TrustCloud may collect, use, store or transfer personal information (i) submitted voluntarily by its website visitors as a result of browsing the web pages; and (ii) business interactions with its former, existing and prospective Customers with whom it has/had a contractual relationship. This may be classified in the following categories:

1. Identity Data: personal identifiers such as first name, last name and employment information including title or role in the company.
2. Contact Data: including billing address, delivery address, email address, telephone numbers.
3. Business Data: details about our various interactions with Customers for business purposes and other form written or verbal communications, that may be shared by TrustCloud with its group entities for purposes of providing the TrustCloud services and internal business management.
4. Technical Data: including internet protocol (IP) address, your login data, browser type and version, time zone setting and, where necessary, geolocation information, browser plugin types and versions, operating system, platform and other technology on the devices you use to access our various website, platform or other TrustCloud services.
5. Profile Data: including usernames, passwords, and other login credentials and online identifiers used in relation to the Services.
6. Usage Data: including information on how you use our Services.
7. Marketing and Communications Data: including (i) advertising information by electronic means, on offers, products, recommendations, services, promotional items and loyalty campaigns of TrustCloud and third parties with whom TrustCloud has signed a contractual agreement with, (ii) the extraction, storage of data and marketing insights for purposes of tailoring our marketing communication.

TrustCloud uses your personal information for the following purposes:

1. Provide identity orchestration and custody of secure transaction services to you and operate our business;
2. Maintain and improve our products and services on the website and/or platform;
3. Administer your account;
4. Investigate, prevent or take action against prohibited or illegal activities, suspected fraud, security threats, including any abuse or violation of our terms and conditions;
5. Process, monitor and update any request for information, pre-contractual or contractual, respond to comments and questions;
6. Analyse and research how you interact with our websites and/or platform;
7. Communicate with you about products, services, offers, promotions, loyalty programmes offered by TrustCloud;
8. Maintain the integral and centralised management of Customer data within TrustCloud group entities;
9. Exercise legal rights, defend legal claims or comply with our legal and regulatory obligations;
10. Monitor and assess compliance with our policies and standards;
11. For any purpose related or ancillary to the above or any other purpose for which your personal information has been provided to us.

TrustCloud Services may, as necessary and appropriate for the purposes, disclose and make available Customer data and/or personal information to the third parties listed in this section.

1. Within our corporate organisation. The TrustCloud Group is a corporate organisation that consists of several legal entities, business processes, management structures and technical systems. The contracting entity may share your personal information with the parent entity or its affiliate entities, as the case may be, for purposes of providing the TrustCloud services, location customisation and internal business management.
2. Vendors and service providers. We may disclose the personal information we collect to our service providers and processors who perform certain functions on our behalf, always within the legal framework. These may include professional advisors (including but not limited to legal counsel, auditors and business consultants) and third-party suppliers, business partners and sub-contractors for business administration, support, IT and hosting services, information security and analytics providers.
3. Third-Party Analytics and Tools. We use third-party analytic companies that collect usage data (using cookies, pixels and similar tools) about our services in order to provide us with reports and metrics to evaluate usage of our services, determine the popularity of certain content and improve performance and user experiences. For more information about how these companies use your personal information, please visit:
   • Google Analytics – (https://policies.google.com/privacy?hl=en)
   • Adobe Analytics – (https://www.adobe.com/privacy.html)
   • Session Cam – (http://www.sessioncam.com/privacy-policy-cookies)
   • Userzoom – (https://www.usertesting.com/privacy-center/privacy-policy)
4. Advertising and Analytics Services. We work with third parties, such as ad networks, analytics and measurement services, to deliver advertising and content targeted to your interests, better understand your online activity and evaluate the success of such ads and content. We may share certain information with these third-party ad companies, and we may use cookies, pixel tags and other tools to collect usage and browsing information within our website and/or platform, as per the terms of our Cookies Policy. For more information about how these companies use your personal information, please visit:
   • Salesforce DMP – (https://www.salesforce.com/products/marketing-cloud/sfmc/audience-studio-privacy/)
   • Facebook – (https://www.facebook.com/privacy/policy)
   • Doubleclick – (https://policies.google.com/technologies/ads)
5. Corporate Transactions. In the event of a corporate sale, merger, reorganisation, dissolution or similar event, any personal information and other data we process on your behalf may become a part of the assets we transfer or share in preparation for any such transaction. Any acquirer or successor of TrustCloud may continue to process personal information in accordance with this Privacy Policy and within the legal framework.
6. Fraud Detection and Prevention. We may disclose personal information to prevent, detect, investigate and respond to fraud, unauthorised activities and access, illegal activities and misuse of TrustCloud Services.
7. Regulatory Compliance. We may disclose personal information to any competent law enforcement body, regulatory, government agency, police, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation; or (ii) to exercise, establish or defend our legal rights.

In order to provide the TrustCloud Services on the website and/or platform, we may process your personal information based on one or more of the following grounds:

1. where you have given us your consent to process your personal information and/or in the case of a business, obtained valid explicit consent from your individual end-users to process their personal information;
2. for the performance of our contract with you or your company, or to take steps at your or your company’s request before entering into a contract;
3. where use of your personal information is necessary for our legitimate interests or the legitimate interests of others. A “legitimate interest” is when we have a business or commercial reason to use your personal information, as long as this is not overridden by your own rights and interests.
4. to comply with our legal and regulatory obligations.

