Trintech Inc., (“Trintech,” “Company,” “we,” “us”) respects the privacy of individuals who visit this website, www.trintech.com, (“you”).
This policy describes the types of information we may collect from you or that you may provide when you visit the website www.trintech.com (our “Website”) and our practices for collecting, using, maintaining, protecting and disclosing that information.
This policy applies to information we collect:
It does not apply to information collected by:
Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use]. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Website, including information:
We collect this information:
Information You Provide to Us
The information we collect on or through our Website may include:
The technologies we use for this automatic data collection may include:
Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices about How We Use and Disclose Your Information.
We do not collect personal Information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us.
You also may provide information to be published or displayed (hereinafter, ”posted”) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, ”User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
We may also use your information to contact you about goods and services that may be of interest to you. If you do not want us to use your information in this way, please click the link in each email to update your communication preferences. For more information, see Choices About How We Use and Disclose Your Information.
We do not rent, sell or share personal information about you with other people or nonaffiliated companies.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may also disclose your personal information:
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
Accessing and Correcting Your Information
If you delete your User Contributions from the Website, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Website users.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
We may store, process and transmit information in the United States and locations around the world – including those outside your country.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. Trintech complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States. You can learn more about Privacy Shield at https://www.privacyshield.gov.
Updated: September 6, 2017
Types of Personal Data Trintech Collects
Trintech products do not require customers to provide personal data. However, customers often upload supporting documentation that may contain personal data. In addition, Trintech collects personal data directly from customers. This collection occurs, for example, when a customer visits Trintech’s website and provides this personal data. Click here for information on the types of personal data Trintech receives through its website.
The following capitalized terms in this Policy have the following meanings:
“Agent” means any third party processor that collects and/or uses personal information provided by Trintech to perform tasks on behalf of and under the instructions of Trintech.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“Customer” means an individual customer or client of Trintech from the EU or Switzerland. The term also shall include any individual agent, representative, of an individual customer of Trintech and all employees of Trintech where Trintech has obtained Personal Data from such Individual Customer as part of its business relationship with Trintech.
“Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics. For Customers residing in Switzerland, a Data Subject also may include a legal entity.
“Employee” means an employee (whether temporary, permanent, part-time, or contract), former employee, or job applicant of Trintech or any of its affiliates or subsidiaries, who is also a resident of a country within the European Union or Switzerland.
“Europe” or “European” refers to a country in the European Union.
“Personal Data” are data about a Data Subject that personally identifies or may be used to personally identify such person within the scope of the Directive 95/46/EC, received by an organization in the United States from the European Union or Switzerland, and recorded in any form. “Personal Data” or “Personal Information” does not include data that is de-identified, anonymous, or publicly available. For Switzerland, the term “person” includes both a natural person and a legal entity, regardless of the form of the legal entity.
“Personal Information” means Personal Data and Sensitive Personal Information.
“Processing” of personal data means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Sensitive Personal Information” means personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual or Personal Information received from a third party that is identified and treated as sensitive by the third party.
“Services” means the services provided by Trintech to its Customers under an applicable agreement with Trintech, including but not limited to account reconciliation, intercompany reconciliation, journal entry, regulatory and financial reporting and compliance.
“Third Party” means any individual or entity that is neither Trintech nor a Trintech employee, agent, contractor, or representative.
3. Processing of European and Swiss Personal Data
As aforementioned, certain Customers of Trintech may in fact pay additional fees to upload Personal Information that may be received by Trintech as part of its Customers’ use of the Trintech Services. Specifically, Customers may upload files containing Personal Information via secure file transfer protocol (SFTP) via an SFTP server that systematically takes such files from the SFTP server and inputs it to the Customer application under the Services. The applications provided under the Services do not use Personal Information of Customer (or their customers), but Customers may upload files containing Personal Information to the file system within the Trintech Services as supporting documentation. Any Processing by Trintech of Personal Information under the Trintech Services provided to Customers adheres to the foregoing process.
As the Services are provided through hosting services providers, such uploaded Personal Information may be provided through Trintech’s service providers and suppliers (Agents) for the sole purpose and only to the extent needed to support the Customers’ business needs under the Services. These service providers and suppliers are required to keep confidential Personal Information received from Trintech and should not use it for any purpose other than originally intended. In case of data transfers to Third Parties acting as Controllers the affected individuals will be informed about the transfer and the underlying purposes respectively.
4. Privacy Principles
Trintech adheres to the Privacy Shield Privacy Principles for the collection, use, and retention of such Personal Information from European Union member countries and Switzerland. A detailed description of the EU-U.S. Privacy Shield Principles can be found on the U.S Department of Commerce website at https://www.privacyshield.gov/EU-US-Framework.
As a general rule, Trintech does not collect any Personal Information from its Customers; however, its Customers are provided the capability under the Services mentioned in Section 2 above to upload Personal Information as a supporting file for Customer use under the Services. In such circumstances, the Personal Information is either masked before it is received by Trintech, or otherwise encrypted. Where a Trintech Customer has uploaded a supporting file to Trintech that contains any Personal Information, Trintech may exchange such Personal Information between various subsidiary companies and their operations, worldwide, all as necessary to provide the application Services requested by its Customers from Trintech or for general administrative purposes. Trintech may also use facilities, Employees or contractors worldwide to process or back-up information or to provide certain services to Trintech. Where a European or Swiss Customer of Trintech has uploaded a supporting file to Trintech that contains any such Personal Information, or Trintech receives it from its European affiliates, such Customer or the respective European affiliate will inform those individuals about the purposes for which it collects and uses such Personal Information about them; the transfer to Trintech in the U.S., the types or identity of third parties acting as controllers to which Trintech discloses that Personal Information, the purposes for which it does so; and the choices and means offered by Trintech for limiting the use and disclosure of their Personal Information, and about the right of individuals to access their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to Trintech, or as soon as practicable thereafter, and in any event before Trintech uses the information for a purpose other than that for which it was originally collected or discloses it for the first time to a third party.
