PRIVACY POLICY

Effective Date: July 11, 2023

This Privacy Policy (“Policy”) is here to help you understand how we collect, use, disclose, and process your personal data. We also describe your choices and rights with respect to how we process your personal data. Please read this Policy carefully.

WHO WE ARE

This is the Policy of TraceGains, Inc. (“TraceGains,” “us,” “our,” or “we”), a Delaware corporation with offices at 12303 Airport Way Building I, Suite 180, Broomfield, CO 80021. You can contact us using the information below.

APPLICABILITY

This Privacy Policy applies to our “Services,” which include our websites that link to/post this Privacy Policy, including any subdomains or mobile versions (the “Site(s)”), mobile applications (the “Mobile App(s)”), and our “Gather” marketplace (“Gather”) and its Terms of Use (“Terms of Use”), and ‘software-as-a-service’ platform (collectively, the “Platform”).

AGREEMENT

This Policy is incorporated into the Terms of Use governing your use of any of our Services. Any capitalized terms not defined in this Privacy Policy will have the definitions provided in our Terms of Use. Furthermore, in addition, when visiting or using certain Services owned or operated by TraceGains, you shall be subject to any posted agreements, policies, guidelines, rules or other terms of service. All such agreements, policies, guidelines, rules or terms of service may be amended by TraceGains from time to time in its sole discretion, are hereby incorporated by reference into this Privacy Policy. It is your responsibility as the user to review this Privacy Policy periodically.

Following notice to you or your acknowledgement of this Privacy Policy (including any updates), your continued use of any of our Services indicates your acknowledgement of the practices described in this Policy.

THIRD PARTIES

TraceGains is revolutionizing information exchange across the supply chain by connecting TraceGains customers with their suppliers (collectively, the “Clients”). TraceGains delivers full-service supplier, compliance, and regulatory document management services. Our solutions address the unique needs of the food and beverage industry by connecting partners, collecting critical documents, and capturing data to predict and reduce risk. In each case, we provide a platform for use by Clients, and this Policy reflects the data processed and activities undertaken through our Services. However, the Policy does not apply to the Client’s own uses of your data, including processing they may choose to undertake that is not described in, or different from, this Policy.

This Policy also does not apply to information processed by other third parties, for example, when you visit a thirdparty website or interact with third-party services, unless and until we receive your information from those parties. Please review any third parties’ privacy policies before disclosing information to them. See our list of third parties for more information regarding our sources and recipients of personal data.

COLLECTION AND USE OF PERSONAL DATA

Data We Collect

We collect and process the following types of information, including data that relates to identified or identifiable individuals (“Personal Data”) (note, specific Personal Data elements listed in each category are only examples and may change):

Identity Data
Personal Data about you and your identity, such as your name, username, company affiliation and title, and other Personal Data you may provide on applications, registration forms, or as part of an account profile.

Contact Data
Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or communications platform usernames/handles, as well as a name or other salutation.

Transaction Data
Personal Data we collect in connection with a transaction or purchase, such as subscription information, price, and other similar information.

Payment Data
Information such as bank account details, payment card information, and information from credit reference agencies, including similar data defined in Cal Civil Code § 1798.80(e).

Professional Data
Personal Data relating to your employment or profession.

Device Data
Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.

Inference Data
Inferred data created from the analysis of or related to Personal Data, e.g. individual predispositions, characteristics, behaviors, and attitudes.

Custom Content
Information that a user provides in a free text or other unstructured format, or in custom fields created by a Client; this may include Personal Data to the extent provided by the user.

Processing of Personal Data

 Account Registration; Subscriptions
Clients and users may register and create an account (or Client administrators may create accounts on behalf of users) in order to use our Services. If you choose to register, we will process Identity Data, Professional Data, Device Data, and Contact Data. We may also collect certain Custom Content from you, for example, in free-form fields, questionnaire responses, file uploads, user bios, or similar account features/functions.

We use this Personal Data as necessary to create, administer, maintain, and provide you with important information about your account, and to otherwise provide the Services, the features Clients, Supplier, or their users’ request, as well as for our Business Purposes (described below). Where allowed by law, we may also process such Personal Data as described in the Marketing Communications section below.

