Privacy Policies

Overview

December 2021

True Influence LLC, a fully owned subsidiary of MeritB2B, LLC, respects your privacy.

Core activity of True Influence is to provide support to its customers in marketing B2B products by generating effective leads from the target markets.

It is True Influence’s policy to respect your privacy regarding any information we may collect through registration forms, resource libraries, advertising units, widgets, web sites and web pages, whether accessed via computer, mobile or tablet device, or other technology (collectively, the “Service”), collection and licensing of data through third parties we work with, and how such information may be used and/or shared with others, how we safeguard it, and your choices in controlling its use in connection with our marketing activities.

True Influence operates under several different brands, including BusinessTech Alert, SecurityTech Alert, HRTech Alert. All such brands are collectively called “Services”.

This privacy policy applies when you use our services. True Influence is 100% Can-Spam Compliant.

True Influence has a zero-tolerance spam policy. Any partner or publisher found to be using True Influence promotional offers for spam will be immediately cut-off from use of the product. If you know of or suspect any violators, please notify us immediately at [email protected].

Data Controller and Data Processor

We process two main types of personal data.

Customer Data –
- Personal data that forms part of data that is provided by our customers
- Personal data that we collect / we engage third parties to collect on behalf of our customers using campaign information provided by the customer
- Personal data that we purchase from third parties based on customer mandated criterion
Other Data –
- Personal data about our customers, service providers, visitors and other individuals that is collected and processed directly by us.

Our Customers are the controller of Customer Data. True Influence is the processor of Customer Data and the controller of Other Data.

Data Collection

Customer Data
True Influence collects this data based on our customer’s instructions (also known as campaign information) through different channels including business partners (publishers) using relevant technology in web marketing, E mail marketing and Telemarketing.

The leads generated by the publishers are intelligently filtered to improve their quality and converted into actionable marketing targets before being passed on to the customers.

This data includes business contact information to match criterion provided by the customer.

Other Data – We also collect data when you use our applications and websites
Log Data – Our servers automatically collect information when you access or use our applications and services. This data is recorded in log files. Examples of such data include IP Address
Subscription Data – You provide personal data to us as part of signing up for our newsletter on our websites. We may also collect personal information from you when you use interactive features of the Websites, promotions, requesting customer support, or otherwise communicating with us.
Contact Us Data – When you enquire about our products and services or request for demonstration of our product, we collect and store this data to communicate with you and respond to your enquiry.

The types of data we may collect include: company name, contact/person name, company address, city, state, zip code, company phone, business- email-address, IP address, and date.

Our purpose in collecting information is to help us provide you with better service, such as notifications about special offers and promotions, or other relevant content delivered through targeted advertising.

The trueinfluence.com website may also collect a recipient’s email address to help you to initiate and email the recipient you have selected. The recipient may contact us at [email protected] to request that we remove this information.

Cookies
We collect data through cookies

True Influence uses cookies to help True Influence identify and track visitors, their usage of True Influence website, and their website access preferences. True Influence visitors can control cookies through your browser settings.

For more details about how we use these technologies, please see our Cookie Policy

How We Use the Information We Collect

Customer Data will be used by True Influence in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law. True Influence is a processor of Customer Data and Customer is the controller.

True Influence may use the information we obtain, license and collect about and from you for a number of business purposes, including for example, to: better tailor website and promotional content to visitor interests; verify your profile information; deliver targeted advertising; inform our partners of your business-related interests; improve the Service for internal business purposes; help our advertising partners better understand the audience they are reaching; and for purposes we disclose at the time you provide your Personal Information.

Lawful basis for processing
We have lawful basis to process your personal data. We also use your consent as basis for lawfully processing your personal data.

We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the Data Protection Regulations.

In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

Where you have consented to a particular processing, you have a right to withdraw the consent at any time.

Types of HR Data Collected

True Influence collects certain Personal Data from its Employees and Job Applicants, including without limitation (collectively, the “HR Data”).

name,
home address,
telephone number(s),
date of birth,
social security number or other government identification number,
salary,
bank account details,
job title,
employment contracts,
reviews and appraisals, competency assessments
business travel details
disciplinary records
IP address, system-generated logs
facts reported through the whistleblowing hotline or regular information and reporting channels,
evidence gathered during the investigation, report of the investigation and outcome of the report

Purpose of Collection and Use of HR Data

True Influence processes HR Data relating to its Employees and Job Applicants in the US, UK or EEA for recruitment and HR management purposes at a global level, including:

Carrying out and supporting True Influence’s human resources functions and activities.
Carrying out True Influence’s obligations under employment contracts and employment and benefits laws.
Managing workplace safety and health.
Administering employee participation in benefits, compensation, human resources and training plans and programs.
Managing employee performance.
Implementing compliance and discipline procedures and investigating and reporting on Employee compliance and discipline.
Complying with True Influence’s legal obligations and internal policies.
Managing internal complaints or claims and litigation.
Implementing and operating a whistleblower hotline.
Managing and conducting True Influence’s business activities, including allocating company assets and human resources, project management, records management and compilation of audit trails or other reporting tools, managing mergers, acquisitions, sales, re-organizations or disposals and integration with purchaser.
Operating IT and communication systems and monitoring Employee email and Internet usage to the extent permitted by applicable law

Children

True Influence does not knowingly collect Personal or Usage Information from children under the age of 13 through www.trueinfluence.com, nor from any of our affiliates and partners. If you are under 13, please do not give us any Personal Information, and do not provide Personal Information to any website or web service without consulting your parent or guardian. If you have reason to believe that a child under the age of 13 has provided Personal Information to True Influence, please contact us, and we will seek to delete that information from our database.

