Privacy Notice

5

TrueCommerce Group Privacy Notice

This privacy notice (“Privacy Notice”) applies to all websites and services owned and operated by True Commerce, Inc., and its divisions, affiliates and subsidiaries (collectively “TrueCommerce” or “we”, “us”, “ours”), provided that where an affiliate publishes a privacy notice that is materially different from this notice, or where a materially different notice is referenced by a service, the other notice shall apply while interacting with such other affiliate or service.

Introduction

TrueCommerce is committed to compliance with data protection and privacy laws and protecting the privacy of its users (“Users”), the business entities that such Users represent (“Customers”), as well as others who access these websites and services (“Visitors”) (collectively, “you”). TrueCommerce websites and services are designed for adult Users and Visitors and are not to be used by anyone under 18. This Privacy Notice describes how we collect, use, share, and handle the personal information you provide when you access these websites and services or that we receive or obtain about you from third parties. This Privacy Notice should be read in conjunction with any agreements between Customers and TrueCommerce (the “Agreements”) that apply to the websites and services and with any other related documents or guides. This Privacy Notice pertains only to your personal data, that is, data that can be used to personally identify you, so please review your contracts with TrueCommerce to understand how other data is handled.

We do not sell, trade, or rent User or Visitor personal data to third parties for our commercial benefit. We do share such data when instructed to do so by you or a Customer in the course of delivering the services, such as processing transactions with third parties via the services or integrations you instruct us to enable with third parties. We also may share your data as described in this Privacy Notice.

This Privacy Notice is provided in English and is offered in other languages for your convenience. In the event of any conflict or discrepancy between the English language version and a translated version, the English language version controls.

Collection and Use of Information

General Information On The Legal Basis For Data Collection

If you have consented to data processing, we process your personal data on that basis. This consent can be modified or revoked at any time. If data processing is required for the fulfillment of a contract or for the in furtherance of entering into a contract, we process your data on that basis. If data processing is required for the fulfillment of a legal obligation, we process it on that basis. Any other data processing is on the basis of our legitimate interest.

User Information

Users and Visitors communicate and exchange information (“User Information”) with us and other Users in connection with their business relationship with us and our websites and services. User Information may also be collected through email and other correspondence with us, as well as with third parties or by any other means in connection with providing a service to you. User Information may include, without limitation, User ID, first and last name, email address, business phone numbers, and country. We also may collect other business information, such as invoice and payment information or tax ID numbers, in connection with specific services.

We will not sell your personal data to third parties, or share or trade it with them for promotional purposes without your consent; provided that we may share, not sell, your data with trading partners to introduce you to potentially beneficial business relationships. When we do share your personal data, we will share your personal data with third parties only in the ways that are described in this Privacy Notice.

TrueCommerce and its third-party service providers may use your personal data to:

  1. perform the services or in connection with the operation of its services;
  2. monitor and analyze system activity, including how the system is used and the volume and frequency of access, so as to improve the system and services;
  3. contact you regarding your inquiries, your use of the system, or changes to the system or services and to otherwise operate the system;
  4. comply with any applicable law or other legal or regulatory requirements to respond to a request or subpoena by a government, regulatory or judicial authority where necessary in connection with a dispute, actual or potential litigation, other legal process or an internal or external audit, or where otherwise necessary to protect our interests, third-party service providers or other participants in the system;
  5. take appropriate actions when you ask a question, request support, register for an event or conference, request access to various documents such as white papers, reports, case studies and so on, or participate in an online survey;
  6. disclose to a Customer the activities of its authorized Users, which includes providing User Information and other information collected by us to the Customer;
  7. gather information that does not identify specific Users or Visitors (collectively, “Aggregate Data”) from User Information, data, cookies and other information collected on our websites and use such Aggregate Data for internal and/or commercial purposes; and
  8. recording meetings that we have together with you in the course of providing the services or evaluating new service from us. We will post a notice at the beginning of the meeting that is it being recorded or otherwise provide you with such notice.

With your consent, we may use your personal data to market our products and services and third-party service providers to Users and Visitors through the use of post/mail, fax, telephone, or email. At all times you have the right to control your marketing preferences, including withdrawing your consent after it was given. For example, we will include a working unsubscribe link on marketing emails so you can conveniently unsubscribe.

