Privacy Policy

1.1  Introduction

Trustwave Holdings, Inc., a company incorporated in the United States whose registered office is at 70 W. Madison St., Suite 600, Chicago IL 60602, its parent company, and its subsidiaries (together “Trustwave”, “we”, “us”, “our”), commits to maintaining the privacy, security, and accuracy of your personal data. As a result, Trustwave has developed this policy to inform you of the steps it has taken to protect your privacy. Trustwave complies with all applicable data protection laws, including, without limitation, the General Data Protection Regulation (“GDPR”), the UK Data Protection Act 2018 (“DPA 2018”), the California Consumer Privacy Act (“CCPA”), and the Privacy Act 1988 (Cth) (“Privacy Act”).

 

1.2  Scope of Policy

This policy covers personal data that may be transferred to and from Trustwave and its subsidiaries. More specifically, this policy covers personal data from European, American, and Australian residents that is collected or disclosed by Trustwave. Additional information on European, American (including Californian), and Australian residents’ rights under the GDPR, DPA 2018, CCPA and the Privacy Act may be found below. References to ‘personal data’ throughout this policy will have their meaning derived from the relevant terminology and definitions set forth by the applicable law. Trustwave respects your right to privacy and has implemented privacy practices in the provision of its services, products, and website, in accordance with the GDPR, the DPA 2018, the Australian Privacy Principles (“APPs”) and other applicable law.

In general, Trustwave may disclose your personal data with any member of the subsidiaries who may process your personal data for the purposes specified in this policy. The list of Trustwave companies with whom your data may be disclosed will change from time to time.

For individuals specifically located in the European Economic Area or the United Kingdom, Trustwave will ensure that transfers of personal data to a third country are subject to appropriate safeguards as described in Article 46 of the GDPR. Trustwave commits to complying with the following data protection principles in respect of all personal data which is received from individuals based in the European Union, European Economic Area, or the United Kingdom and transferred to other Trustwave subsidiaries:

 

1. Notice: Trustwave is committed to providing you with information about the types of information that Trustwave may collect from you and how they are used, and your rights in relation to your personal data
2. Choice: Where possible, Trustwave will allow you to opt out of (i) disclosures of your personal data to third parties; or (ii) use of your personal data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you;
3. Accountability for Onward Transfers: Trustwave will only transfer your personal data to third parties where: (i) such transfer is only for limited and specified purposes; (ii) the third party provides at least the same level of privacy protection as required under applicable law; (iii) the processing is consistent with Trustwave’s obligations under applicable law; (iv) the third party is required to notify Trustwave if it can no longer provide sufficient protection for your personal data; and (v) the third party takes steps to stop and remediate unauthorized processing
4. Security: Trustwave will take reasonable and appropriate measures to protect personal data from loss, misuse or unauthorized access, disclosure, alteration or destruction;
5. Data Integrity and Purpose Limitation: Trustwave will take steps to limit the personal data that it processes about you to that which is relevant for the purposes of processing. Trustwave will also take steps to hold the data it processes about you for as long as it serves the purpose of processing. Trustwave will also take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current;
6. Access: You have a right to access the personal data that Trustwave holds about you and to correct, amend, or delete that information where it is inaccurate; and
7. Lawful Basis of Processing: Trustwave will process personal data on the basis of consent, out of necessity for the performance of a contract, legitimate interests for marketing purposes, and to protect our legal position in the event of legal proceedings.

2.1   Personal Data Collected

In general, you can access Trustwave’s website and use its services without giving us any personal data. However, many of Trustwave’s products, services, and interactions with you will involve the collection of various personal data about you. Personal data is information which can identify you as a living individual when used in isolation or in conjunction with other information, unless otherwise defined under applicable law. In addition to any personal data you voluntarily provide to us or input through Trustwave’s website, we may collect personal data in the following circumstances:

Products / Services. Trustwave may collect personal data in connection with providing you with products or services. This may include your

• full name;
• contact details including address, phone numbers and email address;
• job role and employer name;
• bank account information including credit card number;
• tax identification number;
• second-level domain information and IP addresses; or
• commercial information such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies records.