Choice

True Influence is engaged in providing B2B services for customers to identify targets for the marketing of business products and in the process collects business contact data of companies and executives working in companies which are prospective customers for the products to be marketed.

True Influence and its business partners (publishers) collect the data based on campaign information provided by True Influence’s customers.

The publishers obtain the necessary consent from the data subjects to receive marketing communications from True Influence customers using appropriate disclosures in compliance with legal requirements of the jurisdiction in which the prospective customers reside, including Canada’s Anti-Spam Legislation.

Opt in is obtained when legally required and a fair opportunity is provided by the publishers to the data subjects to opt out. True Influence has entered necessary legally binding contracts with the publishers to ensure compliance of relevant regulations for collection, processing, storage, and transfer of data.

Advertising / Behavioral Targeting; How to Opt-Out
We may use third party vendors to enhance the Service (e.g. for purposes of retargeting). When you opt out of the Service, True Influence will no longer use or share any of your Personal or anonymous Usage Information, unless you recently submitted Personal Information (within last 30 days) in order to access free content, in which case only the Content Provider associated with the content you recently acquired will have access to your information. Please contact True Influence at [email protected] to opt out of this option.

Service Providers

We may engage companies that provide services to help us with our business activities such as our blog and career pages. These companies are authorized to use your personal information only as necessary to provide these services to us.

Sharing of Information

Your data will be shared with other recipients to provide you with services.

While we aim to limit the sharing of your data, at times, it is necessary to share your data with certain service providers and or customers. Examples of when and for what purpose your data is shared include data center / hosting services, email marketing/verification services, customers, and on boarding partners etc. Additionally, compiled personal information may be shared with third parties for their marketing purposes.

Customer Data:
- Third Party Cloud Service Providers
- Publishers (who collect the data on our customer’s behalf)
- Tele-verifiers (who verifies accuracy of telephone numbers and emails shared by publishers)
- Email verifying software
Other data
- Except as denoted in this Privacy policy, we may share information such as compiled demographics, user statistics, interest categories, and Usage Information with third parties for their marketing purposes. We may combine your Usage Information with those of other users of the Service to share trend information with third parties, always in compiled form. We may compile Usage Information associated with your Personal Information into business-related research events, which include the form of engagement and content type, topics derived from the content of the event, and date/timestamp of when the event occurred. An interest event may be, for example, the downloading of a whitepaper on cloud computing, or clicking on an advertisement related to SSL certificates. We may also disclose your personal information as required by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Cross-Border Data Transfers
Your data will be stored and processed in multiple countries including outside of the European Union (EU) Region

The Service and the servers and facilities that maintain the data we hold, are operated in the United States. Given that we are an international business, our use of your information necessarily involves the transmission of data on an international basis. If you are in the European Union, Canada or elsewhere outside of the United States, please be aware that information we collect may be transferred to and processed in the United States.

True Influence offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our customers that operate in the European

Union, and other international transfers of customer Data. These clauses are contractual commitments between parties transferring personal data (for example, between True Influence and its Customers, suppliers, or data processors outside the EU), binding them to protect the privacy and security of the data.

True Influence also certifies to the EU-US Privacy Shield Framework for data transferred from the EU to the United States. To read more about our participation in Privacy Shield, please review our Privacy Shield Notice below.

By using the Service, or providing us with any information, you consent to the collection, processing, maintenance and transfer of such information in and to the United States and other applicable territories in which the privacy laws may not be as comprehensive as or equivalent to those in the country where you reside and/or are a citizen.

Accountability for onward transfer
True Influence is responsible for the processing of personal data it receives under the EU U.S. Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf or providing data storage services.

Data Integrity & Purpose Limitation

Any personal information received from publishers in which personal data of EU citizens may be contained is treated as “EU Sensitive Data” and adequate technical and administrative controls are implemented across all the True Influence entities.

The personal information is used only for the purpose for which it has been collected and is shared within the organization on a need to know basis.

The technical and administrative controls ensure preservation of the confidentiality, integrity, and availability of information as per the contractual obligations that True Influence has committed itself to.

Data Security

True Influence maintain reasonable and appropriate security measures to protect data and information under its control from unauthorized access, disclosure, misuse, loss, or alteration.

True Influence’s security measures include industry-standard technology and equipment to help protect your information, and True Influence maintains security measures to allow only the appropriate personnel and contractors access to your information as well as policies and procedures to support implementation of various security controls. Unfortunately, no system can ensure complete security, and True Influence disclaims any liability resulting from use of the Service or from third party hacking events or intrusions.

Data Retention

Customer Data
We will retain this information for as long as needed to provide services to any one of our customers or as otherwise authorized, directed, or permissioned by our Customers. In addition, True Influence will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Other Data
We will retain this information for the duration of our business relationship and afterwards for as long as is necessary and relevant for our legitimate business purposes, in accordance with the True Influence Data Retention Policy or as otherwise permitted applicable laws and regulation. Where we no longer need your personal information, we will dispose of it in a secure manner (without further notice to you).

Retention period for personal data and rationale for retention period is defined in True Influence’s ‘Data Retention Policy’.

Your GDPR Rights

True Influence is subject to the investigatory and enforcement powers of the FTC, or any other U.S. authorized statutory body [currently, there is no other U.S. authorized statutory body recognized by the EU or Switzerland].

You can request to access, update, or correct your personal information. You also have the right to object to direct marketing.

