MAX
 
TRUSTe

TRACOM Policy on Data and Privacy

Effective Date: 1 January 2024

Introduction and Scope of this Privacy Policy

The TRACOM Corporation, doing business as TRACOM Group (collectively, "TRACOM", "We", "Us", or "Our"), has a strong commitment to protect the rights and privacy of every person who participates in Our services. TRACOM never sells, leases, or rents personal data to anyone. This privacy policy applies to certain websites owned and operated by TRACOM and describes how TRACOM collects, processes, uses, secures, and shares the personal data you provide on these websites: https://www.tracommax.com, https://www.tracomlearning.com, and https://www.tracomae.com, (collectively "TRACOM systems"). It also describes the choices available to you regarding Our use of your personal data and how you can access and update this information.

EU-Standard Contractual Clauses

TRACOM relies upon the Standard Contractual Clauses (decision 2010/87/EU), which are in effect with each client organization, as a mechanism for transferring of personal data outside of the EU. TRACOM processes the personal data it receives, in The United States (U.S.).

EU-U.S., UK Ext EU-U.S., SWISS-U.S. Data Privacy Framework (DPF)

TRACOM also complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

TRACOM has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

TRACOM has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

TRACOM is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. TRACOM complies with DPF principles for all onward transfers of personal data from the EU, United Kingdom, and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the DPF, TRACOM is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, TRACOM may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.

If you have an unresolved privacy or data use concerns that We have not addressed satisfactorily, please contact Our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website at https://www.dataprivacyframework.gov.

Users must be at least 18 years of age to be able to use the TRACOM systems and participate in our program assessments. By agreeing to this Privacy Policy, you assert that you are at least 18 years of age.

Your Personal Data

TRACOM delivers assessment and training services to Our clients. In the course of delivering these services, We gather personal data on or about individuals. This personal data includes, but is not limited to the following:

Contact Information
Examples: First name, last name, email address, telephone number (Administrators only)).
Purpose: To identify you, communicate with you, respond to your requests, and perform Our services.

Demographic Information (Optional)
Examples: Country, Job, Job Level, Industry, Age Range, Gender.
Purpose: For statistical analysis, and to improve Our products.

Identifying Information
Examples: Username, Password, Security Questions and Responses.
Purpose: To authenticate and grant you authorized access to Our services.

Behavioral Information
Examples: Assessment Responses.
Purpose: To perform the services provided by TRACOM.

Sensitive Information
Examples: Ethnicity question (United States respondents only).
Purpose: For statistical analysis, and to improve Our products.

Your employer has contracted with TRACOM to make Our services available to certain individuals ("Learners") for their personal and professional development. This information is used to process gathered assessment data into Learner Profile Reports, used by the Learners in individual and group training sessions.

If you are a Learner and do not wish to provide personal data, a sample Learner Profile Report can be made available to you. However, this will reduce the applicability of the training provided to you. In addition, if you are asked to provide feedback about a coworker but do not wish to provide personal data, the Learner will not receive the benefit of your valuable feedback.

We conduct analyses of assessment and demographic data, including ethnicity. These findings are instrumental in enhancing and validating our assessments. On occasion, these results are also shared in a summarized form through research reports intended for wider distribution. Our reports strictly exclude any individual or personal data, and specific organizations are mentioned only when we have obtained prior written authorization from the respective organization.

TRACOM holds all personal data collected from or about an individual in strict confidentiality. Access to such data is limited to authorized personnel, which encompasses TRACOM Administrators and Facilitators, Client Administrators, and TRACOM Development Team. Once Learner Profile Reports have been delivered to the Client's Administrators, Facilitators, or Learners, TRACOM no longer maintains control over the personal information and materials.

GDPR Compliance

TRACOM places a high priority on the protection of personal data and, in compliance with the General Data Protection Regulation (GDPR), we have designated Data Protection Representative Limited ("DataRep") as our official Data Protection Representative. This designation ensures that you can easily reach out to us directly within your home country.

You are entitled to exercise your rights under GDPR with respect to personal data. For more details on these rights, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.

DataRep has an established presence in all 27 EU member states, as well as the UK, Norway, and Iceland within the European Economic Area (EEA), ensuring convenient access for TRACOM customers to address inquiries.

Should you wish to exercise your rights with respect to your personal data, or submit an inquiry to TRACOM, you may do so via any of the following methods:

Your Personal Rights

TRACOM respects your authority over your personal data. Upon your request, we will promptly verify whether we are processing information that has been collected from you and will provide you with details regarding the existence of your personal data within our records. We utilize your personal data as required to meet our legal obligations, settle disputes, and enforce our agreements.

In certain situations, fulfilling your request may not be feasible, particularly when it conflicts with our regulatory responsibilities, impacts ongoing legal proceedings, lacks verifiable identity confirmation, or entails an excessive cost or effort. Nevertheless, we will acknowledge your request in a timely manner and provide a clear explanation for any such limitations.

If you are a participant in one of Our multi-rater assessments, we will ask you to invite other individuals ("Raters") to complete an online assessment on your behalf. To facilitate this, we will ask you to provide their names and email addresses. Subsequently, TRACOM will send a one-time email to your designated Raters, inviting them to complete the online assessment. Periodic reminder emails may also be sent. Note that TRACOM retains this data exclusively for the purpose of sending these emails and monitoring your Raters' progress in responding to the assessment.