Additionally, if you subscribe to our Platform, create your account with the Site and Services, or pay an invoice through the Services, we (or our unaffiliated service providers and payment processors) may process Identity Data, Contact Data, Device Data, Payment Data, and Transaction Data in connection with generation and payment of an invoice or subscription payment, to detect fraud and secure the transaction, and for other appropriate Business Purposes. Our unaffiliated third-party payment and subscription management service provider(s) manage your subscription with us analyze any upgrades to the Site and Services you select and may utilize the aforementioned data to deliver the same.

*ChargeBee and us do not store any payment card or other electronic payment data information; instead, upon your selection to add upgrades to the Site and Services, that information is shared with Stripe for your payment method to be linked with Stripe and payment is thereafter processed to confirm the purchase of the upgrades and continued access to and use of the Site and Services. For an abundance of clarity and the avoidance of doubt, (i) we do not have a direct relationship with the Payment Processor’s financial institution; and (ii) you agree that by utilizing any third-party processing or subscription management entity through the use of the Site and Services, you agree to. 

Gather Marketplace
If you use Gather, we may collect the information specified above in the Account Registration and Service Use sections, as well as the Cookies and Similar Technologies section below. Additionally, we may process supplemental Identity Data, Usage Data, Device Data, and Professional Data associated with your use of Gather. For example, we may collect information relating to the Clients, Suppliers, products, industries, or other content you view when you use of Gather, or interact with other Clients, Suppliers, or users. If you provide shared documents, we may also collect certain Custom Content. Additionally, we may create certain Inference Data, for example, to understand the types of products or industries you and other users in your organization are interested in, or information about your organization that may be of interest to others.

We use this Personal Data primarily to operate, administer, maintain, and otherwise provide an operate Gather. Additionally, we use this data to assess trends, suggest products, Suppliers, or Clients that may be of interest to you or others in your organization, to count product/profile/content views, and to develop other similar metrics. In some cases, we may advertise Supplier and buyer products or services to users, in which case, we will collect information and create reports relating to the advertiser and the product/service advertised, as well as Identity Data, Professional Data, and other Personal Data relating to the user or Client viewing the advertisement. We may prepare and disclose aggregated reports relating to advertisement or company page views (e.g. viewer industry, view count, etc.) In some cases (subject to user account permissions and controls), we may also disclose to advertisers certain Personal Data of users who view Client/Supplier advertisements, posts, or pages. Personal Data we collect in connection with Gather may also be used in connection with marketing communications (where allowed by law) and for our general Business Purposes.  

Service Use
Users may access, view, and engage with certain areas of our Services, including but not limited to support communities and message boards. When you participate in these Services, we process certain Personal Data, which typically includes Identity Data, Contact Data, and Custom Content that may be provided. Any materials you choose to share on such public areas of the Services are public and non-confidential.

Depending on the service in use, we may use Identity Data and Contact Data as necessary to enable posts and communications on the Platform or our public Services. Subject to Your Rights and Choices, we may also use Identity Data in connection with marketing communications, as part of our efforts to improve our Services, and for our other Business Purposes.

Application Data
Clients may submit inquiries, company and product information, requirements, and offerings through our Services. When you submit an data relating to either a Supplier or Customer, or related product, we process certain Personal Data, which typically includes Identity Data, Professional Data, and Contact Data, and if requested by the Client, Custom Content (“Application Data”).

We use all Application Data as necessary to provide our Services to the Clients, including in connection with the assessment of applications and prospective applicants, to operate the Platform, and as necessary to create, maintain, and provide you with important information about your account and the products and services you may be offering as a Supplier or soliciting as a Customer. Subject to Your Rights and Choices, we may also use Identity Data, Contact Data, and Custom Content: (i) in connection with the maintenance of Client records; (ii) to provide marketing or other communications between customers and suppliers; and (iii) for our Business Purposes.

Workspaces, Client Comments, Messaging & Custom Content

We process Identity Data, Contact Data, and if provided, Custom Content when you use our Services to fill out forms relating to products offered or sought, message a Client, or if you otherwise submit any Custom Content (e.g. on a comment board or other free form content submission form).

We use Identity Data and Contact Data as necessary to carry out the processes you request. Subject to Your Rights and Choices, we may also use Identity Data to improve our Services and, on behalf of the Client, we may make certain Custom Content and Identity Data contained in Client profiles available on our site for viewing by other Clients, and we may process Identity Data and Contact Data in connection with marketing communications, as well as for our Business Purposes.

Note: We do not screen messages, comments, or other postings for personal or inappropriate content.

