TRUCE SOFTWARE

PRIVACY POLICY

Effective Date: March 16, 2020

 

Scope

Cellcontrol, Inc., d/b/a TRUCE Software (“TRUCE”, “we”, “us” or “our”) respects the privacy of our visitors, customers and users (collectively referred to as “you” or “your”). This privacy policy (as updated from time to time, and as posted on our website at https://trucesoftware.com/privacy) (“Privacy Policy”) describes the types of information we may collect from you or that you may provide when you visit or use our website (“Site”) (currently located at https://trucesoftware.com ) or use our Services (as defined below), and our practices for collecting, using, maintaining, protecting and disclosing that information.

When we use the term “visitor” in this Privacy Policy, we mean an individual person who visits our Site, whether or not that person is a user, and whether or not that person uploads information to our Site and/or downloads information from our Site. When we use the term “customer” in this Privacy Policy, we mean a company which purchases our Services. When we use the term “user” in this Privacy Policy, we mean an individual person who is authorized by a customer to access the Services. You may be a visitor, a customer or a user. This Privacy Policy applies to you as applicable to the category to which you belong.

TRUCE provides the TRUCE System to its customers and their users. The TRUCE System is comprised of a mobile application downloaded onto the mobile device(s) of each customer’s users, a remote management console accessible via the Site that enables a customer to manage the parameters applicable to its users and to generate reports and analytics, hardware with embedded firmware (in most cases), and services related thereto (collectively, the “Services”). Each customer is required to enter into a Software License and Services Agreement with us.

This Privacy Policy applies to the Personal Information and other data relating to you that is collected by us through our Site or the Services (or third parties working on our behalf), whether we receive this information directly from you or from third party sources authorized and approved by us. It does not apply to data relating to you that is collected through other websites, products or services not approved by us.

Our Privacy Policy describes:

  • How and why we collect your Personal Information;
  • How your Personal Information is used and protected;
  • When and with whom we share your Personal Information; and
  • What choices you can make about how we collect, use, and share your Personal Information.
  • How we store, use, transfer, and retain your Personal Information.

If you are a resident of or subject to data privacy laws or regulations of a country outside of the United States, please see the additional provisions at the end of this Privacy Policy. For example, we comply with the US-EU Privacy Shield, which is described in the section below entitled “Privacy Shield Policy.”

The section immediately below outlines some of the highlights of this Privacy Policy. Please read this entire document for a full description of our policies.

HIGHLIGHTS OF OUR PRIVACY POLICY

The following presents highlights of our Privacy Policy. The details follow this section.

Personal Information

We collect your Personal Information for various purposes, such as, but not limited to, corresponding with you, informing you about your account, software updates and product information, processing your application, providing you with Services, processing your order, providing you with a subscription, and other purposes.

We may combine the Personal Information we collect from you with information obtained from other sources to help us improve the overall accuracy and completeness of your Personal Information, and to help us improve our business and better tailor our interactions with you.

We may also collect information relating to your use of our Site through the use of various technologies, including cookies.

Overview of Uses of Your Data

  • To create a user account.
  • To fulfill your requests by us or by others involved in fulfillment.
  • To contact you for customer satisfaction surveys, market research or in connection with certain transactions.
  • To support products or Services you have obtained from us.
  • To share with our service providers who provide services to us in support of our business.
  • To personalize your experience while you are on our Site, make navigation easier, and for Site usage statistics.

Your Choices

Visitors may tell us not to continue using Personal Information for further marketing contact.

You may also turn off cookies in your browser.

You can view and edit your Personal Information online at our Preference Center website page located at  https://trucesoftware.com/preference-center.

Visitors may withdraw their consent to us using their Personal Information at any time.

Visitors may also opt out from receiving certain communications from us by visiting our Preferences Center page.

Contacting Us

You may contact us using the Contact Information provided at the end of this Privacy Policy.

Acknowledgement and Consent

By using or accessing our Site or the Services in any manner, you acknowledge that you accept the practices and policies described in this Privacy Policy (and as updated from time to time), and you hereby consent that we may collect, use, and share your information as described herein. If you do not agree with our policies and practices, your choice is not to use our Site or our Services. For visitors, use of the Site is at all times subject to our Terms of Use (available at https://trucesoftware.com/terms-conditions) (the “Terms”), which incorporates this Privacy Policy. Any capitalized terms we use in this Privacy Policy without defining them have the definitions given to them in the Terms.

