December 2021
True Influence LLC, a fully owned subsidiary of MeritB2B, LLC, respects your privacy.
Core activity of True Influence is to provide support to its customers in marketing B2B products by generating effective leads from the target markets.
It is True Influence’s policy to respect your privacy regarding any information we may collect through registration forms, resource libraries, advertising units, widgets, web sites and web pages, whether accessed via computer, mobile or tablet device, or other technology (collectively, the “Service”), collection and licensing of data through third parties we work with, and how such information may be used and/or shared with others, how we safeguard it, and your choices in controlling its use in connection with our marketing activities.
True Influence operates under several different brands, including BusinessTech Alert, SecurityTech Alert, HRTech Alert. All such brands are collectively called “Services”.
This privacy policy applies when you use our services. True Influence is 100% Can-Spam Compliant.
True Influence has a zero-tolerance spam policy. Any partner or publisher found to be using True Influence promotional offers for spam will be immediately cut-off from use of the product. If you know of or suspect any violators, please notify us immediately at [email protected].
Data Controller and Data Processor
We process two main types of personal data.
Our Customers are the controller of Customer Data. True Influence is the processor of Customer Data and the controller of Other Data.
Customer Data
True Influence collects this data based on our customer’s instructions (also known as campaign information) through different channels including business partners (publishers) using relevant technology in web marketing, E mail marketing and Telemarketing.
The leads generated by the publishers are intelligently filtered to improve their quality and converted into actionable marketing targets before being passed on to the customers.
This data includes business contact information to match criterion provided by the customer.
The types of data we may collect include: company name, contact/person name, company address, city, state, zip code, company phone, business- email-address, IP address, and date.
Our purpose in collecting information is to help us provide you with better service, such as notifications about special offers and promotions, or other relevant content delivered through targeted advertising.
The trueinfluence.com website may also collect a recipient’s email address to help you to initiate and email the recipient you have selected. The recipient may contact us at [email protected] to request that we remove this information.
Cookies
We collect data through cookies
True Influence uses cookies to help True Influence identify and track visitors, their usage of True Influence website, and their website access preferences. True Influence visitors can control cookies through your browser settings.
For more details about how we use these technologies, please see our Cookie Policy
Customer Data will be used by True Influence in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law. True Influence is a processor of Customer Data and Customer is the controller.
True Influence may use the information we obtain, license and collect about and from you for a number of business purposes, including for example, to: better tailor website and promotional content to visitor interests; verify your profile information; deliver targeted advertising; inform our partners of your business-related interests; improve the Service for internal business purposes; help our advertising partners better understand the audience they are reaching; and for purposes we disclose at the time you provide your Personal Information.
Lawful basis for processing
We have lawful basis to process your personal data. We also use your consent as basis for lawfully processing your personal data.
We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the Data Protection Regulations.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
Where you have consented to a particular processing, you have a right to withdraw the consent at any time.
True Influence collects certain Personal Data from its Employees and Job Applicants, including without limitation (collectively, the “HR Data”).
True Influence processes HR Data relating to its Employees and Job Applicants in the US, UK or EEA for recruitment and HR management purposes at a global level, including:
True Influence does not knowingly collect Personal or Usage Information from children under the age of 13 through www.trueinfluence.com, nor from any of our affiliates and partners. If you are under 13, please do not give us any Personal Information, and do not provide Personal Information to any website or web service without consulting your parent or guardian. If you have reason to believe that a child under the age of 13 has provided Personal Information to True Influence, please contact us, and we will seek to delete that information from our database.
True Influence is engaged in providing B2B services for customers to identify targets for the marketing of business products and in the process collects business contact data of companies and executives working in companies which are prospective customers for the products to be marketed.
True Influence and its business partners (publishers) collect the data based on campaign information provided by True Influence’s customers.
The publishers obtain the necessary consent from the data subjects to receive marketing communications from True Influence customers using appropriate disclosures in compliance with legal requirements of the jurisdiction in which the prospective customers reside, including Canada’s Anti-Spam Legislation.