Mobile Apps
If you use our Mobile Apps in connection with our annual conference (“Together”), we may process certain Personal Data, which typically includes Identity Data, Contact Data, and Device Data. Note, you may also be able to view other attendees, connect on social media, and receive additional speaker information through our Mobile App.

On behalf of the Clients, we process the Identity Data, Contact Data, and Device Data as necessary to deliver the Service and fulfill your requests. Subject to Your Rights and Choices, we may use the Identity Data, Contact Data, and Device Data to improve our services and for our Business Purposes.

Cookies and Similar Technologies
We, and certain third parties, may process Device Data when you interact with cookies and similar technologies. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.

In connection with our legitimate interests in providing and improving the user experience and efficiency of our Services, and understanding information about the devices and demographics of visitors to our Services, we use this information (i) for “essential” or “functional” purposes, such as to enable various features of the Services such as your browser remembering your username or password, maintaining a session, or staying logged in after a session has ended; and (ii) for analytics and site performance purposes, such as tracking how the Services are used or perform, how users engage with and navigate through the Services, what sites users visit before visiting our Services, how often they visit our Services, and other similar information.

Additionally, in some cases (and subject to your consent where required by law), we may collect and process certain information about use of the Platform (e.g., feature use, navigation, or Platform performance) by you or the Client/Supplier/Customer’s on whose behalf you use the Platform (“Personal and Company Analytics Data”). We may associate the Personal and Company Analytics Data with your Registration Data and data relating to the relevant Client/Supplier/Customer. We use Personal and Company Analytics to understand how users and Clients/Suppliers/Customers use the Platform, provide you with customer service and support, and to otherwise improve the Platform. Note, if we do associate Personal and Company Analytics with your Registration Data, we may still derive aggregate statistics from it to assess the use by Clients/Suppliers/Customers. We use a third party to collect and process Personal and Company Analytics Data, and we may make such data available to our personnel with a need to know such information in connection with support requests.

Note: Some of these technologies can be used by third parties to identify you across platforms, devices, sites, and services; however, we do not permit Personal and Company Analytics Data nor the associated Registration Data to be used except in connection with our Platform. Clients may also have access to information, such as reports and analytics, generated through these Services.

Marketing Communications
We may process Identity Data and Contact Data in connection with email marketing communications, including (i) on behalf of Clients, when you register for an account, and choose to enroll, or are enrolled by the Client, to receive marketing communications; (ii) on behalf of Clients, when you open or interact with, a Client’s electronic marketing communications; (iii) on our own behalf when you contact us directly, or express an interest in our products and services; and (iv) on our own behalf when you open or interact with our marketing communications.

We use Identity Data and Contact Data as necessary to provide marketing communications, and consistent with our legitimate business interests, we may send you marketing and promotional communications if you sign up for such communications or purchase services from us. See Your Rights and Choices, below, for information about how you can limit or opt out of this processing. 

Additional Processing
If we process Personal Data in connection with our Services in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated when you provide it.

GENERAL PURPOSES & BASES FOR PROCESSING PERSONAL DATA

In addition to the specific processing purposes described above, we typically process Personal Data for several general “Business Purposes” related to the day-to-day operation of our business. For example, we process your Personal Data as necessary:

• to fulfill our contractual or pre-contractual obligations to you and to provide our Services;
• in connection with our legitimate interests in providing, improving, and securing the Services;
• to create aggregated data about our Services; and
• to comply with the law, and in the public interest.

Please see below for more information regarding the purposes for which we process your Personal Data for “Business Purposes.”

Contractual Necessity; Service Provision

We process any Personal Data as is necessary to provide the Services, and as otherwise necessary to fulfill our contractual obligations to you, e.g. to provide you with the information, features, and services you request. Similarly, we may process payment in relation to billing, invoicing, payment, and other account management functions.

Our Legitimate Interests and Internal Business Purposes

We may process Personal Data (and we may create related Inference Data or other Personal Data), as appropriate in connection with our legitimate interests in carrying out common business functions, e.g.:

• improving or optimizing the design and functionality of our Services;
• to develop new features or services;
• to personalize the Platform or Services, display, UI/UX elements, or other features of the Services for specific Clients, Suppliers, and their users;
• for customer service purposes;
• to assess compliance with our Terms of Use, license/subscription requirements, or applicable law;
• for internal reporting and modeling, e.g. to understand what parts of our Services are most relevant to users, how users interact with various aspects of our Services, how our Services perform or fail to perform, etc.;
• to detect, prevent, and respond to information security risks to the Services or users, e.g. through the creation and analysis of access logs and other relevant metadata, analysis of network traffic, device patterns and characteristics, and similar processing; and
• to detect and mitigate fraud, and otherwise monitor and ensure the security, availability, and stability of the Services.