DETAILS OF OUR PRIVACY POLICY

What Does This Privacy Policy Cover?

This Privacy Policy covers our treatment of personally identifiable information. This is information which may be connected to you specifically as the individual to whom the information relates. Such information may include name, mailing address, email address, telephone number, or any other information defined as personally identifiable information (or similar term) by applicable laws (“Personal Information”). If you are a citizen or resident of the UK, the European Economic Area, or Switzerland, and subject to GDPR, this definition is different, so, please see the section relating to GDPR toward the end of this Privacy Policy. Personal Information does not include your personally identifiable information that has been deidentified, pseudonymized, anonymized, aggregated and/or otherwise processed so as to be unidentifiable in such a way that the data can no longer be attributed to a specific individual (by reasonable means) without the use of additional information, and where such additional information is kept separate and under adequate security to prevent unauthorized re-identification of a specific individual such that one could not, using reasonable efforts, link such information back to a specific individual (the foregoing in this sentence being referred to as “De-Identified Personal Information”).

We may also collect Personal Information from you through means other than our Site or the Services. This may include offline collection, such as if you submit a paper application, make a payment by check, or call or visit our offices. It may also include emails, text messages, or other electronic communications that you send to us separate from our Site or the Services, or by way of our third party service providers. This Privacy Policy does not apply to Personal Information that you provide to us through means other than our Site and/or the Services. However, if we combine the Personal Information we collect from you outside of our Site and the Services with Personal Information that is collected through our Site and/or the Services or by another means as described above, then this Privacy Policy will apply to the combined information, unless specifically disclosed otherwise.

We gather various types of Personal Information, and we use this Personal Information internally in connection with our Services, including to personalize and improve our Services, to allow you to set up a user account and profile, to contact you, to fulfill your requests for certain products and Services, to provide and improve the Services, and to analyze how you use the Services, all as explained in more detail below. We may also share Personal Information of users with the customer who authorized such user to use the Services, and with relevant third parties, but only as described in this Privacy Policy.

Other than as stated herein, this Privacy Policy does not apply to information collected by any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on our Site.

Individuals under the Age of 18

We do not knowingly collect, solicit or maintain Personal Information from anyone under the age of 18 or knowingly allow such persons to register for our Services. If you are under 18, please do not send any Personal Information about yourself (such as your name, address, telephone number, or email address) to us. No one under age 18 should provide any Personal Information to us. In the event that we learn that we have collected Personal Information from a child under age 18 without verification of parental consent, we will use commercially reasonable efforts to delete that information from our database. Please contact us if you have any concerns.

Changes to Our Privacy Policy

We are constantly working to improve our Services, and we may need to change this Privacy Policy from time to time as well. Our current Privacy Policy will always be on our Site at www.trucesoftware.com/privacy-policy and any updates will be effective upon posting. You are responsible for periodically checking this Site for updates.

Please note that if you have opted not to receive legal notice emails from us (or if you have not provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to the new Privacy Policy, including all of the changes. For clarity, our use of Personal Information we collect is subject to the Privacy Policy in effect at the time it is collected.

Personal Information We Collect About You and How We Collect It

We collect several types of information from and about you.

Information You Provide to Us. The information we collect from and about you may include:

  • Information provided by the customer who has authorized the applicable user to use the Services.
  • Information that you provide by filling in forms on our Site or using the mobile app or remote management console. This includes information provided if you request a demo, by purchasing our products or Services, or in connection with our provision of the Services, or by subscribing to our e-newsletters, blog, or other communications. We may also ask you for information when you report a problem with our Site or the Services.
  • Records and copies of your correspondence (including email addresses), if you contact us.
  • Your responses to surveys that we might ask you to complete for research purposes.
  • Your search queries on the Site.

Information We Collect Through Automatic Data Collection Technologies. As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:

  • Details of your visits to our Site, including, but not limited to, traffic data, geolocation data, logs, and other communication data and the resources that you access and use on the Site.
  • Information about your computer, mobile device(s), and internet connection, including your IP address, operating system, browser type, clickstream patterns, the URL of the most recent website you visited before coming to our Site, the amount of time you spent on our Site, and the pages you viewed while on our Site.
  • We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). For more information on how to opt-out of third-party advertiser tracking mechanisms, please click here.

