Legal Documents

Privacy Policy

  1. Introduction and Scope

1.1 Introduction

Trustwave Holdings, Inc., a company incorporated in the USA whose registered office is at 70 W. Madison St., Suite 1050, Chicago IL 60602.

Trustwave Holdings, Inc., and its subsidiaries (together “Trustwave”, “we”, “us”, “our”), are committed to maintaining the privacy, security, and accuracy of your personal data.  As a result, Trustwave has developed this policy to inform you of the steps it has taken to protect your privacy.  In addition, Trustwave and its employees also adhere to strict internal information security policies and procedures to safeguard your information. For more information about which subsidiaries are covered by this policy, please see the “Scope of Policy” section below.

Trustwave complies with all applicable data protection laws, including the General Data Protection Regulation (“GDPR”).

Trustwave also complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union to the United States (the “Privacy Shield”).  Trustwave Holdings, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”).  If there is any conflict between the terms in this privacy policy and the Principles, the Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

The Federal Trade Commission and/or the Department of Transportation have jurisdiction over Trustwave Holdings, Inc.’s and its subsidiaries’ compliance with the Privacy Shield.

1.2 Scope of Policy

This policy and Trustwave’s Privacy Shield certification cover personal data that is transferred from the European Economic Area to Trustwave Holdings, Inc. and the following of its subsidiaries:

TRUSTWAVE LIMITED

TRUSTWAVE GERMANY GmbH

Trustwave Sweden AB

TRUSTWAVE POLAND SP. Z. O. O.

Breach Security, Ltd.

M86 SECURITY ISRAEL, LTD

trustwave canada, inc.

Trustwave Security Solutions Proprietary Ltd

Trustwave Pte. Ltd.

TWH Australia PTY. LTD.

M86 SECURITY NZ LIMITED

M86 TAIWAN (Branch of M86 Americas, Inc.)

TW Asia Pacific LIMITED

Trustwave Information Security and Compliance India Private Limited

Trustwave Japan co., limited

Trustwave Philippines, Inc.

TRUSTWAVE SECURECONNECT, INC.

M86 AMERICAS, INC.

Trustwave Government Solutions, LLC;

Trustwave do Brasil Seguranca da Informacao e Conformidade Limitada

Trustwave México Sociedad Anónima De Capital Variable

Trustwave Colombia Sucursal de Sociedad Extranjera (Branch of Trustwave Brazil)

Trustwave may share your personal data with any member of the subsidiaries listed above who may process your personal data for the purposes specified in this privacy policy. The list of Trustwave companies with whom your data may be shared will change from time to time, so please ensure that you revisit this policy regularly.

Because Trustwave respects your right to privacy, it has implemented privacy practices in the provision of its services, products, and website, including in accordance with the Privacy Shield and GDPR. Specifically, Trustwave commits to complying with the following Principles in respect of all personal data which is received from individuals based in the European Union and transferred to the United States of America:

      1. Notice:  Trustwave is committed to providing you information about its participation in and responsibilities under the Privacy Shield, the types of information that Trustwave may collect from you and how it is used, your rights in relation to your personal data, and how to contact Trustwave and/or the available independent dispute resolution body designated to address complaints;
       
      1. Choice:  Where possible, Trustwave will allow you to opt out of (i) disclosures of your personal data to third parties; or (ii) use of your personal data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you;
       
      1. Accountability for Onward Transfers:  Trustwave will only transfer your personal data to third parties where: (i) such transfer is only for limited and specified purposes; (ii) the third party provides at least the same level of privacy protection as the Principles; (iii) the processing is consistent with Trustwave’s obligations under the Principles; (iv) the third party is required to notify Trustwave if it can no longer provide sufficient protection for your personal data; (v) the third party takes steps to stop and remediate unauthorized processing; and (vi) Trustwave commits to provide a summary of the relevant privacy protections in place with that third party to the Federal Trade Commission upon request;
       
