IAPP GDPR Readiness Assessment Powered by TrustArc Platform Privacy Notice

TRUSTe is now TrustArc Inc.. This Privacy Notice has been updated to reflect the corporate name change. The policies and practices described here have not changed. Certification programs and dispute resolution services are offered by TRUSTe LLC (“TRUSTe”), a subsidiary of TrustArc Inc, and powered by the TrustArc Platform.

Effective October 20, 2017

This Privacy Notice describes how TrustArc Inc andits subsidiaries and successors worldwide, including without limitation, its subsidiary in the Philippines and TRUSTe LLC. (collectively “TrustArc”) collect and use the information you provide by using the IAPP GDPR Readiness Assessment Powered by the TrustArc Platform. It also describes the choices available to you regarding TrustArc’s use of your personal information, and the steps you can take to access this information and to request that we correct or delete it.

If you have questions or concerns regarding this Privacy Notice or TrustArc’s handling of your information collected through the IAPP GDPR Readiness Assessment Powered by the TrustArc Platform, contact the TrustArc Data Governance and Privacy Office at

Privacy Policy Questions

U.S. Headquarters
835 Market Street
Suite 800
San Francisco, CA 94103-1905

How We Collect and Use Your Information

Information You Provide Us Directly

When you sign up for the IAPP GDPR Readiness Assessment Powered by the TrustArc Platform, we will ask you to provide your name, email address, and company name. You will then be asked to create a password to log in to your account.

The information you provide us when signing up for your account is used to:

  • Enable access to the GDPR Readiness Assessment to create projects, answer questions, and review reports;
  • Provide customer support regarding your use of the GDPR Readiness Assessment (e.g., forgotten password); and
  • Respond to your inquiries regarding other TrustArc products or services you may be interested in. TrustArc will not contact you regarding additional products or services unless you contact us first with an inquiry. At this point we will send you information regarding additional TrustArc Inc products and services.

If you choose to obtain more information about upgrading from the free to the paid version of Assessment Manager, we will collect your name, company name, email address, phone number, and information about your role within your company (e.g., job title). We use this information to follow-up with you about upgrading to the paid version of Assessment Manager, and to inform you about other TrustArc products and services you may be interested in.

You may unsubscribe from and request to no longer receive product and service information from us at any time by clicking on the unsubscribe link provided in the email.

Information provided in response to GDPR Readiness Assessment questions is confidential and not accessible by either IAPP or TrustArc. With your consent, TrustArc may access your account as part of investigating and responding to a support request.

We will run aggregate reports around system usage to determine the number of sign ups for the assessment, as well as how many assessments are in use. . These reports do not contain any information provided during account signup or information provided in the course of creating a project, completing an assessment, or reviewing an assessment report.

Information Collected Using Cookies and Other Data Collection Technologies

We use cookies and other data collection technologies to:

  • Help you navigate the IAPP GDPR Readiness Assessment Powered by the TrustArc Platform by facilitating the signup and login process. You may choose to have a cookie set to recognize you next time you return to facilitate easy access to Assessment Manager.
  • Personalize your experience
  • Analyze which pages and areas of the service are visited
  • Provide features, such as instructional and product support videos

Instructional and product support videos use Flash cookies to collect and store your preferences such as sound volume. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies. To learn how to manage privacy and storage settings for Flash cookies click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

Please note that some cookies may be placed by a third party service provider who performs some of these functions for us.

Information Automatically Collected

As is true of most websites, we gather server log file information automatically, such as your IP address, browser type, referring/exit pages, and operating system. We use this information to administer our website and service, understand how visitors navigate through our service, and to enhance your experience while using our service.

How We Share Your Information

We may engage and contract with third party companies (e.g., service providers) to provide services that help us with our business activities such as cloud hosting services. These third party service providers are limited to only using information as instructed to provide contracted services to us.

