Privacy

PRIVACY STATMENT FOR DATA SUBJECTS FROM THE EUROPEAN ECONOMIC AREA, EUROPEAN UNION, UNITED KINGDOM AND SWITZERLAND

Last updated 12th April 2024 This EEA, EU, UK and Switzerland Privacy Statement (“Statement”) explains how TraceGains complies with certain privacy rights specifically available to individuals located in the European Economic Area (including the EU) (“EEA”), United Kingdom (“UK”), and/or Switzerland (“Swiss”). This Statement should be read together with our Cookie Policy and our Terms of Use.

1. THIS STATEMENT

This Statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

2. WHO WE ARE

This is the Statement of TraceGains, Inc. (“TraceGains,” “us,” “our,” or “we”), a Delaware corporation with offices at 12303 Airport Way, Bldg. I, Ste. 180, Broomfield, CO 80021. You can contact us using the information in this Statement under section 17.

3. APPLICABILITY

This Statement applies to our “Services,” which include our websites that link to/post this Statement, including any subdomains or mobile versions (the “Site(s)”), mobile applications (the “Mobile App(s)”), and our “Gather” marketplace (“Gather”) and its Terms of Use (“Terms of Use”), and ‘software-as-a-service’ platform (collectively, the “Platform”). This Statement applies only to the platforms that are owned by the TraceGains. We are  not responsible for the privacy practices of other sites and (online) resources available on our platforms.

4. THE LAWFUL BASES FOR PROCESSING PERSONAL DATA

The laws of your country require us to rely on certain conditions to process your personal data. When we process your personal data, we rely on the following lawful bases:
  • Consent: This will typically be the case where you have opted into receiving marketing communications from us. If consent is the legal basis, then, you are always permitted to revoke your consent at any time. In order to do so, please send an email to legal@tracegains.com.
  • Legal obligations: in certain instances we need to process information in order to comply with our own legal obligations, for example for tax purposes or when we are requested to provide information to governmental authorities.
  • Performance of a contract: some processing is necessary to fulfil a contract that we have with you. For example, when you place an order or subscribe to one of our services- we need to process certain personal data to provide you with the requested order and/or service. Another example would be to provide you, a job applicant, with an employment contract and pay salary.
  • Legitimate interests: sometimes we will process your personal data when we have a legitimate interest as long as these interests are not overridden by your data protection rights. Our legitimate interests include but not limited to:
    • Contacting you when you have requested us to do so;
    • Contact you about products and/or services that you have previously purchased from us and are similar to what you have purchased,
    • Making sure that our services are secure and operate effectively;
    • Improving or optimizing the design and functionality of our services;
    • For internal reporting and modeling (e.g. to understand what parts of our services are most relevant to users, how users interact with various aspects of our services, how our services perform or fail to perform, etc);
    • To respond to your questions and/or requests;
    • To reach out to you about your use or our provision of our service, your account, to provide other relevant notifications or information;
    • To detect, prevent, and respond to information security risks to the services or users (e.g. through the creation and analysis of access logs and other relevant metadata, analysis of network traffic, device patterns and characteristics, and similar processing);
    • To detect and mitigate fraud, and otherwise monitor and ensure the security, availability, and stability of the services.

5. METHODS OF COLLECTION AND USE OF PERSONAL DATA

Directly: when you contact us, when you order a product/service, choose to provide information to us (for example by submitting a contact form via the website), use our services in any way, when you use/browse our website, when you subscribe to our Platform, create an account, when you message a client, when you submit content, engage with us on social media, submit your CV/resume and/or attend an interview. Indirectly: we may collect personal data from publicly available data relating to your job title, education, and employment such as registration with professional bodies, qualifications, and commercially available sources, for example from social media sites such as LinkedIn, public job boards, trade organizations, trade events, advertisements, B2B contact database, or other public sources.