      1. Security: Trustwave will take reasonable and appropriate measures to protect personal data from loss misuse or unauthorized access, disclosure, alteration or destruction;
       
      1. Data Integrity and Purpose Limitation:  Trustwave will take steps to limit the personal data that it processes about you to that which is relevant for the purposes of processing. Trustwave will also take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current;
       
      1. Access:  You have a right to access the personal data that Trustwave holds about you and to correct, amend, or delete that information where it is inaccurate or has been processed in violation of the Principles; and
       
      1. Recourse, Enforcement and Liability:  Trustwave provides robust mechanisms for assuring compliance with the Principles and recourse for individuals who are affected by non-compliance with the Principles. Further details on the recourse mechanisms available to you can be found under the “Recourse and Dispute Resolution” section below.
       
      1. Lawful basis of processing:  Trustwave will process personal data on the basis of consent, out of necessity for the performance of a contract, and to protect our legal position in the event of legal proceedings.
    1. Privacy Practices

 

2.1 Personal data Collected

In general, you can access Trustwave’s website(s) and use its services without giving us any personal data. However, many of Trustwave’s products, services and interactions with you will involve the collection of various “personal data” about you which are explained in detail below. Personal data is information which can identify you as a living individual when used in isolation or in conjunction with other information.

In addition to any information you voluntarily provide to us or input through Trustwave(s) website, we may collect the information in the following circumstances:

Products / Services.  Trustwave may collect your personal data in connection with providing you with services and/or products.  The specific types of personal data collected from you is dependent on the services or products you select but this information may include:

      • full name;
      • contact details including address, phone numbers and email address;
      • job role and employer name;
      • bank account information including credit card number;
      • tax identification number; and
      • second-level domain information and IP addresses.

If you select to enroll for an SSL certificate, you will be required to provide Trustwave with certain personal data as set forth in Trustwave’s Certification Practices Statement, which may be found at www.trustwave.com/CA/.  It is important to note that Trustwave is requesting this information for the purpose of authenticating your identity to create and issue your SSL certificate. 

Partners.  Trustwave may also obtain your personal data from third parties, such as partners and resellers, but only to the extent it is required to provide you with our products and/or services. This information may include:

      • full name;
      • contact details including address, phone numbers and email address; and
      • bank account information including credit card number.

Website and Subscriptions.  Other than during your enrollment for services and/or products, Trustwave also collects personal data from you if you access Trustwave’s website(s) and/or you choose to register for events, subscribe to email listings throughout our website, or request that we contact you. This information may include:

      • full name;
      • contact details including address, phone numbers and email address;
      • second-level domain information and IP addresses;
      • information gathered from cookies (see “Cookies” section below).

Cookies.  Trustwave also utilizes cookies when you visit its website(s), or during the use of its products,, which is a piece of data used by web servers to help identify you.  A cookie is installed automatically when you use the site but you can reject or disable a cookie by changing a setting on your browser. Trustwave uses session, non-persistent cookies to help offer you secure pages to our website that allow you to login automatically across sessions. A list of our cookies can be provided on request in accordance with the “Contact Details” section.

         

2.2 Use of Personal data

Trustwave may use your personal data as follows:

      • Where collected in connection with our products and services:

o to provide you with products, services and any renewals thereof;

o to provide you with support and maintenance for products/services;

o to inform you of any new or updated services or product offerings;

o to bill you for products and services;

o to notify you of any changes to your use of our website, products, or services;

o to respond to your enquiries;

o to have a partner or independent reseller contact you to facilitate the renewal, support or purchase of products/services, but only to the extent such third party has executed a confidentiality agreement with obligations to protect your personal data (for a list of these third parties, please contact us at the address set forth at the end of this policy);

o to authenticate your identity in order to provide you with an SSL certificate (your personal data may be provided to an independent third party resource for verification);

o to issue you an SSL certificate, some of your personal data will be published within the certificate itself or in Trustwave’s SSL certificate repository as set forth in our Certification Practices Statement. Publication of such information is germane to the widespread use of SSL certificates. You should have no expectation of privacy regarding the information in your SSL certificates;

o to transfer or negotiate the transfer of ownership of Trustwave or its assets during any merger, acquisition or sale, even if they are not in the same line of business as us (in such event, your personal data will be held subject to this Privacy Policy; and

o to comply with applicable law and law enforcement authorities.

