither recommend nor know of the collection of the category of sensitive personal information.

• Ads Compliance Manager
  If you click through an icon associated with our Ads Interests Manager in an online advertisement, we process information about your interests. We process cookies to deliver our interest-based advertising notice and choice program’s opt-out tools to assist with your opt-out choices and to help us measure usage. Our opt-out tool signals to companies to not use your browsing behavior to provide interest-based advertising by setting their opt-out cookie in your browser. When you access our preference manager, session cookies will be set by the ad networks listed in our preference manager to honor your preferences if you choose not to receive interest-based advertising. If you clear your browser cookies, this will remove all cookies including the opt-out cookies set by the companies. You will need to re-access the opt-out tool to reset your preferences. Our cookie only knows your last set of preferences and does not reflect the current state of cookies on your browser.

• TRUSTe Dispute Resolution
  We encourage you to use TRUSTe’s Dispute Resolution Program to report and resolve privacy complaints you may have concerning TRUSTe Certification or Dispute Resolution Program Participants. If you file a privacy-related complaint, we process your name, email, and country location. We will also request that you provide the details that gave rise to your complaint. Any additional personal information you choose to provide in the complaint form is optional.
  
  You can also report misuse of TRUSTe trademarks on this form, such as a company claiming to be certified by us and they are not.
  
  For both of these, we will not disclose your name and contact information with the company you are complaining about unless you consent. If not, we can still disclose the complaint with the company (with your consent), but without knowing more details, we may not be able to resolve your complaint. We will respond to your complaint via email and if you want to withdraw your consent, you can do so by responding to that email.
  
  Also, if you reside in a country with rules about sending information to other countries, called cross-border transfers, you must consent to sending your information to the United States or other countries where we have offices and process personal data for dispute resolution, such as Canada and the Philippines. We may also have employees in other countries who access the information through our platform or via email. This consent applies to your submission to us as well as us communicating with the company about the complaint, which may also be located in another country. If you do not consent, then we cannot process your information or register your complaint.

This section applies to current, past and future employees or individuals in an employment-like relationship, such as contractors, cosnultants, volunteers, interns, externs, or other individuals acting in a work-related capacity. We keep this information for the time period required by law or based on your consent, for example, for employment applications.

Applying to work at TrustArc: If you apply to work at TrustArc, we process personal information about you and your professional experience, education and training such as your application, your name (and any former names), postal address, email address, phone number, universities attended, academic degrees obtained, grades, professional certifications and licenses, employment history, and curriculum vitae or resume.
Offer of employment or contractor position: If we extend an offer of employment or a contractor position at TrustArc to you, we will process personal information about the position to which you have been appointed, your job title at TrustArc, the compensation or project-based contractor rate we offer to you, whether you accept the offer, your signature, and your starting compensation or project-based contractor rate, and your start date at TrustArc.
Employment-Related Background checks: We engage service providers to conduct background checks that involve the necessary personal information processing as permitted by the laws in the location in which you reside and/or work. More details are provided to you in the context of our request to you to complete these checks. We also have designated employees who will do reference checks, usually HR or your supervisor. We contact individuals that you have provided and engage in conversation (written or oral) about you, your work habits, challenges, experience, and more. We do not control the information provided to us by these references.
As an employee or contractor of TrustArc: we may process personal information about your benefits, nationality, residency status, email address, office or other workplace location including remote work arrangements, work phone number, mobile phone number, photographs, passport, visas, marital status, beneficiaries and /or dependents and their associated data related to benefits such as date of birth or relationship status, emergency contact details, financial account information, social security number or other government-issued identification number, holiday and paid time off days which may include the reasons for the time off, salary, incentive compensation, TrustArc stock options granted, TrustArc stock ownership, assigned projects, feedback and opinions, performance against your assigned goals, training completed, any performance improvement plans, any disciplinary actions taken, system accounts, technology and physical assets provided to you, your role and actions taken in connection with TrustArc projects and processes. This will include information voluntarily provided by you, such as would be disclosed in a typical work environment, such as photos of pets, anecdotes about family, and other such information you choose to disclose with colleagues.
If your employment with TrustArc ends, we process personal information necessary to offboard you from TrustArc, including deactivation of your access to our systems, fulfilling our financial, benefits, and related obligations with respect to the end of your employment with TrustArc.
In certain countries, supplemental privacy notices will be provided to TrustArc employees and contractors, and where applicable, consent will be obtained, to ensure compliance with local requirements.

We process personal information about you based on our legitimate interests to establish and manage our relationship with and responsibilities to you and for effective operation of our business, including activities necessary to comply with laws or contracts, such as to:

• Recruit new talent to join TrustArc;
• Onboard employees and contractors to TrustArc;
• Grant and ensure appropriate access to TrustArc systems and facilities;
• Ensure the security and safety of the workplace and the tangible and intangible assets for which we are responsible;
• Assign roles and responsibilities;
• Manage team and cross-functional communications and collaboration;
• Promote a positive workplace culture;
• Administer payroll;
• Benefits administration;
• Award and pay incentive compensation;
• Invoice payments;
• Managing TrustArc projects and processes;
• Maintaining corporate, financial and other essential business records and reporting;
• Evaluating financial and operational performance; and
• Managing compliance, including, but not limited to our privacy, security, accounting, labor and employment, and other legal and regulatory obligations.

Statistical and research purposes: We may further analyze information to evaluate and understand employee engagement and to develop plans to continuously improve our workplace culture.

You may participate in communication processes, which may be recorded, such as video conferences, phone calls, or written correspondence, or video/audio presentations for public release (webinars, podcasts, etc.) and such may be performed from your personal device. TrustArc may inadvertently collect information from your surroundings or device. You should take this into account if using a personal device for work purposes. We may also request or require security software to be installed. More information can be found in the employee handbook and throughout various policies and communications from executives or other personnel in key roles.

As part of your employment activities, you may engage with customers, other employees, technology, vendors, and/or other individuals. Your actions or communications will typically be recorded via online tools or communication technologies. These recordings may be temporary or permanent depending on their intent. For example, if you write code, that may become a permanent entry in TrustArc’s platform. If you engage with regulators on an investigation, that will likely become a long-term record both for TrustArc and the regulator.