6. PERSONAL DATA CATEGORIES

We  process the following types of information, including data that relates to identified or identifiable individuals:
Identity Data personal data about you and your identity, such as your name, date of birth, residence address, username, company affiliation and title, and other personal data you may provide on applications, registration forms, or as part of an account profile.
Contact Data: personal data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or communications platform usernames/handles, as well as a name or other salutation.
Transaction Data personal data we collect in connection with a transaction or purchase, such as subscription information, price, and other similar information.
Payment Data information such as bank account details, payment card information, and information from credit reference agencies.
Professional Data personal data relating to your employment or profession.
Device Data personal data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies. Please visit our cookie policy for more information.
Inference Data inferred data created from the analysis of or related to personal data, e.g. individual predispositions, characteristics, behaviors, and attitudes.
Custom Content information that a user provides in a free text or other unstructured format, or in custom fields created by a client; this may include personal data to the extent provided by the user.
Submitted Job Application Data your CV, resume, transcripts, and any supporting documentation attached to your resume such as copies of certificates and diplomas and other information you submit.
Interview Related Data obtained while conducting a phone interview, video interview, in-person interview, or interview through one of our third-party interview and recruitment service providers. Reference Check Data: such as a verification of your educational and professional background, and other relevant data subject to TraceGains policies and applicable laws.
Personal and Company Analytics Data: information about use of the platform (e.g., feature use, navigation, or Platform performance) by you or the client/supplier/customer’s on whose behalf you use the Platform

7. HOW WE USE YOUR PERSONAL DATA

Our collection and/or use of personal data may include:
  • To provide you with our services;
  • To contact you and/or provide you with support when you have requested us to do so;
  • To provide you with features clients, suppliers or their users’ request;
  • To detect fraud and secure the transaction;
  • To send marketing communications, provided that you consented to this;
  • To understand the products or industries you and other users in the organization are interested in or information about your organization that may be of interest to others;
  • To optimize and improving our Services;
  • Clients may submit inquiries, company and production information, requirement and offerings through our Services. We process various information to provide our Services to the clients, including in connection with the assessment of applications and prospective applicants;
  • To operate, administer, maintain and provide the Platform;
  • To provide you important information about your account and the products and Services you may be offering as a supplier or soliciting as a customer;
  • To maintain client records;
  • To make certain data available contained in profiles on our website for viewing by other clients (on behalf of the client);
  • To communicate with you in the context of a job application, planning an interview/conversation and sending you such invitations;
  • To review the personal data that you provided in the context of a job application;
  • To share information with our internal staff members, for example, in the context of job application purposes;
  • To provide and improve the user experience and efficiency of our Services, and understanding information about the devices and demographics of visitors to our Services To enable various features of the Services such as your browser remembering your username or password, maintaining a session, or staying logged in after a session has ended;
  • Or analytics and site performance purposes, such as tracking how the Services are used or perform, how users engage with and navigate through the Services, what sites users visit before visiting our Services, how often they visit our Services, and other similar information;
  • Additionally, in some cases (and subject to your consent where required by law), we may collect and process certain information about use of the platform (e.g., feature use, navigation, or Platform performance) by you or the client/supplier/customer’s on whose behalf you use the Platform;
  • To understand how users and clients/suppliers/customers use the Platform, provide you with customer service and support, and to otherwise improve the Platform;
  • To disclose to advertisers certain personal data of users who view client/supplier advertisements, posts or pages, when consented to show such advertisements;
  • To enable posts and communications on the Platform and our public services;
  • To prepare and disclosing aggregated reports relating to advertisement company page views, aggregate analytics relating to how our Services are used, the products and Services our users purchase, service delivery metrics;
  • To asses trends, suggest products, suppliers, or clients that may be of interest to you or others in your organization;
  • To create aggregate analytics relating to how our services are used, the products and Services our users purchase, to create service delivery metrics and to create reports regarding the use of our Services, demographics of our users and other similar information and metrics;
  • To count product/profile/content views and develop other similar metrics;
  • To advertise supplier and buyer products or Services to users and consequently create reports relating to the advertiser and the product/service advertised, provided that you consent to this.

8. COOKIES

We, and certain third parties, may process personal data when you interact with cookies and similar technologies. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy statements of third parties may apply to these technologies and information collected. Please visit our Cookie Policy for more detailed information about the cookies that we use and for which purposes.

9. MARKETING COMMUNICATIONS / NEWSLETTER

You can subscribe to the newsletter of TraceGains via our website or by contacting legal@tracegains.com. Through the newsletter we keep you informed with news about our company and relevant offers. In every newsletter that you receive, there is a link with which you can unsubscribe from receiving this newsletter.