We may also disclose your personal information:

  • As required by law such as to comply with a subpoena or similar legal process. To the extent we are legally permitted to do so, we will take commercially reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of a legal process. TrustArc also may be required to disclose personal information in response to lawful requests by public authorities, including requests from national security or law enforcement authorities.
  • When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a written government request
  • If TrustArc becomes involved in a merger, acquisition, or any form of sale of some or all of its assets. In the event of a merger, acquisition, or any form of sale of some or all of TrustArc’s assets, we will ensure that the acquiring organization agrees to protect personal information in accordance with the commitments we have made in this Privacy Notice, including our Privacy Shield commitment, and that the acquiring organization will provide notice before personal information, customer information, or business information becomes subject to a different privacy notice.
  • To any other third party with your prior consent to do so

We will share your personal information with third parties only in the ways that are described in this Privacy Notice. We do not otherwise sell your personal information to third parties.

Other Information

EU-U.S. and Swiss-U.S. Privacy Shield

TrustArc participates in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”), and has self-certified with the Department of Commerce that we adhere to the Privacy Shield Principles. TrustArc is committed to applying the Privacy Shield Principles to all personal information received from countries in the European Economic Area (EEA) and Switzerland in reliance on the Privacy Shield. To learn more about the Privacy Shield, visit the U.S. Department of Commerce’s Privacy Shield website.

Under the Privacy Shield, TrustArc is responsible for the processing of personal information it receives and subsequently transfers to a third party acting for or on its behalf. TrustArc is liable for ensuring that the third parties we engage support our Privacy Shield commitments.

The U.S. Federal Trade Commission has regulatory enforcement authority over TrustArc’s processing of personal information received or transferred pursuant to the Privacy Shield Framework.

If you are a resident of the EEA and have an unresolved privacy or personal information collection, use, or disclosure concern that we have not addressed satisfactorily, please contact the EU Data Protection Authorities. If your are a resident of Switzerland and have this concern, please contact the Swiss Federal Data Protection and Information Commissioner. In connection with its self-certification under the Privacy Shield, TrustArc commits to cooperate with the panel established by the EU Data Protection Authorities and comply with the advice given by the panel with regard to personal information transferred from the EU. TrustArc also commits to cooperate with and comply with the advice of the Commissioner with regard to personal information transferred from Switzerland. This is provided at no cost to you.

For more information on how to contact the EU Data Protection Authorities, click here.

For more information on how to contact the Swiss Federal Data Protection and Information Commissioner, click here.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Accessing and Updating your Personal Information

To review and update your personal information to ensure it is accurate, or request we delete or return your information to you, contact TrustArc Inc’s Data Governance and Privacy Office at privacy@trustarc.com.

TrustArc will make commercially reasonable efforts to provide you reasonable access to any of your personal or other account information we maintain within 30 days of your access request. We provide this access so you can review it, make corrections, or request deletion of your information. If we cannot honor your request within the 30-day period, we will tell you when we will be able to provide access. In the unlikely event that we cannot provide you access to your information, we will explain why we cannot do so.

Security and Data Integrity

Safeguarding the information you give us or we receive about you through the GDPR Readiness Assessment is a priority for TrustArc. We take appropriate security measures to protect against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. TrustArc has taken steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing personal information, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.

We will retain your information for as long as you maintain a GDPR Readiness Assessment account with us and have not otherwise requested us to delete your information.

Changes to this Privacy Notice

Please note that this Privacy Notice may change from time to time. If we change this Privacy Notice in ways that affect how we use your personal information, we will advise you of the choices you may have as a result of those changes. We will also post a notice that this Privacy Notice has changed.

Defined Terms

The following terms used in this Privacy Statement have defined meanings.

  • Personal information. Any data about an identified or identifiable individual, including data that identifies an individual or that could be used to identify, locate, track, or contact an individual. Personal information includes both directly identifiable information such as a name, identification number or unique job title, and indirectly identifiable information such as date of birth, unique mobile or wearable device identifier, telephone number as well as key-coded data.
  • Third party. Any legal entity, association or person that is not owned by TRUSTe, or in which TRUSTe does not have a controlling interest.