Privacy Policy—EU, UK, Switzerland
Effective Date: July 26, 2024
Version number: 2024-07
INTRODUCTION
We strive to protect the personal data that we may collect about our users, under our control and take certain precautions to help maintain the security and accuracy of the data. When you use this website, you trust us with data about you. Subsequently, you may provide us with personal data. Because your privacy is important to us, we recommend you read this privacy policy (“Privacy Policy”) so that you understand our approach towards the use of your personal data and contact us if you have any questions.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please also note the below section on our use of cookies. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
WHO ARE WE
This is the privacy statement of TraceGains, Inc. (“TraceGains,” “us,” “our,” or “we”), a Delaware corporation with offices at 12303 Airport Way, Bldg. I, Ste. 180, Broomfield, CO 80021. You can contact us using the information below.
Our subsidiaries are:
- NutriCalc with its registered office at Birchin Court, 5th Floor, 19-25 Birchin Lane, London, UK, EC3V 9DU and registered No. 08490867.
- TraceGains (UK) with its registered office at Birchin Court, 5th Floor, 19-25 Birchin Lane, London, UK, EC3V 9DU and registered No. 14894272
APPLICABLE SCOPE
This Privacy Policy applies to our “services,” which include our websites that link to/post this Privacy Policy, including any subdomains or mobile versions (the “Site(s)”), mobile applications (the “Mobile App(s)”), and our “TraceGains GatherTM” applications (“Gather”) and ‘software-as-a-service’ platform (collectively, the “Platform”).
This statement applies only to the platforms that are owned by TraceGains. We are not responsible for the privacy practices of other sites and (online) resources available on our platforms. If you have any questions about this Privacy Policy or have a complaint about the way in which we deal with your personal data you can contact legal@tracegains.com.
References in this policy to “data protection law” mean (as applicable) UK General Data Protection Regulation, the Data Protection Act of 2018, the Privacy and Electronic Communications Regulations and all related data protection legislation having effect in the United Kingdom as well as the EU General Data Protection Act, the ePrivacy Directive and all related data protection regulation that have an effect in the European Economic Area.
THE DATA CONTROLLER
TraceGains is responsible for the processing of your personal data. This means that TraceGains determines the purpose and means of the processing itself and that TraceGains is responsible for regulatory compliance, we can be reached via legal@tracegains.com.
ACQUISITION OF NUTRICALC; DATA MIGRATION FROM NUTRICALC TO TRACEGAINS
NutriCalc Limited with its registered offices at Birchin Court, 5th Floor, 19-25 Birchin Lane, London, United Kingdom, EC3V 9DU and registered No. 08490867, has been acquired by TraceGains. As such, NutriCalc is now part of TraceGains. The NutriCalc CRM data will be migrated to TraceGains CRM system. The purposes are the consolidation of the CRM systems; in order to be able to effectively and efficiently service the accounts and customers when assistance is requested.
WHAT IS PERSONAL DATA
Personal data is any information about an identified or identifiable natural person. Each piece of information with which a person can be identified, directly or indirectly, is personal data. This could be for example your name, contact details and any other information that is or can be linked to you, including, for example, email address, location information, login code, health data, bank details, etc.
What falls under processing of personal data is defined as any act or set of acts related to or performed on personal data. This could, for example, be collecting, using, transferring and saving.
METHODS OF COLLECTION—AND HOW WE USE THE PERSONAL DATA
Directly: When you contact us, attend an event, choose to provide data to us (for example by submitting a contact form via the website), use our services in any way, browse our website, when you message a client, when you submit content, engage with us on social media, submit your CV/resume and/or attend an interview.
Indirectly: We may collect personal data from publicly available data relating to your job title, education, and employment, such as registration with professional bodies, qualifications, and commercially available sources, for example, from social media sites such as LinkedIn, public job boards, trade organizations, trade events, advertisements, B2B contact databases, or other public sources.
PERSONAL DATA ELEMENTS
We process the following types of information, including data that relates to identified or identifiable individuals (Note: specific personal data elements listed in each category may change):
- Identity Data: personal data about you and your identity, such as your name, date of birth, residence address, username, company affiliation and title, and other Personal Data you may provide on applications, registration forms, or as part of an account profile.
- Contact Data: personal data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or communications platform usernames/handles, as well as a name or other salutation.
- Transaction Data: personal data we collect in connection with a transaction or purchase, such as subscription information, price, and other similar information.
