You are not logged in.
Settings
Language:

Privacy PolicyPrivacy Policy

TRACE Privacy Policy

 

  1.  About TRACE
    TRACE International and TRACE Incorporated (collectively, “TRACE”) are two distinct entities with a common mission to advance commercial transparency worldwide by supporting the compliance efforts of multinational companies and their third party intermediaries. TRACE International is a non-profit business association that pools resources to provide members with anti-bribery compliance support, while TRACE Incorporated offers both members and non-members customizable risk-based due diligence, anti-bribery training and advisory services. Working alongside one another, TRACE International and TRACE Incorporated offer an end-to-end, cost-effective and innovative solution for anti-bribery and third party compliance.

    This policy describes the types of personal information we may collect in our role as a data controller, the purposes for which we may use the information, the circumstances in which we may share the information and the steps we take to safeguard this information. We may also process other data in our role as a data processor on behalf of other data controllers in strict accordance with their instructions, which may differ from what is described in this Policy.
  1. The Information We Collect
    TRACE provides a number of different due diligence and training services and products, and maintains a number of online applications, each of which collects different kinds of personal information. Depending upon the service, product and application, the following personal information may be collected:
  • Login credentials, IP addresses, website cookies, internal unique identifiers, and other session details when our online applications are used;
  • Basic contact information such as name, business address, email address, and telephone number;
  • Employment-related information such as work history, ownership in companies, current employer, division, department, title, and job duties;
  • Contact information for external references such as name, employer, position, and relationship;
  • In certain limited circumstances, documents and information to verify identity such as a passport, national identity card, driver’s license, or tax number;
  • In certain limited circumstances, documents to verify address, such as invoices or billing statements from governmental, municipal entities or utility companies;
  • Identifying information, including nationality and year, or sometimes date, of birth, of owners and others who exercise control over the management or direction of a corporate entity;
  • Information regarding whether a customer, intermediary, or authorized representatives or owners of either appear on lists of politically exposed persons and government-issued lists of sanctioned entities and persons, including, for example, restricted parties, denied persons, Specially Designated Nationals, debarred parties, excluded parties, blocked persons, embargoed countries and persons and other entities of concern;
  • Compliance-related information regarding the history with respect to, for example, bankruptcy filings, criminal matters, negative media reports, anti-bribery violations, and compliance with various laws and international standards;
  • Conflicts and compliance information such as a person’s relationship with government or military officials or status as current or former government officials;
  •  
  • Online training and test information such as date assigned, date started, training score, completion date, training language, and type of course taken; and
  • Voluntarily-provided corporate information such as corporate logo, a corporate message, corporate code of conduct, or other company training material.

This is a broad description of the types of personal information that our organization processes. To understand how your own personal information is processed in each particular instance you may need to refer to any personal communications you may have received from us, check any privacy notices we may have provided to you or made available on our site or contact us to ask about your personal circumstances.

  1. What We Do With Collected Information
    As with the types of information collected, the purposes for which TRACE processes personal information vary depending on the service, product or application. Such purposes may include:
  • Generating TRACE anti-bribery due diligence reports upon customers’ request; these reports are not made available either publicly or to TRACE customers without the requesting customer’s authorization and/or the authorization of the report’s subject entity;
  • Displaying the name and Certification ID number of current TRACEcertified intermediaries, unless an intermediary explicitly opts out, in an Intermediary Directory made available to the public;
  • Creating profiles to help us manage our relationship with site visitors and ensure that our customers and intermediaries receive and maintain updated information;
  • Improving our products and services;
  • Periodically sending promotional emails about products, special offers, or other information we think you may find interesting using the email address you have provided (if you opted in to receive such communications).
  1. Data Security
    Data security is our priority, and we are committed to safeguarding your information. We do this by:
  • Establishing policies and procedures for securely managing information;
  • Using access controls to limit employee access to sensitive information;
  • Protecting against unauthorized access to customer data by using physical security, firewalls, data encryption, authentication and virus detection technology, as required;
  • Providing data protection training to our employees; and
  • Continually assessing and improving our data protection, information management and data security practices as well as technical and organizational measures and safeguards.
  1. Use of Cookies and Web Beacons
    We use “cookies” (small text files that may be placed on your web browser when you visit our website). The information derived from cookies is used for administrative purposes and to improve your experience with our website. For example, this information may help authenticate you (verify that you are who you say you are), an essential component of our website security. It also helps you more easily navigate our website by remembering your identity so that you do not have to input your password several times as you move between pages. You can prevent cookies from being set. However, if you decline to use cookies, you may experience reduced functionality and, when we require authentication, declining cookies may prevent you from using the website altogether.

    We may also use web beacons (a small graphic image placed on a webpage or in an email message to monitor user activity, such as whether the webpage or email is accessed or clicked). We use this data for administrative purposes; to assess the usage and performance of our services; to improve user experience; and as otherwise permitted by applicable law or regulation.

    In addition, cookies and web beacons may be used to track information and identify categories of visitors by items such as IP address, domain, browser type and pages visited to improve our service. We may use the Google Analytics™ web analytics tool to assist us in analyzing how visitors engage with our website and arrive at the public portion of the website. Further information about Google Analytics can be found at the Google Analytics Privacy Policy.

For the TRACE public website:  we also use the Pardot marketing automation tool by Salesforce that helps us analyze the impact of our web presence for market research purposes. Pardot’s documentation provides further information about the use of cookies and web beacons by this tool.