Opt in is obtained when legally required and a fair opportunity is provided by the publishers to the data subjects to opt out. True Influence has entered necessary legally binding contracts with the publishers to ensure compliance of relevant regulations for collection, processing, storage, and transfer of data.
Advertising / Behavioral Targeting; How to Opt-Out
We may use third party vendors to enhance the Service (e.g. for purposes of retargeting). When you opt out of the Service, True Influence will no longer use or share any of your Personal or anonymous Usage Information, unless you recently submitted Personal Information (within last 30 days) in order to access free content, in which case only the Content Provider associated with the content you recently acquired will have access to your information. Please contact True Influence at [email protected] to opt out of this option.
We may engage companies that provide services to help us with our business activities such as our blog and career pages. These companies are authorized to use your personal information only as necessary to provide these services to us.
Your data will be shared with other recipients to provide you with services.
While we aim to limit the sharing of your data, at times, it is necessary to share your data with certain service providers and or customers. Examples of when and for what purpose your data is shared include data center / hosting services, email marketing/verification services, customers, and on boarding partners etc. Additionally, compiled personal information may be shared with third parties for their marketing purposes.
Cross-Border Data Transfers
Your data will be stored and processed in multiple countries including outside of the European Union (EU) Region
The Service and the servers and facilities that maintain the data we hold, are operated in the United States. Given that we are an international business, our use of your information necessarily involves the transmission of data on an international basis. If you are in the European Union, Canada or elsewhere outside of the United States, please be aware that information we collect may be transferred to and processed in the United States.
True Influence offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our customers that operate in the European
Union, and other international transfers of customer Data. These clauses are contractual commitments between parties transferring personal data (for example, between True Influence and its Customers, suppliers, or data processors outside the EU), binding them to protect the privacy and security of the data.
True Influence also certifies to the EU-US Privacy Shield Framework for data transferred from the EU to the United States. To read more about our participation in Privacy Shield, please review our Privacy Shield Notice below.
By using the Service, or providing us with any information, you consent to the collection, processing, maintenance and transfer of such information in and to the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen.
Accountability for onward transfer
True Influence is responsible for the processing of personal data it receives under the EU U.S. Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf or providing data storage services.
Any personal information received from publishers in which personal data of EU citizens may be contained is treated as “EU Sensitive Data” and adequate technical and administrative controls are implemented across all the True Influence entities.
The personal information is used only for the purpose for which it has been collected and is shared within the organization on a need to know basis.
The technical and administrative controls ensure preservation of the confidentiality, integrity, and availability of information as per the contractual obligations that True Influence has committed itself to.
True Influence maintain reasonable and appropriate security measures to protect data and information under its control from unauthorized access, disclosure, misuse, loss, or alteration.
True Influence’s security measures include industry-standard technology and equipment to help protect your information, and True Influence maintains security measures to allow only the appropriate personnel and contractors access to your information as well as policies and procedures to support implementation of various security controls. Unfortunately, no system can ensure complete security, and True Influence disclaims any liability resulting from use of the Service or from third party hacking events or intrusions.
Customer Data
We will retain this information for as long as needed to provide services to any one of our customers or as otherwise authorized, directed, or permissioned by our Customers. In addition, True Influence will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Other Data
We will retain this information for the duration of our business relationship and afterwards for as long as is necessary and relevant for our legitimate business purposes, in accordance with the True Influence Data Retention Policy or as otherwise permitted applicable laws and regulation. Where we no longer need your personal information, we will dispose of it in a secure manner (without further notice to you).
Retention period for personal data and rationale for retention period is defined in True Influence’s ‘Data Retention Policy’.
True Influence is subject to the investigatory and enforcement powers of the FTC, or any other U.S. authorized statutory body [currently, there is no other U.S. authorized statutory body recognized by the EU or Switzerland].
You can request to access, update, or correct your personal information. You also have the right to object to direct marketing.
You may have additional rights pursuant to your local law applicable to the processing. For example:
If the processing of your personal information is subject to the EU General Data Protection Regulation (“GDPR”), and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under GDPR you may also have the right to request to have your personal information deleted or restricted and ask for portability of your personal information.
