Privacy Policy

TRUSTe

TRACOM Policy on Data and Privacy

Effective Date: 15 September 2023

Introduction and Scope of this Privacy Policy

The TRACOM Corporation, doing business as TRACOM Group (collectively, "TRACOM", "We", "Us", or "Our"), has a strong commitment to protect the rights and privacy of every person who participates in Our services. TRACOM never sells, leases, or rents personal data to anyone. This privacy policy applies to certain websites owned and operated by TRACOM and describes how TRACOM collects, processes, uses, secures, and shares the personal data you provide on these web sites: https://www.tracommax.com, https://www.tracomlearning.com, and https://www.tracomae.com, (collectively "TRACOM systems"). It also describes the choices available to you regarding Our use of your personal data and how you can access and update this information.

EU-Standard Contractual Clauses

TRACOM relies upon the Standard Contractual Clauses (decision 2010/87/EU), which are in effect with each client organisation, as a mechanism for transferring of personal data outside of the EU. TRACOM processes the personal data it receives, in The United States (U.S.).

EU-U.S., UK Ext EU-U.S., SWISS-U.S. Data Privacy Framework (DPF)

TRACOM also complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

TRACOM has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

TRACOM has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

TRACOM is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. TRACOM complies with DPF principles for all onward transfers of personal data from the EU, United Kingdom, and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the DPF, TRACOM is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, TRACOM may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

If you have an unresolved privacy or data use concerns that We have not addressed satisfactorily, please contact Our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website at https://www.dataprivacyframework.gov.

Users must be at least 18 years of age to be able to use the TRACOM systems and participate in our program assessments. By agreeing to this Privacy Policy, you assert that you are at least 18 years of age.

Information You Voluntarily Provide Us and How We Use It

We generally process the following types of Personal Data:

TRACOM delivers assessment and training services to Our clients. In the course of delivering these services, We gather personal data on or about individuals. Personal data includes, but is not limited to the following:

  • Contact Information: (e.g. First and last name, email address, telephone number (Administrators only)). This information is used to (i) identify you (ii) communicate with you and responding to your requests (iii) perform Our services.
  • Demographic Information: Optional (e.g. Country, Job, Job Level, Industry, Age Range, Gender). This information is used (i) for statistical analysis (ii) to improve Our products.
  • Identifying Information: (e.g. Username, Password, Security Questions and Responses). This allows Us to grant you authorised access to Our services.
  • Behavioural Information: (e.g. Assessment Responses). This gathered information is used to perform the services provided by TRACOM.
  • Sensitive personal data: Includes an optional Ethnicity question (United States respondents only). We use this information for (i) Statistical analysis (ii) improve Our products.

We also use personal data to authenticate authorised access to Our websites and to process the assessment data gathered into Learner Profile Reports, used by the Learners in group and individual training and coaching sessions. Your employer has contracted with TRACOM to make Our services available to certain individuals ("Learners") for their personal and professional development. If you are a Learner and do not wish to provide personal data, a sample Learner Profile Report can be made available to you. This will reduce the applicability of the information to you. If you have been asked to provide feedback about a coworker but do not wish to provide personal data, the Learner will not receive the benefit of your valuable feedback.

Cookies and other Tracking Technologies

TRACOM uses technologies such as cookies or similar technologies within Our websites to analyse trends, administer the website, track users' movements around the website, and to gather demographic information about Our user base as a whole. We may use cookies, for example, to manage browser sessions and user preferences. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use Our website, but your ability to use some features or areas of Our website may be limited.

As is true of most websites, We gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data to improve Our services, analytics or site functionality.

We regularly analyse assessment and demographic responses, including ethnicity responses, and the results are used by TRACOM to update and validate Our assessments and are occasionally published, in summary form only, in research reports designed for general circulation. Individuals are never identified in these reports. Specific organisations are identified only if We receive prior written approval from the organisation.

Personal data collected about or from an individual is considered confidential by TRACOM. Only authorised personnel (TRACOM Administrators and Facilitators, and client Administrators and Facilitators) have access to personal data. However, once individual Learner Profile Reports have been delivered to the client's Learners, Administrators, or Facilitators, these materials are no longer within the control of TRACOM.

Data Security

The security of your personal data is important to TRACOM. We follow generally accepted standards to protect the personal data submitted to Us, both during transmission and once We receive it. When you enter personal data, We encrypt the transmission of that information using secure socket layer technology (SSL). No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, We cannot guarantee its absolute security. If you have any questions about the security of your personal data, you can contact Us at tracomlearning@tracom.com.

In the event of an asset sale, merger, consolidation, restructuring, reorganisation, liquidation or other similar transaction involving TRACOM, We may transfer some or all personal data to the successor company. You will be notified via email and/or a prominent notice on Our web site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

Legal Disclosure

We may disclose personal data when We believe such disclosure is required by law, such as to comply with a subpoena, or similar legal process, when We believe in good faith that disclosure is necessary to protect Our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request, or to any other third party with your prior consent.

GDPR and EU

TRACOM takes the protection of personal data seriously and has appointed Data Protection Representative Limited (“DataRep”) as Our Data Protection Representative for the purposes of the General Data Protection Regulation (GDPR) in the European Union so that you can contact Us directly in your home country.