You may have additional rights pursuant to your local law applicable to the processing. For example:

If the processing of your personal information is subject to the EU General Data Protection Regulation (“GDPR”), and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under GDPR you may also have the right to request to have your personal information deleted or restricted and ask for portability of your personal information.

If your personal information is processed under the Principles of the EU-U.S. Privacy Shield, you have the right to access to personal information about you that we hold and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

For any such requests please go to the Do Not Sell My Data page.

Your Rights to Control Data
Whenever you use our services, we aim to provide you easy means to access, modify, delete, object to, or restrict use of your personal information

We strive to give you ways to access, update/modify your data quickly or to delete it unless we must keep that information for legal purposes. Some rights can be accessed from within the True Influence application. For visitors, these rights can be exercised by contacting us with your specific request.

If you are based within the EEA, or within another jurisdiction having similar data protection laws, in certain circumstances you have the following rights:

Change or Correct Data: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it is inaccurate.
Delete Data: You can ask us to erase or delete all or some of your personal data (e.g. if it is no longer necessary to provide Services to you).
Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g. if we have no legal right to keep using it) or to limit our use of it (e.g. if your personal data is inaccurate or unlawfully held).
Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.

If you wish to access, verify, correct, or update your personal Information collected through the Service, you may contact us at [email protected]

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: www.ec.europa.eu/justice/dataprotection/bodies/authorities/index_en.htm.

True Influence Services
True Influence also collects information under the direction of any one of its Customers, in which case it collects cookie identifiers from the individuals. If you are a customer of any one of our Customers and would no longer like to be contacted by our Customer that uses our Service, please contact the Customer that you interact with directly. We may transfer personal information to companies that help us provide our Service. Transfers to subsequent third parties are covered by the service agreements with our Customers.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the pertinent True Influence’s Customer (the data controller).

Other Web Sites

The Service may contain links to, or integrations with other sites that True Influence does not own or operate. This includes links from customers and partners that may use the True Influence logo in a co-branding agreement, or websites and web services that we work with to provide the Service. True Influence does not control, nor is True Influence responsible for these sites or services, or their content, products, services, privacy policies or practices. If you submit personal information on a web site using the Service, you are choosing to disclose information to both True Influence and the third party with whose brand the website is associated. This privacy policy only governs True Influence’s use of your information. The third party’s use of that personal Information is governed by the partner’s privacy policy, and not by this privacy policy.

Business Sale
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, or a sale of our significant assets, we reserve the right to include any information we have among the assets transferred to the acquiring company.

Social Media Widgets

Our website includes social media features, such as the “Facebook Like” button, and Widgets, such as the “Share This” button or interactive mini programs that run on our website. These features may collect your internet protocol address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy statement of the company providing them.

Blogs

Our website offers publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at [email protected]. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Changes to our Privacy Policy

Please note, we may modify information presented via the Service and/or this privacy policy from time to time without prior notice to you, and any changes will be effective immediately upon the posting of the revised privacy policy. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. You are encouraged to periodically revisit the True Influence Privacy Policy to see if it has been updated. We will always show the date of the latest modification date of the Privacy Policy at the top of the page so you can tell when it has last been revised.

Privacy Shield Notice for Data Transferred to the United States from the EU

True Influence complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries to the United States pursuant to Privacy Shield. True Influence has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and the data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov

Commission
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to: [email protected]. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to [email protected].

In certain situations, True Influence may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

True Influence’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, True Influence remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless True Influence proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, True Influence commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union individuals with Privacy Shield inquiries or complaints regarding our Privacy Shield policy should first contact us at [email protected].

True Influence has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you. If your complaint involves human resources data transferred to the United States from the EU in the context of the employment relationship, and True Influence does not address it satisfactorily, True Influence commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), as applicable and to comply with the advice given by the DPA panel, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.

Contact details for the EU data protection authorities can be found at
www.ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at www.privacyshield.gov/article?id=ANNEX-I-introduction

Contact Us
We regularly review our compliance with this privacy policy. Questions, comments and requests regarding this privacy policy are welcome and should be addressed to: [email protected] or by mail to 8000 Towers Crescent Drive, 13th Floor Vienna.

PRIVACY STATEMENT- CALIFORNIA RESIDENTS

This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Policy of TRUE INFLUENCE LLC, a Delaware limited liability company and its subsidiaries (collectively, “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, business contact, or device (“personal information”). In particular, we collect the following categories of personal information from consumers and business contacts:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, business name, device id, or other similar identifiers.	YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, postal address, telephone number, employment name. Some personal information included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	NO
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	NO
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
G. Geolocation data.	Physical location or movements.	NO
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	NO
I. Professional or employment-related information.	Current or past job history or performance evaluations.	YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
K. Inferences drawn from other personal information.	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	YES

Personal information does not include:

Publicly available information from government records.
De-identified or aggregated consumer information.
Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
Indirectly from our clients or their agents. For example, through information we collect from our clients in the course of providing services to them.
Directly and indirectly from activity on our website (www.trueinfluence.com). For example, from submissions through our website portal, landing pages, or website usage details collected automatically.
From third-parties that interact with us in connection with the services we perform.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in order for us to deliver a whitepaper or product information, we will use that information to confirm request/consent.
To provide you with information, products or services that you request from us.
To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
To improve our website and present its contents to you.
For testing, research, analysis and product development.
As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
As described to you when collecting your personal information or as otherwise set forth in the CCPA.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category F: Internet or other similar network activity.
Category I: Professional or employment-related information. We disclose your personal information for a business purpose to the following categories of third parties:

Our affiliates.
Service providers.
Third parties to whom you or your agents authorize/provide consent us to disclose your personal information in connection with products or services we or our clients may offer/provide to you.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you (also called a data portability request).
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:

Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by visiting Do Not Sell My Data

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We are committed to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by postal mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Notice

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.