We will also send you service-related email announcements when we believe it is helpful to do so. For instance, if a service is temporarily interrupted for maintenance, we may send you an email. You do not have the option to opt out of these emails as they are part of the service and not promotional in nature.

In addition, any third party offering a service directly to your company in connection with our services or on our websites, such as live chat service providers, email service providers, and recruiting platforms, may use your personal data to: provide the Services; contact you regarding your inquiries; and market its products and services to your company through use of post, fax, telephone, or email. If you do not want us to share your personal data with these companies, please contact us through the information provided in the Contact section at the end of this Privacy Notice.

Visitor Information

When you access our websites and services, we collect, record, and retain data about such usage, including but not limited to the User’s or Visitor’s domain name and internet protocol (IP) address, the name of the webpage from which you entered our website or service, the locations each User visits within our websites, and the amount of time spent on each page (collectively, “Browsing Information”). We use this Browsing Information to determine the demographics of Users and Visitors, analyze trends, optimize our website’s or services’ performance, and add to third parties’ aggregate statistics and general information about us.

Information Supplementation

We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this input with information we already have about you. This helps us update, expand, and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you give us personal information about others or if others give us your information, we will only use that information for the specific reason for which it was provided to us.

Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about Users and Visitors may include:

  1. purchased marketing data about our customers or prospective customers from third parties that is combined with information we already have about you to create more tailored advertising and products, and
  2. human resource information and basic business contact information when candidates are presented through recruitment agencies.

Data Exchanged In Business Transactions Through Our Services

Many of the services that we operate are networks that facilitate data exchange between various parties that wish to do business with each other. In many of these circumstances, we and other Users or third parties with whom you exchange information through our services will be independently responsible for maintaining personal information about Users and Visitors. In most instances, a Customer, and not us, are initiating the processing through our services and in these cases please also contact the Customer to modify any data processing by such Customer. Likewise, if you want to access or correct, amend, or delete inaccurate data processed in this manner, you should contact Customer in addition to following the procedures in this Privacy Notice. If you are unable to determine the identity of the Customer or whether it is us or a Customer responsible for the data, please contact us as described in the Contact section. We are not responsible for information or data in the possession of these third parties, regardless of how such data was obtained. Please consult the third parties’ privacy notices to learn how they may use or disclose your information.

Some of our web pages may use technology to serve content from third parties that we work with while preserving the look and feel of our websites and services. Please be aware that you are providing your personal information to these third parties subject to their applicable terms and conditions and not to us. If you are unsure who operates a website or service, please contact us using the information in the Contact section at the end of this Privacy Notice.

We also provide links to other websites maintained by unrelated third parties. If you follow a link to a third-party website, that site is not subject to this Privacy Notice and we have no control over the use of information disclosed on such sites.

Our websites and services may include social media features, such as the Facebook “Like” button, and widgets, such as a “Share This” type of button and other interactive elements. These features may collect your IP address and the webpage you are visiting, and they may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our websites. Your interactions with these features are subject to the privacy notice of the company providing them. More details about these service providers are available at https://www.truecommerce.com/legal/privacy/privacy-service-details.

Disclosure of Personal Data to Third Parties

We may be required to disclose personal data in response to lawful requests by public authorities. This may involve national security or law enforcement requirements, for example. We, third-party service providers and partners may disclose your personal data to:

  1. any affiliate, agent, or subcontractor of ours and/or its third-party service providers, as applicable, including companies that provide technical services to us, since these companies are authorized to use your personal data only as necessary to provide these services to us;
  2. any affiliate, agent, or subcontractor of ours and/or its third-party service providers, as applicable, for the purposes of operating the system and, with your consent, for the marketing and/or provision of third-party services because, as stated above, all of the third parties offering services through the system may receive your personal data;
  3. any affiliate, agent, subcontractor or adviser of ours and/or its third-party service providers, or a government, regulatory or judicial authority, as applicable, in connection with an internal or external audit or examination, a dispute or actual or possible litigation, a request, subpoena or similar legal process, or where disclosure is otherwise permitted or required by law;
  4. any affiliate, agent, subcontractor or adviser of ours and/or its third-party service providers, Customers, or a government, regulatory or judicial authority, as applicable, where necessary to protect our interests, the public, or other users of our services, such as in the event of suspected fraud or illegal activity; and
  5. anyone to whom you authorize us to give your personal data, including parties you have authorized to access your personal data in connection with your activities as a User or Visitor.

