Please read this Privacy Policy (“Privacy Policy”) carefully as it sets out how Trusty AG (“Trusty” “we” or “us”) uses your personal data or personal information in relation to our whistleblowing solution and any other solutions that we may provide (referred to as the “Services”). We may change this policy from time to time so please check our website from time to time for any updates. If we make material changes in the way we use your personal information, we will acknowledge that in this Privacy Policy or otherwise on our website, or by sending you an email to your email address that we are in possession of. If you have any questions about this Privacy Policy, please contact us using the contact details below:
Riedstrasse 7, 6330 Cham, Switzerland
+41 76 8053278 hello@trusty.report
This Privacy Policy applies to our clients who are natural persons and any natural persons associated with our clients such as their employees, agents, directors, or similar personnel who are acting as point of contact for us and it also applies to our website visitors and any other data subjects whose personal data we may be processing as a controller except for our employees (“individuals”, “you” or “your”).
This Privacy Policy DOES NOT APPLY to whistleblowers and any personal data or information related to whistleblower reports or any other personal data or information which is part of the whistleblowing solution or any other solutions platforms provided by us where we are acting as a processor or as a service provider as applicable.
1. OVERVIEW
For the purposes of the EU General Data Protection Regulation (the “GDPR”) and any other applicable UK laws, such as the UK GDPR, this Privacy Policy applies to the situations where Trusty is the controller of your data.
For the purposes of the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act and any other applicable privacy laws in the United States, this Privacy Policy applies to the situations where Trusty is acting as a business.
2. THE BASIS FOR THE PROCESSING OF YOUR DATA
2.1 We process your personal data as part of entering into a contract for the provision of the Services and performing such a contract with you.
2.2 We further process your personal data based on our legitimate interest to communicate in relation to the provision of the Services, for market research, direct marketing purposes and to make-/defend against claims.
2.3 We may ask for your consent in other cases where we process your data, as for example if we intend to use not strictly necessary cookies. Such consent can be revoked at any time by contacting us at hello@trusty.report. Please note that the withdrawal of consent will not affect the lawfulness of processing based on consent before the withdrawal.
2.4. We may also process your personal data as required to comply with a legal or regulatory obligation we may be subject to.
3. INFORMATION GATHERED AND SOURCES
3.1 Your data may be collected directly from you or your device if you access our website or get in touch directly with us or via other persons such as your work colleagues or our other business partners and contractors. It may further be obtained via open internet sources.
3.2 The data gathered may comprise identifiers, such as name and contact details like email or telephone, professional or employment-related information such title and employer, location, web-site, commercial information if you have purchased products or services from us. Other data may be gathered directly from you if you provide us with it.
3.3 When you visit our website, we may gather identifiers and internet or other electronic network activity information through the use of cookies, such as data about how you access and use our websites such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites, the pages you have visited on our websites and the links you have followed on them.
3.4. We may also collect inferences drawn from the information we collect when you visit our website or interact with our tools, widgets, or plug-ins and information about user preferences and behavior that we collect on our website to create a profile about a user reflecting the user’s preferences, characteristics, predispositions, behavior, and abilities.
4. THE USE OF YOUR PERSONAL INFORMATION
We may use your personal data for the following purposes:
perform the contract with you;
administer business relationships with you in order to allow us to provide the Services,
including to provide customer service;
improve our Services;
send important information regarding the Services, or other technical notices, updates, security alerts, and support and administrative messages;
send marketing communications to you;
carry out verification and security checks, and to make-/defend against claims.
No special categories of personal data in the sense of the GDPR and no sensitive information for the purposes of the CCPA are processed.
5. DIRECT MARKETING
Where allowed by the applicable laws, we may use your corporate contact details for direct marketing purposes. We will provide you with the opportunity to object in each communication. You can also do it by reaching us at hello@trusty.report.
6. RECIPIENTS OF YOUR INFORMATION
Subject to the need to perform the contract with you based on the contract you enter with us and our legitimate interests, we may share your personal information as set out below:
• Our third-party service providers who perform functions on our behalf in connection with the operation of our business such as IT service providers and system administrators, automation, website design and development tools, marketing management platforms, third parties who host and manage data or provide programming or technical support;
Our third-party analytics partners to analyse website traffic and understand user or client needs and trends or our third-party marketing service providers to help us to communicate with you;
Professional advisers including lawyers, bankers, auditors and who provide consultancy, banking, legal, insurance and accounting services;
Third parties if we are required to do so by law, or if we believe that such action is necessary to: (a) fulfil a government, or regulatory authority request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our websites, users or clients.