Contact Information

If you have any questions or comments about this notice, our California Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Website: www.trueinfluence.com
Email: [email protected]
Postal Address: TRUE INFLUENCE LLC
Attn: Ray Estevez, CDO
8000 Towers Crescent Drive, 13th Floor Vienna, VA 22182

Cookies & Other Tracking Mechanisms

We may use cookies, beacons and similar technologies, now or in the future, to support the
functionality or track usage of our Services. This provides a better experience when you use our Services and allows us to improve our Services.

Browser cookies. A browser cookie is a small file placed on the hard drive of your computer. That cookie then communicates with servers, ours or those of other companies that we authorize to collect data for us and allows recognition of your device. You may use the tools available on your computer or other device to set your browser to refuse or disable all or some browser cookies, or to alert you when cookies are being sent. However, if you refuse or disable all browser cookies, you may be unable to access certain parts of our Websites or use certain features or functionality of our Services.
Flash cookies. Certain features of our Services may use local stored objects called flash cookies to collect and store information about your preferences and navigation to, from and on our Websites. We also include cookies in our third-party hosted video players to count the number of unique viewers who see a customer’s video press release and to provide aggregate reporting. Flash cookies are not managed by the same browser settings as are used for browser cookies. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse Flash cookies, please note that some parts of our Services may be inaccessible or may not function properly.
Web beacons. Our Services may contain small electronic files known as web beacons (also referred to as clear GIFs, pixel tags, tracking pixels and single-pixel GIFs) that permit us to, for example, count users who have visited those pages or opened an e-mail and for other website-related statistics. Web beacons in e-mail marketing campaigns, press releases or other types of communications or content allow us to track your responses and your interests in our content, offerings and web pages. We may use web beacons and/or other tracking technologies to collect information about you when you interact with our Services, e- mails, press releases or other types of communications or content, including information about your browsing and purchasing behavior.
Analytics services. We or our affiliates also use web analytics services, which currently include but are not limited to Google Analytics and Adobe Analytics. Such web analytics services use cookies and similar technologies to analyze how users use the domains. The information generated about domain usage (including your shortened IP address) is transmitted to the web analytics services. This information is used to evaluate visitors’ use of the domain, compile statistical reports on domain activity, and provide other services related to the Site and Internet use. Such services may also collect information about domain visitors’ use of other websites. For more information about Google Analytics, or to opt out of Google Analytics, please go to tools.google.com/dlpage/gaoptout. For more information about Adobe Analytics, or to opt out of Adobe Analytics, please go to: www.adobe.com/privacy/opt-out.html.

Do Not Track Disclosure

Some browsers support a “Do Not Track” feature, which is intended to be a signal to websites that you do not wish to be tracked across different websites you visit. Our Services do not currently change the way they operate based upon detection of a Do Not Track or similar signal. You may, however, disable certain tracking as discussed in the Cookies & Other Tracking Mechanisms section above (e.g., by disabling cookies). You also may opt out of certain behavioral advertising by following the instructions in the Your Choices section below.

Your Choices

Opting out of marketing communications. You may receive certain promotional or informational communications from us. Where required by law, promotional communications will be sent only with your consent. You can opt out of promotional e-mails at any time by following the instructions at the bottom of the e-mails. Please note that certain e-mails may be necessary for the operation of our Services. You may, however, continue to receive these e-mails relating to your account or our Services, if appropriate, even if you unsubscribe from our optional communications.
Opting out of behavioral advertising. You may opt out of many third-party ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page at www.aboutads.info/choices for information about opting out of interest-based advertising and your choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page at www.networkadvertising.org/choices for information about opting out of interest-based advertising and your choices regarding having information used by NAI members. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website at www.networkadvertising.org. Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Services or any third-party services. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). If your browser is configured to reject cookies when you opt out on the DAA or NAI websites, your opt out may not be effective. Please note that if you use multiple devices you will have to opt out on each individual device. If you reside in the EU you may go to www.youronlinechoices.com for information about opting out of interest based advertising.
Opting out of teleprospecting. Where required by law, you will be contacted via teleprospecting only with your consent. You may opt out of our direct teleprospecting contacts by requesting us to remove you from our direct teleprospecting list. Please note that opting out from our direct teleprospecting contacts does not limit us from contacting you for other purposes, including those contacts that are reasonably necessary to provide you with our Services. If you decide to opt out of our direct teleprospecting contacts, allow a reasonable time for us to process your request and do not hesitate to contact [email protected] if you encounter any problems with your request. The FTC and other agencies also maintain a National Do Not Call Registry at www.donotcall.gov/register/reg.aspx. By registering your number with the FTC may also limit our direct marketing contacts to that number.
Cloaking your identity. Journalists and others who use ProfNet Experts may choose not to disclose their identity when in direct communication with experts and company information officers by following the directions on that website to “cloak” their identity.

Accessing, updating or deleting your personal information. We value the accuracy of the information we have about you. You may access, update or delete your information (or in some cases object to its processing) by emailing us at [email protected].

