CUSTOMER Safe Harbor Privacy Policy

 

Effective date:  November 9, 2011

 

I.          Purpose

 

Trusteer, Inc. and its affiliates (“Trusteer,” “our” or “we”) value the privacy of our current and former Customers, website visitors, and Customers of financial institutions whom we serve (collectively “Customers”). This Privacy Policy (“Policy”) is intended to: (1) inform each Customer how his or her Personal Data (as defined below) is collected, used, disclosed, transferred and processed; (2) provide choices with respect to how such Personal Data will be handled by Trusteer; and (3) facilitate the transfer of such Personal Data from Trusteer’s Customers in the European Union (“EU”), Switzerland, and the European Economic Area (“EEA”) to the United States.

 

This Policy complies with the Safe Harbor Principles as agreed upon by the United States Department of Commerce and the European Commission and the United States Department of Commerce and Switzerland. Consistent with its commitment to protect personal privacy, Trusteer adheres to these Safe Harbor Principles, which can be found at http://www.export.gov/safeharbor/.

 

II.         Scope of this Policy

 

This Policy applies to, and is limited to, the processing of Personal Data that Trusteer receives in the United States from the EU, Switzerland, and the EEA concerning Customers and, in the case of our business customers, their Customers. 

 

This Policy does not cover data rendered anonymous so that individual persons are no longer identifiable, or identifiable only with a disproportionately large expense in time, cost, or labor, or situations in which pseudonyms are used (the use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult). If data rendered anonymous becomes no longer anonymous (i.e., individual persons are again identifiable), or if pseudonyms are used and the pseudonyms allow identification of individual persons, then this Policy will apply.

 

III.        Defined Terms

 

Capitalized terms in this Policy have the following meanings:

 

Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity.

 

Customer” means any individual Data Subject who is a prospective, current, or past Customer of Trusteer or any Trusteer business client, and who is also a resident of the EU, Switzerland, or the EEA.

 

Personal Data” means data that personally identifies a Data Subject or that may be used to personally identify a Data Subject (such as an identification number that identifies a Data Subject). Personal Data includes data such as an individual’s name, country of birth, marital status, emergency contact, address, phone number, e-mail address, user ID and password. Personal Data does not include data that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data.

 

Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition; race or ethnicity; political, religious or philosophical affiliations or opinions; sexual orientation; or trade union membership.

 

IV.        Collection and Use of Personal Data

 

Trusteer may receive in the United States Personal Data concerning Customers from the EEA: (1) directly from the Customer, or (2) from a business to which we provide services for its Customers.

 

Our collection of personal data from all users is described in greater detail in our privacy policy at http://www.trusteer.com/support/privacy-policy, which is incorporated into this notice by reference. 

 

Trusteer does not request or knowingly collect Sensitive Data.  It is possible that Trusteer might accidentally encounter Sensitive Data in the course of detecting security incidents.  [It is our policy to destroy Sensitive Data should we become aware that we have received it.]

 

Trusteer uses Customer Personal Data for business purposes, including without limitation:

 

(1) to protect Customers and detect financial fraud risk on their behalf;

(2) to manage user experiences at our website and using our software;

(3) to provide our services and software requested by a Customer, including to operate, maintain, enhance, and provide our features and services;

(4) to service a Customer’s account or to provide Customer support;

(5) for other business-related purposes permitted and/or required under applicable local law and regulation; and

 

 

 

V.         Types of Third Parties to Whom We Transfer Personal Data /Onward Transfers

 

Trusteer discloses Customers’ Personal Data in limited circumstances and only to those who reasonably need to know such data for a legitimate business purpose.  For example: 

 

  • Trusteer provides Personal Data to its Customers with whom a Data Subject has an account (such as the Data Subject’s bank) for the purpose of protecting the Data Subject’s account and Personal Data from suspected malicious activity.  This information is secured such that it can be used only by the organization that manages the Data Subject’s account, and may not be used by anyone else, including Trusteer, to correlate the information with other personally identifiable information. 

 

  • Trusteer may disclose the Personal Data:

- if asked to do so by law enforcement officials,

- as required or permitted by law,

- in response to a subpoena or other legal process,

- to protect or defend our rights or property, or

- in the event of a merger of our company or any part of our company or its sale or transfer to another entity,
- in connection with litigation involving our company.