The information we collect automatically is statistical data and may include Personal Information, but we may maintain it or associate it with Personal Information we collect in other ways or receive from third parties. It helps us to improve our Site and our Services, including, but not limited to, by enabling us to: (a) estimate our audience/visitor size and usage patterns; (b) store information about your preferences, allowing us to customize and improve our Site; (c) speed up your searches; and/or, (d) recognize you when you return to our Site.

The technologies we use for this automatic data collection may include cookies, flash cookies, web beacons, pixel tracking, GIF and/or IP address. Each of these is discussed below.

Cookies (or browser cookies)

A cookie is a small file placed on the hard drive of your computer or mobile device. It may contain certain data, including, but not limited to: the name of the server that has placed it there, an identifier in the form of a unique number, and, an expiration date (some cookies only). Cookies are managed by the web browser on your computer (Internet Explorer, Firefox, Safari or Google Chrome).

Different types of cookies which have different purposes are used on our Site.

Essential Cookies

These cookies are essential to allow you to browse our Site and use its functions. Without them, services such as shopping baskets and electronic invoicing would not be able to work.

Performance Cookies

These cookies collect information on the use of our Site, such as which pages are consulted most often. This information enables us to optimize our Site and simplify browsing. Performance cookies also enable our affiliates and partners to find out whether you have accessed one of our Sites from their site and whether your visit has led to the use of the Services, including the references for the Services purchased. These cookies do not collect any information which could be used to identify you. All the information collected is aggregated, and therefore anonymous.

Functionality Cookies

These cookies enable our Site to remember the choices you have made when browsing. For example, we can store your geographical location in a cookie so that the Site corresponding to your area is shown. We can also remember your preferences, such as the text size, font and other customizable aspects of the Site. Functionality cookies may also be able to keep track of the products or videos consulted to avoid repetition. The information collected by these cookies cannot be used to identify you and cannot monitor your browsing activity on sites which do not belong to us.

It is possible that you will come across third-party cookies on some pages of sites that are not under our control.

We also use cookies to implement tracking technology on our Site. This allows us to display advertising that is tailored to you on our Site which parts of our content interest you the most and which Service categories you request. This tracking uses De-Identified Personal Information data (i.e., data that cannot be identified as being specifically associated with you) and does not use your Personal Information. We will not combine this data with your other Personal Information without your express permission.

At any time, you can prevent the use of cookies in the future. You may activate the appropriate setting in your browser to refuse to accept browser cookies. However, if you do, your experience on our Site may be affected. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Site.

Flash Cookies. Certain features of our Site may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on our Site. Flash cookies are not managed by the same browser settings as are used for browser cookies.

Web Beacons. Pages of our Site and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Pixel Tracking. In addition to using Cookies, the Site may employ “pixel tracking”, a common process which may be used in connection with advertisements on other sites. Pixel tracking involves the use of pixel tags that are not visible to the user and consist of a few lines of computer code. Pixel tracking measures the effectiveness of advertisements and compiles aggregate and specific usage statistics. A “pixel tag” is an invisible tag placed on certain pages of websites that is used to track an individual user’s activity. We may access these pixel tags to identify activity and interests that may allow us to better match our goods, services, and other offers with your interests and needs. For example, if you visit our Site from an advertisement on another website, the pixel tag will allow the advertiser to track that its advertisement brought you to the Site. If you visit our Site, and we link you to another website, we may also be able to determine that you were sent to and/or transacted with a third-party website. This data is collected for use in our marketing, research, and other activities.

GIF. We may use tiny images known as clear GIFs to track behavior of users, including statistics on who opens our emails.

IP Address. Our servers automatically record certain log file information reported from your browser when you access the Services. These server logs may include information such as which pages of the Service you visited, your internet protocol (“IP”) address, browser type, and other information on how you interact with the Services. These log files are generally deleted periodically.

Information We Collect from Third Parties

We may collect information that others provide about you when they use the Site, or obtain information from other sources and combine that with information we collect through the Site.

  • Third Party Services. If you browse the Site while logged into a third party service (e.g., Google), the third party service may send us information such as your registration and profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.
  • Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic data from third party service providers and/or partners, and combine it with information we have about you.