GDPR Code of Conduct for True Influence

PART A: General

Applicability This Document is the current operational version of the GDPR Compliance policy effective from 25th May 2018 and applies to activities of True Influence that consists of the following three entities.1. True Influence LLC, a Delaware limited liability company, Carnegie Center Drive, Suite 300, Princeton, NJ 08540 (USA)
2. True Influence India, 43, 100 ft Road, Domalur, Bengaluru, 560071 (India)
3. True Influence Ltd,54 Clarendon Road, Watford, London, UK, WD17 1DU 103
INTRODUCTION The Core activity of True Influence is to provide support to its customers in marketing B2B products by generating effective leads from the target markets.The Lead generation is done through intelligent market research collecting relevant data to identify reliable purchase intent of corporates through different channels including through business partners using relevant technology in web marketing, Email marketing and Telemarketing.In the process of these activities, True Influence acts as an intermediary who adds value to the B2B marketing chain. The campaign information is provided by the Customers which are fine-tuned and converted into campaign materials for distribution to the potential market space.
The distribution to the end target customers by placement of the campaign materials in relevant media is done through external publishers who generate leads. A part of the leads are generated by in-house publishing activity and use of innovative corporate intent marketing tools developed by the R&D team of True Influence.

The leads generated by the publishers are intelligently filtered to improve their quality and converted into actionable marketing targets before being passed on to the customers.

True Influence has developed proprietary products, processes and information generation systems which includes development of reliable vendors and trained manpower, which together reflect the value proposition that True Influence brings to the B2B marketing eco system across the globe. Sustaining and nurturing this expertise and using it for harnessing commercial opportunities represents a legitimate interest of True Influence.

This Code of GDPR Compliance adopted by True Influence declares that True Influence is committed to the concept of “Privacy as a fundamental right of a citizen of a democratic society” across the globe and in good faith shall implement all the Privacy principles mandated under GDPR where it is applicable.

True Influence however discloses that it is its legitimate interest that it carries on a legitimate business operation across the globe as a B2B market intermediary and it is the democratic right of True Influence to carry on its business in good faith without being in conflict with the rights of the individual natural persons whose Privacy is sought to be protected under GDPR.
True Influence also discloses that its business model requires collection of only the Data of business entities which are outside the purview of GDPR and Business Contact data which is not personal data per-se but may include personally identifiable information in part but does not include personal data of children and Personal data that is classified as “Special categories” under GDPR.
GDPR Exposure True Influence Group is basically a “B2B marketing intermediary” which operates across the globe generating marketing leads and servicing clients in many countries. True Influence does not operate in the consumer market and hence does not either directly or indirectly collect personal information of EU data subjects. The data that True Influence collects is generally in the category of Business Contact Data of corporate employees which inter-alia contains the name, the work e-mail and work phone number.A part of B2B marketing leads are generated in the EU countries and in UK. Some of the Customers located in EU/UK may also avail the services of True Influence. Currently a majority of interactions with Customers is in US and a majority of interactions with Lead Generating business partners are in India.The GDPR exposure of True Influence is therefore recognized when Business Contact Data is collected from business organizations operating in EU/UK regions.
Approach to GDPR Compliance In order to enable application of as stringent a norm as feasible to the processing of Data which is exposed to GDPR Compliance Risk, True Influence adopts a policy to treat GDPR Sensitive Data (GSD) as “Sensitive Data” flowing through the True Influence’s resources by tagging the incoming data with a suitable tag to classify it as GSD where applicable.The Privacy protection of data subjects and Security of information related to Privacy protection in respect of the GSD tagged data is factored into the design of the support structure.Though data is processed in specific locations and the technical infrastructure for processing GSD are located in such specified locations, an enterprise level GDPR awareness has been created and will continue to be pursued so that the principles of this GDPR Code of Conduct percolates to the entire organization beyond GSD processing to include the Marketing, Financial, and Managerial functions which may be located in different locations with their own technical and administrative infrastructure.
In order to effectively implement the security for the entire data processing infrastructure, the Company has adopted a comprehensive information security policy which includes multiple sub policies regarding data access, processing storage, transmission etc.
Privacy Commitment True Influence recognizes that “Privacy” is an important democratic right in the civil society. As a responsible corporate entity, True Influence is committed to protection of Privacy of all individual natural persons whose personal data comes into the corporate data repository for processing.In view of the presence of Customers in EU/UK and the monitoring of activities of corporate employees residing in EU/UK, True Influence has chosen to adopt GDPR Compliance standards towards protection of Privacy of all natural persons who may interact with the Group even where such interaction is only in their capacity as employees of different business entities pursuing the business objectives of their respective business organizations.
Legitimate Interest The Core activity of True Influence involves processing of data related to purchase of different products for corporate use. The activity spectrum includes Collection, Aggregation, Analysis, Segmentation and intent monitoring. In the process of such processing, True Influence adds value to the raw data that is collected from the business environment and converts it into value added business decision aiding information.The Raw Data collected is recognized as data belonging to the data subject and to which the Data Subject’s rights under GDPR is applicable. The value addition to the data that occurs during the process arises out of the proprietary data processing capabilities of True Influence on which True Influence has a certain level of Intellectual Property Right claim.If any data has been pseudonymized, the value added pseudonymized data shall be considered as data on which True Influence has legitimate interest to use for further research. Non Pseudonymized data even in the value added state is subject to the exercise of Data Subject’s rights such as Access, Rectification, Restriction, Portability and Erasure. Pseudonymized data if any will not be classified as GDPR sensitive.
True Influence possesses a legitimate business interest as recognized under Article 6(1)(f) of the EU GDPR regulations, in the collection and processing of Business related data such as firmographics and Business Contact data of decision making officials in the business entities

Also, the business of True Influence involves operations within and outside EU countries and hence is exposed to statutory obligations of different countries related to Data Processing as well as other laws applicable to business in general and IT related activities in particular, as envisaged under Article 6(1)(c) of the EU GDPR regulations.

