1. About TRACE
TRACE International and TRACE Incorporated (collectively, “TRACE”) are two distinct entities with a common mission to advance commercial transparency worldwide by supporting the compliance efforts of multinational companies and their third party intermediaries. TRACE International is a non-profit business association that pools resources to provide members with anti-bribery compliance support, while TRACE Incorporated offers both members and non-members customizable risk-based due diligence, anti-bribery training and advisory services. Working alongside one another, TRACE International and TRACE Incorporated offer an end-to-end, cost-effective and innovative solution for anti-bribery and third party compliance.
This policy describes the types of personal information we may collect, the purposes for which we may use the information, the circumstances in which we may share the information and the steps we take to safeguard this information.
2. The Information We Collect
TRACE maintains a number of online applications, each of which collects different kinds of information. Depending upon the application, the following information may be collected:
- Username and password;
- Basic contact information such as name, address, email address, and telephone number;
- Employment-related information such as employer, division, department, and title;
- Contact information for external references such as name, employer, position, and relationship;
- Documents and information to verify identity such as a passport, national identity card, driver’s license, or tax number;
- Documents to verify address, such as invoices or billing statements from governmental or quasi-governmental entities;
- Information relevant to corporate entities such as place and date of formation or incorporation, ownership, names of directors, and associated offices and entities;
- Documents to verify corporate and legal status such as business registration, corporate formation documents, and other state-issued documentation;
- Identifying information, including nationality and birth date, of owners and others who exercise control over the management or direction of a corporate entity;
- Information regarding whether a customer, intermediary, or authorized representatives or owners of either appear on government-issued lists of sanctioned entities and persons, including, for example, restricted parties, denied persons, Specially Designated Nationals, debarred parties, excluded parties, blocked persons, embargoed countries and persons and other entities of concern;
- Compliance questions regarding the customer’s or intermediary’s history with respect to, for example, bankruptcy filings, criminal matters, negative media reports, anti-bribery violations, and compliance with various laws and international standards;
- Conflicts and compliance information such as a person’s or entity’s relationship with government or military officials, government ownership, and company employees who are current or former government officials;
- Other voluntarily-provided documents such as relevant training certifications, due diligence reports, or other compliance documents;
- Information on gift, travel, and hospitality benefits given and received by employees such as delivery date, line item expense, description, business purpose, and cost, along with copies of receipts, invoices, or approvals;
- Online training and test information such as date assigned, date started, training score, completion date, training language, and type of course taken;
- Voluntarily-provided corporate information such as corporate logo, a corporate message, corporate code of conduct, or other company training material.
3. What We Do With Collected Information
As with the types of information collected, the use to which TRACE puts the information it collects varies from one application to another. Such uses may include:
- Generating TRACE Reports upon customers’ request; these reports are not made available either publicly or to other TRACE customers without the requesting customer’s consent and/or the consent of the report’s subject;
- Displaying the name and Certification ID number of current TRACEcertified intermediaries, unless an intermediary explicitly opts out, in an Intermediary Directory made available to the public;
- Responding to requests made by visitors to the website;
- Creating profiles to help us manage our relationship with site visitors and ensure that our customers and intermediaries receive and maintain updated information;
- Improving our products and services;
- Periodically sending promotional email about products, special offers, or other information we think you may find interesting using the email address you have provided.
TRACE will never sell or offer to sell your personal information.
4. Data Security
Data security is our priority and we are committed to safeguarding your information. We do this by:
- Establishing policies and procedures for securely managing information;
- Limiting employee access to sensitive information;
- Protecting against unauthorized access to customer data by using physical security, firewalls, data encryption, authentication and virus detection technology, as required;
- Providing data privacy training to our employees;
- Continually assessing our data privacy, information management and data security practices.
We may also use web beacons (a small graphic image placed on a webpage or in an email message to monitor user activity, such as whether the webpage or email is accessed or clicked). We use this data for administrative purposes; to assess the usage and performance of our services; to improve user experience; and as otherwise permitted by applicable law or regulation.
6. Disclosure of Information to Third Parties
We will not share your personal information with third parties, except as described herein or as authorized by you. TRACE International and TRACE Incorporated may share personal and other information with one another in the course of and for the purpose of providing services such as those described above to their members and customers. We may also share your information or portions thereof with a limited number of non-affiliated companies that perform routine support services for TRACE, including: those that provide professional, legal, or accounting advice to TRACE; translation professionals; third parties who conduct or facilitate sanctions lists or PEP screenings; firms that provide hosting, software development and database management services; and law firms that are engaged to conduct routine audits of the personal information you have provided. These third parties are required to maintain the confidentiality of your personal information, and to use your personal information only in the course of providing such services to TRACE, and only for the purposes that TRACE dictates. In connection with our due-diligence services, including the TRAC system, we will share information submitted with the submitting party’s authorized users. In connection with our online training, we will share information submitted by or about students with their company and their company’s administrators. Under limited circumstances, your personal information may be disclosed to third parties to comply with applicable laws and regulations, such as in response to a subpoena or similar legal process, or to lawful requests by public authorities, including to meet national security or law enforcement requirements. Any other disclosure of your personal information will be pursuant to your express consent.
If you wish to opt out of having your personal information disclosed to a third party as described above, please contact the TRACE Privacy Officer as set forth below.
7. How You May Access and Correct Information
To help ensure data accuracy and quality, we provide users of our online services with access to their information stored on our systems and databases. You have an ongoing opportunity and responsibility to correct verified inaccuracies, either through the relevant online system or by contacting us directly. If a user of our systems alerts us to a potential error in his or her information, we will promptly investigate the issue, confirm (as appropriate) that any newly-submitted information meets our due diligence and verification standards, and update the information as necessary. When the review is complete, all relevant reports we have issued will also be updated, and authorized users and/or other recipients of the reports will be notified of the update. You may request deletion of your personal information at any time by contacting us directly, and we will respond to your request within 30 days. Please note that reports that have been shared with authorized users and/or other parties, as authorized by the party requesting deletion, may remain with those parties even after deletion from TRACE’s systems.
8. The EU–U.S. Privacy Shield
TRACE Incorporated, which is subject to the investigatory and enforcement powers of the Federal Trade Commission, participates in the EU–U.S. Privacy Shield, which provides a framework for the transfer of information from the European Union to the United States. The Privacy Shield Framework includes seven central Principles: (1) Notice; (2) Choice; (3) Accountability for Onward Transfer; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access; and (7) Recourse, Enforcement and Liability. The official Privacy Shield List can be accessed at https://www.privacyshield.gov/list.
TRACE Incorporated is committed to subjecting to the Principles all personal data received from the EU in reliance on the Privacy Shield. TRACE International also adheres to the Principles in its handling of such data, and has entered into a contract with TRACE Incorporated providing the same level of protection as is available under the Privacy Shield for any such data transferred between TRACE Incorporated and TRACE International. TRACE Incorporated retains liability in cases of onward transfers to third parties.
Using the services provided here after a notice of changes to this policy has been sent to you or published on our site shall constitute consent to the changed terms or practices.
Attention: Privacy Officer
151 West Street
Annapolis, MD 21401
+1 (410) 990-0076
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. It may be possible, under certain conditions, for individuals to invoke binding arbitration.