Partners. Trustwave may also obtain your personal data from third parties, such as partners and resellers, but only to the extent it is required to provide you with our products or services. This may include your

• full name;
• contact details including address, phone numbers and email address; or
• bank account information including credit card

Website and Subscriptions. Trustwave also collects personal data from you if you access Trustwave’s website or choose to register for events, subscribe to email listings through our website or otherwise, request that we contact you, or apply for a job opening at Trustwave. This may include your

• full name;
• contact details including address, phone numbers and email address as well employment and educational history (if you apply for an open position);
• second-level domain information and IP addresses; or
• information gathered from cookies.

Cookies and Other Tracking Technologies. Trustwave and its third-party service providers collect information using “cookies” and similar technologies. Cookies are small text files that web servers place on your device; they are designed to store basic information and to help websites and apps recognize your browser. We use such technologies to understand how you use our website, products, and services, for authentication, operations, marketing, and advertising purposes, to save your preferences, and for analytics purposes.

We use the following categories of cookies:

• Strictly Necessary Cookies. These cookies are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
• Analytical or Performance Cookies. These cookies allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality Cookies. These cookies are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
• Targeting Cookies. These cookies record your visit to our website, the pages you visit, and the links you follow. We will use this information to make our website more relevant to your interests. We may also share this information with third parties for this purpose.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below.

 

 

One of the third-party services that we use to track your activity on our website is Google Analytics. You can find more information on how Google uses data at www.google.com/policies/privacy/partners. If you do not want Google Analytics to collect and use information about your use of our website, then you can install an opt-out in your web browser (https://tools.google.com/dlpage/gaoptout/). You also may opt-out from Google Analytics for Display Advertising or the Google Display Network by using Google’s Ads Settings located at www.google.com/settings/ads.

You can adjust your cookie settings in the cookie pop-up banner. Please note that if you delete or choose not to accept cookies from us or our third-party vendors, you may not be able to utilize all the features of our website, products, or services.

 

2.2   Use of Personal Data

Trustwave may use your personal data as follows:

• Where collected in connection with our products and services
  • to provide you products and services;
  • to provide you support and maintenance for products and services;
  • to inform you of any new or updated offerings;
  • to bill you for products and services;
  • to notify you of any changes to your use of our website, products, or services;
  • to respond to your enquiries;
  • to have a partner or independent reseller contact you to facilitate the renewal, support or purchase of products and services, but only to the extent such third party has executed a confidentiality agreement with obligations to protect your personal data;
  • to transfer or negotiate the transfer of ownership of Trustwave or its assets during any merger, acquisition, or sale (in such event, your personal data will be held subject to this policy); and
  • to comply with applicable law and law enforcement authorities.
    
    
• Where collected from third parties
  • to provide you with products and services;
  • to provide you with support and maintenance for products and services;
  • to inform you of any new or updated offerings;
  • to bill you for products and services;
  • to notify you of any changes to your use of our website, products, or services;
  • to respond to your enquiries;
  • to have a partner or independent reseller contact you to facilitate the renewal, support or purchase of products and services, but only to the extent such third party has executed a confidentiality agreement with obligations to protect your personal data;
  • to transfer or negotiate the transfer of ownership of Trustwave or its assets during any merger, acquisition, or sale (in such event, your personal data will be held subject to this policy); and
  • to comply with applicable law and law enforcement authorities.
    
    
• Where collected in connection with your access to Trustwave’s website or you registering for events, subscribing to email listings, requesting that we contact you or applying for a job opening
  
  • to inform you of any new or updated offerings;
  • to notify you of any changes to your use of our website, products, or services;
  • to analyze the use of our website to improve its layout and services;
  • to respond to your enquiries;
  • to review your candidacy for a job opening at the company;
  • to transfer or negotiate the transfer of ownership of Trustwave or its assets during any to transfer or negotiate the transfer of ownership of Trustwave or its assets during any merger, acquisition, or sale (in such event, your personal data will be held subject to this policy); and
  • to comply with applicable law and law enforcement authorities.