Further True Influence has adopted business practices for lawful processing incorporating the principles of EU GDPR as enunciated under Article 6, including obtaining informed explicit consent where required and adhering to the requirements of contractual obligations with the data subjects if any.

The policies of True Influence on Privacy and Data Protection are therefore structured with specific Privacy and Information Security controls that address the issue of identifying GDPR sensitive data at the stage of its origin and entry into the True Influence system and tagging them throughout its life cycle of processing.
Expanding the Scope of Compliance to the Data Processing eco-system Further, keeping the legislative intent of protecting the fundamental right to privacy of individuals, enunciated under EU GDPR, appropriate Technical and Organizational/Administrative controls are maintained to ensure that all down stream business associates who may have access to GDPR sensitive data for processing on behalf of True Influence are also GDPR compliant.True Influence recognizes that in most part of its operations, it is not a “Data Controller” but is a “Data Processor” for the purpose of GDPR. It may assume the role of a “Joint Controller” when it uses the services of sub-contractors for any part of its processing.Keeping these roles in view, True Influence’s policies and controls are structured to ensure GDPR compliance, including maintenance of appropriate Technical and Organizational/Administrative controls to keep itself duly informed about the GDPR compliance activities of its business partners and also sharing with them True Influence’s own GDPR Compliance measures as may be necessary.
Limitations of this Document The Following paragraphs provides the umbrella policy of True Influence for GDPR compliance at the Corporate level highlighting the approach of True Influence on achieving a satisfactory level of compliance of GDPR principles in its operations.This policy document is meant for limited sharing with stakeholders including business entities outside the True Influence and hence excludes proprietary information on the processing where it is essential to protect the Intellectual Property of the organization.Any request for disclosure of information beyond what is stated here will be addressed under the Data Disclosure Policy of True Influence and such requests may be directed to the Privacy Manager through a non reputable authenticated e-mail.

Part B: Specific Policy Outlines

Assigned Responsibility True Influence has designated Privacy Manager who will be the contact person to handle all Data Subjects requests and complaints. Considering the current level of risk exposure to GDPR sensitive data in the True Influence, it is considered that the core activity of True Influence does not involve a large scale and systematic monitoring of EU data subjects nor offering of any services to individuals in EU and hence there is no requirement to designate a “Data Protection Officer” as envisaged under GDPR.An Information Security Governance Committee (ISGC) will be overall in charge of Information Security including GDPR compliance. It will be the apex policy making body of True Influence responsible for laying down all information security policies including GDPR policy and will monitor the need to designate any person or a consultant as Data Protection Officer in due course.
Data Classification True Influence is not involved in marketing to any individual natural persons and hence does not normally collect personally identifiable data coming under the regulatory provisions of GDPR. However all potentially identifiable personal data such as e-mail address and phone number of an employee of an organization is classified as “GDPR Sensitive” if the business unit or the employee is known to be located in EU/UK.Accordingly, the entire Business contact data set associated with a physical location address in EU/UK is identified as GDPR Sensitive Data (GSD) and tagged during further processing within the organization.In the absence of the physical location information of the data subject, the physical location of the associated business organization would be considered relevant.
Data Audit Once before 25th May 2018 and thereafter at monthly intervals or as otherwise determined by the ISGC, stored data sets will be verified to locate any GSD and verify the compliance requirements associated with it such as whether the data needs to be archived, deleted or otherwise specially secured.Any GSD data set not accompanied by an appropriate “Consent” or “Legitimate Interest Note” will be recommended for deletion.
On confirmation, such data will be forensically deleted.
GDPR Impact Assessment A GDPR Gap assessment has been undertaken and corrective action has been implemented as required before 25th May 2018. After 25th May 2018, a Data Protection Impact Assessment (DPIA) will be undertaken whenever a significant new project is undertaken as and when the ISGC identifies the necessity.
New Business Acceptance Policy On or after 25th May 2018 all new business commitments involving processing of data will be subject to the approval of the ISGC with a specific GDPR Impact Assessment note submitted from DPO in consultation with the Technical team in charge of the processing.
GSD Data Storage Policy GSD shall be stored in systems which are accessed only by designated persons on a strict “Need To Know Basis”.Every GSD set shall be tagged with the Data Controller from whom it was sourced and who is responsible for the collection of the data under a consent or contract.Any specific restrictions associated with such data set shall also be tagged with the data set.
The Data storage shall enable individual data set to be located and processed for execution of any Data Subject’s rights such as request for data rectification, data portability, data erasure or data access at any time during its life cycle.
GSD Data Access Policy GSD shall be accessed as per the Access Control policy which ensures that each GSD data set shall have specific access parameters which defines who can access the data and how they access the data.
Only those who are designated as GSD work force shall be allowed access to the GSD data set.Use of access parameters such as Passwords shall be defined with a degree of complexity and uniqueness as may be required and supplemented with Encryption and Machine ID tags so that GSD data may be accessed only from specific hardware which are assigned to authorized GSD work force.Where data storage is on the cloud, only GDPR compliant cloud services shall be used along with additional controls as may be required in ensuring that data at storage and transit shall be protected from unauthorized access.

