TraceGains Emergency Page

PRIVACY POLICY

Effective May 17, 2018

This Privacy Policy (“Policy”) is here to help you understand how we collect, use, disclose, and process your personal data. We also describe your choices and rights with respect to how we process your personal data. Please read this Policy carefully.

WHO WE ARE

This is the Policy of TraceGains, Inc. (“TraceGains,” “us,” “our,” or “we”), a Delaware corporation with offices at 10385 Westmoor Dr., Bldg. 5, Suite 200, Westminster, CO 80021. You can contact us here.

APPLICABILITY

This Privacy Policy applies to our “Services,” which include our websites that link to/post this Privacy Policy, including any subdomains or mobile versions (the “Site(s)”) and mobile applications (the “Mobile App(s)”).

AGREEMENT

This Policy is incorporated into the Terms of Use governing your use of any of our Services. Any capitalized terms not defined in this Privacy Policy will have the definitions provided in our Terms of Use.

Following notice to you or your acknowledgement of this Privacy Policy (including any updates), your continued use of any of our Services indicates your consent to the practices described in this Policy.

THIRD PARTIES

TraceGains is revolutionizing information exchange across the supply chain by connecting TraceGains customers with their suppliers (collectively, the “Clients”). TraceGains delivers full-service supplier, compliance, and regulatory document management services. Our solutions address the unique needs of the food and beverage industry by connecting partners, collecting critical documents, and capturing data to predict and reduce risk. In each case, we provide a platform for use by Clients, and this Policy reflects the data processed and activities undertaken through our Services. However, the Policy does not apply to the Client’s own uses of your data, including processing they may choose to undertake that is not described in, or different from, this Policy.

This Policy also does not apply to information processed by other third parties, for example, when you visit a third- party website or interact with third-party services, unless and until we receive your information from those parties. Please review any third parties’ privacy policies before disclosing information to them. See our list of third parties for more information regarding our sources and recipients of personal data.

COLLECTION AND USE OF PERSONAL DATA

Data We Collect

We collect and process the following types of information, including data that relates to identified or identifiable individuals (“Personal Data”) (note, specific Personal Data elements listed in each category are only examples and may change):

Identity Data: Personal Data about you and your identity, such as your name, username, company affiliation and title, and other Personal Data you may provide on applications, registration forms, or as part of an account profile.

Contact Data: Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or communications platform usernames/handles, as well as a name or other salutation.

Device Data: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar

browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.

Custom Content: Information that a user provides in a free text or other unstructured format, or pursuant to custom fields created by a Client; this may include Personal Data to the extent provided by the user.

Processing of Personal Data

Service Use

Data: Users may access, view, and engage with certain areas of our Services, including but not limited to support communities and message boards. When you participate in these Services, we process certain Personal Data, which typically includes Identity Data, Contact Data, and Custom Content that may be provided. Any materials you choose to share on such public areas of the Services are public and non-confidential.

Uses: Depending on the public service in use, we may use Identity Data and Contact Data as necessary to enable posts and communications on our public Services. Subject to Your Rights and Choices, we may also use Identity Data as part of our efforts to improve our Services, and on behalf of the Client, we may process Identity Data and Contact Data in connection with marketing communications.

Client Application/Registration

Data: Clients may submit inquiries, company and product information, requirements, and offerings through our Services. When you submit an application relating to either a Supplier or Customer, we process certain Personal Data on behalf of the Client, which typically includes Identity Data, and Contact Data, and if requested by the Client, Custom Content.

Uses: On behalf of the Clients, we use all Application/Registration data as necessary to provide our Services to the Clients, including in connection with the assessment of applications and prospective applicants, and as necessary to create, maintain, and provide you with important information about your account and the products and services you may be offering as a Supplier or soliciting as a Customer. Subject to Your Rights and Choices, we may also use Identity Data, Contact Data, and Custom Content on behalf of Clients: (i) in connection with the maintenance of Client records; and (ii) to provide marketing or other communications between customers and suppliers.

Client Comments, Messaging & Custom Content

Data: On behalf of the Clients, we process Identity Data, Contact Data, and if provided, Custom Content when you use our Services to fill out forms relating to products offered or sought, message a Client, or if you otherwise submit any Custom Content (e.g. on a comment board or other free form content submission form).

