TRACOM relies upon the Standard Contractual Clauses (decision 2010/87/EU), which are in effect with each client organization, as a mechanism for transferring of personal data outside of the EU. TRACOM processes the personal data it receives, in The United States (U.S.).
TRACOM also complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
TRACOM has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.
TRACOM is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. TRACOM complies with DPF principles for all onward transfers of personal data from the EU, United Kingdom, and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the DPF, TRACOM is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, TRACOM may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
If you have an unresolved privacy or data use concerns that We have not addressed satisfactorily, please contact Our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website at https://www.dataprivacyframework.gov.
TRACOM delivers assessment and training services to Our clients. In the course of delivering these services, We gather personal data on or about individuals. This personal data includes, but is not limited to the following:
Contact InformationExamples: First name, last name, email address, telephone number (Administrators only)).Purpose: To identify you, communicate with you, respond to your requests, and perform Our services.
Demographic Information (Optional)Examples: Country, Job, Job Level, Industry, Age Range, Gender.Purpose: For statistical analysis, and to improve Our products.
Identifying InformationExamples: Username, Password, Security Questions and Responses.Purpose: To authenticate and grant you authorized access to Our services.
Behavioral InformationExamples: Assessment Responses.Purpose: To perform the services provided by TRACOM.
Sensitive InformationExamples: Ethnicity question (United States respondents only).Purpose: For statistical analysis, and to improve Our products.
Your employer has contracted with TRACOM to make Our services available to certain individuals ("Learners") for their personal and professional development. This information is used to process gathered assessment data into Learner Profile Reports, used by the Learners in individual and group training sessions.
If you are a Learner and do not wish to provide personal data, a sample Learner Profile Report can be made available to you. However, this will reduce the applicability of the training provided to you. In addition, if you are asked to provide feedback about a coworker but do not wish to provide personal data, the Learner will not receive the benefit of your valuable feedback.
We conduct analyses of assessment and demographic data, including ethnicity. These findings are instrumental in enhancing and validating our assessments. On occasion, these results are also shared in a summarized form through research reports intended for wider distribution. Our reports strictly exclude any individual or personal data, and specific organizations are mentioned only when we have obtained prior written authorization from the respective organization.
TRACOM holds all personal data collected from or about an individual in strict confidentiality. Access to such data is limited to authorized personnel, which encompasses TRACOM Administrators and Facilitators, Client Administrators, and TRACOM Development Team. Once Learner Profile Reports have been delivered to the Client's Administrators, Facilitators, or Learners, TRACOM no longer maintains control over the personal information and materials.
TRACOM places a high priority on the protection of personal data and, in compliance with the General Data Protection Regulation (GDPR), we have designated Data Protection Representative Limited ("DataRep") as our official Data Protection Representative. This designation ensures that you can easily reach out to us directly within your home country.
You are entitled to exercise your rights under GDPR with respect to personal data. For more details on these rights, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.
DataRep has an established presence in all 27 EU member states, as well as the UK, Norway, and Iceland within the European Economic Area (EEA), ensuring convenient access for TRACOM customers to address inquiries.
Should you wish to exercise your rights with respect to your personal data, or submit an inquiry to TRACOM, you may do so via any of the following methods:
TRACOM respects your authority over your personal data. Upon your request, we will promptly verify whether we are processing information that has been collected from you and will provide you with details regarding the existence of your personal data within our records. We utilize your personal data as required to meet our legal obligations, settle disputes, and enforce our agreements.
In certain situations, fulfilling your request may not be feasible, particularly when it conflicts with our regulatory responsibilities, impacts ongoing legal proceedings, lacks verifiable identity confirmation, or entails an excessive cost or effort. Nevertheless, we will acknowledge your request in a timely manner and provide a clear explanation for any such limitations.