The uses listed above are not exhaustive and may be updated from time to time as business needs and legal requirements dictate. Where appropriate, we will give you a more detailed explanation as to how your personal data is used.

 

2.3   Sensitive Personal Data

Sensitive or special categories of personal data, as defined by applicable data protection laws, can include information about your medical or health conditions, racial or ethnic origin, political opinions, trade union membership, religious or philosophical beliefs, genetic data, biometric data, sexual life and sexual orientation, and suspected or proven criminal activity and related proceedings. If we ever need to process sensitive or special categories of personal data, we will notify you and ask for your specific consent as appropriate.

 

Trustwave asks that you do not provide any sensitive or special categories of personal data unless Trustwave specifically requests it.

 

2.4   Disclosures

Trustwave may disclose your personal data to any of its subsidiaries or parent company, who may in turn process your personal data for the purposes specified in this policy.

 

Sometimes Trustwave will also disclose your personal data with carefully selected third parties outside of Trustwave’s corporate group, such as its partners, resellers, and subcontractors, such as service providers, Internet cookie information recipients, advertisers, social media companies. Trustwave may do this for the following reasons:

• To carry out services for Trustwave;
• To provide you with information about special promotions and offers which we think you might be interested in;
• In response to lawful requests by public authorities, including to meet national security or law enforcement requirements;
• When Trustwave believes it is necessary to comply with the law or protect our or another person's rights, property, or safety; or
• If there is (or is to be) any change in ownership of any Trustwave business or assets.

Trustwave will place appropriate obligations and restrictions on third parties to protect your personal data.

Trustwave will remain responsible to you under applicable law in the event any of its agents processes your personal data in a manner inconsistent with applicable law except where Trustwave can prove that it is not responsible for the relevant event.

Some Trustwave companies and third parties with whom we disclose personal data are or may be located outside your country of origin. As such, Trustwave will also ensure that any personal data transfers outside of its country of origin shall be conducted in accordance with applicable data protection laws and any required adequate data transfer mechanism contemplated by law (e.g., model clauses).

 

2.5   Opting In / Out

If you are a client or have previously inquired about Trustwave’s products or services, Trustwave may send you information about its products and services offerings to the contact details you provided, unless you have explicitly asked us not to do so.

You may opt out of having your personal data used for marketing purposes or any purpose inconsistent with the purpose it was originally collected or authorized by you. Please contact marketing@trustwave.com or go here to opt-out or change your preference.

If you receive marketing material from our partners or other third parties, and no longer wish to receive such material, you must opt-out directly with that party.

 

2.6   Rights of Data Subjects in the European Union, European Economic Area, and the United Kingdom

You may have access to your personal data at any time and for any reason, including without limitation reviewing, correcting, deleting inaccuracies, or updating such information by sending a request to Trustwave in accordance with the “Contact Details” section below. You may also have the right to erase your personal data, the right to restrict processing, the right of portability, and the right to object to the processing in certain circumstances. Where appropriate, Trustwave will verify your identity before handling such requests. European data subjects requesting erasure of their personal data should also review the “Considerations on Data Erasure” section below.

For more information on how to exercise your rights, please see Section 2.10 (Exercising Your Privacy Rights).

 

2.7   Rights of Data Subjects in California

We collect personal data from the categories of sources detailed in Section 2.1 (Personal Data Collected) above, which includes obtaining personal data: (i) directly from you; (ii) automatically through tracking technologies, such as cookies; and (iii) from third parties. We collect personal data for business and commercial purposes detailed in Section 2.2 (Use of Personal Data) above.

The categories of third parties to which we disclose personal data for a business or commercial purpose or to whom we sell or share personal data are summarized in the chart below. We do not knowingly sell or share the personal data of minors under the age of 16.