- Payment Data: Information such as bank account details, payment card information, and information from credit reference agencies.
- Professional Data: personal data relating to your employment or profession.
- Device Data: personal data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.
- Inference Data: inferred data created from the analysis of or related to personal data, e.g. individual predispositions, characteristics, behaviors, and attitudes.
- Custom Content: information that a user provides in a free text or other unstructured format, or in custom fields created by a client; this may include personal data to the extent provided by the user.
- Submitted Job Application Data: your CV, resume, transcripts, and any supporting documentation attached to your resume such as copies of certificates and diplomas and other information you submit.
- Interview Related Data: obtained while conducting a phone interview, video interview, in-person interview, or interview through one of our third-party interview and recruitment service providers. Reference Check Data: such as a verification of your educational and professional background, and other relevant data subject to TraceGains policies and applicable laws.
HOW WE USE YOUR PERSONAL DATA
Our collection and/or use of personal data may include:
- To provide you with our services;
- To contact you and/or provide you with support when you have requested us to do so;
- To provide you with features, clients, suppliers or their users’ request;
- To detect fraud and secure the transaction;
- To send marketing communications, provided that you consented to this;
- Understanding the products or industries you and other users in the organization are interested in or information about your organization that may be of interest to others;
- To assess trends, suggest products, suppliers, or clients that may be of interest to you or others in your organization;
- To count product/profile/content views and develop other similar metrics;
- To advertise supplier and buyer products or services to users and consequently create reports relating to the advertiser and the product/service advertised, provided that you consent to this.
- To prepare and disclose aggregated reports relating to advertisement company page views;
- To disclose to advertisers certain Personal Data of users who view client/supplier advertisements, posts or pages, when consented to show such advertisements;
- To enable posts and communications on the Platform and our public services;
- To optimize and improving our services;
- To provide our services to the clients, including in connection with the assessment of applications and prospective applicants;
- To operate the Platform;
- To provide you important information about your account and the products and services you may be offering as a supplier or soliciting as a customer;
- To maintain client records;
- To carry out the processes you requested;
- To make certain data available contained in profiles on our website for viewing by other clients (on behalf of the client);
- Maintenance of our services and website;
- To communicate with you in the context of a job application, planning an interview/conversation and sending you such invitations;
- To review the personal data that you provided in the context of a job application;
- To share information with our internal staff members, for example, in the context of job application purposes.
LEGAL BASES FOR PROCESSING
We will only process your personal data when we have a lawful basis for doing so. There are various legal bases which we can rely upon which include:
- Consent: This will typically be the case where you have opted-in to receiving marketing communications from us. If consent is the legal basis, then, you are always permitted to revoke your consent at any time. In order to do so, please send an email to legal@tracegains.com.
- Legal obligations: in certain causes we need to process information in order to comply with our own legal obligations, for example for tax purposes or when we are requested to provide information to governmental authorities.
- Performance of a contract: some processing is necessary to fulfil a contract that we have with you. For example, when you place an order or subscribe to one of our services. Another example would be to provide you, a job applicant, with an employment contract and pay salary.
- Legitimate interests: sometimes we will process your personal data when we have a legitimate interest as long as these interests are not overridden by your data protection rights. Our legitimate interests include but not limited to:
- Contacting you when you have requested us to do so;
- Contact you about products and/or services that you have previously purchased from us and are similar to what you have purchased,
- Making sure that our services are secure and operate effectively;
- Improving or optimizing the design and functionality of our services;
- For internal reporting and modeling (e.g. to understand what parts of our services are most relevant to users, how users interact with various aspects of our services, how our services perform or fail to perform, etc);
- To respond to your questions and/or requests;
- To reach out to you about your use or our provision of our service, your account, to provide other relevant notifications or information;
- To detect, prevent, and respond to information security risks to the services or users (e.g. through the creation and analysis of access logs and other relevant metadata, analysis of network traffic, device patterns and characteristics, and similar processing);
- To detect and mitigate fraud, and otherwise monitor and ensure the security, availability, and stability of the services;
MARKETING COMMUNICATIONS/NEWSLETTER
You can subscribe to the newsletter of TraceGains via https://tracegains.com#newsletter. Through the newsletter we keep you informed with news about our company and relevant offers. In every newsletter that you receive, there is a link with which you can unsubscribe from receiving this newsletter.