You are entitled to exercise your rights under GDPR with respect to personal data. For more details on these rights, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.

DataRep has locations in each of the 27 EU countries, and the UK, Norway, and Iceland in the European Economic Area (EEA), so that TRACOM customers can raise the questions they have with them.

Should you want to raise a question to TRACOM, or otherwise exercise your rights with respect to your personal data, you may do so via any of the following methods:

  • Send an email to DataRep at tracom@datarep.com
  • Fill out the online webform at https://www.datarep.com/tracom
  • Submit in writing to DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom
  • Submit in writing to DataRep, 3rd and 4th Floor, Altmarkt 10 B/D, Dresden, 01067, Germany
  • (NOTE: For the written methods be sure to use DataRep, and not TRACOM as the recipient)

Your Personal Data

TRACOM respects your control over your personal data and upon request TRACOM will confirm if We are processing information that We have collected from you and will provide you with information about whether We hold any of your personal data. We use your personal data as necessary, to comply with Our legal obligations, resolve disputes, and enforce Our agreements and will retain it until instructed to remove it by the TRACOM Client, or you (under limited circumstances).

Under certain circumstances We will not be able to fulfill your request, such as if it interferes with Our regulatory obligations, affects legal matters, We cannot verify your identity, or it involves disproportionate cost or effort, but in any event We will respond to your request within a reasonable timeframe and provide you an explanation.

If you are the subject of one of Our multi-rater assessments, We will ask you to invite people to participate as your Raters. We will ask you for their names and email addresses. We will send your Raters a one-time email inviting them to visit the assessment website and optionally, send them periodic reminders. TRACOM stores this information for the sole purpose of sending these emails and measuring the progress of your Raters in responding to the assessment.

TRACOM follows the data privacy requirements of the European Union's General Data Protection Regulation (GDPR), among others, Under the GDPR, individuals may exercise their data privacy rights, by following the instructions for each of the rights listed below:

  • The Right of Access and Rectification
  • Individuals have the right to access, view, and change their personal data stored in the TRACOM systems. The process for doing this varies depending on the website, and the role of the user, as follows:

    MAX (www.tracommax.com)
    Client Administrators
    - Can view/edit the personal data of other individuals for which they are authorised via the Individual Edit screen.
    - Can view/edit their personal data via the My Information Edit screen.

    Facilitators
    - Can view/edit their personal data via the My Information Edit screen.

    TRACOM Learning (www.tracomlearning.com)
    Learners/Raters
    - Can view/edit their personal data via the Change My Information screen.
    - Learners using the Survey Codes access method need to contact their Client Administrator to have their personal data changed. The Client Administrator name and email address are located on your invitation and reminder emails.

  • The Right to Erasure (Right to Be Forgotten)
  • TRACOM will maintain personal data until an authorised representative of Our client notifies TRACOM, in writing, to remove the personal data.

    Individuals have the right to request that personal data be removed from the TRACOM systems. Any request to TRACOM to remove personal data must come from a Client Administrator. To exercise this right, an individual (Learner, Rater, Administrator, or Facilitator) contacts the Client Administrator to request his/her personal data be removed. The Client Administrator name and email address are located on your invitation and reminder emails. Upon notification from the Client Administrator, TRACOM will remove the individual's personal data from the TRACOM systems.

  • The Right to Restriction of Processing
  • Individuals have the right to restrict the processing of personal data in the TRACOM systems. Any request to restrict personal data processing must come from a Client Administrator using the procedure noted under The Right to Erasure section above.

  • The Right to Data Portability
  • Individuals have the right to receive their personal data from the TRACOM systems in a commonly used, machine readable format so that it can then be used for a variety of other purposes. Any request to receive personal data must come from a Client Administrator using the following procedure:

    1. An Individual (Learner, Rater, Administrator, or Facilitator) contacts the Client Administrator to request his/her personal data be received in a machine readable format. The Client Administrator name and email address is located on your invitation and reminder emails.

    2. A Client Administrator submits a request to TRACOM in writing that personal data be made available for an individual.

    3. TRACOM evaluates the request to make sure it can be fulfilled. If there is any reason the request can't be fulfilled, TRACOM will notify the Client Administrator, in writing. Otherwise, TRACOM fulfills the request and forwards the requested information to the Client Administrator, to provide to the individual.

  • The Right to Object
  • Individuals have the right to approve or disapprove using their personal data in the TRACOM systems. An individual is nominated by his/her employer to participate in the TRACOM services, pursuant to the employer's legitimate interests.

    Any request to remove consent must come from a Client Administrator using the procedure noted under The Right to Erasure section above.

Changes to this Privacy Policy

TRACOM may update this privacy policy to reflect changes to Our information practices. If We make any material changes We will notify you by email (sent to the email address specified in your account) or by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on Our privacy practices.

How to Contact Us

This statement was prepared to help participants in TRACOM's programs understand Our policy on privacy and data use. If you have any questions regarding this Privacy Policy, you can contact us by email at tracomlearning@tracom.com or by mail at:

The TRACOM Corporation
6675 South Kenton Street, Suite 118
Centennial, Colorado, USA 80111