Aggregate Data

We process Personal Data as necessary in connection with our legitimate interests in the creation of aggregate analytics relating to how our Services are used, the products and services our users purchase, to create service delivery metrics, and to create other reports regarding the use of our Services, demographics of our Users, and other similar information and metrics. The resulting aggregate data will not contain information from which an individual may be readily identified.

Transactional Communications

To respond to communications, reach out to you about your use or our provision of our Service, your account, to provide other relevant notifications or information, or request information or feedback. From time to time, we may use your Personal Data to send important notices, such as communications about purchases and changes to our terms, conditions, and policies, or other information that relating to the Service to which you are subscribed or that you use.

Non-Personal Data

This refers to information that does not by itself identify a specific individual. We gather certain information about you based upon where you visit, purchase, and/or use of Site and Services in several ways. This information is compiled and analyzed on both a personal and an aggregated basis. This information may include the Web site’s Uniform Resource Locator (“URL”) that you just came from, which URL you next go to, what browser you are using, and your Internet Protocol (“IP”) address. A URL is the global address of documents and other resources on the World Wide Web. An IP address is an identifier for a computer or device on a Transmission Control Protocol/Internet Protocol (“TCP/IP”) network, such as the World Wide Web. Networks like the Web use the TCP/IP protocol to route information based on the IP address of the destination. In other words, an IP address is a number that is automatically assigned to your computer whenever you are surfing the web, allowing web servers to locate and identify your computer. Computers require IP addresses in order for users to communicate on the Internet. Further, purchasing Applications for mobile devices as an aspect of the Site and Services may involve access to the same information if/when it is demanded and tracked.

Security, Safety, and Fraud Prevention

To protect our Users, individuals, our employees and Company, for loss prevention, to enforce our Terms of Use or Subscription Agreement, and to prevent fraud.

Corporate Activity

We may process Personal Data as necessary to carry out actual or prospective corporate transactions, e.g. as part of corporate restructuring, mergers, acquisitions, and other similar administrative purposes, including related due diligence.

Compliance and Public Interest

We may also process any Personal Data as necessary to comply with our legal obligations, such as: where you exercise your rights under applicable law; for the establishment and defense of legal claims; where we must comply with our legal obligations; lawful requests from government or law enforcement officials; or as may be required to meet national security or law enforcement requirements, or to prevent illegal activity. We may also process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent allowed under applicable law.

Other Processing of Personal Data

If we process Personal Data in a context not described in this Privacy Policy, this Privacy Policy will still apply generally (e.g. with respect to individuals’ rights and choices) unless otherwise stated when you provide it.

Notices to Opt-Out of Retention of Personal Data

If TraceGains collects Personally Identifiable Information (Personal Data) under the GDPR from citizens of the European Union, or citizens governed under the applicable laws of the United States of America, or other jurisdictions in which users are operating and utilizing the Services (Data Subjects), it shall provide notice to the Data Subjects, compliant to legal transparency principles. TraceGains will only process data on an approved legal basis in accordance with such laws. When consent is used as a legal basis it will be collected in such form as reasonably specified by TraceGains hereunder. TraceGains may retain Personal Data for the time periods required by law; provided, however, Data Subjects have the right to opt-out of having their personal information retained and processed by TraceGains. TraceGains does not have any control over third parties retaining, processing, or selling your personal data; hence, you are subject to the opt-out provisions in the terms offered by those third-party vendors.

Should a user choose to opt-out of TraceGains possessing Personal Data, the user is required to take action with notice provided to, and the written, electronic consent obtained from, each individual Data Subject to opt out, which shall be tendered to TraceGains by the user; otherwise, TraceGains will not have any knowledge to take action. Please submit a written request to: privacy@tracegains.com. You can also reach TraceGains by using the contact information set forth in this policy.