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications, on the Site are served by third parties, including content providers and application providers. First-party or third-party cookies may be used alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Site. A first-party cookie is a cookie set by the domain name that appears in the browser address bar. A third-party cookie is a cookie set by (and on) a domain name that is not the domain name that appears in the browser address bar. It might be set as part of a side resource load (image, JS, iframe, etc. from a different hostname) or an AJAX HTTP request to a third-party server. The information that first-party and third-party cookies collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services (i.e., tracking such activities).

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible provider directly.

We use, and some of our third-party service providers may use, Google Analytics (click for link to Google’s website) or other analytics service to help us understand use of our Services. Such service providers may place their own cookies in your browser. This Privacy Policy covers use of cookies by us only and not the use of cookies by third parties.

We, along with third-party vendors such as Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions as they relate to our Site.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any Personal Information, for one or more of the following purposes:

  • To present our Site and provide the Services to you.
  • To provide you with information on Services that you request from us.
  • To provide users with notices about your account.
  • To send you communications regarding the Services, our company and/or other information.
  • To respond to your questions or other requests.
  • To process any applications, account creation, or changes to a customer’s or its users’ account information.
  • To process other information or Personal Information that you submit through the Site or the Services.
  • To notify you about changes to our Site, our policies, terms or any Services we offer or provide though it.
  • To allow you to participate in interactive features on our Site.
  • To ask for ratings and reviews of our Site and/or Services.
  • To provide a customer or its users with access to restricted parts of our Site.
  • To request your participation in surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our Services.
  • To provide verification of event attendance.
  • To serve relevant information to you when you visit our Site or use the Services.
  • To enhance and improve our Services, for example, by performing internal research, analyzing user trends and measuring demographics and interests.
  • For internal purposes, such as Site and system administration or internal audits and reviews.
  • To comply with applicable law(s) (for example, to comply with a search warrant, subpoena or court order) or to carry out professional ethics/conduct investigations.
  • For analyzing how the Services are used, diagnosing Service or technical problems, maintaining security, and personalizing content.
  • To operate, maintain, and provide to customers and users the features and functionality of the Services.
  • To provide statistics about the usage levels of the Site and/or Services and other related information to reputable third parties, but these statistics will not include information which will allow you to be identified.
  • To fulfill any other purpose for which you provide and consent to it.
  • In any other way we may describe when you provide the information and you give your consent.

De-Identified Personal Information or non-Personal Information is aggregated for system administration and to monitor usage of the Site. It is utilized for several purposes, such as, but not limited to, to measure the number of visits to our Site, average time spent, number of pages viewed and to monitor various other Site statistics. This monitoring helps us evaluate how visitors, users and customers use and navigate our Site so we can improve the content.

We use cookies, clear gifs, and log file information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the Site; (b) provide custom, personalized content and information; (c) monitor the effectiveness of our Service; (d) monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns; (e) diagnose or fix technology problems reported by our users or engineers that are associated with certain IP addresses; and, (f) help you efficiently access your information after you sign in.

How We Share Your Information

Personal Information:

We currently or may in the future disclose Personal Information to the following types of third parties, and for one or more the following purposes:

  • Hosting providers for the secure storage and transmission of your data
  • Data hosting and storage
  • Support
  • Software development
  • Survey and analytics consultants who help us evaluate data to improve our products and services

 

Except as otherwise described in this Privacy Policy, we will not disclose Personal Information to any third party unless required to do so by law, court order, legal process, or subpoena, including to respond to any government or regulatory request, or if we believe that such action is necessary to (a) comply with the law, comply with legal process served on us or our affiliates, subsidiaries, contracted vendors, or affinity partners, or investigate, prevent, or take action regarding suspected or actual illegal activities; (b) enforce our Terms or our agreement with a customer; (c) take precautions against liability; (d) investigate and defend ourselves against any third-party claims or allegations; (e) assist government enforcement agencies or to meet national security requirements; (f) to protect the security or integrity of our Site, our Services, or any software we provide related thereto; or, (g) exercise or protect the rights, property, or personal safety of us, our users or others.

We will attempt to notify you about these requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon us, our users, our Site, or our Services. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user about the request after the fact if we determine in good faith that we are no longer legally prohibited from doing so and that no risk scenarios described in this paragraph apply.