TRACOM follows the data privacy requirements of the EU General Data Protection Regulation (GDPR), Data Privacy Framework (DPF), and others. Accordingly, individuals may exercise their data privacy rights by following the instructions for each of those rights listed below:

The Right of Access and Rectification

Individuals have the right to directly access, view, and change their personal data stored in the TRACOM system. The process for doing this varies based on the website, and role in the TRACOM system:

TRACOM MAX (www.tracommax.com)
Administrators
- Can view and edit their own personal data via the My Information Edit screen.
- Can view and edit the personal data of others for which they are authorized via the Individual Edit screen.
Facilitators
- Can view and edit their own personal data via the My Information Edit screen.

TRACOM LEARNING (www.tracomlearning.com)
Learners
- Can view and edit their own personal data via the My Account, My Password, and My Security Questions screens.
- Note: Learners using Survey Code access must contact their Client Administrator to change their personal data.

Your Client Administrator's name and email address are located on your invitation and reminder emails.

IMPORTANT:
Requests related to the individual rights listed below should be submitted to your Client Administrator, rather than TRACOM, for evaluation and approval. TRACOM will relay any individual rights requests received to your Client Administrator. Your Client Administrator will notify Us in writing of any actions required to fulfill the rights request. We will acknowledge and document that notification within 10 days. Then we will act on the Client Administrator's directives within 30 days, keeping them updated throughout.

The Right to Erasure (be Forgotten)

Individuals have the right to submit a request to their Client Administrator to have their personal data removed from the TRACOM system. Upon approval, TRACOM will remove the personal data within 30 days.

The Right to Restriction of Processing

Individuals have the right to submit a request to their Client Administrator to restrict the processing of personal data in the TRACOM system. Upon approval, TRACOM will act upon the Client Administrator's directives within 30 days.

The Right to Data Portability

Individuals have the right to receive their personal data from the TRACOM system in a common machine-readable format so it can be used for other purposes. The individual must submit a request to their Client Administrator, including the desired data format. Upon approval, TRACOM will export the personal data within 30 days, sending it securely to the Client Administrator, who will provide it to the individual. If for any reason TRACOM cannot fulfill the request, the Client Administrator will be notified in writing.

The Right to Object

Individuals have the right to approve or disapprove using their personal data in the TRACOM system. An individual is nominated by their employer to participate in TRACOM services, pursuant to the employer's legitimate interests. The individual must submit a request to their Client Administrator to remove consent.

Cookies and Tracking

Our websites use cookies and other tracking technologies to provide a better user experience and to analyze how our customers use our services. Cookies can be controlled or disabled within your browser settings. However, some features of our websites may not function properly if you disable cookies.

We gather certain information automatically, storing it in log files. Information may include Internet Service Provider (ISP), Internet Protocol (IP) addresses, operating system, browser type, referring or exit pages, date/time stamp, and clickstream data to improve our analytics and services.

Data Retention

We retain our clients' personal information for as long as necessary to provide our products and services, and for the purposes described in this privacy policy. We may also retain personal information to comply with legal obligations, resolve disputes, and enforce our agreements and policies.

Data Security

Safeguarding the security of personal data is a top priority for TRACOM. We rigorously adhere to industry recognized privacy and security standards to ensure the safety of personal information transmitted and stored in our systems. We use industry-standard encryption technologies to protect all information stored at rest and transmitted online. However, no method of storage or transmission is completely secure. We cannot guarantee the absolute security of our customers' personal information. If you have any concerns or inquiries regarding the privacy or security of your personal information, please contact us.

In the event of an asset sale, merger, consolidation, restructuring, reorganization, liquidation, or other similar transaction involving TRACOM, We may transfer some or all personal data to the successor company. TRACOM will notify you via email and/or prominent notice on Our websites of any change in ownership, or choices or uses regarding your personal data.

Data Transfer

TRACOM transfers, processes, and stores information, including Personal Data, on computer systems located in the United States, where data protection laws may differ from those in your jurisdiction. By accepting this Privacy Policy and/or submitting your information, you consent to this transfer.

We will take all reasonable steps necessary to ensure your data is treated securely and in accordance with this Privacy Policy. We will not transfer your personal data to any organization or country unless adequate data protection and security controls and measures are in place to safeguard your information.

Legal Disclosure

TRACOM may share personal data under certain circumstances, including when we have a genuine belief that such disclosure is legally mandated, such as in response to a subpoena or comparable legal procedure. We may also make such disclosures in good faith to safeguard our rights, ensure your safety or the safety of others, investigate potential fraud, or respond to governmental requests.

Privacy Policy Changes

TRACOM reserves the right to update this Privacy Policy to align with evolving information practices and service enhancements. As part of this process, you will be prompted to acknowledge and accept these Privacy Policy updates upon your next login to our system. We strongly encourage you to regularly visit this page for the most up-to-date information regarding our privacy practices.

How to Contact Us

This policy was prepared to help participants in TRACOM's programs and services to understand Our policy on data use, privacy, and security. If you have any questions regarding this Privacy Policy, you may contact us by email at tracomlearning@tracom.com or by postal mail at:

The TRACOM Corporation
6675 South Kenton Street, Suite 118
Centennial, Colorado, USA 80111