Uses: On behalf of the Clients, we use Identity Data and Contact Data as necessary to carry out the processes you request. Subject to Your Rights and Choices, we may also use Identity Data to improve our Services and, on behalf of the Client, we may make certain Custom Content and Identity Data contained in Client profiles available on our site for viewing by other Clients, and we may process Identity Data and Contact Data in connection with marketing communications.

Note: We do not screen messages, comments, or other postings for personal or inappropriate content.

Mobile Apps

Data: If you use our Mobile Apps in connection with our annual conference (“TGCon”), we may process certain Personal Data, which typically includes Identity Data, Contact Data, and Device Data. Note, you may also be able to view other attendees, connect on social media, and receive additional speaker information through our Mobile App.

Uses: On behalf of the Clients, we process the Identity Data, Contact Data, and Device Data as necessary to deliver the Service and fulfill your requests. Subject to Your Rights and Choices, we may use the Identity Data, Contact Data, and Device Data to improve our services.

Cookies and Similar Technologies

Data: We, and certain third parties, may process Device Data when you interact with cookies and similar technologies. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.

Uses: In connection with our legitimate interests in providing and improving the user experience and efficiency of our Services, and understanding information about the devices and demographics of visitors to our Services, we use this information (i) for “essential” or “functional” purposes, such as to enable various features of the Services such as your browser remembering your username or password, maintaining a session, or staying logged in after a session has ended; and (ii) for analytics and site performance purposes, such as tracking how the Services are used or perform, how users engage with and navigate through the Services, what sites users visit before visiting our Services, how often they visit our Services, and other similar information.

Note: Some of these technologies can be used by third parties to identify you across platforms, devices, sites, and services. Clients may also have access to information, such as reports and analytics, generated through these Services.

Marketing Communications

Marketing Communications

Data: We may process Identity Data and Contact Data in connection with email marketing communications, including (i) on behalf of Clients, when you register for an account, and choose to enroll, or are enrolled by the Client, to receive marketing communications; (ii) on behalf of Clients, when you open or interact with, a Client’s electronic marketing communications; (iii) on our own behalf when you contact us directly, or express an interest in our products and services; and (iv) on our own behalf when you open or interact with our marketing communications.

Uses: We use Identity Data and Contact Data as necessary to provide marketing communications, and consistent with our legitimate business interests, we may send you marketing and promotional communications if you sign up for such communications or purchase services from us. See Your Rights and Choices for information about how you can limit or opt out of this processing.

Additional Processing

If we process Personal Data in connection with our Services in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to Your Rights and Choices) unless otherwise stated when you provide it.

Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the Data Sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

DATA SHARING

Generally

Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer Personal Data to the following categories of recipients:

Clients:We process data on behalf of Clients, and may share your Personal Data with Clients to the extent such information was provided to us for processing on the Client’s behalf. For example, any forms, applications, messages, or other material may be processed by us for Clients, and all Personal Data processed on behalf of the Client may be available to the Client and its users. These parties may engage in direct marketing, or other activities that are outside our control.

Service Providers: In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf.

Affiliates: In order to streamline certain business operations, develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Corporate Events: Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Legal Disclosures: In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

YOUR RIGHTS & CHOICES

Your Rights

To the extent required under applicable law, and subject to our rights to limit or deny access/disclosure under applicable law, you have the following rights in your Personal Data. You may exercise your rights by contacting us at the address below.

Access:You may receive a list of your Personal Data that we process to the extent required and permitted by law.

Rectification: You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Service via your account settings menu.

Erasure: To the extent required by applicable law, you may request that we delete your Personal Data from our systems.

Data Export: To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.

Direct Marketing: Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. This request must be written, signed, and mailed to us.

Regulator Contact: You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.

We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity.

Your Choices

It is possible for you to use some of our Services without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process:

Consent:If you consent to processing, you may withdraw your consent at any time, to the extent required by law.

Direct Marketing: You have the choice to opt-out of or withdraw your consent to processing related to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.

Cookies & Similar Tech: If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You must opt out of third party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Service, the Google Privacy Policy, or Google Analytics Opt-out. To learn more about how to opt out of Google’s use of cookies, visit Google’s Ads Settings, here. Please note, at this time, our Service does not respond to your browser’s do-not-track request.