It is likely that the identity and categories of such third parties will change during the life of a customer’s, user’s or visitor’s account. We require that our third-party service providers only use your Personal Information as necessary to provide the requested services to us and each service provider is restricted in the use and disclosure of your Personal Information.

De-Identified Personal Information: We may use and share De-Identified Personal Information (such as anonymous usage data, referring/exit pages and URLs, IP address, platform types, number of clicks, etc.) with interested third parties in any way we choose and for any purpose.

Your Consent to Disclosure/Transfer of Your Personal Information

You consent to our disclosure of your Personal Information and other information to a potential or actual buyer or other successor of our company for the purpose of considering a merger, divestiture, restructuring, reorganization, dissolution, or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or other proceeding, in which Personal Information held by us is among the assets transferred. You agree to and do hereby consent to (and shall not object to) our assignment, conveyance, transfer, and/or license (whether by contract, merger or operation of law) of any or all of our rights to your Personal Information and your consents, in whole or in part, and other information, with or without notice to you and without your further consent.

Data Transfer/Access Outside of the United States

We have our headquarters in the United States. The Personal Information we collect may be stored and processed in servers within or outside of the United States and wherever we and our service providers have facilities around the globe. As such, we and our service providers may transfer your Personal Information to, or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take reasonable steps to ensure that your Personal Information receives an adequate level of protection in the jurisdictions in which we process it. If you are located in the United Kingdom, European Economic Area (“EEA”) or Switzerland, we provide adequate protection for the transfer of Personal Information to countries outside of the United Kingdom, EEA or Switzerland through a series of intercompany agreements based on the Standard Contractual Clauses. We may also need to transfer your information to other group companies or service providers in countries outside the EEA. This may happen if our servers or suppliers and service providers are based outside the EEA, or if you use our services and products while visiting countries outside this area.

If you are a resident of country other than the United States, you acknowledge and consent to our collecting, transmitting, and storing your Personal Information out of the country in which you reside.

Security

We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration and disclosure.

  • Your Personal Information is contained behind secured networks and a firewall and is only accessible by a limited number of persons and service providers who have special access rights to such systems, and are required to keep the information confidential.
  • Our Site is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our Site safer.
  • We may store, retrieve, access, and transmit your Personal Information in the US or in other countries.

The safety and security of your information also depends on you. You should maintain good internet security practices. Where you have password-protected access to certain parts of the Site or Services, you are responsible for keeping this password confidential. You should not share your password with anyone. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account. If your email account or Facebook account is compromised this could allow access to your account with us if you have given us those details and/or permitted access through those accounts. If your email account is compromised it could be used to ask us to reset a password and gain access to your account with us. If you think that any of your accounts have been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. The information you share in public areas may be viewed by other users. We will never email you to ask for your password or other account login information. If you receive such an email, please send it to us so we can investigate.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do use security measures designed to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to us or which we obtain. Any transmission of Personal Information is at your own risk. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We are not responsible for circumvention of any privacy settings or security measures contained on the Site or used with our Services.

Data Retention

We will keep your Personal Information only for as long as necessary depending on the purpose for which it was provided. When determining the relevant retention periods, we take into account factors, including, but not limited to, the following:

  • our contractual and business relationships with users and customers;
  • legal obligations under applicable law to retain data for a certain period of time;
  • statute of limitations under applicable law(s);
  • (potential) disputes; and
  • guidelines issued by relevant supervisory authorities.

We may retain De-Identified Personal Information for as long as we choose.

What Information You Can Access, Change, or Delete

Through your account settings, you may access and, in some cases, edit or delete certain information you’ve provided to us, such as name and password, email address, address, user profile information, etc. The information that you can view, update, and delete may change as the Services or our practices change. If you have any questions about viewing or updating information we have on file about you, please contact us.

Privacy Notice For California Residents

The following in this section applies only to visitors who are California residents.

Online Privacy Protection Act (“CalOPPA”; Calif. Bus. & Prof. Code § 22575-22578, available here):

  • CalOPPA applies only to companies which collect Personal Information of California residents.

How We Respond to Do Not Track Signals.