 

Otherwise, unless Trusteer has a Data Subject’s consent, Trusteer will disclose a Customer’s Personal Data to third parties for the purpose of performing tasks on Trusteer’s behalf only when such third parties either:  (1) comply with the Safe Harbor principles or use another data transfer mechanism permitted by the EU Data Protection Directive; or (2) agree to provide adequate protections for the Data Subject’s privacy interests that are no less protective than those set out in this Policy and agree to use such Data Subject’s Personal Data only for the purposes for which the third party has been engaged by Trusteer. 

 

VI.        Your Choices About How Trusteer Handles and Discloses Your Personal Data

 

If you use our Rapport product, you may choose to limit the information sent to us to critical security information only (such as malware infection indications) by configuring the software appropriately through the Rapport console, although this may result in reduced protection and limited functionality.

 

VII.       How to Contact Trusteer with Requests Questions or Complaints Regarding Personal Data

 

Customers and Data Subjects may contact Trusteer with questions or complaints concerning this Policy using the contact information below:

 

Head of Customer Support

75 Arlington Street, Suite 500
Boston, MA 02116

USA
+1(646) 213-3090

Email: Support@Trusteer.com

 

VIII.      Data Subjects’ Right to Access, Change or Delete Personal Data

Upon receipt of a Data Subject’s written request containing sufficient information to permit Trusteer to identify that Data Subject’s Personal Data, Trusteer will correct, amend or delete any information that is inaccurate and notify any third party recipients of the necessary changes. Trusteer does not charge for complying with an information correction request. Requests to delete Personal Data are subject to any applicable legal and ethical reporting or document retention obligations imposed on Trusteer.

 

Requests should be made to the contact address in Section VII. 

 

Trusteer asks individual users to identify themselves and the information requested to be accessed, corrected, amended or deleted before processing such requests, and it may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical, or for which access is not otherwise required.

 

IX.        Data Integrity

Trusteer takes reasonable steps to ensure that the Personal Data provided to us by Customers (such as contact information provided to our customer support) is accurate, complete and current, and it will update the Personal Data as appropriate, but Trusteer depends on its Customers to update or correct their Personal Data whenever necessary.  Customers are responsible for the accuracy of the data they provide to Trusteer.

 

Trusteer does not, as a matter of business practices, maintain Personal Data longer than necessary for the purposes stated, unless otherwise agreed to by the Customer or to comply with any applicable legal or ethical reporting or document retention requirements.

 

X.         Security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of Personal Data.  These include physical, technical, and procedural security measures and safeguards to protect personal information.  Our servers and our databases are protected by industry standard security technology, such as industry standard firewalls and password protection.  We limit access to contact information about you to employees, contractors and agents who we believe reasonably need to come into contact with that information.  These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and reporting to law enforcement, if they fail to meet these obligations.

Please contact us at the above address for any additional questions about our information security or the protection of personal data.

XI.        Enforcement and Dispute Resolution

Prior to its annual safe harbor certification filed with the Department of Commerce, Trusteer verifies that the Policy is accurate, comprehensive as to the information intended to be covered, and conforms to the US-EU Safe Harbor Principles.

 

We encourage interested persons to raise any questions or concerns with Trusteer at the contact information set forth in Section VII above.  

 

If any complaints related to this Policy that cannot be resolved through Trusteer’s internal process, Trusteer agrees to participate in the BBB dispute resolution procedures.  In the event that Trusteer or the dispute resolution provider concludes that Trusteer did not comply with the Policy, Trusteer will take appropriate steps to address any adverse effects and assure future compliance. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Trusteer, you may contact:

Council of Better Business Bureaus, Inc.
BBB EU SAFE HARBOR
4200 Wilson Boulevard, Suite 800
Arlington, VA 22203
Phone:              703-276-0100       

 

XII.       Changes to this Policy

This Policy is current as of the effective date set forth above. This Policy may be amended from time to time, consistent with any changes in the Safe Harbor Principles and/or Trusteer business practices. Trusteer will notify Customers about material changes to the way it treats Personal Data by sending a notice to the primary email address specified in your account and/or by placing a prominent public notice on Trusteer’s website.

 
Privacy PolicySitemap

Copyright ©2012 Trusteer. All Rights Reserved.