DATA DISCLOSURE
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally disclose personal data to the following categories of recipients:
- Selected TraceGains employees: disclosure of personal data insofar as this is necessary to execute their services/work. Employees are bound by confidentiality;
- Clients: we process data on behalf of clients and may share your personal data with clients to the extent such information was provided to us for processing on the client’s behalf. For example, any forms, applications, messages, or other material may be processed by us for clients, and all Personal Data processed on behalf of the Client may be available to the client and its users. These parties may engage in direct marketing, or other activities that are outside our control.
- Users: in some cases, information may be shared with other users, for example, in connection with our collaboration or messaging tools, or as part of Gather Applications (e.g. when users view pages, advertisements, or other pages/content on Gather, subject to applicable privacy options/controls).
- Service providers: in connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers or sub-processors who provide certain services or process data on our behalf.
- Affiliates: in order to streamline certain business operations, develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
- Outside organization: the passing on and receiving of data outside of our organization. The purpose of processing your personal data may involve sharing personal data with other organizations. Insofar as there is no explicit consent or legal obligation, this exchange of information will only take place based on the execution of the agreement between you and us or when we have a legitimate interest;
- Corporate Events: your personal data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
- Legal Disclosures: in limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our terms of use, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your personal data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your personal data to such parties.
THIRD PARTIES INVOLVED
TraceGains is revolutionizing information exchange across the supply chain by connecting TraceGains customers with their suppliers (collectively, the “clients”). TraceGains delivers full-service supplier, compliance, and regulatory document management services. Our solutions address the unique needs of the food and beverage industry by connecting partners, collecting critical documents, and capturing data to predict and reduce risk. In each case, we provide a platform for use by clients, and this policy reflects the data processed and activities undertaken through our Services. However, the Policy does not apply to the client’s own uses of your data, including processing they may choose to undertake that is not described in, or different from, this Policy.
This Policy also does not apply to information processed by other third parties, for example, when you visit a third- party website or interact with third-party services, unless and until we receive your information from those parties. Please review any third parties’ privacy policies before disclosing information to them.
We use third parties to manage our Platforms. It is possible that these third parties have access to your personal data. If that is the case, we take appropriate measures to ensure that your data is adequately secured and used exclusively for the intended purposes. Your personal data will under no circumstances be sold to third parties by us. We conclude – amongst others – data processing agreements with these parties who qualify as processors to ensure that they offer the same level of protection that the law requires.
INTERNATIONAL TRANSFERS
We operate and use service providers located in the United States. Both the EU- and the UK GDPR regulate the international transfer of personal data to third-countries. If you are located in the EEA, Switzerland and/or the UK, your personal data may be transferred to the United States and the following applies:
When personal data is transferred outside of the EEA and/or the UK, and/or Switzerland by us, we make sure that the appropriate supplemental safeguards are in place to ensure an adequate level of the protection of your data in accordance with applicable laws.
Where necessary, we will (or have already) entered into standard European Commission approved model data protection clauses (Standard Contractual Clauses) for transfers from the EEA and/or the International Data Transfer Agreement Addendum for transfers from both the EEA- and the UK or the full International Data Transfer Agreement when there are solely UK data subjects involved with the contracted third parties who are located outside the EEA, so we can provide you with the required service and with our external service providers and business partners in relation to services that they may provide that involve data processing from locations outside the EEA and/or UK for which we are the data controller.
AUTOMATED DECISION-MAKING
We do not make use of automated decision-making.
SECURITY
We have taken appropriate technical and organizational measures to protect the personal data against loss or against any form of unlawful processing. We have established an information security policy and taken physical, organizational and electronic measures with due observance thereof. Your data is transmitted over secure internet connections over the internet. We contractually commit third parties who are engaged in the management and development of the Platforms to respect the confidentiality of your data. We sometimes share personal data with, or process data on behalf of third parties, as noted above. While we may require our service providers to follow certain security practices, we do not have control over and will not be liable for third parties’ security processes.
RETENTION TIME
We will keep your personal data to enable your continued use of our services, for as long as necessary in order to fulfil the relevant purposes described in this private statement or as is required by law.
