TRACOM relies upon the Standard Contractual Clauses (decision 2010/87/EU), which are in effect with each client organization, as a mechanism for transferring of personal data outside of the EU. TRACOM processes the personal data it receives, in The United States (U.S.).
TRACOM also complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
TRACOM has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.
TRACOM is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. TRACOM complies with DPF principles for all onward transfers of personal data from the EU, United Kingdom, and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the DPF, TRACOM is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, TRACOM may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
If you have an unresolved privacy or data use concerns that We have not addressed satisfactorily, please contact Our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website at https://www.dataprivacyframework.gov.
We generally process the following types of Personal Data:
TRACOM delivers assessment and training services to Our clients. In the course of delivering these services, We gather personal data on or about individuals. Personal data includes, but is not limited to the following:
We also use personal data to authenticate authorized access to Our websites and to process the assessment data gathered into Learner Profile Reports, used by the Learners in group and individual training and coaching sessions. Your employer has contracted with TRACOM to make Our services available to certain individuals ("Learners") for their personal and professional development. If you are a Learner and do not wish to provide personal data, a sample Learner Profile Report can be made available to you. This will reduce the applicability of the information to you. If you have been asked to provide feedback about a coworker but do not wish to provide personal data, the Learner will not receive the benefit of your valuable feedback.
As is true of most websites, We gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data to improve Our services, analytics or site functionality.
We regularly analyze assessment and demographic responses, including ethnicity responses, and the results are used by TRACOM to update and validate Our assessments and are occasionally published, in summary form only, in research reports designed for general circulation. Individuals are never identified in these reports. Specific organizations are identified only if We receive prior written approval from the organization.
Personal data collected about or from an individual is considered confidential by TRACOM. Only authorized personnel (TRACOM Administrators and Facilitators, and client Administrators and Facilitators) have access to personal data. However, once individual Learner Profile Reports have been delivered to the client's Learners, Administrators, or Facilitators, these materials are no longer within the control of TRACOM.
The security of your personal data is important to TRACOM. We follow generally accepted standards to protect the personal data submitted to Us, both during transmission and once We receive it. When you enter personal data, We encrypt the transmission of that information using secure socket layer technology (SSL). No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, We cannot guarantee its absolute security. If you have any questions about the security of your personal data, you can contact Us at firstname.lastname@example.org.
In the event of an asset sale, merger, consolidation, restructuring, reorganization, liquidation or other similar transaction involving TRACOM, We may transfer some or all personal data to the successor company. You will be notified via email and/or a prominent notice on Our web site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
We may disclose personal data when We believe such disclosure is required by law, such as to comply with a subpoena, or similar legal process, when We believe in good faith that disclosure is necessary to protect Our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request, or to any other third party with your prior consent.
TRACOM takes the protection of personal data seriously and has appointed Data Protection Representative Limited (DataRep) as Our Data Protection Representative for the purposes of the General Data Protection Regulation (GDPR) in the European Union so that you can contact Us directly in your home country.
You are entitled to exercise your rights under GDPR with respect to personal data. For more details on these rights, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.
DataRep has locations in each of the 27 EU countries, and the UK, Norway, and Iceland in the European Economic Area (EEA), so that TRACOM customers can raise the questions they have with them.
Should you want to raise a question to TRACOM, or otherwise exercise your rights with respect to your personal data, you may do so via any of the following methods:
TRACOM respects your control over your personal data and upon request TRACOM will confirm if We are processing information that We have collected from you and will provide you with information about whether We hold any of your personal data. We use your personal data as necessary, to comply with Our legal obligations, resolve disputes, and enforce Our agreements and will retain it until instructed to remove it by the TRACOM Client, or you (under limited circumstances).
Under certain circumstances We will not be able to fulfill your request, such as if it interferes with Our regulatory obligations, affects legal matters, We cannot verify your identity, or it involves disproportionate cost or effort, but in any event We will respond to your request within a reasonable timeframe and provide you an explanation.
If you are the subject of one of Our multi-rater assessments, We will ask you to invite people to participate as your Raters. We will ask you for their names and email addresses. We will send your Raters a one-time email inviting them to visit the assessment website and optionally, send them periodic reminders. TRACOM stores this information for the sole purpose of sending these emails and measuring the progress of your Raters in responding to the assessment.
TRACOM follows the data privacy requirements of the European Union's General Data Protection Regulation (GDPR), among others, Under the GDPR, individuals may exercise their data privacy rights, by following the instructions for each of the rights listed below:
Individuals have the right to access, view, and change their personal data stored in the TRACOM systems. The process for doing this varies depending on the website, and the role of the user, as follows:
- Can view/edit the personal data of other individuals for which they are authorized via the Individual Edit screen.
- Can view/edit their personal data via the My Information Edit screen.
- Can view/edit their personal data via the My Information Edit screen.
TRACOM Learning (www.tracomlearning.com)
- Can view/edit their personal data via the Change My Information screen.
- Learners using the Survey Codes access method need to contact their Client Administrator to have their personal data changed. The Client Administrator name and email address are located on your invitation and reminder emails.
TRACOM will maintain personal data until an authorized representative of Our client notifies TRACOM, in writing, to remove the personal data.
Individuals have the right to request that personal data be removed from the TRACOM systems. Any request to TRACOM to remove personal data must come from a Client Administrator. To exercise this right, an individual (Learner, Rater, Administrator, or Facilitator) contacts the Client Administrator to request their personal data be removed. The Client Administrator name and email address are located on your invitation and reminder emails. Upon notification from the Client Administrator, TRACOM will remove the individual's personal data from the TRACOM systems.
Individuals have the right to restrict the processing of personal data in the TRACOM systems. Any request to restrict personal data processing must come from a Client Administrator using the procedure noted under The Right to Erasure section above.
Individuals have the right to receive their personal data from the TRACOM systems in a commonly used, machine readable format so that it can then be used for a variety of other purposes. Any request to receive personal data must come from a Client Administrator using the following procedure:
1. An Individual (Learner, Rater, Administrator, or Facilitator) contacts the Client Administrator to request their personal data be received in a machine readable format. The Client Administrator name and email address is located on your invitation and reminder emails.
2. A Client Administrator submits a request to TRACOM in writing that personal data be made available for an individual.
3. TRACOM evaluates the request to make sure it can be fulfilled. If there is any reason the request can't be fulfilled, TRACOM will notify the Client Administrator, in writing. Otherwise, TRACOM fulfills the request and forwards the requested information to the Client Administrator, to provide to the individual.
Individuals have the right to approve or disapprove using their personal data in the TRACOM systems. An individual is nominated by their employer to participate in the TRACOM services, pursuant to the employer's legitimate interests.
Any request to remove consent must come from a Client Administrator using the procedure noted under The Right to Erasure section above.
The TRACOM Corporation
6675 South Kenton Street, Suite 118
Centennial, Colorado, USA 80111