If your personal information is processed under the Principles of the EU-U.S. Privacy Shield, you have the right to access to personal information about you that we hold and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
For any such requests please go to the Do Not Sell My Data page.
Your Rights to Control Data
Whenever you use our services, we aim to provide you easy means to access, modify, delete, object to, or restrict use of your personal information
We strive to give you ways to access, update/modify your data quickly or to delete it unless we must keep that information for legal purposes. Some rights can be accessed from within the True Influence application. For visitors, these rights can be exercised by contacting us with your specific request.
If you are based within the EEA, or within another jurisdiction having similar data protection laws, in certain circumstances you have the following rights:
If you wish to access, verify, correct, or update your personal Information collected through the Service, you may contact us at [email protected]
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: www.ec.europa.eu/justice/dataprotection/bodies/authorities/index_en.htm.
True Influence Services
True Influence also collects information under the direction of any one of its Customers, in which case it collects cookie identifiers from the individuals. If you are a customer of any one of our Customers and would no longer like to be contacted by our Customer that uses our Service, please contact the Customer that you interact with directly. We may transfer personal information to companies that help us provide our Service. Transfers to subsequent third parties are covered by the service agreements with our Customers.
An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the pertinent True Influence’s Customer (the data controller).
The Service may contain links to, or integrations with other sites that True Influence does not own or operate. This includes links from customers and partners that may use the True Influence logo in a co-branding agreement, or websites and web services that we work with to provide the Service. True Influence does not control, nor is True Influence responsible for these sites or services, or their content, products, services, privacy policies or practices. If you submit personal information on a web site using the Service, you are choosing to disclose information to both True Influence and the third party with whose brand the website is associated. This privacy policy only governs True Influence’s use of your information. The third party’s use of that personal Information is governed by the partner’s privacy policy, and not by this privacy policy.
Business Sale
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, or a sale of our significant assets, we reserve the right to include any information we have among the assets transferred to the acquiring company.
Our website includes social media features, such as the “Facebook Like” button, and Widgets, such as the “Share This” button or interactive mini programs that run on our website. These features may collect your internet protocol address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy statement of the company providing them.
Our website offers publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at [email protected]. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Please note, we may modify information presented via the Service and/or this privacy policy from time to time without prior notice to you, and any changes will be effective immediately upon the posting of the revised privacy policy. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. You are encouraged to periodically revisit the True Influence Privacy Policy to see if it has been updated. We will always show the date of the latest modification date of the Privacy Policy at the top of the page so you can tell when it has last been revised.
True Influence complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries to the United States pursuant to Privacy Shield. True Influence has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and the data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov
Commission
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to: [email protected]. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].
In certain situations, True Influence may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
True Influence’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, True Influence remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless True Influence proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, True Influence commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints regarding our Privacy Shield policy should first contact us at [email protected].
True Influence has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you. If your complaint involves human resources data transferred to the United States from the EU in the context of the employment relationship, and True Influence does not address it satisfactorily, True Influence commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), as applicable and to comply with the advice given by the DPA panel, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.
Contact details for the EU data protection authorities can be found at
www.ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at www.privacyshield.gov/article?id=ANNEX-I-introduction
Contact Us
We regularly review our compliance with this privacy policy. Questions, comments and requests regarding this privacy policy are welcome and should be addressed to: [email protected] or by mail to 8000 Towers Crescent Drive, 13th Floor Vienna.
This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Policy of TRUE INFLUENCE LLC, a Delaware limited liability company and its subsidiaries (collectively, “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, business contact, or device (“personal information”). In particular, we collect the following categories of personal information from consumers and business contacts:
Category | Examples | Collected |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, business name, device id, or other similar identifiers. | YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, postal address, telephone number, employment name. Some personal information included in this category may overlap with other categories. | YES |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES |
G. Geolocation data. | Physical location or movements. | NO |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | YES |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES |
Personal information does not include:
We obtain the categories of personal information listed above from the following categories of sources:
We may use or disclose the personal information we collect for one or more of the following business purposes:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category F: Internet or other similar network activity.