10. HOW WE SHARE YOUR PERSONAL DATA

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. If needed we will have concluded the appropriate agreements with them to ensure confidentiality of your personal data and processing in accordance with the applicable data protection laws. We generally disclose personal data to the following categories of recipients:
  • Selected TraceGains employees: disclosure of personal data insofar as this is necessary to execute their services/work. Employees are bound by confidentiality;
  • Clients: we process data on behalf of clients and may share your personal data with clients to the extent such information was provided to us for processing on the client’s behalf. For example, any forms, applications, messages, or other material may be processed by us for clients, and all personal data processed on behalf of the client may be available to the client and its users. These parties may engage in direct marketing, or other activities that are outside our control.
  • Users:   in some cases, information may be shared with other users, for example, in connection with our collaboration or messaging tools, or as part of Gather Applications (e.g. when users view pages, advertisements, or other pages/content on Gather, subject to applicable privacy options/controls).
  • Vendors and service providers: we may share your information with vendors and service providers that we believe need the information to perform a technology, business, or other professional function for us, including providing products or services to you or our clients on our behalf, creating or maintaining our databases, researching and analyzing the people who request information from us, preparing and distributing communications, or responding to inquiries.
  • Affiliates: in order to streamline certain business operations, develop products and Services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your personal data with any of our current or future affiliated entities, subsidiaries, and parent companies.
  • Corporate events:your personal data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, personal data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
  • Business transition: if TraceGains, or any portion of our assets, are acquired by, merged with, transferred to, or invested in by another company, we may share your personal information with that company or other third parties involved in the business transition. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Statement.
  • Legal disclosures: in limited circumstances, we may, without notice or your consent, access and disclose your personal data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our terms of use, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your personal data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your personal data to such parties.

11. INTERNATIONAL TRANSFERS

TraceGains is an organization established in the United States of America (USA). For individuals located outside the United States, your personal data will likely be transferred to, stored, and processed in the USA or other countries outside of where you live. When personal data is transferred outside of the EEA, EU, UK and/or Switzerland by us, we make sure that the appropriate supplemental safeguards are in place to ensure an adequate level of the protection of your data in accordance with the applicable data protection laws. Where necessary, we will (or have already) entered into standard European Commission approved model data protection clauses (SCCs) (provided that for Switzerland the necessary adaptations and amendments are made for use under Swiss data protection law) and/or the United Kingdom’s International Data Transfer Agreement (IDTA).

12. DATA PRIVACY FRAMEWORK

In addition, TraceGains complies with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF (UK-US Data Bridge), and the Swiss-U.S. Data Privacy Framework (Swiss-US DPF) as set forth by the U.S. Department of Commerce. TraceGains has certified to the U.S. Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. TraceGains certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this Statement and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data Privacy Framework. We will not process the personal data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We limit the collection and use of personal data to only the minimum amount necessary to achieve the identified purposes. This also includes limiting access to personal information based on roles and solely access to personal data that is necessary to carry out specific work, and embedding privacy into our processes, services and products starting at the design phase. We do not store your data longer than necessary for the purposes for which it was collected. To learn more about our retention terms, please contact us via legal@tracegains.com.  Where TraceGains controls your personal data, or where required by law, we will take reasonable steps to ensure your personal information is accurate and up to date. We have implemented administrative, technical, and physical security measures to ensure the confidentiality and integrity of the personal data we process. This includes measures that protects against unauthorized or unlawful processing, accidental loss, destruction, or damage. Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to confirm whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States or any other of the data subject rights under the Data Privacy Frameworks, should direct their request to legal@tracegains.com. To learn more about which rights you have and how to exercise them, please read section 15 and 16 of this Statement. We (TraceGains) are responsible for the processing of personal data we receive or subsequently transfer to a third party acting as an agent on their behalf. When doing so, we comply with the accountability for onward transfers. We will make sure that (i) the transfer of such data is only for limited and specified purposes; (ii) that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) we will take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) we will require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) we will upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) we will provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request. TraceGains complies with all applicable data protection laws, including Data Privacy Framework Principles, for all onward transfers of personal data from the EEA, UK and Switzerland, including the onward transfer liability provisions in the Data Privacy Framework Principles. We will provide you with an opt-in or opt-out before we use your personal data for other purposes than for which it was originally collected or subsequently authorized or before we share your personal data with third parties other than our agents (those who process on our behalf). We will provide you with an opt-in before we disclose sensitive information to third parties other than our agents or when this data is used for a different purpose other than those for which it was originally collected. To request to limit the use and disclosure of your personal information, please submit a written request to legal@tracegains.com. With respect to personal data received or transferred pursuant to the Data Privacy Framework Principles, TraceGains is subject to the regulatory enforcement powers of the US Federal Trade Commission. In certain situations, TraceGains may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In compliance with the Data Privacy Framework Principles, TraceGains commits to resolve complaints about your privacy and our collection or use of your personal data transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact: TraceGains 12303 Airport Way, Bldg. I Suite 180, Broomfield, CO 80021, United States Privacy@tracegains.com TraceGains has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution provider, operated by VeraSafe Privacy Framework Dispute Resolution Procedure. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit Verasafe Dispute Resolution Procedure. for more information and/or to file a complaint. This service is provided free of charge to you. If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. Please have a look at the Data Privacy Framework. If you have questions about our Data Privacy Framework certifications, please contact us at: Privacy@tracegains.com