Trintech will work with its Customers to address such Customers’ providing their customers the opportunity to choose (opt-out) whether their Personal Information is (a) to be disclosed to a third party acting as a Controller, or (b) to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by the Customer. For Sensitive Personal Information, Trintech will give work with its Customers to ensure that its Customers’ customers have the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of their Sensitive Personal Information to (a) a third party acting as a Controller or (b) the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Trintech will work with its Customers to provide its Customers’ customers reasonable (especially clear and conspicuous, readily available) mechanisms to exercise their choices.
4.3. Accountability for Onward Transfer
Trintech will obtain assurances from its Agents that they will safeguard Personal Information consistent with this Policy and will transfer Personal Information only for limited and specific purposes. Examples of appropriate assurances that may be provided by Agents include: a contract obligating the Agent to provide at least the same level of protection as is required by the relevant EU-U.S. Privacy Shield principles, being subject to EU Data Protection Directive 95/46/EC, EU-U.S. Privacy Shield certification by the Agent, or being subject to another European Commission adequacy finding. Trintech recognizes its responsibility and potential liability for onward transfers to Agents. Where Trintech has knowledge that an Agent is using or disclosing Personal Information in a manner contrary to this Policy and/or the level of protection as required by the EU-U.S. Privacy Shield Principles, Trintech will take reasonable and appropriate steps to prevent, remediate or stop the use or disclosure.
If Trintech transfers unencrypted Personal Information to non-agent third parties acting as a Controller, Trintech will apply the Notice and Choice Principles unless a derogation for specific situations under European data protection law applies and will obtain assurance from these parties that they will provide the same level of protection as is required under the Principles.
Upon request, Trintech will work with its Customers so that its Customers’ customers have reasonable access to Personal Information that Customer holds about them. In addition, Trintech will take reasonable steps to work with its Customers so that its Customers permit their individual customers to correct, amend, or delete information held by Customer that is demonstrated to be inaccurate or incomplete or has been processed in violation of the EU-U.S. Privacy Shield Principles. Trintech may limit an individual’s access to Personal Information where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where the legitimate rights of persons other than the individual would be violated.
All Personal Information uploaded to the Trintech Services by a Customer is either encrypted within the database or otherwise masked prior to be transmitted to Trintech. Trintech will take reasonable and appropriate precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
4.6. Data Integrity and Purpose Limitation
Trintech does not access or use any Personal Information uploaded by its Customers – such Personal Information is uploaded by the Customer and made available to such Customer for Customer’s use under the Services. Trintech will provide its Customers access to Personal Information through the Services only in ways that are compatible with the purposes for which it was collected or subsequently authorized by its Customers who uploaded the information (see 5.2.). Trintech will take reasonable steps with its Customers to ensure that Personal Information uploaded by Customers is relevant to its intended use, accurate, complete, and current. Trintech will adhere to the Principles as long as it retains Personal Information received under its EU-U.S. Privacy Shield certification.
4.7. Recourse, Enforcement and Liability
Trintech utilizes the self-assessment approach to assure its compliance with this Policy. Trintech periodically verifies that this Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the EU-U.S. Privacy Shield principles. Trintech encourages interested persons to raise any concerns with it using the contact information below. Trintech will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy.
Any questions or concerns regarding the use or disclosure of personal information should be directed to the Privacy Officer at the address given below. Trintech will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.
With respect to any complaints relating to this Policy that cannot be resolved through Trintech’s internal processes with its Customer, Trintech has agreed to cooperate with the data protection authorities in the EU and to participate in the dispute resolution procedures of the Panel established by the EU Data Protection Authorities to resolve disputes pursuant to the EU-U.S. Privacy Shield principles available at the address given below. In the event that Trintech or such Authorities determines that Trintech did not comply with this Policy, Trintech will take appropriate steps to address any adverse effects and to promote future compliance. Trintech is also subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory body under the Privacy Shield.
Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individual customers of Customer have a right to invoke binding arbitration under the Privacy Shield Panel as recourse mechanism of ’last resort’.
Trintech’s adherence to the EU-U.S. Privacy Shield Principles may be limited (a) to the extent necessary to meet applicable national security, public interest, or law enforcement requirements, e.g. in the course of lawful requests by public authorities (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, an organization can demonstrate that its non-compliance with the Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization; or (c) if the effect of the Directive or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts.
6. Contact Information
Questions or comments regarding this Policy should be submitted to Trintech by mail or e-mail as follows:
ATTN: Debi Lohr, Privacy Officer
Address: 15851 Dallas Parkway, Suite 900, Addison, TX 75001
Should your complaint not be resolved by Trintech, you may also submit any unresolved complaints to JAMS EU-U.S. Privacy Shield at: https://www.jamsadr.com/eu-us-privacy-shield
7. Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the EU-U.S. Privacy Shield principles. Appropriate public notice will be given concerning such amendments.
Effective Date: August 21, 2017.