IAPP GDPR Readiness Assessment Powered by TrustArc Platform Privacy Notice

TRUSTe is now TrustArc Inc. This Privacy Notice has been updated to reflect the corporate name change. The policies and practices described here have not changed. Certification programs and dispute resolution services are offered by TRUSTe LLC a subsidiary of TrustArc Inc (“TRUSTe”) and powered by the TrustArc Platform.

Effective June 6, 2017

This Privacy Notice describes how TrustArc Inc and TRUSTe LLC (collectively TrustArc) collects and uses information you provide on IAPP GDPR Readiness Assessment Powered by the TrustArc Platform . It also describes the choices available to you regarding TrustArc Inc’s use of your personal information and the steps you can take to access this information and to request that we correct or delete it.

If you have questions or concerns regarding this Privacy Notice or TrustArc Inc’s handling of your information collected on IAPP GDPR Readiness Assessment Powered by the TrustArc Platform , contact the TrustArc Inc Data Governance and Privacy Office at

Privacy Policy Questions

U.S. Headquarters
835 Market Street
Suite 800
San Francisco, CA 94103-1905

How We Collect and Use Your Information

Information You Provide Us Directly

When you sign up for an IAPP GDPR Readiness Assessment Powered by the TrustArc Platform account, we will ask you to provide your name, email address, and company name. You will then be asked to create a password to log in to your account.

The information you provide us when signing up for your account is used to:

  • Enable access to the GDPR Readiness Assessment to create projects, answer questions, and review reports;
  • Provide customer support responding to questions regarding your use of the GDPR Readiness Assessment (e.g., forgotten password)
  • Respond to your inquiries regarding other TrustArc Inc product or services you may be interested in. TrustArc Inc will not contact you regarding additional products or services unless you contact us first with an inquiry. At this point we will send you information regarding additional TrustArc Inc products and services.

If you choose to obtain more information about upgrading from the free to the paid version of Assessment Manager we will collect your name, company name, email address, phone number, and information about your role within your company (e.g., job title). We use this information to follow up with information about upgrading from the free to paid version of Assessment Manager, and other TrustArc Inc products and services you may be interested in.

You may unsubscribe from and request to no longer receive product and service information from us at any time by clicking on the unsubscribe link provided in the email.

Information provided in response to GDPR Readiness Assessment questions is confidential and not accessible by either IAPP or TrustArc Inc. With your consent, TrustArc Inc may need to access your account as part of investigating and responding to a support request.

We will run aggregate reports around system usage to understand how many people are signing up and using the assessment. These reports do not contain any information provided during account sign-up or information provided in the course of creating a project, completing an assessment, or reviewing an assessment report.

Information Collected Using Cookies and Other Data Collection Technologies

We use cookies and other data collection technologies to:

  • Help you navigate IAPP GDPR Readiness Assessment Powered by the TrustArc Platform;
  • Facilitate the signup and login process. You may choose to have a cookie set to recognize you next time you return to facilitate easy access to Assessment Manager;
  • Personalize your experience;
  • Analyze which pages and areas of the service are visited; and
  • Provide features such as instructional and product support videos.

Instructional and product support videos use Flash cookies to collect and store your preferences such as sound volume. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies. To learn how to manage privacy and storage settings for Flash cookies click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

Please note that some cookies may be placed by a third party service provider who performs some of these functions for us.

Information Automatically Collected

As is true of most websites, we gather server log file information automatically such as your IP address, browser type, referring/exit pages, and operating system. We use this information to administer our website and service, understand how visitors navigate through our service and to enhance your experience while using our service.

How We Share Your Information

We may engage and contract with third party companies (e.g., service providers) to provide services that help us with our business activities such as cloud hosting services. These third party service providers are limited to only using information as instructed to provide contracted services to us.

We may also disclose your personal information:

  • As required by law such as to comply with a subpoena, or similar legal process. To the extent we are legally permitted to do so, we will take commercially reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of said legal process. TrustArc Inc also may be required to disclose personal information in response to lawful requests by public authorities, including requests from national security or law enforcement authorities.
  • When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud or respond to a written government request
  • if TrustArc Inc becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will ensure that the acquiring organization agrees to protect personal information subject in accordance with the commitments we have made in this Privacy Notice , including our Privacy Shield commitment and that they will provide notice before personal information, customer or business information becomes subject to a different privacy notice
  • To any other third party with your prior consent to do so.

We will share your personal information with third parties only in the ways that are described in this Privacy Notice. We do not otherwise sell your personal information to third parties.

Other Information

EU-U.S. Privacy Shield Participation

TrustArc Inc participates in and has self-certified compliance with the EU-U.S. Privacy Shield Framework (“Privacy Shield”). TrustArc Inc is committed to applying the Privacy Shield Principles to all personal information received from countries in the European Economic Area (EEA) in reliance on the Privacy Shield. To learn more about the Privacy Shield, visit the U.S. Department of Commerce’s Privacy Shield website.

Under the Privacy Shield, TrustArc Inc is responsible for the processing of personal information it receives and subsequently transfers to a third party acting for or on its behalf. TrustArc Inc is liable for ensuring that the third parties we engage support our Privacy Shield commitments.

The U.S. Federal Trade Commission has regulatory enforcement authority over TrustArc Inc’s processing of personal information received or transferred pursuant to the Privacy Shield Framework.

If you are a resident of the EEA and have an unresolved privacy or personal information collection, use or disclosure concern that we have not addressed satisfactorily, please contact the EU Data Protection Authorities. In connection with its self-certification under the Privacy Shield, TrustArc Inc commits to cooperate with the panel established by the EU Data Protection Authorities and comply with the advice given by the panel with regard to personal information transferred from the EU. This is provided at no cost to you.

For more information on how to contact the EU Data Protection Authorities, click here.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Accessing and Updating your Personal Information

To review and update your personal information to ensure it is accurate, or request we delete or return your information to you, contact TrustArc Inc’s Data Governance and Privacy Office at trustarcpolicyquestions@trustarc.com.

TrustArc Inc will make commercially reasonable efforts to provide you reasonable access to any of your personal or other account information we maintain within 30 days of your access request. We provide this access so you can review it, make corrections or request deletion of your information. If we cannot honor your request within the 30-day period, we will tell you when we will provide access. In the unlikely event that we cannot provide you access to your information, we will explain why we cannot do so.

Security and Data Integrity

Safeguarding the information you submit when signing up for and via the GDPR Readiness Assessment is a priority for TrustArc Inc. We take appropriate security measures to protect against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. TrustArc Inc has taken steps to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing personal information, and restore the availability and access to information in a timely manner in the event of a physical or technical incident.

We will retain your information for as long as you maintain a GDPR Readiness Assessment account with us and have not otherwise requested us to delete your information.

Changes to this Privacy Notice

Please note that this Privacy Notice may change from time to time. If we change this privacy notice in ways that affect how we use your personal information, we will advise you of choices you may have as a result of those changes. We will also post a notice that this Privacy Notice has changed.

Defined Terms

The following terms used in this Privacy Statement have defined meanings.

  • Personal information. Any data about an identified or identifiable individual, including data that identifies an individual or that could be used to identify, locate, track, or contact an individual. Personal information includes both directly identifiable information such as a name, identification number or unique job title, and indirectly identifiable information such as date of birth, unique mobile or wearable device identifier, telephone number as well as key-coded data.
  • Third party. Any legal entity, association or person that is not owned by TRUSTe, or in which TRUSTe does not have a controlling interest.
  • TrustArc Inc. TrustArc Inc Inc. and its subsidiaries and successors worldwide, including without limitation, its subsidiary in the Philippines and TRUSTe LLC.