For the TRACE TPMS website: Our online services also utilize third-party applications that use their own cookies. Specifically, we use help desk software by LiveAgent to support Live Chat. If you choose to use Live Chat, please see their policy for details about the cookies that Live Chat uses.  In addition, if you choose to make a payment on our TPMS site, you will be linked with STRIPE, a global online payment company. Please see the STRIPE policy for details about their use of cookies.  For some other TRACE services, your payment may be processed by Authorize.Net (also known as CyberSource), another online payment processing company. Please see their privacy policy for details about their use of cookies.

  1. Retention Periods

We keep your personal data no longer than is necessary for the purposes for which personal data is processed. Specific retention periods for various types of data and purposes of processing are governed by our internal Data Retention Policy. For example,

  • If your data are part of an incomplete due diligence report (a report that was never released), TRACE keeps your personal data for six months after the date the report was canceled; and
  • If your data are part of a final complete due diligence report, TRACE keeps your personal data for three years after: (i) the report’s release date (for TRACEcheck and TRACEselect reports) or (ii) the start date (for TRACEcertification reports).

For specific details about retention periods or if you have questions about our retention of your data, please contact the TRACE Data Protection Officer.

  1. Disclosure of Information to Third Parties
    We will not share your personal information with third parties, except as described herein, in separate data notices that you may receive from us or as authorized by you. TRACE International and TRACE Incorporated may share personal and other information with one another in the course of and for the purpose of providing services such as those described above to their members and customers. We may also share your information or portions thereof with a limited number of non-affiliated processing companies that perform routine support services for TRACE, including: those that provide professional, legal, or accounting advice to TRACE; translation professionals; third parties who conduct or facilitate sanctions lists or PEP screenings; firms that provide data hosting, software development and database management services; and law firms that are engaged to conduct audits of the personal information you have provided. These third parties are required to maintain the confidentiality of your personal information, and to use your personal information only in the course of providing such services to TRACE, and only for the purposes that TRACE dictates. In connection with our due-diligence services, we will share information submitted with authorized users of the submitting party and any recipients authorized by the entity subject to due diligence. In connection with our online training, we will share information submitted by or about students with their company and their company’s administrators. Under limited circumstances, your personal information may be disclosed to third parties to comply with applicable laws and regulations, such as in response to a subpoena or similar legal process, or to lawful requests by public authorities, including to meet national security or law enforcement requirements. Any other disclosure of your personal information will be pursuant to your express consent.

    If you have questions or concerns over your personal information’s disclosure to a third party as described above or wish to opt out from such disclosure, please contact the TRACE Data Protection Officer as set forth below.
  1. How You May Access and Correct Information
    To help ensure data accuracy and quality, we provide users of our online services with access to their information stored on our systems and databases. You have an ongoing opportunity and responsibility to correct verified inaccuracies, either through the relevant online system or by contacting us directly. If a data subject alerts us to a potential error in his or her information, we will promptly investigate the issue, confirm (as appropriate) that any newly-submitted information meets our due diligence and verification standards, and update the information as necessary. When the review is complete, all relevant reports we have issued will also be updated, and authorized users and/or other recipients of the reports will be notified of the update. You may request deletion of your personal information at any time by contacting us directly, and we will respond to your request without undue delay, typically within 30 days or less. Please note that reports that have been shared with authorized users and/or other parties, as authorized by the party requesting deletion, may remain with those parties even after deletion from TRACE’s systems. In some circumstances, you may have other rights with regards to your information such as the right to data portability and the right to object to our processing of your data.
  1. The EU–U.S. Privacy Shield
    TRACE International, Inc. and TRACE Incorporated, which are subject to the investigatory and enforcement powers of the Federal Trade Commission, participate in the EU–U.S. Privacy Shield, which provides a framework for the transfer of personal information from the European Union to the United States. The Privacy Shield Framework includes seven central Principles: (1) Notice; (2) Choice; (3) Accountability for Onward Transfer; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access; and (7) Recourse, Enforcement and Liability. The official EU–U.S. Privacy Shield List can be accessed at https://www.privacyshield.gov/list.

    TRACE is committed to subjecting to the Principles all personal data received from the EU in reliance on the Privacy Shield. TRACE retains liability in cases of onward transfers to third parties.
  1. Changes to Our Privacy Policy
    This policy provides a general statement of the ways in which TRACE protects your personal information. We may supplement this statement by sending you a specific data notice or we may update this Privacy Policy at any time, with or without advance notice. In the event there are significant changes in the way we treat your personally identifiable information, we will update this policy and may send you a personal communication summarizing the revisions.
  2. Contact

TRACE
Attention: Data Protection Officer
151 West Street
Annapolis, MD 21401
United States of America
DPO@TRACEinternational.org

For EU Residents:

In addition to contacting TRACE’s Data Protection Officer, individuals residing in the European Union may contact TRACE’s EU Representative at EURepresentative@TRACEinternational.org.  If contacted, we may seek additional information from you to make sure that the personal data we may possess belongs to you.  Once verified, we will evaluate your request and provide you with a response without undue delay. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you may either:

  • file a complaint with the Data Protection Commissioner at info@dataprotection.ie or the supervisory authority located in your jurisdiction; or
  • contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. It may be possible, under certain conditions, for individuals to invoke binding arbitration.

 

Effective Date: February 15, 2018

Powered by Inquisiq LMS R5 Build 5.1.18.1© 2002-2018ICS Learning Group
compliance@cambridge.org