This policy describes the types of personal information that TRACE Inc. d/b/a Tcompliance, Inc. (“Tcompliance” or “we” or “our”) may collect in our role as a data controller, the purposes for which we may use the information, the circumstances in which we may share the information and the steps we take to safeguard this information. We may also process other data in our role as a data processor on behalf of other data controllers in strict accordance with their instructions, which may differ from what is described in this policy.
Tcompliance provides a number of different due diligence and training services and products, and maintains a number of online applications, each of which may collect different kinds of personal information. Depending upon the service, product and application, the following personal information may be collected:
This is a broad description of the types of personal information that our company processes. To understand how your own personal information is processed in each particular instance you may need to refer to any personal communications you may have received from us, check any privacy notices we may have provided to you or made available on our site or contact us to ask about your personal circumstances.
As with the types of information collected, the purposes for which Tcompliance processes personal information vary depending on the service, product or application. Such purposes may include:
Tcompliance does not sell personal information.
Data security is our priority, and we are committed to safeguarding your information. We do this by:
We may also use web beacons (a small graphic image placed on a webpage or in an email message to monitor user activity, such as whether the webpage or email is accessed or clicked). We use this data for administrative purposes; to assess the usage and performance of our services; to improve user experience; and as otherwise permitted by applicable law or regulation.
We keep your personal data no longer than is necessary for the purposes for which personal data is processed. Specific retention periods for various types of data and purposes of processing are governed by our internal Data Retention Policy. For example,
For specific details about retention periods or if you have questions about our retention of your data, please contact Tcompliance’s Data Protection Officer as explained below.
We will not share your personal information with third parties, except as described herein, in separate data notices that you may receive from us or as authorized by you. Tcompliance may share your personal and other information or portions thereof, with a limited number of service providers and processing companies that perform services for Tcompliance, including: TRACE International, Inc., a non-profit business association with whom we have a shared services agreement for the provision of operational support services such as IT, legal/contracts, marketing, compliance training, and customer service support; and other service providers that provide professional, legal, or accounting advice to Tcompliance; translation professionals; third parties who conduct or facilitate sanctions lists or PEP screenings; firms that provide data hosting, software development and database management services; law firms that are engaged to conduct audits of the personal information you have provided; and consultants that are engaged to provide due diligence or customer support services, based on your location. These third parties are required to maintain the confidentiality of your personal information, and to use your personal information only in the course of providing such services to Tcompliance, and only for the purposes that Tcompliance dictates. In connection with our due diligence services, we will share information submitted with authorized users of the submitting party and any recipients authorized by the entity subject to due diligence. In connection with our online training, we will share information submitted by or about students with their company and their company’s administrators. Under limited circumstances, your personal information may be disclosed to third parties to comply with applicable laws and regulations, such as in response to a subpoena or similar legal process, or to lawful requests by public authorities, including to meet national security or law enforcement requirements. Any other disclosure of your personal information will be pursuant to your express consent.
If you have questions or concerns over your personal information’s disclosure to a third party as described above or wish to opt out from such disclosure, please contact the Tcompliance Data Protection Officer as explained below.
To help ensure data accuracy and quality, we provide users of our online services with access to their information stored on our systems and databases. You have an ongoing opportunity and responsibility to correct verified inaccuracies, either through the relevant online system or by contacting us directly. If a data subject alerts us to a potential error in their information, we will promptly investigate the issue, confirm (as appropriate) that any newly-submitted information meets our due diligence and verification standards, and update the information as necessary. When the review is complete, all relevant reports we have issued will also be updated, and authorized users and/or other recipients of the reports will be notified of the update. You may request deletion of your personal information at any time by contacting us directly, and we will respond to your request without undue delay, typically within 30 days or less. Please note that reports that have been shared with authorized users and/or other parties, as authorized by the party requesting deletion, may remain with those parties even after deletion from Tcompliance’s systems. In some circumstances, you may have other rights with regards to your information such as the right to data portability and the right to object to our processing of your data.
Personal data may be processed by Tcompliance in Ireland, the United Kingdom and the United States. Any transfers of your personal data between countries will be done strictly in compliance with applicable law. Any transfer of personal data from the European Union and the European Economic Area (EU/EEA) or the United Kingdom (UK) to the United States is based either on specific consent of data subjects or the standard contractual clauses executed by Tcompliance with relevant entities located in the EU, EEA or UK, as the case may be.
If you have questions or concerns about our processing of personal information, please contact the Tcompliance Data Protection Officer at the following address:
Attention: Data Protection Officer
151 West Street, Suite 300
Annapolis, MD 21401
United States of America
If you are not satisfied with our response or believe we are processing your personal information not in accordance with applicable law, you may contact our third party dispute resolution provider at https://feedback-form.truste.com/watchdog/request. It may be possible, under certain conditions, for individuals to invoke binding arbitration.
In addition to contacting Tcompliance’s Data Protection Officer, individuals residing in the European Union may contact Tcompliance’s EU Representative at [email protected]
If contacted, we may seek additional information from you to make sure that the personal data we may possess belongs to you. Once verified, we will evaluate your request and provide you with a response without undue delay. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you may either:
Last Updated: 1 December 2021