In cooperation with a Data Subject’s rights, TraceGains shall, taking into account the nature of the processing, provide reasonable assistance to Data Subjects insofar as this is possible, to respond to requests from a Data Subject seeking to exercise their rights under the applicable and related data protection laws. In the event that such request is made directly to TraceGains, TraceGains shall notify the Data Subject as soon as reasonably practicable.

Notwithstanding the foregoing and for the avoidance of doubt, TraceGains will not be considered as a Data Processor or Data Controller (or any derivative thereof) to the extent any use of the Platform involves the submission of online forms, communication between users and third parties on the Platform, or user comments on documents/workspaces, etc. within the Platform. If any of that information is Personal Data embedded on the Platform, any requests to optout of TraceGains possessing that data will not be attended to because that data is not able to be removed by TraceGains. Users can create groups and then assign or create new users within their own group on the Platform; hence, those suggestions may involve data embedded in groups that can remain or be added later by the administrative user of that formed group on the Platform. TraceGains is not able to have access to remove that data from those individual instances and is neither controlling nor processing it; thus, that Personal Data is not considered to be in TraceGains’ possession; therefore, any such TraceGains accepts no liability arising out of or related to third-party claims for that Personal Data remaining on the Platform that TraceGains cannot access or change. Users must ensure they have the right to post that third-party’s Personal Data and users possess the right to remove that Personal Data; thus, users agree to indemnify, defend, and hold harmless TraceGains from any such third-party claims arising out of or related to the same. 

DATA SHARING

Generally

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer Personal Data to the following categories of recipients:

Clients:
We process data on behalf of Clients and may share your Personal Data with Clients to the extent such information was provided to us for processing on the Client’s behalf. For example, any forms, applications, messages, or other material may be processed by us for Clients, and all Personal Data processed on behalf of the Client may be available to the Client and its users. These parties may engage in direct marketing, or other activities that are outside our control.

Users:
In some cases, information may be shared with other users, for example, in connection with our collaboration or messaging tools, or as part of the Gather Marketplace (e.g. when users view pages, advertisements, or other pages/content on Gather, subject to applicable privacy options/controls).

Service Providers:
In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers or sub-processors who provide certain services or process data on our behalf.

Affiliates:
In order to streamline certain business operations, develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Corporate Events:
Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Legal Disclosures:
In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, or in the vital interests of us or any person.

Note: These disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

YOUR RIGHTS & CHOICES

Your Rights

To the extent required under applicable law, and subject to our rights to limit or deny access/disclosure under applicable law, you have the following rights in your Personal Data. You may exercise your rights by contacting us at the address below.

Access:
You may receive a list of your Personal Data that we process to the extent required and permitted by law.

Rectification:
You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Service via your account settings menu.

Erasure:
To the extent required by applicable law, you may request that we delete your Personal Data from our systems.

Data Export:
To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.

Direct Marketing:
Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. This request must be written, signed, and mailed to us.

Regulator Contact:
You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.

We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity.

Your Choices

It is possible for you to use some of our Services without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process:

Consent:
If you consent to processing, you may withdraw your consent at any time, to the extent required by law.

Direct Marketing:
You have the choice to opt-out of or withdraw your consent to processing related to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.

Cookies & Similar Tech:
If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu, or through tools or interfaces that allow for the management of cookies and similar technology that we may make available on the Site or Platform from time to time. You may be required to opt out of third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Service, the Google Privacy Policy, or Google Analytics Opt-out. To learn more about how to opt out of Google’s use of cookies, visit Google’s Ads Settings, here. Please note, at this time, our Service does not respond to your browser’s do-not-track request.

Other Processing:
You may have the right under applicable law to object to our processing of your Personal Data for certain purposes. You may do so by contacting us re: data rights requests. Note that we may not be required to cease processing based solely on an objection.

Note Regarding Clients’ Data

TraceGains is a processor of Personal Data in our Clients’ possession. We may notify Clients of your data rights requests; however, we may be unable to directly fulfill rights requests regarding Personal Data unless we control or have the necessary rights of access. TraceGains may not have access to or control over all or some Personal Data controlled by Clients. Please contact the Client directly for data rights requests regarding Client-controlled information, and we will assist the Client as appropriate in the fulfillment of your request. Please note that, to the extent we make interfaces available for you to directly control your data, these will take effect only with respect to the data on our Service, and Clients may have additional copies of this information that is outside of our control.

