Trustev Limited Privacy Policy

Effective September 24, 2021

Introduction

Your personal data is data which by itself or with other data available to us could be used to identify you. We are Trustev Limited ("Trustev", "we", "us" or "our"), the data controller. This Privacy Policy describes how we collect and use your personal data and your rights which may apply under European data protection laws.

Trustev assists businesses ("Customers") to digitally identify fraud and other suspicious behaviours and protect consumers ("Consumers") from becoming the victims of fraudulent behaviours. While Trustev is a 100% subsidiary of TransUnion LLC, this privacy policy is applicable only to Trustev, an Irish registered company.

The privacy of Customer and Consumer personal data is important to Trustev.

Please carefully read this policy to get a better understanding of:

This policy applies to our applications, services, processes and websites (collectively "the Services") that link to this policy or do not have a separate privacy policy. Any changes made to this policy will be posted on this site. Customers will also be notified directly of any material changes.

The types of personal data we collect

Consumer personal data

Our Customers provide us Consumer personal data to be used for fraud prevention via multiple technologies which are installed on their relevant sites.

This personal data may include email addresses, telephone numbers, billing or shipping addresses, payment details such as transaction value, volume, BIN number and order status.

Our Customers may also provide us information collected from their website interactions with Consumers such as device identifiers, device attributes, URL's and IP addresses.

Customer personal data

We may also collect Customer personal data including:

How we use this data: the legal basis and purpose

We process Consumer personal data in order to provide the Trustev Services to our Customers. This is to fulfil our contract with Customers and to exercise our and our Customer's legitimate interests. These legitimate interests include our Customer's and our interests to prevent fraud and to ensure that Consumers can be authenticated by our Customers as well as our, and our Customers' fundamental rights and freedoms, including our freedom to conduct a business and our, and our Customers', right to property. We may also process data where required by EU or Member State law or where we are required to obtain consent.

The Trustev Services include but are not limited to:

How your data is shared

With third parties

We may share personal information collected through our Website and Services in the following ways:

Information we share with our group companies: We may share your personal information with other members of the TransUnion group of companies for purposes consistent with this Privacy Policy. These may include such companies as TransUnion LLC, iovation, Inc, and iovation Limited.

Information we share with our customers: In making the internet a safer place, we may share personal data with our customers. Our Customers provide the online services that Trustev protects from online fraud and abuse.

Information we share with our service providers: We may also engage certain trusted third-party service providers, consultants or vendors to assist us in the provision of the Website and Services, including email lookup, IP lookup, mobile lookup, customer service and billing. Pursuant to appropriate agreements, confidentiality and security measures, Customer and/or Consumer personal data may be shared with third-parties in compliance with this policy. We will only share your personal information with third parties to the extent necessary to perform such functions and in accordance with the purposes set out in this Privacy Policy and applicable laws.

Information disclosed in connection with business transfers: In the event of a corporate sale, merger, reorganization, acquisition, dissolution, financing or other similar event, your personal information may be shared or transferred in connection with, or during negotiations of, such event or transaction.

To protect our rights, users, systems, and services: Trustev may disclose personal data to protect our rights, users, systems, and services.

Information disclosed for legal purposes and the protection of others: We may disclose personal information to a third party where we are legally required to do so in order to comply with applicable laws, regulations, legal process or governmental requests. We will also disclose personal information to the extent we believe necessary or appropriate: (i) to respond to claims, judicial orders, subpoenas, warrants or other process issued by a court of competent jurisdiction; (ii) to protect the vital interests of any person; (iii) to exercise, establish or defend our legal rights; and (iii) to stop any activity we consider illegal, unethical or legally actionable.

International transfers

Trustev carries out business activities supporting our Customers in multiple jurisdictions, some of which are not located in the European Union ("EU"). Countries outside the EU do not always have strong personal data protection laws. Where we transfer personal data from the EU to other countries in which applicable laws do not offer the same level of personal data privacy protection as the EU, we take measures to provide appropriate safeguards are in place to protect your personal data.

For example, we use approved standard contractual clauses, intragroup agreements and other measures designed to ensure that the recipients of the Customer or Consumer personal data protect it appropriately. We take steps to ensure that the Customer or Consumer personal data we collect is processed according to this policy and the requirements of the applicable law wherever the Customer or Consumer personal data is located. Please contact us at PDLTrustEvPrivacy@transunion.com if you require further information on this matter or would like to know the means by which to obtain a copy of the appropriate safeguards or where they have been made available.

Please note that where EU personal data is transferred outside of the EU (and EEA) by Standard Contractual Clauses, to be processed by our vendors and other third parties, individuals whose data is processed by those non-EU vendors and other third parties shall have the right to request a copy of those Standard Contractual Clauses. In the event that you seek to request a copy of those clauses, please contact those businesses to receive a copy.

How your data is retained and secured

Criteria used to determine retention periods

The following criteria are used to determine data retention periods for your personal data:

We retain personal data for as long as we reasonably require it for legal or business purposes:-

Typically, our retention of data within our EU based services is two years from the date that Trustev collects that data.

We will also retain your personal data as long as necessary to deal with your queries and for as long as you might legally bring claims against us. We will take all necessary steps to ensure that data privacy is maintained for the period of retention. For further details on retention, please contact PDLTrustEvPrivacy@transunion.com.

Security

We recognize that online security and data protection is an area of vital importance. Trustev is committed to protecting the security of the personal data you share with us or we otherwise process about you. In support of this commitment, we have implemented appropriate technical, physical and organisational measures to ensure a level of security appropriate to the risk.

As the security of some communications via the internet is not completely secure, we cannot guarantee the security of any information that you disclose using your internet connection. You accept the inherent security implications of using the internet and that Trustev is not responsible for the security of communications sent over the internet.

Your data protection rights under GDPR

If you are a data subject resident in the EU and United Kingdom you have a number of rights under the EU Data Protection Regulation and/or the UK Data Protection Act 2018 which are outlined below. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to any request you may make if we are relying on any such exemptions.

Who to contact

Trustev is committed to ensuring full transparency in its data processing activities and for the purposes of this policy Trustev are the data controllers. For any requests related to your data or your rights referenced above, please contact us in one of the following ways:

Changes to our Privacy Policy

If we change our privacy policy, we will post those changes here and amend the "Last Updated" date at the top of this page. If we make any material changes to the privacy practices relating to our Services, we will amend this privacy policy and notify our Customers more directly –for example by posting a notification or sending a message through their account or by email. We encourage you to review this page frequently to stay informed of the latest modifications.

Filing a complaint

If you are not satisfied with how we manage your data, you have a right to make a complaint to your local Data Protection Authority.

Trustev's Supervisory Authority is the Irish Data Protection Commissioner. You can contact them at Homepage | Data Protection Commission. Should you have cause to do so, you can make a complaint to the supervisory authority in your jurisdiction.