Project specific GSD shall be stored in such a manner that only employees associated with a given project get access to the data. Cross project access shall be regulated on a need basis.
GSD Data Retention Policy GSD shall be retained in active process environment only for the minimal period for which it is required for processing.Thereafter, the data shall be archived securely as per the requirement identified under legitimate interest for example until the project billing cycle is complete.Subsequently, data shall be continued in secure archiving or destroyed as per the identified legitimate interest requirements of the Company.
A monthly review of archived data shall be undertaken to identify data that is no longer required which shall be referred to ISGC for disposal instructions.

Legal obligations on data retention which may arise due to any overlapping legislations shall be factored into the legitimate interest assessment.
GSD Data Disclosure Policy Any request for disclosure of GSD shall ordinarily be received only from the source Data Controller.It is recognized that requests received directly from the data subjects are subject to phishing risk and such requests if any shall be referred to the corresponding Data Controller who collected the data from the data subject under a consent or contract that may exist between them.The data to be disclosed shall be sent only to the Data Controller for onward transmission to the Data subject after properly authenticating the identity of the representative of the Data Controller who makes the request.
In exceptional circumstances where data needs to be disclosed directly either to a data subject or his authorized representative or a law enforcement authority, adequate authentication of the identity of the person making the request shall be ensured.

All data disclosure requests are to be approved by the ISGC before release of the data and the request as well as the assessment documents shall be considered as required GDPR compliance documentation.
GSD Data Incident Management Policy An “Incident” under this code shall be any observation that has the potential to indicate that GSD compliance code or any policies or procedures there under has been violated whether or not any data is suspected to have been compromised.A whistleblower’s policy may be used to ensure that incidents are reported promptly by any observer either within the Company or outside.Any such incident which comes to the knowledge of True Influence shall be logged in a GSD Incident Management Register and referred to the DPO for immediate action.
The DPO shall review the incident report and take immediate steps to resolve the incident and also to report the incident to the ISGC.

The ISGC will convene a meeting expeditiously and evaluate the incident to identify if it involves any suspected data breach.
Where necessary, ISGC may order an immediate techno legal audit of for a risk assessment of the incident. Based on the risk assessment ISGC shall decide the need for further action including sending a data breach notification to the Data Controller associated with the Data.

An incident where GSD has been accessed by another employee of the organization is considered as a Security Incident and not necessarily a “Breach”. However, such incidents shall be investigated as to the cause of unauthorized access and if it is an unintentional accidental access it may be resolved with a suitable internal disciplinary action as per the HR policy.
If data has not moved out or accessed by an outsider, the incident may be classified as an internal data accident not amounting to a breach.

In the event the access or data moved out is known to be in encrypted form and was in a state in which it was undecipherable by the recipient, subject to suitable internal investigation as to the security of the associated decryption key, the access may be classified as an internal data accident not amounting to a breach.
GSD Data breach Notification Policy A “Data Breach” incident is an incident in which True Influence has after necessary investigation, come to the knowledge that access to any specific data set under GSD has been compromised and an external entity has come to access or send out a GSD set.Such data breach incident shall be immediately reported to the ISGC which shall without further delay notify the Data Controller associated with the data set along with relevant details of the incident.Such report shall specify the nature and extent of the breach, time and data of the breach, the details of the affected data subjects, action taken on the noticing of the breach etc.
Where necessary the data breach may be also reported to a supervisory authority.
GSD Data Subject’s Rights Management policy The True Influence data processing system has incorporated “Privacy and Security by design” so as to enable compliance of GDPR requirements particularly in respect of the Rights of the Data Subject provided under GDPR.In order to meet these rights of the data subject such as “Access”, “Rectification”, “Erasure”, “Portability” and Right to impose “Restrictions”, True Influence has enabled its GSD storage and access systems in such a manner that a data set belonging to a specified data subject may be extracted separately and processed.The system has therefore been designed to be compliant to the most stringent requirements of GDPR.
Whenever a request for exercising of such rights is received from a Data Subject, as per the Data disclosure policy, the request is first validated and then in case the data has been received from a Data Controller, the data controller would be requested to confirm the data disclosure.

Ordinarily the request is processed in communication with the data controller and if it is to be ported, it is returned back to the data controller.

In exceptional circumstances where True Influence has to handle the request of a data subject without the cooperation of the data controller, appropriate precautions will be taken to prevent a wrongful disclosure since it would be in the legitimate interest of True Influence to be indemnified against any possible wrongful disclosure.
GSD Data Transmission Policy GSD data may ordinarily flow into the system through an application interface (API). The access to the interface is through secure password access system augmented with a suitable second factor authentication where significant GSD risk is identified.The data transmission is on an encryption basis subject to management of transmission security covering known vulnerabilities.The application itself along with its inherent storage and processing elements and the API are secured against unauthorized access and malicious attacks by an appropriate malware and secured access management system
Where GSD set is transmitted to the Customer or Sub contractor also, the transmission is managed through encrypted communication channels either through an API or an encrypted e-Mail.
GSD Marketing use Policy When True Influence uses GSD for any marketing purpose either through Email or Telecalling or otherwise, care is taken to ensure that there is an appropriate consent or contract to enable such communication.True Influence also insists that its partners both the lead generators, sub contracting processors and customers do not use the GSD except as per the available permissions.Where an unambiguous consent is not available, no business contact data is collected from the lead generators or passed onto the customers or processed through the sub contractors.
Such data is killed at the first instance when it enters the True Influence system and identified as a “GSD without proper processing consent”.
GSD Consent Policy All information classified as GSD by virtue of the data subject being located in EU/UK or his/her employer being located in EU/UK shall be accepted only if the data subject has provided an explicit consent based on the format as required under GDPR.In the pre-GDPR scenario, such consents had been generally collected under the principles of Personal data processing which included a Privacy Notice. Such Privacy Notice indicated what information was being collected, the purpose of collection, the time for which it would be retained, how it would be secured, whether the information was accurate, whether it would be transferred out of EU for processing etc., Some of the consents were based on the “Opt-in” principle as a default setting.Under GDPR, it is essential that personal data is collected only on the basis of an Explicit Consent where “Opt-Out” is the default option and only on the basis of an affirmative action indicating acceptance, the consent would be accepted.
Additionally, the Privacy notice should also indicate that the Data subject has certain rights such as “Right to be informed of the identity of downstream processors”, “Right to access and rectification”, “Right to Portability and Erasure”.