1. Retention. TrustCloud will retain personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer or shorter retention period is required for purposes of regulatory compliance, legal obligation or upon the written instructions of a Customer.
2. Transfers. We take measures to help protect your personal information when it is transferred from the EEA and United Kingdom to third countries. We may rely on the European Commission adequacy decisions and where applicable, or the European Commission model clauses in our contracts with third parties that receive information from both inside and outside the EEA to ensure effective levels of data protection or in any of the legal mechanisms applicable at any time.

TrustCloud uses commercially reasonable physical, electronic and procedural safeguards to protect your personal information against loss, theft, misuse and unauthorised access, disclosure, modification, deletion or destruction. However, no security program is foolproof, thus TrustCloud cannot guarantee the absolute security of your personal information and other data. For more information about our security program, please refer to our Information Security Policy. Furthermore, if you think you have identified a security vulnerability or bug in the TrustCloud services, please report it to the TrustCloud Cybersecurity Team at cybersecurity@trustcloud.tech.

Under certain circumstances by law, you have the right to:

1. Request access to your personal information (commonly known as a “data subject access request”);
2. Request for a copy of your personal information in a structured, commonly used and mechanically readable format, or where applicable, request TrustCloud to transmit this personal data to another controller or third-party;
3. Request correction of the personal information that we hold about you;
4. Where appropriate, withdraw consent that was obtained to process your personal information on condition that such withdrawal will not affect the lawful basis of processing such personal data prior to the withdrawal.
5. Object to the processing of your personal information unless processing is required to exercise and defend legal claims. You also have to right to object where we are processing your personal data for direct marketing purposes;
6. Request erasure of your personal information where it is no longer necessary for the purpose for which it was collected, in which case TrustCloud will cease the processing activity, save for cases where the data is required for the exercise and defence of legal claims;
7. Request the restriction of processing your personal information, for example to establish its accuracy or purpose of processing. In this case, the personal data may only be processed with your consent unless processing is required to (i) exercise or defend a legal claim; (ii) protect the rights of another natural or legal person; or (iii) for reasons of public interest.

If you wish to exercise any of the rights set out above, please contact us on dpo@trustcloud.tech. If you prefer to contact us by mail, please write to TrustCloud, ATTN: Paseo del Club Deportivo, 1 Building 15A. 28223 Pozuelo de Alarcón, Madrid, Spain. For more information about your rights, please read the information on (https://trustcloud.tech/compliance/).

You have the right to make a complaint at any time to the Spanish Data Protection Agency (AEPD) on (https://www.aepd.es/en) for any data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the AEPD, so please contact us in the first instance.

This Privacy Policy, the TrustCloud website and/or platform may contain reference links to websites operated by third parties. These links are provided for convenience only and are not subject to our control. We are not responsible for the content published on such third-party websites and we do not review, approve, monitor, endorse or warrant any representations with respect to or in connection with them. In no event shall we be responsible for your use of or inability to use such third-party website. Any access to third-party websites shall be at your own risk and you acknowledge and understand that linked third-party websites contain terms and privacy policies independent of ours. TrustCloud disclaims liability for any loss, damage and any other consequence resulting directly or indirectly or relating to your access to the third-party website.

1. The website visitor and/or Customer is obliged to make good use of the TrustCloud website and/or platform, in accordance with relevant applicable law, good faith and public order.
2. The website visitor and/or Customer undertakes to refrain from the improper use of the TrustCloud website and/or platform including but not limited to the following manner: (i) for fraudulent purposes or perpetration of any other illegal activity, (ii) with the aim of damaging, rendering useless, overloading, spamming, mailbombing or impeding, in any way, its normal use and operation.
3. In the event that a website visitor/Customer violates the Privacy Policy, Cookie Policy, Terms and Conditions or any other terms of service contained in the TrustCloud website and/or platform, we reserve the right to restrict, suspend, block or terminate your access and use of the TrustCloud services through any technical measure deemed necessary to do so.

1. Domain Name. TrustCloud Inc. is the registered proprietor of the TrustCloud website and platform on which the TrustCloud Services are provided.
2. Intellectual Property Assets. All copyrights on the TrustCloud website and platform are reserved to the TrustCloud Group. The design of the portal, its source code, logos, trademarks and other distinctive marks published on such media belong to TrustCloud and are protected by the corresponding intellectual and industrial property rights.
3. Restrictions. The reproduction, distribution, transformation, manipulation, public communication or any other act of total, partial, free or onerous exploitation of the texts or any other content appearing on the TrustCloud website and/or platform is strictly forbidden without the written authorisation of TrustCloud.
4. Modifications. TrustCloud reserves the right to carry out, at any time and without prior notice, modifications, variations, or deletion of any content in the TrustCloud website and/or platform and presentation of the same as necessary, either temporarily or permanently, for the effective delivery of TrustCloud Services.