Trust Center Privacy Notice

1. Introduction

This Privacy Policy provides information on the collection, use and sharing of personal information by and its business partners. It covers the processing of your data when you interact with’s Trust Center.

This Privacy Policy also explains the privacy rights you have in relation to the processing activities undertaken by on your Personal Data. Personal Data means information that identifies an individual or information that could be used to identify an individual.

2. Scope

This Privacy Policy applies to the processing of Personal Data by of

  • Customers, prospective customers, and their representatives
  • Visitors and users of the Trust Center

3. Who is Responsible for Processing Your Personal Data? and its associated business entities, acting as a Data Controller are responsible for processing your Personal Data as described in this Privacy Policy.

4. What categories of Personal Data do we Process? processes Personal Data collected when you register for use of the Trust Center.
Examples of specific information collects includes:

  • Names, address, email address and telephone number.
  • Company data such as the name of the company you work for and your role in the organisation.
  • Information relating to contract or pre contract activities.

5. How do we use Your Personal Data? may use your Personal Data for the following business purposes:

  • To communicate and to respond to requests and enquiries.
  • To market and develop sales to prospective customers, to retain existing customers, to tailor our activities to you or your companies’ interests.
  • To comply with legal obligations, applicable laws, regulations and to operate our business.

To communicate and to respond to requests and enquiries.

If you contact us via the Trust Center, we need to process your Personal Data that you have provided so we can communicate with you and to respond to any requests or enquiries.

To market and develop sales to prospective customers, to retain existing customers, to tailor our activities to you or your companies’ interests. may use Personal Data about you to notify you of our products and services, events and conferences organised by, its suppliers and business partners to further the sales of products and services. This can include modification of our propositions to a specific purpose based upon your need or Personal Data.

To comply with legal obligations, applicable laws, regulations and to operate our business.

There are occasions where may need to process Personal Data to comply with a legal obligation, applicable law or regulations. For example, we may need to defend a legal claim or respond to a request from a regulator. may also process Personal Data in the operation of our business where internal audits or investigations may require access to your Personal Data.

6. What is our Lawful Basis for Processing your Personal Data must have a lawful basis for the processing of your Personal Data in the EU. Our lawful basis for processing includes:

a) Legitimate Interest.
To communicate with you and to respond to your requests in some EU jurisdictions we rely upon a Legitimate Interest to process your Personal Data

We process your Personal Data for marketing and sales activities based upon Legitimate Interest

b) Consent
We sometimes rely upon your consent to process your Personal Data where this is indicated at the time your personal data is collected.

c) Performance of a Contract
When we engage in transactions with customers, supplier or business partners we need to process your Personal Data to either enter into or to meet our obligations under a contract.

d) To Comply with Applicable Laws and Regulations
There are certain legal obligations that must be met by companies such as Where there is a need to comply with applicable laws and regulations, we may be obliged to share your Personal Data.

7. How Long do we Keep Your Personal Data? retains information for the following retention periods.

The information we collect about you when we engage in transactions with customers, suppliers, and business partners to process information about or relating to our products and services will be retained for the duration of the relationship between us. Where there is a legal obligation to retain records for a legal or compliance purpose this information will be kept for a longer period in line with statutory retention periods for this information.

Personal Data needed to retain your opt-out preferences is kept for a period of two years or longer if required by applicable laws.

8. How do we Share Your Personal Information?

As an international organisation shares information about you throughout its international operations to the extent necessary to perform its business with you. All employees are only authorised to access personal information to fulfil an applicable and specific purpose and to perform their job functions.

Sharing with Third Parties is a Data Controller and shares Personal Data with third parties for the following reasons or business purposes:

  • Third party service providers such as communications, Trust Center management, information technology and related infrastructure, security, data protection, customer service, email delivery, information storage, auditing, and legal advisors.
  • As required by law to comply with legal obligations in any relevant jurisdictions.
  • With our business partners to market, sell and administer contracts, or accounts for our products or services.