SECURITY

We follow and implement reasonable security measures to safeguard the Personal Data we process, however we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure. We sometimes share Personal Data with, or process data on behalf of third parties, as noted above. While we may require our service providers to follow certain security practices, we do not have control over and will not be liable for third parties’ security processes.

ANALYTICS AND COOKIES

Google Analytics is a Google tool that we use for web analysis and allows us to understand how Users engage with our website and other sites. Google Analytics may use cookies to collect non-Personal Data. For more information on Google Analytics, please visit www.google.com/policies/privacy/partners/. Cookies are small bits of information cached or stored on a computer, mobile or other device of a user for record keeping purposes. Cookies allow us to distinguish between the various web store visitors, and handle your orders correctly. Cookies may be used for many purposes, including, but not limited to: remembering you and your preferences and tracking your usage in order to improve the service; can measure how our website is used and how to improve it; recognizing which device you use when you’re visiting the Site; showing you advertisements and recommendations based on your interests; or register (or have registered) how often an advertisement is displayed, to better let the advertisements meet your needs and interests and prevent you constantly seeing the same advertisement. Cookies themselves do not typically contain any Personal Data. We may analyze the information derived from these cookies and other technological tools we employ to make improvements and in keeping with observed User preferences. They allow us to remember useful information, which allows certain functionality within any TraceGains applications or the Site to work, for example, remembering if you’ve logged in. Most web browsers automatically accept cookies; however, you can usually change your browser settings to refuse all cookies or indicate when a cookie is being sent. If you choose to disable cookies, some parts of the Sites may not function properly or may be considerably slower, or there may be some features that will not be available to you.

As well as cookies, we use web beacons, tracking pixels and JavaScript. These are standard Internet technologies that, together with cookies, ensure our web server can collect information about your visit to the Site and use this information. When referring to “cookies”, we mean cookies plus other technologies. We don’t have to request your permission to set up and read certain cookies. This applies to:

• Cookies that allow you to communicate via the internet;
• Cookies that are required for using the functionality of the website;
• Analytical cookies that have little or minimum impact on your privacy. 

DATA RETENTION

We retain Personal Data for so long as it remains relevant to its purpose, and in any event, for so long as is required by law. As we process Personal Data on behalf of Clients, we may retain information for the periods requested by the Client or delete information at the Client’s request. We will review retention periods periodically, and if appropriate, we may pseudonymize or anonymize data held for longer periods.

DATA STORAGE

At any of our Site and Services, you can be assured that your Personal Data is secure, consistent with current industry standards. The importance of security for all Personal Data associated with our user is of utmost concern to us. Your Personal Data is protected in several ways. Access by you to your Personal Data is available through a password and unique customer ID selected by you. This password is encrypted. We recommend that you do not divulge your password to anyone. In addition, your Personal Data resides on a secure server that only selected Company personnel and contractors have access to via password. We encrypt your Personal Data and thereby prevent unauthorized parties from viewing such information when it is transmitted to us.

Personal information that you provide that is not Personal Data also resides on a secure server and is only accessible via password. Since this information is accessible from outside Company, you will be asked to select a password in order to view or modify such information.

In order to most efficiently serve you, credit card transactions and order fulfillment are handled by established third party banking, processing agents and distribution institutions. They receive the information needed to verify and authorize your credit card or other payment information and to process and ship your order.

Unfortunately, no security system or data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. Accordingly, we cannot guarantee the security of your personal information and cannot assume liability for improper access to it. The internet is not a secure medium and you acknowledge and agree that the privacy of your e-mail communications and Personal Data can never be guaranteed as any email communication, order, purchase, or posting may be lost, intercepted, altered, or hacked. As a result, while we strive to protect your Personal Data, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party. Moreover, as indicated above, you are subject to the privacy and data security terms and conditions of third parties when you access those sites and engage in any monetary transactions through the use of those third parties, even if there is a business relationship or business affiliation with Company.

Further, in the event any of our Site and Services are connected in any way to “hyperlinks” to other websites, you acknowledge and agree that Company makes no representation, warranty, covenant, or claim regarding Company, and Company expressly disclaims and denies any responsibility or liability for, directly or indirectly, the privacy practices on any third-party website or resources accessible by hyperlink form from any of our Site and Services. You agree that the inclusion of any such hyperlink does not suggest, represent, warrant, covenant or imply that Company monitors, endorses, or exerts any control over such Site and Services whatsoever. You agree that Company provides these hyperlinks to you, if any, only as a convenience, and the inclusion of any hyperlink does not suggest, represent, warrant, covenant or imply affiliation, endorsement, ownership, or adoption by Company of any such website or linked resource whatsoever.

