Trintech Inc., (“Trintech,” “Company,” “we,” “us”) respects the privacy of individuals who visit this website, www.trintech.com, (“you”).
This policy describes the types of information we may collect from you or that you may provide when you visit the website www.trintech.com (our “Website”) and our practices for collecting, using, maintaining, protecting and disclosing that information.
This policy applies to information we collect:
It does not apply to information collected by:
Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use]. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Website, including information:
We collect this information:
Information You Provide to Us
The information we collect on or through our Website may include:
The technologies we use for this automatic data collection may include:
Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices about How We Use and Disclose Your Information.
We do not collect personal Information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us.
You also may provide information to be published or displayed (hereinafter, ”posted”) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, ”User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
We may also use your information to contact you about goods and services that may be of interest to you. If you do not want us to use your information in this way, please click the link in each email to update your communication preferences. For more information, see Choices About How We Use and Disclose Your Information.
We do not rent, sell or share personal information about you with other people or nonaffiliated companies.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may also disclose your personal information:
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
Accessing and Correcting Your Information
If you delete your User Contributions from the Website, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Website users.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
We may store, process and transmit information in the United States and locations around the world – including those outside your country.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. Trintech complies with the EU-U.S. and Swiss–U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the European Economic Area, and Switzerland to the United States. You can learn more about Privacy Shield at https://www.privacyshield.gov.
Updated: September 6, 2017
The following capitalized terms in this Policy have the following meanings:
“Agent” means any third-party processor that collects and/or uses Personal Data provided by Trintech to perform tasks on behalf of and under the instructions of Trintech.
“Customer” means an individual customer or client of Trintech from the EU or Switzerland. The term also shall include any individual agent, representative, of an individual customer of Trintech and all employees of Trintech where Trintech has obtained Personal Data from such Individual Customer as part of its business relationship with Trintech.
“Employee” means an employee (whether temporary, permanent, part-time, or contract), former employee, or job applicant of Trintech or any of its affiliates or subsidiaries, who is also a resident of a country within the European Union or Switzerland.
“Europe” or “European” refers to a country in the European Union.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament;
“Processing” of personal data means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Sensitive Personal Data” means racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
“Services” means the services provided by Trintech to its Customers under an applicable agreement with Trintech, including but not limited to account reconciliation, intercompany reconciliation, journal entry, regulatory and financial reporting and compliance.
“Third Party” means any individual or entity that is neither Trintech nor a Trintech employee, agent, contractor, or representative.
1.12 The terms, “Controller,” “Processor,” “Data Subject,” “Member State,” and “Personal Data,” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly. However, for Switzerland, the term “person” includes both a natural person and a legal entity, regardless of the form of the legal entity.
This Policy does not apply to any Customer data provided to Trintech (i) as part of the implementation or support of the Services for Customer under an applicable Services agreement with Trintech, or (ii) through Trintech’s websites. As a rule, Trintech does not accept Personal Information from its Customers, and specifically prohibits the transmission of any Personal Information from its Customers as part of the Services it provides to them. Trintech does not have any access to its Customer’s data, including but not limited to Personal Data, and does not collect any Personal Data or Sensitive Personal Data for any use by Trintech or its Processors. Notwithstanding the foregoing, certain Customers of Trintech may in fact contract with Trintech to upload Personal Information that may be received by Trintech as part of its Customers’ use of the Trintech Services for an additional fee; however, this Personal Information is (i) never within the Trintech applications provided under its Services, (ii) only maintained as a supporting file to the Services for use by Customer, and (iii) kept in an encrypted format. This Policy applies to such Personal Information received by Trintech from its Customers located in the European Union or Switzerland and recorded in any form. This Policy also applies to Processors that handle and process such Personal Information on behalf of Trintech.
3. Types of Personal Data Trintech Collects
Trintech products do not require customers to provide personal data. However, customers often upload supporting documentation that may contain personal data. Trintech does not know what type of Personal Data this documentation may contain.