Other Processing: You may have the right under applicable law to object to our processing of your Personal Data for certain purposes. You may do so by contacting us re: data rights requests. Note that we may not be required to cease processing based solely on an objection.

Note Regarding Clients’ Data

TraceGains is a processor of Personal Data in our Clients’ possession. We may notify Clients of your data rights requests, however, we may be unable to directly fulfill rights requests regarding Personal Data unless we control or have the necessary rights of access. TraceGains may not have access to or control over all or some Personal Data controlled by Clients. Please contact the Client directly for data rights requests regarding Client-controlled information, and we will assist the Client as appropriate in the fulfillment of your request. Please note that, to the extent we make interfaces available for you to directly control your data, these will take effect only with respect to the data on our Service, and Clients may have additional copies of this information that is outside of our control.

SECURITY

We follow and implement reasonable security measures to safeguard the Personal Data we process. However, we sometimes share Personal Data with, or process data on behalf of third parties, as noted above. While we may require our service providers to follow certain security practices, we do not have control over and will not be liable for third parties’ security processes. We do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.

Data Retention

We retain Personal Data for so long as it remains relevant to its purpose, and in any event, for so long as is required by law. As we process Personal Data on behalf of Clients, we may retain information for the periods requested by the

Client or delete information at the Client’s request. We will review retention periods periodically, and if appropriate, we may pseudonymize or anonymize data held for longer periods.

MINORS

Our Services are intended for use by Clients, and are neither directed at nor intended for direct use by individuals under the age of 16. Further, we do not knowingly collect Personal Data directly from such individuals. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Services if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.

INTERNATIONAL TRANSFERS

We operate and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law.

EU-U.S. PRIVACY SHIELD

We comply with the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Furthermore, we require third party recipients of EU residents’ Personal Data to agree to respect these principles, and we accept liability for third parties’ processing of EU residents’ data to the extent required by law.

If there is any conflict between this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view the certification page, please visit https://www.privacyshield.gov. You may view the list of Privacy Shield companies here.

We encourage users to contact us if you have any concerns about our compliance with this Privacy Policy and the Privacy Shield Framework. In compliance with the EU-U.S. Privacy Shield Principles, we commit to resolving complaints about your privacy and our collection or use of your Personal Data. EU residents with inquiries or complaints regarding this Privacy Policy should first contact us at the address below. We will respond to complaints from EU residents within 45 days.

If any complaints by EU residents cannot be resolved informally, we have agreed to participate in the dispute resolution procedures of the panel established by the European Union Data Protection Authorities pursuant to EU- U.S. Privacy Shield principles. Residents with unresolved complaints may refer them to EU Data Protection Authorities as described here.

Under certain circumstances, these dispute resolution processes may result in your ability to invoke binding arbitration. As a U.S. company, we are also subject to the investigatory and enforcement power of the FTC regarding our compliance with the Privacy Shield Framework and this Privacy Policy, and users may direct complaints to the FTC in the event the dispute resolution processes described above is unsatisfactory.

CHANGES TO OUR PRIVACY POLICY

We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your acknowledgement of these changes, or use of the Services following notice of any changes (as applicable) indicates your acceptance of any changes.

CONTACT US

Feel free to contact us with questions or concerns using the appropriate address below.

General inquires:

legal@tracegains.com

Physical address:

TraceGains, Inc.

 

10385 Westmoor Dr., Bldg. 5, Suite 200,

 

Westminster, CO 80021

LIST OF THIRD PARTIES

Unaffiliated Parties and Partners

The following is a list of unaffiliated third parties with whom we may share data or which may engage in processing: Asana – receives data for internal project management

DocuSign – receives data for document management Dropbox – receives data for document storage

Engagio – receives data for customer records management and marketing FileZilla - receives data for document transfer and storage

Flexential – receives data for hosted services

Google Analytics – shares data with us for usage analytics

Hubspot – receives data for customer records management and marketing Microsoft – receives data through Office 365

Salesforce – receives data for customer records management SkyPrep – receives data for online learning management Survey Monkey – receives data for surveys

Usersnap – receives data for online learning tools WalkMe – receives data for online learning tools

ZenDesk – receives data for online knowledgebase and support request management

Note that this list may not always reflect the most recent third party sharing agreements and may be subject to change.

Copyright 2019 TraceGains, Inc.