YOUR RIGHTS
EU, UK and Switzerland data subjects have the following rights:
- The right of access. This means you can make a request to obtain access to the personal data concerning you;
- The right to rectification or correction of your personal data;
- The right to erasure of the personal data concerning you that is no longer needed to serve the purposes for which it was obtained, or that we do not need to keep for other legitimate purposes;
- The right to restriction of the processing. This means you can ask us to restrict the processing of your personal data in some circumstances, such as when you contest the accuracy of the personal data;
- The right to data portability. This means that you have the right to receive your personal data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- The right to object. This means you can object to our processing of your personal data and ask us to stop such processing at any time if we rely on our own or someone else’s legitimate interests to process your personal data or where we process your personal data for direct marketing purposes.
- Right to object to automated decision-making. This means you have the right not to be subject to a decision based solely on automated processing, including profiling. We do not use such automated decision-making in relation to our processing of your personal data described in this privacy statement.
- The right to withdraw your consent. If we rely on your consent for the processing of your personal data, such as with receiving our newsletters, you have the right to withdraw that consent at any time.
You also have the right to lodge a complaint with a supervisory authority. In the UK the supervisory authority is the Information Commission Office (ICO), in the EEA, this depends on the Member State, and in Switzerland, it is the Swiss Federal Data Protection and Information Commissioner (FDPIC).
HOW TO EXERCISE THESE RIGHTS
You can exercise these rights by sending us an email via privacy@tracegains.com. We may require that you provide additional personal data to exercise these rights, e.g. information necessary to prove your identity.
If you have any questions or wish to exercise one of your rights, please contact us at privacy@tracegains.com. Reasonable access to your personal data will be provided at no cost to you upon submitting a request to privacy@tracegains.com within one month of acknowledgement of the request. To confirm your identity, we might ask you to provide additional information in order to fulfill your request.
If we cannot fulfill your request within one month, we will inform you about an expected data on which the information will be provided. Furthermore, we may require more information to verify your identification before fulfilling your request.
DATA PRIVACY FRAMEWORK NOTICE
TraceGains complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. TraceGains has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. TraceGains has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, TraceGains commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding the handling of personal data received in reliance of the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact TraceGains at:
TraceGains, Inc.
Attn: Privacy
12303 Airport Way, Bdlg. I, Ste 180
Broomfield, CO 80021
Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through TraceGains’s internal processes, and in compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, TraceGains commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to VeraSafe Privacy Framework Dispute Resolution Procedure. Subject to the terms of VeraSafe Dispute Resolution Procedure, please submit the required information to VeraSafe here. These services of VeraSafe are provided at no cost to you.
Under certain conditions specified by the EU-U.S. DFP Principles and the Swiss-U.S. DPF Principles, you may also be able to invoke binding arbitration to resolve your complaint, as described in Annex I of the EU-U.S. DPF Principles and Annex I of the Swiss-U.S. DPF Principles. https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF , TraceGains commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
The Federal Trade Commission has jurisdiction over TraceGains’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DFP, and the Swiss-U.S. DPF.
The EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF describe TraceGains’s accountability for personal data that it subsequently transfers to a third-party agent. Under the DPF Principles, TraceGains shall remain liable if third party agents process the personal information in a manner inconsistent with the DPF Principles, unless TraceGains proves it is not responsible for the event giving rise to the damage.
Note that TraceGains may be required to release the personal data of EU, UK and Swiss individuals in response to legal requests from public authorities, including to meet national security and law enforcement requirements.
YOUR CHOICES
In your account, you have the option to set your settings a certain way. Please have a look at this so the account.
NOTE REGARDING CLIENTS’ DATA
TraceGains is a processor of personal data in our clients’ possession. We may notify clients of your data rights requests; however, we may be unable to directly fulfill rights requests regarding personal data unless we control or have the necessary rights of access. TraceGains may not have access to or control over all or some personal data controlled by clients. Please contact the client directly for data rights requests regarding client-controlled information, and we will assist the client as appropriate in the fulfillment of your request. Please note that, to the extent we make interfaces available for you to directly control your data, these will take effect only with respect to the data on our service, and clients may have additional copies of this information that is outside of our control.
CHANGE TO OUR PRIVACY POLICY
We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your acknowledgement of these changes, or use of the services following notice of any changes (as applicable) indicates your acceptance of any changes.
HOW TO CONTACT US
Feel free to contact us with questions or concerns using the appropriate address below.
General Inquires: privacy@tracegains.com
Physical Address: TraceGains, Inc. 12303 Airport Way, Bldg. I, Ste. 180, Broomfield, CO 80021