In the event that we or any of our assets are acquired or become the subject of a merger or acquisition, then your personal data may be transferred to potential acquirers or other authorized parties involved in such transaction but shall not otherwise be sold or rented to any third party. We will provide notice of any such merger or acquisition.

Tracking and Targeting Technologies

We use technologies such as cookies, beacons, tags, and scripts directly or through our partners, which may include marketing partners, affiliates, analytics providers and/or service providers such as an online customer support provider. These technologies are used in analyzing trends, administering the websites and services, tracking movements around the sites and gathering demographic information about Users and Visitors. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.

We use cookies to help personalize your online experience. Users and Visitors can control the use of cookies through their individual web browsers (these reference sites can provide more information about how to interact with your web browser http://optout.aboutads.info/ or http://www.youronlinechoices.eu/). There may also be tools within our websites that alert you to the cookies we use and let you make selections about which ones you want to use. You must accept essential cookies, and if you use tools to reject them you may still be able to use our websites and services but your ability to use some features or areas of our sites or services may be limited. If you reject optional cookies, certain features or services may be unavailable to you.

As is true of most websites, we use a third-party tracking utility partner to gather certain information automatically and store it in log files. This information includes an individual’s IP address, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information, which does not identify individual Users or Visitors, to analyze trends, administer the websites, optimize the performance of our website, track movements around our websites and gather demographic information about our user base.

We use local shared objects (LSOs), including HTML5, to store content information and preferences. Various browsers may offer their own management tools for removing HTML5.

User Forums and other communication

If you use a forum or other chat tool on our website, any personal data you submit can be read, collected or used by other users of these forums and could be used to send you unsolicited messages by third parties. We are not responsible for how these third parties use the data you submit in the forums. You are also responsible for using our forums in a manner consistent with the terms of use, acceptable use policy, and/or other terms and conditions applicable to such forum or website. To request removal of your personal data from any forum or website controlled by us, please contact us using the contract information in the Contact section. In some cases, we may not be able to remove your personal data, and in those situations we will let you know why we are unable to and provide you with a contact for a third party who may be able to.

Security

We and our third-party service providers have implemented security measures to help protect against the risk of loss, misuse, and alteration of any personal data we control. These measures include using encryption, limiting access, and using industry best practice controls such as firewalls and encryption for personal data.

Additionally, in order to protect the security and integrity of the proprietary and confidential information of Customers and Users who interact on the non-public portion of our trading partner network, we adhere to a corporate security program supervised by our Chief Information Security Officer to implement controls designed to protect the proprietary and confidential information of Customers. The policy addresses information classification, information security procedures (electronic and hardcopy information), limited disclosure procedures, physical facility access, and general security awareness and enforcement. We have processes in place intended to flow down these principles to our service providers who process your personal data. We also deploy authentication and user verification procedures to limit access to Customer information to only those participants that our Customers authorize. Notwithstanding our extensive efforts, such security measures may not prevent all loss, misuse, or alteration of personal data.

Notice, Access and Choice

Users and Visitors can access their User Information and other appropriate personally identifiable information collected by us by contacting us at the contact information in the Contact section. If a User believes there are factual errors in such information or would like to update it, the individual may contact support or the Customer’s account administrator with a description of the inaccurate information and proposed corrections. We and/or the Customer’s administrator will verify and correct any errors within 30 days.

You have the right to request that your personal data collected by us be deleted at any time and can do so by contacting us using the contact information in the Contact section. We will delete the information within 30 days of your request; provided that if applicable law requires a quicker response, we will act within the legal timeframe.

We will retain your information for as long as your account is active or as needed to provide you with services. If you wish to cancel your account or request that we no longer use your information to provide you with services, contact us at the contact information in the Contact section.

We intend to comply with all applicable data protection laws. If you believe you have additional rights or concerns not addressed in this Privacy Notice, please contact us.