4. Processing of European and Swiss Personal Data
As aforementioned, certain Customers of Trintech may in fact pay additional fees to upload Personal Data that may be received by Trintech as part of its Customers’ use of the Trintech Services. Specifically, Customers may upload files containing Personal Data via secure file transfer protocol (SFTP) via an SFTP server that systematically takes such files from the SFTP server and inputs it to the Customer application under the Services. The applications provided under the Services do not use Personal Data of Customer (or their customers), but Customers may upload files containing Personal Data to the file system within the Trintech Services as supporting documentation. Any Processing by Trintech of Personal Data under the Trintech Services provided to Customers adheres to the foregoing process.
As the Services are provided through hosting services providers, such uploaded Personal Data may be provided through Trintech’s service providers and suppliers (Processors) for the sole purpose and only to the extent needed to support the Customers’ business needs under the Services. These service providers and suppliers are required to keep confidential Personal Data received from Trintech and should not use it for any purpose other than originally intended. In case of data transfers to third parties acting as Controllers the affected individuals will be informed about the transfer and the underlying purposes respectively.
4. Privacy Principles
Trintech adheres to the Privacy Shield Privacy Principles for the collection, use, and retention of such Personal Data from European Union member countries and Switzerland. A detailed description of the EU-U.S. and Swiss- U.S. Privacy Shield Principles can be found on the U.S Department of Commerce website at https://www.privacyshield.gov/EU-US-Framework.
As a rule, Trintech does not collect any Personal Data from its Customers; however, its Customers are provided the capability under the Services mentioned in Section 2 above to upload Personal Data as a supporting file for Customer use under the Services. In such circumstances, the Personal Data is required to be masked before it is received by Trintech by the Customer, or otherwise encrypted. Where a Trintech Customer has uploaded a supporting file to Trintech that contains any Personal Data, Trintech may exchange such Personal Data between various affiliated companies and their operations, worldwide, all as necessary to provide the application Services requested by its Customers from Trintech or for general administrative purposes. Trintech may also use facilities, Employees or contractors worldwide to process or back-up information or to provide certain services to Trintech. Where a European or Swiss Customer of Trintech has uploaded a supporting file to Trintech that contains any such Personal Data, or Trintech receives it from its European affiliates, such Customer or the respective European affiliate will inform those individuals about the purposes for which it collects and uses such Personal Data about them; the transfer to Trintech in the U.S., the types or identity of third parties acting as controllers to which Trintech discloses that Personal Data, the purposes for which it does so; and the choices and means offered by Trintech for limiting the use and disclosure of their Personal Data, and about the right of individuals to access their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to Trintech, or as soon as practicable thereafter, and in any event before Trintech uses the information for a purpose other than that for which it was originally collected or discloses it for the first time to a third party.
Trintech will work with its Customers to address such Customers’ providing their customers the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a third party acting as a Controller, or (b) to be used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by the Customer. For Sensitive Personal Data, Trintech will give work with its Customers to ensure that its Customers’ customers have the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of their Sensitive Personal Data to (a) a third party acting as a Controller or (b) the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Trintech will work with its Customers to provide its Customers’ customers reasonable (especially clear and conspicuous, readily available) mechanisms to exercise their choices.
4.3. Accountability for Onward Transfer
Trintech will obtain assurances from its Processors that they will safeguard Personal Data consistent with this Policy and will transfer Personal Data only for limited and specific purposes. Examples of appropriate assurances that may be provided by Processors include: a contract obligating the Agent to provide at least the same level of protection as is required by the relevant EU-U.S. and Swiss-U.S. Privacy Shield principles, being subject to GDPR, EU-U.S. and Swiss-U.S. Privacy Shield certification by the Agent, or being subject to another European Commission adequacy finding. Trintech recognizes its responsibility and potential liability for onward transfers to Processors. Where Trintech has knowledge that a Processor is using or disclosing Personal Data in a manner contrary to this Policy and/or the level of protection as required by the EU-U.S. and Swiss-U.S. Privacy Shield Principles, Trintech will take reasonable and appropriate steps to prevent, remediate or stop the use or disclosure.