Category I: Professional or employment-related information. We disclose your personal information for a business purpose to the following categories of third parties:
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by visiting Do Not Sell My Data
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We are committed to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by postal mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.
If you have any questions or comments about this notice, our California Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Website: www.trueinfluence.com
Email: [email protected]
Postal Address: TRUE INFLUENCE LLC
Attn: Ray Estevez, CDO
8000 Towers Crescent Drive, 13th Floor Vienna, VA 22182
We may use cookies, beacons and similar technologies, now or in the future, to support the
functionality or track usage of our Services. This provides a better experience when you use our Services and allows us to improve our Services.
Some browsers support a “Do Not Track” feature, which is intended to be a signal to websites that you do not wish to be tracked across different websites you visit. Our Services do not currently change the way they operate based upon detection of a Do Not Track or similar signal. You may, however, disable certain tracking as discussed in the Cookies & Other Tracking Mechanisms section above (e.g., by disabling cookies). You also may opt out of certain behavioral advertising by following the instructions in the Your Choices section below.
Accessing, updating or deleting your personal information. We value the accuracy of the information we have about you. You may access, update or delete your information (or in some cases object to its processing) by emailing us at [email protected].
PART A: General
The distribution to the end target customers by placement of the campaign materials in relevant media is done through external publishers who generate leads. A part of the leads are generated by in-house publishing activity and use of innovative corporate intent marketing tools developed by the R&D team of True Influence.
The leads generated by the publishers are intelligently filtered to improve their quality and converted into actionable marketing targets before being passed on to the customers.
True Influence has developed proprietary products, processes and information generation systems which includes development of reliable vendors and trained manpower, which together reflect the value proposition that True Influence brings to the B2B marketing eco system across the globe. Sustaining and nurturing this expertise and using it for harnessing commercial opportunities represents a legitimate interest of True Influence.
This Code of GDPR Compliance adopted by True Influence declares that True Influence is committed to the concept of “Privacy as a fundamental right of a citizen of a democratic society” across the globe and in good faith shall implement all the Privacy principles mandated under GDPR where it is applicable.
True Influence however discloses that it is its legitimate interest that it carries on a legitimate business operation across the globe as a B2B market intermediary and it is the democratic right of True Influence to carry on its business in good faith without being in conflict with the rights of the individual natural persons whose Privacy is sought to be protected under GDPR.
True Influence also discloses that its business model requires collection of only the Data of business entities which are outside the purview of GDPR and Business Contact data which is not personal data per-se but may include personally identifiable information in part but does not include personal data of children and Personal data that is classified as “Special categories” under GDPR.
In order to effectively implement the security for the entire data processing infrastructure, the Company has adopted a comprehensive information security policy which includes multiple sub policies regarding data access, processing storage, transmission etc.
True Influence possesses a legitimate business interest as recognized under Article 6(1)(f) of the EU GDPR regulations, in the collection and processing of Business related data such as firmographics and Business Contact data of decision making officials in the business entities
Also, the business of True Influence involves operations within and outside EU countries and hence is exposed to statutory obligations of different countries related to Data Processing as well as other laws applicable to business in general and IT related activities in particular, as envisaged under Article 6(1)(c) of the EU GDPR regulations.
Further True Influence has adopted business practices for lawful processing incorporating the principles of EU GDPR as enunciated under Article 6, including obtaining informed explicit consent where required and adhering to the requirements of contractual obligations with the data subjects if any.
The policies of True Influence on Privacy and Data Protection are therefore structured with specific Privacy and Information Security controls that address the issue of identifying GDPR sensitive data at the stage of its origin and entry into the True Influence system and tagging them throughout its life cycle of processing.
Part B: Specific Policy Outlines
The Data storage shall enable individual data set to be located and processed for execution of any Data Subject’s rights such as request for data rectification, data portability, data erasure or data access at any time during its life cycle.