 

We will retain your personal data for as long as necessary to fulfill the purposes described in Section 2.2 (Use of Personal Data), unless otherwise required by applicable laws. Criteria we will use to determine how long we will retain your information include whether: we need your personal data to provide you with products or services you have requested; we continue to have a relationship with you; you have requested information, products, or services from us; we have a legal right or obligation to continue to retain your information; we have an obligation to a third party that involves your information; our retention or recordkeeping policies and obligations dictate that we retain your information; we have an interest in providing you with information about our products or services; and we have another business purpose for retaining your information.

Unless otherwise stated in this policy, the practices and activities detailed here also apply to you if you were considered to be a California resident during the collection of your personal data. As a California resident, you may have:

• the right to know what personal data we have collected about you, including (a) the categories of personal data; (b) the categories of sources from which the personal data was collected; (c) the business or commercial purpose for collecting, selling, or sharing personal data; (d) the categories of third parties to whom the business discloses personal data; and (e) the specific pieces of personal data we have collected about you;
• the right to receive a copy of your information in a portable and readily usable format;
• the right to delete your personal Note, however, that we may not always be able to comply with your request to delete your personal data for specific legal reasons. Please review the “Considerations on Data Erasure” section below; and
• the right to request that we correct any incorrect personal data that we collect or retain about you, subject to certain exceptions; and
• to the extent we sell or share personal data, the right to opt out of the selling or sharing of personal data. Trustwave does not sell your personal data. We may share certain categories of your personal data. To the extent we share your personal data, you have the right to opt out of the sale and sharing of your personal data; you can do so here. You can also click on the “Do Not Sell or Share My Personal Information” link at the bottom of our website to learn more about exercising this right.

 Only you, or an authorized agent that you authorize to act on your behalf, may make a request related to your personal data. You may also make a request on behalf of your minor child.

Trustwave will verify your identity before processing any requests and you are entitled to make such request no more than twice in a 12-month period. Please also note that the CCPA contemplates certain exemptions or exceptions for certain types of transactions or other reasons contemplated by law.

Other California Privacy Rights. Under California Civil Code Section 1798.83, individual customers who reside in California and who have an existing business relationship with us may request information about our disclosure of certain categories of personal data to third parties for the third parties’ direct marketing purposes, if any. To make such a request, please contact us using the information in the Contact Us section below. Please be aware that not all information sharing is covered by these California privacy rights requirements and only information on covered sharing will be included in our response. This request may be made no more than once per calendar year.

For more information on how to exercise your rights, please see Section 2.10 (Exercising Your Privacy Rights).

 

2.8   Rights of Data Subjects in Other U.S. States

If you live in a U.S. state (other than California) that affords you certain rights with respect to your personal data, you may have:

• the right to know what personal data we have collected about you and to access such data;
• the right the right to receive a copy of your information in a portable and readily usable format;
• the right to delete your personal data that we have obtained, subject to certain exceptions;
• the right to correct inaccuracies in your personal data; and
• the right to opt out of the processing of your information for purposes of (i) targeted advertising, (ii) the sale of your personal data; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effect concerning you.

For more information on how to exercise your rights, please see Section 2.10 (Exercising Your Privacy Rights).

 

2.9   Rights of Data Subjects in Australia

Trustwave abides by the APPs, which provide a scheme in relation to the collection, disclosure, use, and storage of personal data.

Collection of Personal Data. Where lawful and practicable (i.e., if we are still able to provide the relevant service or information to you without your information), you may choose to deal with Trustwave anonymously or under a pseudonym.

International Transfer of Personal Data. Generally, your personal data is likely to be stored in Australia. However, some Trustwave companies and service providers are located overseas, and in some instances, your personal data may be transferred to or processed by Trustwave companies and service providers in overseas countries.

If there is an international transfer of personal data (whether by disclosing it to such parties or merely by allowing them to access it) we will take appropriate steps to ensure that it is carried out in accordance with applicable privacy laws and the AAPs. If you have any questions about the collection, use, disclosure, or storage of your personal data, please contact us using the details at the “Contact Details” section below.