If you are a participant in one of Our multi-rater assessments, we will ask you to invite other individuals ("Raters") to complete an online assessment on your behalf. To facilitate this, we will ask you to provide their names and email addresses. Subsequently, TRACOM will send a one-time email to your designated Raters, inviting them to complete the online assessment. Periodic reminder emails may also be sent. Note that TRACOM retains this data exclusively for the purpose of sending these emails and monitoring your Raters' progress in responding to the assessment.
TRACOM follows the data privacy requirements of the EU General Data Protection Regulation (GDPR), Data Privacy Framework (DPF), and others. Accordingly, individuals may exercise their data privacy rights by following the instructions for each of those rights listed below:
The Right of Access and Rectification
Individuals have the right to directly access, view, and change their personal data stored in the TRACOM system. The process for doing this varies based on the website, and role in the TRACOM system:
TRACOM MAX (www.tracommax.com)
- Can view and edit their own personal data via the My Information Edit screen.- Can view and edit the personal data of others for which they are authorized via the Individual Edit screen.Facilitators
- Can view and edit their own personal data via the My Information Edit screen.
TRACOM LEARNING (www.tracomlearning.com)
- Can view and edit their own personal data via the My Account, My Password, and My Security Questions screens.- Note: Learners using Survey Code access must contact their Client Administrator to change their personal data.
Your Client Administrator's name and email address are located on your invitation and reminder emails.
IMPORTANT:Requests related to the individual rights listed below should be submitted to your Client Administrator, rather than TRACOM, for evaluation and approval. TRACOM will relay any individual rights requests received to your Client Administrator. Your Client Administrator will notify Us in writing of any actions required to fulfill the rights request. We will acknowledge and document that notification within 10 days. Then we will act on the Client Administrator's directives within 30 days, keeping them updated throughout.
The Right to Erasure (be Forgotten)
Individuals have the right to submit a request to their Client Administrator to have their personal data removed from the TRACOM system. Upon approval, TRACOM will remove the personal data within 30 days.
The Right to Restriction of Processing
Individuals have the right to submit a request to their Client Administrator to restrict the processing of personal data in the TRACOM system. Upon approval, TRACOM will act upon the Client Administrator's directives within 30 days.
The Right to Data Portability
Individuals have the right to receive their personal data from the TRACOM system in a common machine-readable format so it can be used for other purposes. The individual must submit a request to their Client Administrator, including the desired data format. Upon approval, TRACOM will export the personal data within 30 days, sending it securely to the Client Administrator, who will provide it to the individual. If for any reason TRACOM cannot fulfill the request, the Client Administrator will be notified in writing.
The Right to Object
Individuals have the right to approve or disapprove using their personal data in the TRACOM system. An individual is nominated by their employer to participate in TRACOM services, pursuant to the employer's legitimate interests. The individual must submit a request to their Client Administrator to remove consent.
We gather certain information automatically, storing it in log files. Information may include Internet Service Provider (ISP), Internet Protocol (IP) addresses, operating system, browser type, referring or exit pages, date/time stamp, and clickstream data to improve our analytics and services.
Safeguarding the security of personal data is a top priority for TRACOM. We rigorously adhere to industry recognized privacy and security standards to ensure the safety of personal information transmitted and stored in our systems. We use industry-standard encryption technologies to protect all information stored at rest and transmitted online. However, no method of storage or transmission is completely secure. We cannot guarantee the absolute security of our customers' personal information. If you have any concerns or inquiries regarding the privacy or security of your personal information, please contact us.
In the event of an asset sale, merger, consolidation, restructuring, reorganization, liquidation, or other similar transaction involving TRACOM, We may transfer some or all personal data to the successor company. TRACOM will notify you via email and/or prominent notice on Our websites of any change in ownership, or choices or uses regarding your personal data.
TRACOM may share personal data under certain circumstances, including when we have a genuine belief that such disclosure is legally mandated, such as in response to a subpoena or comparable legal procedure. We may also make such disclosures in good faith to safeguard our rights, ensure your safety or the safety of others, investigate potential fraud, or respond to governmental requests.
The TRACOM Corporation
6675 South Kenton Street, Suite 118
Centennial, Colorado, USA 80111