Where we rely on your consent to process your personal data, you may withdraw your consent for the processing of your personal data at any time. However, if you do so, we may not be able to provide certain services to you or give you access to parts of the websites where processing relies on your consent.

You have the right to have personal data that we process handed over to you or to a third party in a common, machine-readable format. Typically you are able to access this data in the normal course of business with us. If you cannot access the data, please contact us using the contact information in the Contact section.

Opting Out of Marketing Communications

You may choose whether to receive marketing communications. If you do not want to receive such information, you may opt out of receiving them by following the instructions included in each communication or by contacting us using the contact information in the Contact section.

Modifications of this Privacy Notice

We may modify this Privacy Notice at any time and encourage you to periodically review this Privacy Notice. If We make material changes to this Privacy Notice that decrease your rights from the prior version, we will provide notification by email or by means of a notice on our homepage prior to the change becoming effective. Changes to the Privacy Notice are effective on the publication of the updated version. We will also provide notification by email or by means of a notice on our homepage in the event of a merger or sale of substantially all of our assets.

Use of System

You represent and warrant that any data you provide to us is submitted in connection with transactions conducted for business purposes only. Access to and use of the websites and services are subject to this Privacy Notice and to the applicable agreement(s) between you and/or the Customer you represent and us.

Data Retention

We will retain your information for as long as your account is active or as needed to provide you with services, comply with our legal obligations, resolve disputes and enforce our agreements.

International Data Transfers

You consent to us, our affiliates, third-party service providers, and partners transferring your personal data to us, our affiliates, and the recipients referred to in this Privacy Notice in countries outside the country where the data originated, which may not provide a similar or adequate level of protection to that provided by the origin country. We will utilize appropriate safeguards governing the transfer and usage of your personal information and intend to comply with all applicable laws regarding the transfer.

Transfers to the USA – Data Privacy Framework

We comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”), the DPF Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. We will adhere to the DPF Principles for as long as we hold your data that is subject to the DPF Principles.

Where we are unable to resolve questions or concerns related to your personal data as described elsewhere in this Privacy Notice regarding DPF Principles, you may submit your question or concern to an independent recourse mechanism, Data Privacy Framework Dispute Resolution, operated by JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information and to initiate a dispute. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not otherwise resolved by other redress mechanisms. For more information about binding arbitration, visit https://www.dataprivacyframework.gov/framework-article/G%E2%80%93Arbitration-Procedures.

The USA Federal Trade Commission has jurisdiction over our compliance with the DPF.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, TrueCommerce commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Where a transfer to a third party of your personal data is governed by the Data Privacy Framework, TrueCommerce is responsible to you for the transfer and will enter into contracts with such third parties that require compliance with the Data Privacy Framework terms.

You may view the list of participating TrueCommerce group entities by looking up the record for True Commerce, Inc. at https://www.dataprivacyframework.gov/list.

Transfer to countries other than the USA

Where a jurisdiction has published model contract terms, such as the SCCs from the EU, we intend to use those in our contracts regarding the transfer of personal data where applicable.

Contacting Regulators

We encourage you to contact us first with any questions or concerns regarding how we process your personal data. If you believe that our use of your personal data is in violation of applicable law, you have the right to contact the applicable regulator who supervises data protection, usually the jurisdiction where you maintain your domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in addition to any other administrative or court proceedings available as legal recourse.

Contact Us

If you have any questions, please contact us using the appropriate contact information below. TrueCommerce websites may be operated by various TrueCommerce affiliates, but TrueCommerce maintains a single point of contract for data protection and privacy inquiries and can identify the specific owner upon request:

Accessing and correcting User Information: visit www.truecommerce.com/support and create a support request
Questions about marketing communications: [email protected]
Questions about this Privacy Notice or about our handling of your information: [email protected]
Only if you are in Germany, you many contact our independent DPO: [email protected]

Mailing address:

True Commerce, Inc.
Attn: Privacy
210 West Kensinger Dr
Suite 100
Cranberry Township, PA 16066
USA

The above contact information is solely for the use of our Users and Visitors as described in this policy. We object to any other use, including using this information for unsolicited promotional emails and reserve all rights.

This Privacy Notice was most recently updated on August 7, 2024