  • We honor Do Not Track signals, and we do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place.
  • Visitors can visit our Site anonymously by adjusting the settings in your browser.
  • We do not allow personalized third-party behavioral tracking, though we may use De-Identified Personal Information to track visitors’ and users’ click or browsing patterns.

California Consumer Privacy Act of 2018 (“CCPA”, available here). Privacy Notice for California Residents. If you are a visitor and a California resident (occasionally referred to as “Consumer”), California law provides you with additional rights regarding our use of your Personal Information, as described below in this section.

This “Privacy Notice for California Residents” section does not apply (at least until January 1, 2021) to the Personal Information of California residents that we collect:

  • which is reflecting a written or verbal communication or a transaction between us and you, where you are acting as an employee, owner, director, officer, or contractor of a company or government agency and whose communications or transaction with us occurs solely within the context of our conducting due diligence regarding, or providing or receiving a product or service to or from such company or government agency; or,
  • in the course of your acting as a job applicant to or an employee of our company to the extent that your Personal Information is collected and used by us solely within the context of your role or former role as a job applicant to, an employee of our company.

Starting January 1, 2020, California residents have the right to (a) access a copy of their Personal Information held by us, (b) request deletion of their Personal Information held by us, and (c) opt-out of the sale of their Personal Information (but which is inapplicable to us because we do not sell your Personal Information). These rights can be exercised by contacting us.

The categories of your Personal Information we collect are listed above in the section entitled “Personal Information We Collect.” The purposes for which the categories of Personal Information are or may be used is described above in the section entitled “How We Use Your Information” and in other sections of this Privacy Policy.

No Sale of Personal Information

WE DO NOT SELL (AS THAT TERM IS DEFINED IN THE CCPA) YOUR PERSONAL INFORMATION, PERIOD.

Right To Access to Specific Information

You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable Consumer request, we will disclose to you:

  • The categories of Personal Information we collected about you.
  • The categories of sources for the Personal Information we collected about you.
  • Our business or commercial purpose for collecting that Personal Information.
  • The categories of third parties with whom we share that Personal Information.
  • The specific pieces of Personal Information we collected about you (also called a data portability request).
  • If we disclosed your Personal Information for a business purpose, a list disclosing disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.

Deletion Request Right

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable Consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies (as described below).

As permitted by CCPA we may delete your Personal Information by (a) permanently and completely erasing the Personal Information on our existing systems with the exception of archived or back-up systems; (b) de-identifying the Personal Information; or, (c) aggregating the Personal Information.

We may deny your deletion request if retaining the information is necessary for us or our Service Provider(s) to:

  • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal, regulatory or law enforcement obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable Consumer request to us by email at [email protected], or by mail to TRUCE Software, 1011 Warrenville Road, Suite 210, Lisle, IL 60532, Attn: Privacy. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable Consumer request related to your Personal Information. You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. The verifiable Consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and,
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable Consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable Consumer request to verify the requestor’s identity or authority to make the request.

Verification Process

Upon receiving a data access or deletion request from you we will send an email to you at the email address we have for you on file. The email will ask you to respond to verify you as the Consumer making the request. Upon receipt of your verification we will match your information to that which is in our file. Upon verification of your identity we will proceed to process your request (subject to the exceptions stated above).

Response Timing and Format

We will confirm receipt of your request within ten (10) days of receiving it. We will respond to a verifiable Consumer request within forty-five (45) days of its receipt. If we require more time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable Consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable Consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Please note that this right does not apply to business-to-business customers, employment applicants, or independent contractors to us, or if the disclosure of Personal Information is for purposes consistent with the California resident’s reasonable expectations, when considering the submission’s circumstances.

Non-Discrimination

We will not discriminate against you simply for your exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including by refusing to gran discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or,
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

In accordance with the CCPA, we provide below a chart with a summary of Personal Information that we have collected from or about you in the past twelve (12) months, as well as the sources of that information, the business purposes of collection, and the third parties with whom we shared such Personal Information:

Category of Personal Information Sources of Personal Information Business Purpose Categories of Consumers Who we share it with
Identifiers (anything that can identify a person or device over time)

Information submitted to us by our users or customers (“User-submitted information”)

Passive data collection (e.g., Google Analytics)

To provide the Services

For internal research, marketing, billing, account creation, purchase tracking, site design, and for security (such as to analyze and detect unauthorized activity)

Consumers who use our Services, consumers who opt-in to our marketing content, and consumers who purchase our Services With our service providers
Personal Information under CCPA (billing information; e.g., address, name) User-submitted information

To provide the Services, including billing/payment processing.