      • Where collected from third parties:

o to provide you with products, services and any renewals thereof;

o to provide you with support and maintenance for products/services;

o to inform you of any new or updated services or product offerings;

o to bill you for products and services;

o to notify you of any changes to your use of our website, products, or services;

o to respond to your enquiries;

o to have a partner or independent reseller contact you to facilitate the renewal, support or purchase of products/services, but only to the extent such third party has executed a confidentiality agreement with obligations to protect your personal data (for a list of these third parties, please contact us at the address set forth at the end of this policy);

o to authenticate your identity in order to provide you with an SSL certificate (your personal data may be provided to an independent third party resource for verification);

o to issue you an SSL certificate, some of your personal data will be published within the certificate itself or in Trustwave’s SSL certificate repository as set forth in our Certification Practices Statement. Publication of such information is germane to the widespread use of SSL certificates. You should have no expectation of privacy regarding the information in your SSL certificates;

o to transfer ownership of Trustwave during any merger, acquisition, or sale (in such event, your personal data will be held to the same confidentiality obligations); and

o to comply with applicable law and law enforcement authorities.

      • Where collected in connection with your access to Trustwave’s website(s) and/or you registering for events, subscribing to email listings or requesting that we contact you:

o to inform you of any new or updated services or product offerings;

o to notify you of any changes to your use of our website, products, or services;

o to analyze the use of our website to improve its layout and services;

o to respond to your enquiries;

o to transfer ownership of Trustwave during any merger, acquisition, or sale (in such event, your personal data will be held to the same confidentiality obligations); and

o to comply with applicable law and law enforcement authorities.

This uses listed above are not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate. Where appropriate, you will be given a more detailed explanation as to how your personal data is used on a case by case basis.

Trustwave’s website(s) may link to other websites which are not within its control.  Once you have left Trustwave’s website(s), Trustwave cannot be responsible for the protection and privacy of any information which you provide. You should exercise caution and look at the privacy statement applicable to the website in question.

2.3 Sensitive Information

Information about you which is considered sensitive or a special category of personal data under data protection laws can include information about your medical or health conditions, racial or ethnic origin, political opinions, trade union membership, religious or philosophical beliefs, genetic data, biometric data, sexual life and sexual orientation, and suspected or proven criminal activity and related proceedings.  If we need to process sensitive or special categories of personal data, you will be notified of such processing and asked to specifically agree to the use of such information as appropriate.

Trustwave asks that you do not provide any sensitive or special categories of personal data unless Trustwave specifically asks for this.

2.4 Disclosures

Trustwave may share your personal data with any of its subsidiaries who may process your personal data for the purposes specified in this privacy policy.

Sometimes Trustwave will share your information with carefully selected third parties outside of Trustwave’s corporate group (such as its partners and resellers). Trustwave may do this for the following reasons:

      • To carry out services for Trustwave;
      • To provide you with information about special promotions and offers which we think you might be interested in;
      • In response to lawful requests by public authorities, including to meet national security or law enforcement requirements;
      • When Trustwave believes it is necessary to comply with the law or protect our or another person's rights, property, or safety; and/or
      • If there is (or is to be) any change in ownership of any Trustwave business or assets then Trustwave may wish to share your information so that the new (prospective) owners may continue to operate our business effectively and continue to provide services to customers. This may include new shareholders or any organization that might take an assignment or transfer of any agreements we have entered into with Trustwave’s customers.

Trustwave will place appropriate obligations and restrictions on third parties to protect your details.