Project specific GSD shall be stored in such a manner that only employees associated with a given project get access to the data. Cross project access shall be regulated on a need basis.
A monthly review of archived data shall be undertaken to identify data that is no longer required which shall be referred to ISGC for disposal instructions.
Legal obligations on data retention which may arise due to any overlapping legislations shall be factored into the legitimate interest assessment.
In exceptional circumstances where data needs to be disclosed directly either to a data subject or his authorized representative or a law enforcement authority, adequate authentication of the identity of the person making the request shall be ensured.
All data disclosure requests are to be approved by the ISGC before release of the data and the request as well as the assessment documents shall be considered as required GDPR compliance documentation.
The DPO shall review the incident report and take immediate steps to resolve the incident and also to report the incident to the ISGC.
The ISGC will convene a meeting expeditiously and evaluate the incident to identify if it involves any suspected data breach.
Where necessary, ISGC may order an immediate techno legal audit of for a risk assessment of the incident. Based on the risk assessment ISGC shall decide the need for further action including sending a data breach notification to the Data Controller associated with the Data.
An incident where GSD has been accessed by another employee of the organization is considered as a Security Incident and not necessarily a “Breach”. However, such incidents shall be investigated as to the cause of unauthorized access and if it is an unintentional accidental access it may be resolved with a suitable internal disciplinary action as per the HR policy.
If data has not moved out or accessed by an outsider, the incident may be classified as an internal data accident not amounting to a breach.
In the event the access or data moved out is known to be in encrypted form and was in a state in which it was undecipherable by the recipient, subject to suitable internal investigation as to the security of the associated decryption key, the access may be classified as an internal data accident not amounting to a breach.
Where necessary the data breach may be also reported to a supervisory authority.
Whenever a request for exercising of such rights is received from a Data Subject, as per the Data disclosure policy, the request is first validated and then in case the data has been received from a Data Controller, the data controller would be requested to confirm the data disclosure.
Ordinarily the request is processed in communication with the data controller and if it is to be ported, it is returned back to the data controller.
In exceptional circumstances where True Influence has to handle the request of a data subject without the cooperation of the data controller, appropriate precautions will be taken to prevent a wrongful disclosure since it would be in the legitimate interest of True Influence to be indemnified against any possible wrongful disclosure.
Where GSD set is transmitted to the Customer or Sub contractor also, the transmission is managed through encrypted communication channels either through an API or an encrypted e-Mail.
Such data is killed at the first instance when it enters the True Influence system and identified as a “GSD without proper processing consent”.
Additionally, the Privacy notice should also indicate that the Data subject has certain rights such as “Right to be informed of the identity of downstream processors”, “Right to access and rectification”, “Right to Portability and Erasure”.
In view of the new requirements, all consents obtained in the pre-GDPR format shall be considered as invalid and such data would be discarded by True Influence.
External Publishers who generate Leads for True Influence shall confirm through their contracts that they would provide only leads generated with the new form of consent in case the data subject is located in EU/UK.
Essentially an Email Communication policy shall define that sharing of any GSD or GDPR compliance information with a stake holder shall be only through a notified contact Email address who will be in most cases the DPO of the other organization,
Where necessary the Email communication may be encrypted and authenticated with a digital signature.
The reasons for exercising legitimate interest argument for processing the data subject’s request shall be conveyed to the Data Controller who is responsible for the Data Subject for onward transmission to the data subject.
Assignment of people to this GSD processing and their removal shall be managed with the appropriate security measures including a higher level of back ground verification, training, physical access identities, sanction policies etc.
The HR policies need to be appropriately upgraded for the GSD workforce as may be required.
True Influence however recognizes that the empowerment to audit a sub contractor’s facilities is an enablement and shall be used only under exceptional circumstances. This does not reduce the responsibility of the sub contractor to meet the compliance requirements at their end as per the contractual assurances provided.
Designated Contact
Until further notice, Mr. Ray Estevez, located at the True Influence LLP, US office, is the designated Privacy Manager, and he would be available at [email protected]
P.S: This Code is subject to revision from time to time.