13. SECURITY

We have taken appropriate technical and organizational measures to protect the personal data against loss or against any form of unlawful processing. We update and test our security technology on an ongoing basis. We have established an information security policy and taken physical, organizational and electronic measures with due observance thereof. Your data is transmitted over secure internet connections over the internet. We contractually commit third parties who are engaged in the management and development of the Platforms to respect the confidentiality of your data. We restrict access to your personal data to only authorized staff members who need access. In addition, we train our staff members about the important of confidentiality and maintaining the privacy and security of your information. We sometimes share personal data with, or process data on behalf of third parties. If we do, we conclude appropriate agreements with them.

14. RETENTION TIME

We will keep your persona data to enable your continued use of our services, for as long as necessary in order to fulfil the relevant purposes described in this private statement or as is required by law.

15. YOUR RIGHTS

You are given the following rights:
  • The right of access. This means you can make a request to obtain access to the personal data concerning you;
  • The right to rectification or correction of your personal data;
  • The right to erasure of the personal data concerning you;
  • The right to restriction of the processing. This means you can ask us to restrict the processing of your personal data in some circumstances, such as when you contest the accuracy of the personal data;
  • The right to data portability. This means that you have the right to receive your personal data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
  • The right to object. This means you can object to our processing of your personal data and ask us to stop such processing at any time if we rely on our own or someone else’s
legitimate interests to process your personal data or where we process your personal data for direct marketing purposes.
  • Right to object to automated decision-making. This means you have the right not to be subject to a decision based solely on automated processing, including profiling. We do not use such automated decision-making in relation to our processing of your personal data described in this privacy statement.
  • The right to withdraw your consent. If we rely on your consent for the processing of your personal data, such as with receiving our newsletters, you have the right to withdraw that consent at any time.
  • You also have the right to lodge a complaint with a supervisory authority. A list of the national data protection authorities within the EEA can be found via this link, data protection authorities. The data protection authority in the UK is the Information Commissioner’s Office (ICO) and for Switzerland it is the Federal Data Protection and Information Commissioner (FDPIC).

16. HOW TO EXERCISE THESE RIGHTS

If you have any questions, you want to confirm what personal data we process or if you wish to exercise one of your rights, please contact us at legal@tracegains.com. Reasonable access to your personal data will be provided at no cost to you upon submitting a request to legal@tracegains.com within one month of acknowledgement of the request.  We may require that you provide additional personal data to exercise these rights, e.g. information necessary to prove your identity. If we cannot fulfill your request within one month, we will inform you about an expected data on which the information will be provided.

17. QUESTIONS OR COMPLAINTS

If you have any questions about our privacy practices or believe that we have infringed your rights, we encourage you to contact us directly at: TraceGains 12303 Airport Way, Bldg. I Suite 180, Broomfield, CO 80021, United States Privacy@tracegains.com DPO: our EU Data Protection Officer may be contacted at t.howard@dpoconsultancy.nl. Users that reside in the EEA, Switzerland, or the UK have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. You can find the relevant  data protection authority name and contact details for the EEA here, for the UK here and for Switzerland here.

18. YOUR CHOICES

In your account, you have the option to set your settings a certain way. Please have a look at this so the account is set up to your preferences.

19. CHANGES TO OUR PRIVACY STATEMENT

We may change this Statement from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your acknowledgement of these changes, or use of the services following notice of any changes (as applicable) indicates your acceptance of any changes.

Pin It on Pinterest