We also use this information for marketing, account creation, purchase tracking, and for internal research

People who use our Site or Services With our service providers
Protected Classifications User-submitted information, passive data collection (e.g., Google Analytics)

To provide the Services.

 

Anyone that receives marketing content or uses our Site With our service providers
Commercial Information (for example, purchases and transaction history) User-submitted information To transact with our customers People who use our Services With our service providers
Biometric Information (for example, your measurements User-submitted information To provide the Services People who use our Services We don’t share
Electronic network activity

User-submitted information

Passive data collection (e.g., Google Analytics)

To transact with our customers, improve our digital services

To personalize the content presented to individuals

People who use our Site or Services With our service providers
Geolocation data Passive data collection (e.g., Google Analytics)

To provide the Services

For internal research, including to enable promotions and for us to develop the Services

Users of our Services With our service providers
Professional or employment related User-submitted information Job Titles and Company names are used for internal purposes. People who use our Site or Services N/A
Inferences drawn from any personal information collected

User-submitted information

Passive data collection

To provide the Services

For internal research so we can better understand how users interact with our Services

People who use our Site or Services With our service providers

 

Notices; Opting Out

By providing us with your email address (including by “following,” “liking,” linking your account to our Service or other services, etc., on a third party website or network), you consent to our using the email address to send you Service-related notices by email, including any notices required by law, in lieu of communication by postal mail. You also agree that we may send you notifications of activity on the Service to the email address you give us, in accordance with any applicable privacy settings. We may use your email address to send you other messages or content, such as, but not limited to, newsletters, additions or changes to features of the Service, or special offers. If you do not want to receive such email messages, you may opt out by emailing us your opt-out request or by clicking “unsubscribe” at the bottom of our e-newsletter. Opting out may prevent you from receiving email messages regarding updates, improvements, special features, announcements, or offers. You may not opt out of Service-related emails.

You can add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your account by emailing us. It is your responsibility to maintain your current email address with us.

Contact Information

If you have any questions about this Privacy Policy, our privacy practices, or for any other purposes, please contact us by email at [email protected] or by mail at 1011 Warrenville Rd, Lisle, IL 60532; Attn: Privacy.

Provisions That Apply Only to Citizens and Residents of the United Kingdom, European Economic Area, and Switzerland:

The following provisions apply to you only if you are a UK, European, or Swiss citizen or resident. If you are a UK, European, or Swiss citizen or resident of the European Economic Area (“EEA”), or other regions with laws governing data collection and use that may differ from the laws in the United States, please note that we may transfer your information to a country or jurisdiction that does not have the same data protection laws as your jurisdiction. We may do so to process your information by staff operating outside the EEA who works for us or for one of our service providers.

All processing of your Personal Information is performed in accordance with privacy rights and regulations, in particular, (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Information and on the free movement of such data, known as the General Data Protection Regulation (“GDPR”), and our processing will take place in accordance with the GDPR. For purposes of the GDPR, we will be the “data controller” of Personal Information (referred to in the GDPR as “Personal Data”, and which is defined differently than in this Privacy Policy) we collect through the Site, unless we collect such information on behalf of a “data controller” in which case we will be a “data processor.” This Privacy Policy does not apply to websites, applications or services that do not display or link to this Privacy Policy or that display or link to a different privacy policy. For UK, EU, and Swiss residents and citizens only, to the extent any definition in this Privacy Policy conflicts with a definition under the GDPR, the GDPR definition shall control.

What Is Our Legal Basis for Processing Personal Data (UK, EEA, and Swiss visitors only)?

If you are a visitor to our Site and/or a user of our Services from the UK, EEA, or Switzerland, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only where we need the Personal Data to perform Services for you for which you have contracted with us, or where the processing is in our legitimate interests or rely upon your consent where we are legally required to do so and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.