Where information is shared with a third party has undertaken the appropriate amount of due diligence to ensure that the necessary contractual, technical, and organisational measures are in place to ensure that your Personal Data is processed only to the extent that is necessary, consistent with this Privacy Policy, and in accordance with applicable laws.

9. How is Personal Data Exported?

Where data is exported by it is only transferred to a recipient that resides in a country that has adequate data protection measures, or a recognised international transfer mechanism is in place by law. Where this is not possible, we will ensure that adequate measures including risk assessments and contractual obligations such as EU Model clauses are used to protect your Personal Data.

10. How is Personal Data Secured

In the United States is a regulated entity under the Health Insurance Portability and Accountability Act and has implemented several key security and privacy standards, controls, and measures to adhere to this act and to meet the requirements of others such as the GDPR.

The security standards and controls currently met or used by include that are applicable to your Personal Data includes:

  • Internal risk assessments / audit
  • ISO27001 and ISO27002 controls and certification
  • ISO27701 Security techniques, extension to ISO27001 for Privacy Information Management
  • US Health Insurance Portability and Accountability Act
  • GDPR compliance via policies, processes, and audits

The management team are accountable for the development, implementation and upkeep of’s information security management system, security and associated certifications. Day to day responsibility for the ISMS resides with’s Chief Information Security Officer (CISO).

All third-party business partners and suppliers are contractually obligated to meet the requirements of’s security policies and this Privacy Policy.

11. What are Your Privacy Rights?

You have several choices in respect of the Personal Data we process about you:

    1. Opt Out or Withdrawal of Consent
      • You may opt out of or withdraw consent for any previously provided permission given to for processing your Personal Data.
    2. Deletion of Personal Data
      • You may ask us to delete all or some of the Personal Data we have about you. Where we are unable to delete this data, we will inform you of why we are unable to do so. Example reasons preventing this deletion include contractual or legal obligations.
    3. Change or Correct Personal Information
      • You can ask us to change or update information about you in certain cases, such as if the information we have on you is inaccurate.
    4. Object to, or Limit or Restrict the Use of your Personal Data
      • You can ask us to stop using some or all of your personal data that we hold about you, for example where we have no legal right to keep using it. You can also ask us to limit the use of your Personal Data if it is inaccurate or if you disagree with our legitimate interest justification for the use of your data.
    5. Right to Access or Have Your Information Provided to you
      • You can ask for a copy of the information we hold about you. Where possible we will provide this in a machine-readable format. Where we are unable to do so, we will provide you with a reason why we cannot provide it in a machine-readable form.

How do I Contact if I want to Exercise my Rights?
If you would like to contact us to exercise your rights under data protection laws, please send an email to and our Data Protection Officer will assist you.

12. Data Protection Officer and Representative Offices

For data protection matters relating to the US or other Jurisdictions please contact the US office listed below.

For representative offices, please write to the relevant representative listed below

For data protection matters in the UK or EU please write to the UK and EU Data Protection Officer at

Excis Networks Limited
3-4 Bower Terrace,
Tonbridge Road
ME16 8RY

For all data protection matters, you can send an email to where we will endeavor to assist you.

13. Disputes or Filing a Complaint

If you have any complaints regarding’s compliance with this Privacy Policy or to other data protection matters, please contact us in the first instance and we will investigate. We will attempt to resolve any complaints or issues that you may have in accordance with this Privacy Policy and Applicable Law.

If you are unhappy with the investigation or attempts to resolve your complaint, you have the right to compliant to the Supervisory Authority in your country or jurisdiction. A list of these Supervisory Authorities and how to contact them can be found here

14. Head Office is headquartered in the United States and can be contacted at: Inc
1819 Polk Street 293
San Francisco

Telephone +1 866.849.4980 Entities
US: Inc. 1819 Polk Street 293, San Francisco, CA 94109

EU: Netherlands B.V., Stadhouderlaan 188, 8448PX, Heerenveen, Netherlands

UK: Ltd. Arquen House, 4-6 Spicer Street, St. Albans, England, AL3 4PQ