Trustwave will remain responsible to you under the Principles in the event any of its agents processes your personal data in a manner inconsistent with the Principles except where Trustwave can prove that it is not responsible for the relevant event.

Some Trustwave companies, and sometimes other third parties with whom we share personal data are or may be located outside the European Economic Area; for example, Trustwave Holdings, Inc. is located in the USA.

2.5 Opting Out / In

If you are a customer or you have previously asked us for information on Trustwave’s products and/or services, Trustwave may send you information on its range of products and services to your contact details, unless you have asked us not to do so.

You may opt out of having your personal data used for marketing purposes and/or any purpose inconsistent with the purpose it was originally collected or authorized by you.  Please contact marketing@trustwave.com or visit https://www2.trustwave.com/preference_center.html to opt-out or change your preference. 

If you receive marketing material from our partners or other third parties, and no longer wish to receive such material, you must opt-out directly with that party. 

It is important to note that you may not opt out of receiving materials that would detrimentally affect the use, security, or accuracy of Trustwave’s products and services, including without limitation SSL certificates. Such materials may include critical security notices, product updates and service and product expiration dates.    

2.6 Rights of Data Subjects

At any time, you may have access to your personal data for any reason, including without limitation reviewing, correcting, deleting inaccuracies or updating such information by sending a request to Trustwave in accordance with the “Contact Details” section below. You may also have the right to erase your personal data, restrict the processing, the right of portability and the right to object to the processing in certain circumstances. A small fee may be payable. Trustwave will verify your identity before processing any requests.

2.7 Security

Trustwave takes reasonable precautions to protect your personal data. However, please be aware that there are inherent security risks of providing information and dealing online over the internet and Trustwave cannot therefore guarantee the security of any data disclosed online. 

2.8 Data Integrity

Trustwave has implemented reasonable measures to ensure that your personal data is relevant for the purposes for which it is to be used and that it is reliable for its intended use and is accurate, complete, and current.

If you think any information we have about you is incorrect or incomplete, please write to or e-mail us as soon as possible.  We will correct or update any information (as appropriate) as soon as possible.

2.9 Changes to this Privacy Policy

Trustwave may amend this privacy policy from time to time. If any amendments are made then a notice will be posted on Trustwave’s website. This privacy policy was last updated on 03 April 2018.

             
    1. CONTACT DETAILS & DISPUTE RESOLUTION

 

3.1 Contact Details

All enquiries, questions and complaints regarding how Trustwave processes your personal data and/or this privacy policy may be sent to Trustwave’s Privacy Department:

Email:

dataprotection@trustwave.com

Postal Address

  • Attention: Privacy l Department,
    Trustwave Holdings, Inc.
  • Attention: Privacy Department,
    Trustwave Limited

     

  • 70 W. Madison St.,

     

  • 3 Albert Embankment

     

  • Suite 1050,

     

  • Westminster Tower

     

  • Chicago, IL 60602,

     

  • SE1 7SP London

     

  • United States of America

     

  • United Kingdom

     

Trustwave will promptly respond to all enquiries and implement a corrective course of action, if necessary.

3.2 Dispute Resolution

In compliance with the Privacy Shield Principles, Trustwave commits to resolve complaints about our collection or use of your personal data.  European Union individuals with enquiries or complaints regarding our Privacy Shield policy should first contact Trustwave at: dataprotection@trustwave.com

Trustwave has further committed to refer unresolved Privacy Shield complaints to JAMS International (“JAMS”), an alternative dispute resolution provider located in London, England. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit JAMS at https://www.jamsinternational.com/ for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Trustwave also commits to cooperate with the panel established by the EU data protection authorities (“DPAs”) and comply with the advice given by the panel with regard to personal human resources (HR) data transferred from the European Union.

Under certain conditions, you have a right to invoke binding arbitration for complaints regarding Trustwave’s Privacy Shield compliance not resolved by under the dispute resolution mechanism set out above. For additional information regarding binding arbitration, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Last amended:  08 May 2018