Protecting your privacy

Welcome to the TrustArc Global Privacy Program

Our privacy program includes cross-functional stakeholders across Legal, Security, Product, and Executives across the company. As privacy advocates, we work diligently to ensure our compliance efforts, internal and external policies, and company practices meet applicable regulatory and industry frameworks such as:

GDPR

The General Data Protection Regulation ("GDPR") is a European Union ("EU") law regarding data protection and privacy for individuals within the EU. TrustArc maintains a comprehensive GDPR program as set out in the EU data protection requirements. To the extent TrustArc engages in processing of personal data subject to the GDPR on behalf of the Customer, we will do so as required under Article 28 of the GDPR.

CPRA

The California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively referred to as "CCPA") grants Californians additional rights and protections regarding how businesses may use their personal data. TrustArc maintains a comprehensive compliance program and to the extent TrustArc engages in processing of personal data subject to the CCPA on behalf of the Customer, we will do so in accordance with the applicable requirements of the CCPA. For more information about our compliance with the CCPA, see TrustArc’s Privacy Policy.

LGPD

The Brazilian Data Protection Law ("LGPD") regulates the processing of personal data in Brazil and/or of individuals located in Brazil at the time of collection. To the extent TrustArc engages in processing of personal data subject to the LGPD on behalf of the Customer, we will do so as required under Articles 33 through 36 of the LGPD.

International Data Transfer

All data processed in the TrustArc platform is by default hosted in the Amazon Web Services. Please refer to our Sub-processors and Affiliates disclosure here for more information on our data hosting locations. For residents of the European Union, the European Economic Area, and/or Switzerland our Data Processing Addendum (“DPA”), available here incorporates Standard Contractual Clauses with references to Regulation (EU) 2016/679 and Swiss Federal Act on Data Protection of 19 June 1992 to continue to protect transfer of data from these regions. For residents of the United Kingdom, TrustArc complies with its obligations under the UK Addendum, also incorporated in our DPA.

TrustArc also participates in the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. Data Privacy Framework ("UK Extension"), and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF"), having self-certified to the U.S. Department of Commerce our adherence to the Data Privacy Framework Principles. For more information about our participation, please refer to our TrustArc’s Privacy Policy.