In view of the new requirements, all consents obtained in the pre-GDPR format shall be considered as invalid and such data would be discarded by True Influence.

External Publishers who generate Leads for True Influence shall confirm through their contracts that they would provide only leads generated with the new form of consent in case the data subject is located in EU/UK.
GSD Stakeholder Communication Policy True Influence operates through many external organizations who are stake holders in True Influence GDPR compliance program. Such organizations includes its Customers, Lead Generators, Sub-Contractors etc.For effective compliance, no GSD data should be exchanged in any communication with the stakeholders except through secure transmission and to authorized representatives only.While the communication through API is controlled by the access policy, any other communication through e-mail should be controlled with an Email Communication policy.
Essentially an Email Communication policy shall define that sharing of any GSD or GDPR compliance information with a stake holder shall be only through a notified contact Email address who will be in most cases the DPO of the other organization,
Where necessary the Email communication may be encrypted and authenticated with a digital signature.
GSD Legitimate Interest identification Policy True Influence recognizes that certain rights of the data subjects such as Data Erasure or Data Rectification could be in conflict with the legitimate interest requirements of True Influence or may be in conflict with the data retention laws which may be otherwise applicable for the data in view of other legislatory obligations.In call cases of Data Subject’s Rights being implemented, True Influence would evaluate the request before taking further action. In the event True Influence recognizes a need to refuse the request or modify it for acceptance, the reasons would be documented and a GSD Legitimate interest note would be developed by the ISGC.Where the data is not required to be active, it may be archived securely until the legitimate interest expires.
The reasons for exercising legitimate interest argument for processing the data subject’s request shall be conveyed to the Data Controller who is responsible for the Data Subject for onward transmission to the data subject.
GSD People Management Policy GSD will be considered as a data set that requires exclusive and special attention in terms of information security while it is in the custody of True Influence.Hence, GSD would be suitably tagged and processed on a need to know basis by a specially trained set of employees.These employees and the systems in which GSD would be stored, accessed and processed would be managed securely considering the level of risk that is associated with GSD.
Assignment of people to this GSD processing and their removal shall be managed with the appropriate security measures including a higher level of back ground verification, training, physical access identities, sanction policies etc.

The HR policies need to be appropriately upgraded for the GSD workforce as may be required.
GSD Pseudonymization Policy It is recognized that Pseudonymization is a strategy to reduce the risks in the processing of GSD.Pseudonymized personal data is not considered as “Personal Data” for the purpose of GDPR regulation provided the Pseudonymization process is adequately structured.In view of the current level of exposure of its operations to the GDPR Risks True Influence has not considered it necessary at present to use Pseudonymization as a strategy for risk mitigation.
GSD DRP-BCP Policy True Influence recognizes the importance of an effective Disaster Recovery and Business Continuity plan for its operations including the operations involving GSD processing.True Influence will maintain adequate back up of GSD data and reasonable ability to maintain Business Continuity in case of any contingency.
GSD Compliance Documentation Policy The measures of GDPR compliance shall be documented so that they would be available for review.The Compliance documentation shall be retained for a minimum period of 6 years since its creation.In the event any document is a potential evidence for law enforcement requirements or for defending the legitimate interest of True Influence, such document would be retained as long as the requirement persists.
GSD Audit policy An Internal Security audit team of True Influence shall audit the information assets of True Influence at least once in a year to assess the level of security and compliance to GDPR and other regulatory requirements.External audits may be considered on the basis of an assessment by the ISGC whenever a substantial change in business profile occurs.True Influence reserves the right to conduct an audit of the facilities of any of its sub-contractors to ensure compliance as per the contractual obligations.
True Influence however recognizes that the empowerment to audit a sub contractor’s facilities is an enablement and shall be used only under exceptional circumstances. This does not reduce the responsibility of the sub contractor to meet the compliance requirements at their end as per the contractual assurances provided.
GSD Grievance Redressal PolicyTrue Influence will provide a multi level Grievance redressal policy to redress disputes if any with any data subject. Such grievances will be addressed by the DPO at the first level, the ISGC at the second level and an Online Dispute Resolution Committee set up for the purpose by the Board at the third level.Any queries from a GDPR supervisory authority shall be handled by the DPO and escalated to the ISGC where required.Any disputes with the Customers, Publishers or Sub Contractors shall be handled as per the respective contractual agreements
Network Security Policy In order to ensure that the IT infrastructure used by the Company is secure, True Influence shall adopt a robust information security policy inclusive of Firewalls, Intrusion Detection Systems, Malware Prevention system, and System Patching, etc. As required.A designated Information Security Manager shall be responsible for maintenance of Network security.

Designated Contact

Until further notice, Mr. Ray Estevez, located at the True Influence LLP, US office, is the designated Privacy Manager, and he would be available at [email protected]

P.S: This Code is subject to revision from time to time.