If Trintech transfers unencrypted Personal Data to non-affiliated third parties acting as a Controller, Trintech will apply the Notice and Choice Principles unless a derogation for specific situations under European data protection law applies and will obtain assurance from these parties that they will provide the same level of protection as is required under the Principles.
Currently, Trintech does not intentionally transfer any Personal Data to any unaffiliated third party.
Upon request, Trintech will work with its Customers so that its Customers’ customers have reasonable access to Personal Data that Customer holds about them. In addition, Trintech will take reasonable steps to work with its Customers so that its Customers permit their individual customers to correct, amend, or delete information held by Customer that is demonstrated to be inaccurate or incomplete or has been processed in violation of the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Trintech may limit an individual’s access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where the legitimate rights of persons other than the individual would be violated.
All Personal Data uploaded to the Trintech Services by a Customer is required to be either encrypted within the database or otherwise masked prior to be transmitted to Trintech by the Customer. Trintech will take reasonable and appropriate precautions to protect Personal Data in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
4.6. Data Integrity and Purpose Limitation
Trintech does not access or use any Personal Data uploaded by its Customers – such Personal Data is uploaded by the Customer and made available to such Customer for Customer’s use under the Services. Trintech will provide its Customers access to Personal Data through the Services only in ways that are compatible with the purposes for which it was collected or subsequently authorized by its Customers who uploaded the information (see 5.2.). Trintech will take reasonable steps with its Customers to ensure that Personal Data uploaded by Customers is relevant to its intended use, accurate, complete, and current. Trintech will adhere to the Principles if it retains Personal Data received under its EU-U.S. and Swiss-U.S. Privacy Shield certification.
4.7. Recourse, Enforcement and Liability
Trintech utilizes the self-assessment approach to assure its compliance with this Policy. Trintech periodically verifies that this Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the EU-U.S. Privacy Shield principles. Trintech encourages interested persons to raise any concerns with it using the contact information below. Trintech will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy.
If Trintech determines that any person in its employ is in violation of this Policy such person will be subject to disciplinary action.
Any questions or concerns regarding the use or disclosure of Personal Data should be directed to the Privacy Officer at the address given below. Trintech will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy.
Trintech has agreed to cooperate with the data protection authorities in the EU and Switzerland and to participate in the dispute resolution procedures of the Panel established by the EU and Swiss Data Protection Authorities to resolve disputes pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield principles available at the address given below. If Trintech or such Authorities determines that Trintech did not comply with this Policy, Trintech will take appropriate steps to address any adverse effects and to promote future compliance. Trintech is also subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory body under the Privacy Shield.
In compliance with the Privacy Shield Principles, Trintech commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Trintech at
Trintech has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/ for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Trintech commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individual customers of Customer have a right to invoke binding arbitration under the Privacy Shield Panel as recourse mechanism of ’last resort’.
Trintech’s adherence to the EU-U.S. and Swiss-U.S. Privacy Shield Principles may be limited (a) to the extent necessary to meet applicable national security, public interest, or law enforcement requirements, e.g. in the course of lawful requests by public authorities (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, an organization can demonstrate that its non-compliance with the Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization; or (c) if the effect of the Directive or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts.
6. Contact Information
Questions or comments regarding this Policy should be submitted to Trintech by mail or e-mail as follows:
ATTN: Data Protection Officer
Phone: +1 972-739-1640
Should your complaint not be resolved by Trintech, you may also submit any unresolved complaints to your EU Member State Data Protection Authority (DPA) or the Swiss Federal Data Protection and Information Commissioner.
7. Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the EU-U.S. or Swiss-U.S. Privacy Shield principles. Appropriate public notice will be given concerning such amendments.
Effective Date: August 21, 2017.
Revision: December 21, 2018.