Your Data Rights Under GDPR

If you are subject to GDPR, your rights include the following:

  • The right to access – Upon request, we will confirm any processing of your Personal Information and, and provide you with a copy of that Personal Information in an acceptable machine-readable format.
  • The right to rectification – You have the right to have us correct any inaccurate Personal Information or to have us complete any incomplete Personal Information.
  • The right to erasure – You may ask us to delete or remove your Personal Information and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion).
  • The right to restrict processing – You have the right to ask us to suppress the processing of your Personal Information but we may still store your Personal Information. See below for more information.
  • The right to object to processing – You have the right to object to your Personal Information used in the following manners: (a) processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); (b) direct marketing (including profiling); and, (c) processing for purposes of scientific/historical research and statistics. See below for more information.
  • The right to data portability – You have the right to obtain your Personal Information from us that you consented to give us or that is necessary to perform fulfillment of member benefits with you. We will give you your Personal Information in a structured, commonly used and machine-readable format.
  • The right to complaint to a supervisory authority – You have the right to file a complaint with a supervisory authority, in particular in the European member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of Personal Information relating to you infringes upon your rights.
  • The right to withdraw consent – We rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.

Privacy Shield Policy

TRUCE has adopted this Privacy Shield Policy (“PS Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This PS Policy applies to the processing of Personal Data that TRUCE obtains from Customers located in the EEA, the United Kingdom, and Switzerland.  In the context of this PS Policy, the term “Customer” means an visitor to our Site or a user of our Services.

  1. Compliance. TRUCE complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from visitors and customers in the EEA member countries, the United Kingdom, and/or Switzerland to the United States in reliance on Privacy Shield. TRUCE has certified to the US Department of Commerce that it adheres to the Privacy Shield Privacy Principles (“Principles”) of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement, and liability with respect to such information. If there is any conflict between the policies in this PS Policy and the Principles, the Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please see https://www.privacyshield.gov/. The list of organizations which are on the Privacy Shield List is at https://www.privacyshield.gov/list. The U.S. Federal Trade Commission (FTC) has jurisdiction over TRUCE’s compliance with the Privacy Shield.
  2. Types of Personal Data Collected. The types of data TRUCE collects are described above in the main body of the Privacy Policy under, for example, the section entitled “Information We Collect About You and How we Collect It.” TRUCE does not collect Sensitive Data from its Customers. “Sensitive Data” is Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership. To the extent required by the Principles, TRUCE will obtain opt‑in consent if it engages in certain uses or disclosures of Sensitive Data.
  3. Purposes for Which Personal Data is Collected and Used. The purposes for which TRUCE collects and uses Personal Data are described above in the main body of the Privacy Policy under, for example, the section entitled “How We Use Your Information.”
  4. How to Contact TRUCE With Inquiries or Complaints. In compliance with the EU-US and Swiss-US Privacy Shield Principles, TRUCE commits to resolve complaints about your privacy and our collection or use of your personal information. UK, EU, or Swiss individuals with questions or concerns about the use of their Personal Data should contact TRUCE at [email protected].
  5. Types of Third Parties to Which Data is Disclosed. The type of third parties to which TRUCE discloses Personal Data, and the purposes for which it does so, including disclosure in response to lawful requests by public authorities, including to meet national security or law enforcement requirements are described above in the main body of the Privacy Policy under, for example, the section entitled “How We Share Your Information.”
  6. Data Access and Use Limitation Rights. Your rights to access, and the choices and means TRUCE offers you for limiting the use and disclosure of your Personal Data are described above in the subsection entitled “Your Data Rights Under GDPR.”
  7. Enforcement and Dispute Resolution
    1. If a Customer’s question or concern cannot be satisfied through this process, TRUCE has further committed to refer unresolved privacy complaints under EU-US Privacy Shield and Swiss-US Privacy Shield to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus.
    2. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by TRUCE, EU and Swiss individuals may bring a complaint before the BBB EU and Swiss Privacy Shield program, information for which can be found at http://www.bbb.org/EU-privacy-shield/for-eu-consumers/.
    3. Finally, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. Information may be found at https://www.privacyshield.gov/. TRUCE commits to cooperate with EU and Swiss data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
  8. Responsibility for Transfers of Personal Data. To the extent provided by the Principles, TRUCE shall remain liable if a third party TRUCE engages to process Personal Data on its behalf does so in a manner inconsistent with the Principles, unless TRUCE proves that it is not responsible for the event giving rise to the damage.