Access to your Personal Data. You may request details related to the personal data that we hold about you in accordance with the provisions of the Privacy Act. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may send a request to Trustwave in accordance with the “Contact Details” section below.

Additionally, if you have a complaint about our privacy practices, please submit the details of your complaint in accordance with the “Contact Details” section below. Please note that your complaint must be made in writing as required by section 40(1A) and that we will respond within a reasonable time as determined by the Privacy Act.

For more information on how to exercise your rights, please see Section 2.10 (Exercising Your Privacy Rights).

 

2.10  Exercising Your Privacy Rights

You will not be discriminated against in any way by exercising your rights listed in this policy, which means we will not deny products or services to you, provide different prices or rates for products or services to you, or provide a different level or quality of products or services to you.

To exercise any of the privacy rights afforded to you under applicable data protection law, please submit a request to us by one of the following methods:

• Calling us toll free at +1 (866) 659-9097
• Emailing us at dataprotection@trustwave.com
• Submitting a request on our website here.

Verification. We must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use personal data provided in a request to verify the requestor’s identity. If you are an authorized agent making a request on behalf of a California consumer, we will also need to verify your identity, which may require proof of your written authorization or evidence of a power of attorney.  

We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response to you electronically.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We cannot respond to your request or provide you with personal data if we cannot verify your identity and confirm the personal data relates to you. Making a verifiable consumer request does not require you to create an account with us. 

We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete personal data, we may retain personal data that we need to retain for legal purposes.

Appeals. If you are not satisfied with the resolution of your request and you are afforded a right to appeal such decision, you will be notified of our appeal process in our response to your request.

 

2.11  Security

Trustwave utilizes appropriate technical and organizational measures to ensure that the confidentiality, integrity and availability of our systems and services protect your personal data. We take all reasonable steps to ensure that the personal data we hold is protected from misuse, interference, and loss, and unauthorized access, modification, or disclosure using various methods, including secure storage.

 

2.12  Children’s Privacy

Trustwave does not knowingly collect or solicit any personal data from children under the age of 16. If we learn that we have collected personal data from a child, we will promptly take steps to delete that information. If you are a parent or legal guardian and think your child has given us their personal data, you can contact us using the information listed in Section 3.

 

2.13  Considerations on Data Erasure

When processing a valid request for erasure of personal data in accordance with this policy and applicable law, Trustwave will promptly erase personal data from live systems based on the scope defined between the parties. Where data erasure applies to you, please also consider the following:

• Depending on the extent of your relationship with Trustwave, your data may be retained in Trustwave’s backup systems for a longer period of time in a format that is beyond use;
• Backup systems play a crucial role in Trustwave’s data security program and in ensuring the availability and access to data in a timely manner in the event of a physical or technical incident;
• Data erasure on certain backup systems may not be immediately possible due to existing technical controls designed to keep information temporarily available to Trustwave’s information technology team solely when fully required in the event of a physical or technical incident;
• Relevant data retained in certain backup systems will not be used for any other purpose and will be secured with the appropriate technical and organizational measures based on the requirements of data protection law; and
• Relevant data retained in backup systems will be kept until such data is overwritten and completely erased based on Trustwave’s internal backup retention schedule and policies.

Trustwave will provide you with more information on a case-by-case basis.

 

2.14  Links to Third-Party Websites

Trustwave is not responsible for the practices employed by any websites or services linked to or from our website, including the information or content contained within them. We encourage you to investigate and ask questions before disclosing personal data to third parties, since any personal data disclosed will be subject to the applicable third party’s privacy policy.

 

2.15  Changes

Trustwave may amend this policy from time to time. If Trustwave makes any amendments, we will post a notice on our website.

3.1  Contact Details

All inquiries, questions, and complaints may be sent to Trustwave’s Legal Department using any one of the following communication methods:

Submit a request on our website here.

Email: dataprotection@trustwave.com

Trustwave will promptly respond to all inquiries and implement a corrective course of action, if necessary.

 

Last amended: 18 October 2023

Do Not Sell or Share my Personal Information