MINORS

Our Services are intended for use by Clients and are neither directed at nor intended for direct use by individuals under the age of 16. Further, we do not knowingly collect Personal Data directly from such individuals. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.

INTERNATIONAL TRANSFERS

We operate and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. If you are in the EEA/Switzerland/UK, your Personal Data may be transferred to the U.S. on one of the following bases:

• Standard Contractual Clauses (e.g. Personal Data relating to our Client).
• Binding corporate rules (e.g. data processed by a subprocessor or other vendor under a BCR agreement).
• Pursuant to the derogations provided under applicable law (e.g. consent or necessity to provide the services, e.g. where users that access the system to provide information to Clients).
• Pursuant to other adequacy mechanisms (e.g. where transfers are within the EEA or to other justification subject to an adequacy decision).

If you would like additional information regarding the specific transfer mechanism applicable in the context of transfers of your personal data, please contact us.

CHANGES TO OUR PRIVACY POLICY

We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your acknowledgement of these changes, or use of the Services following notice of any changes (as applicable) indicates your acceptance of any changes.

CONTACT US

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us by sending a letter to:

General Inquires:
legal@tracegains.com

Physical Address:
TraceGains, Inc.
12303 Airport Way Building I, Suite 180,
Broomfield, CO 80021

LIST OF THIRD PARTIES

Unaffiliated Parties and Partners

The following is a list of unaffiliated third parties with whom we may share data, or which may engage in processing:

Asana – receives data for internal project management

Avalara – receives data for tax compliance purposes

Calendly – receives data for appointment scheduling

ChargeBee – independent billing and accounting management

Conga – receives data for document drafting and management

Demandbase – receives data for customer insight, records management, and marketing

DocuSign – receives data for document management

Dropbox – receives data for document storage

FileZilla – receives data for document transfer and storage

Google Analytics – shares data with us for usage analytics

GTR – shares and receives data regarding Together

Hive Digital Strategy – receives data to optimize our service and customer experience

Hotjar – receives data to optimize our service and customer experience

Hubspot – receives data for customer records management and marketing

InsideView – receives data for customer records management

MeetingOne Adobe Connect – receives data for hosted webinars and training sessions

Microsoft – receives data for hosted services and through Office 365

NetSuite – receives data for customer invoicing

ON24 – receives data for hosted webinars and training sessions

Owler – receives data for customer records management

Pendo – shares and receives data for usage analytics

Rocket Reach – receives data for customer records management

Salesforce – receives data for customer records management

SalesLoft – received data for customer records management and marketing

Sales Navigator – receives data for customer records management, marketing, and sales

Seamless.AI – receives data for customer records management

SEMrush – shares data with us for usage analytics

Sendoso – receives data for customer records management and marketing

Sharekits – receives data for customer records management and marketing

Sprout Social – shares data with us for engagement analytics

Stripe – independent payment processor

Survey Monkey – receives data for surveys

Thought Industries – receives data for online knowledgebase and support request management

VisionE – receives data for location mapping

Wistia – receives data for video hosting, storage and viewing

ZenDesk – receives data for support request management

*Note that this list may not always reflect the most recent third-party sharing agreements and may be subject to change.

INTERPRETATION

We do not intend and are firm this Privacy Policy does not create or confer upon any individual any rights, or impose upon Company any obligations, in addition to any rights or obligations imposed by the United States of America’s applicable federal and state privacy laws. Should there be any inconsistency between this Privacy Policy and U.S. applicable federal and state privacy laws, of the General Data Protection Regulation 2016 (as amended) (the “GDPR”), the UK Data Protection Act (the “UK Act”), or other applicable laws and regulations that relate to the protection and processing of personal data and privacy, this Privacy Policy will be interpreted to comply with the applicable privacy laws. We do not represent or warrant that the services, or any part of the services, are appropriate or available for use in any particular jurisdiction. Those who choose to access the Services do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. We may limit the services’ availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion, including but not limited to update compliance obligations with data protection and privacy. The Company abides by the safe harbor framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information collected from foreign countries to the extent such information is collected; nevertheless, it is not a business practice of TraceGains to collect, sell, or purchase such information.