We may disclose or make available some personal information such as your IP address, other unique identifiers, your internet or other electronic network activity information that we collect through the use of cookies and inferences drawn from this information to third party cookie and tracker providers for cross-context behavioral advertising. Whereas for the purposes of the CCPA, as the term is broadly defined by the CCPA and to the extent it is applicable, this may be deemed as a sale of your information, our cookie data protection processes and practices are governed by the GDPR so we will only process your personal information for these purposes where you have provided your consent. For full information about the cookies that we use and the businesses that may receive your internet or other electronic network activity information, please visit our Cookie Policy. We do not knowingly sell the personal information of minors under sixteen years of age. We do not sell your financial information when you make payments to us.
7. INTERNATIONAL TRANSFERS OF DATA
When your personal data is transferred to parties located outside of the EEA or the UK, we shall undertake an assessment and take appropriate measures to ensure such third party will provide adequate security of your personal data and respect your rights to privacy. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and may include:
• only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission or the ICO or the UK government; or
• entering into specific contractual terms which have been approved by the European Commission or the ICO or the UK government and which give personal data the same protection as within the EEA.
8. DATA RETENTION
8.1 We may retain your personal data for as long as we require for the purposes for which it is processed or as is otherwise required by applicable law. Where our relationship has come to an end, we may continue to process your personal data for a reasonable period and as required under applicable law, or for legitimate interests such as in relation to potential claims.
8.2 When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention or limitation periods. Once the processing of the data is no longer required, we may securely delete or anonymize your personal data.
8.3 For more details about our retention periods, please contact us at hello@trusty.report.
9. YOUR RIGHTS
9.1 Under the GDPR and the UK GDPR, you are entitled to certain rights in relation to our handling of your personal data, as described below:
9.1.2 You may request from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and some additional information about the processing.
9.1.3 If you think any personal data we have about you is incorrect or incomplete, please let us know as soon as possible. We will correct or update any information as soon as we can.
9.1.4 You have the right to erasure of your data. Under some circumstances, we may not be able to fulfill your request if your personal data is important for the establishment, exercise or defence of legal claims, or that we need to retain in order to comply with the law.
9.1.5 You have the right to restriction of processing, in some circumstances where the data is wrongfully processed.
9.1.6 You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
9.2. Under the CCPA, you have the following rights in relation to the personal information:
9.2.1. Right to know: You can request us to disclose to you: (1) the categories and/or specific pieces of personal information we have collected about you, (2) the categories of sources for that personal information, (3) the purposes for which we use that information, (4) the categories of third parties with whom we disclose the information, and (5) the categories of information that we sell or disclose to third parties. You can
make a request to know up to twice a year, free of charge. This Privacy Policy is intended to satisfy this right.
9.2.2. Right to delete: You can request that we delete your personal information that we collected from you and tell our service providers to do the same, subject to certain exceptions (such as if we are legally required to keep the information).
9.2.3. Right to opt-out of sale or sharing: You may request that we stop selling or sharing your personal information (“opt-out”). We cannot sell or share your personal information after we receive your opt-out request unless you later authorize us to do so again. Please visit our Do Not Sell or Share My Personal Information page to manage your preferences.
9.2.4. Right to correct: You may ask us to correct inaccurate information that we have about you.
9.2.4. Right to limit use and disclosure of sensitive personal information: where we process sensitive personal information about you, you can direct us to only use your sensitive personal information for limited purposes, such as providing you with the services you requested.
9.2.5. Right to no retaliation: we will not discriminate against you because you exercised any of the consumer’s rights described above.
9.2.6 We do not offer financial incentives for the collection, retention, or sale of personal information and does not have financial incentive programs for you to opt into.
9.3. If you would like to exercise these rights, please write to us using the contact details provided at the beginning of this Privacy Policy or email us athello@trusty.report.
12. CONTACT AND COMPLAINTS
Should you have any complaints about how we handle your personal information, please contact us at hello@trusty.report. If we are unable to resolve your complaint and you wish to take your complaint further, you may do so by contacting the relevant supervisory authority. You can find a list of EU supervisory authorities here.
Our appointed representatives:
• for the EU: Odvetniška družba Podjed, Kahne in partnerji o.p. – d.o.o., Štefanova ulica 13A, 1000 Ljubljana, Slovenia, tel: +386 1 43 00 310, email: info@podjed.si; lead contact person: Mr Luka Podjed
Our representatives are mandated by us to be addressed in addition to or instead of us by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with respective EU or UK data privacy regulation.