- CCPA: the California Consumer Protection Act is the legislation of the State of California in the USA for data protection of its residents.
- Collects, collected, or collection: buying, renting, gathering, obtaining, receiving, or accessing any personal information pertaining to a consumer by any means. This includes receiving information from a consumer, either actively or passively, or by observing the consumer’s behavior.
- CRM: Customer Relationship Management is a technology for managing a company’s relationships and interactions with customers and potential customers.
- GDPR: the General Data Protection Regulation is the European Union and European Economic Area law for data protection.
- ISMS: an Information Security Management System is a set of policies and procedures for systematically managing sensitive data. The goal of an ISMS is to minimize risk, ensure business continuity, and pro-actively secure sensitive information.
- ISO: the International Organization for Standardization is an organization, headquartered in Switzerland, that sets internationally-accepted standards across a number of fields, including information security.
- PIPA-BC: the Personal Information Protection Act is the British Columbia law on data protection.
- PIPEDA: the Personal Information Protection and Electronic Documents Act is the Canadian Federal-level law governing data protection.
- PII: Personally Identifiable Information is any data that could potentially identify a specific individual. (For residents of the European Union, this is equivalent to “personal data”.)
Trulioo and data privacy legislation
Trulioo is a global identity verification company. We deliver a worldwide platform to verify customers online, anywhere, in seconds.
We are headquartered in Vancouver, British Columbia, and we are subject to the PIPA-BC and to PIPEDA. Trulioo also recognizes international standards, including the GDPR, various states’ privacy laws within the United States (e.g. CCPA), and the Australian Privacy Act.
Trulioo information security processes are ISO-27001 certified
The ISO 27001 is an international industry standard in information security, which sets out a framework of controls to assess, manage, and mitigate the risks associated with the handling of sensitive information. Eligibility for ISO certification is reassessed annually by an independent third-party auditor.
Trulioo is certified under ISO27001:2013. Our priority is to protect the confidentiality, integrity, and availability of systems and information.
What information does Trulioo collect through our website?
Through your interaction with our website, we may collect the following categories of personal information:
- Identifiers, including your name, a unique personal identifier, internet protocol address, email address, and/or telephone number.
- Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories.
- Internet or other electronic network activity information, including information regarding your interaction with our internet website and advertisements.
- Geolocation data.
- Professional or employment-related information.
Optional information sharing
- If you choose to communicate with us via chat, we will collect your name and your email, as well as logs of your chat with our staff.
- If you choose to subscribe to our newsletter, we will collect your name, your email, and your industry information. Newsletters are sent monthly with highlights and news about our industry and company.
- You can unsubscribe from the newsletter at any time by updating your email preferences using the ‘Click here to opt out’ link, or by sending an email to firstname.lastname@example.org with the subject line “UNSUBSCRIBE” from the email address you wish to unsubscribe.
- If you choose to contact us directly, the contact forms on our website collect your name, email address, contact number, company name, industry information, and any free text field information you choose to include.
Note: at the completion of a form, your IP address will be associated with the other information you provide in the form, and will no longer be anonymous: we will be able to identify you by the combination of your IP address and contact information.
What we do with your personal information
We do not sell any personal information collected through our website.
We may disclose some or all of the categories of personal information indicated in the “What information does Trulioo collect” section above to our third-party providers for business purposes.
Your information may be transferred internationally
Personal information that you share through the www.trulioo.com website may be transferred internationally, including to or through areas where the standards for data privacy differ from those in force in Canada.
Some of these countries may not be among those listed by the EU Adequacy Decisions.
Please see the section below for additional detail.
How is your information collected and stored?
Sign-up and contact forms
Personal data that Trulioo collects through forms on the www.trulioo.com website is collected and processed by four companies: Marketo, Instapage, Zapier, and Salesforce. If there is reason for direct communication, our team will use Outreach to support that process.
If you want to access or update your data, please email email@example.com.
Marketo provides some of the forms that you can interact with on the Trulioo website. Marketo processes and stores data in ISO 27001-certified data centers worldwide. Where Marketo transfers your data outside the EEA, the Privacy Shield Principles will be applied. Learn more about how Marketo processes data. The information that you provide will also be stored in Salesforce.
Instapage supports the creation of customized post-click landing pages for users who click on an advertisement. If you click on a Trulioo advertisement, or the Trulioo resources icon on our website, your information will be collected and processed through Instapage. Learn more about Instapage’s privacy practices here.
Trulioo uses Zapier to coordinate information between these services. Zapier maintains personally non-identifiable information related to the data or content linked between services (for example, date sent, link configuration, names of the Third-Party Services) in an AWS environment for up to 90 days, and applies Privacy Shield principles to transfers of data to the United States originating in the EU/Switzerland regions. You can learn more about Zapier’s data handling policies here.
Additionally, if you interacted with our website prior to November 2018, your information will have been processed and stored by Hubspot. You can find out how Hubspot processes data here.
Personal information collected if you open a chat with us or interact with the chatbot is processed and stored through a software application provided by Drift, Inc. The information that you provide will also be stored in Salesforce. Learn about Drift Inc.’s privacy practices here.
Trulioo stores and accesses any personal information collected through our website via the Salesforce CRM service. Salesforce processes personal data in accordance with a variety of well-documented standards. Where Salesforce transfers data outside the EEA, the Privacy Shield Principles are adhered to. Learn more about Salesforce’s data privacy practices here.
Our site makes use of Google Analytics. Your web browser automatically sends certain information to Google. This includes the URL of the page that you’re visiting and your IP address. Google may also set cookies on your browser or read cookies that are already there. Google Analytics uses the information shared by sites to deliver, maintain, and improve services, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and personalize content and ads that you see on Google and on partners’ sites and apps. Google Analytics does not collect or retain PII. You can learn more about Google Analytics’ use of information here.
We may also associate your engagement data from one visit with your engagement data from other visits, which is done via a unique user ID. At no time is your PII shared with Google.
What is your information used for?
- Where you provide it, and consent, your email address may be used
- to send you information and updates related to your specified interests,
- to send you occasional company news, updates, and
- to provide related product or service information.
- We collect website performance data, which includes visitor IPs and cookies, to understand:
- how many users visit our site,
- how users interact with our site, and
- how we can improve site performance.
- We may use the information you provide to improve the effectiveness of our advertising and marketing campaigns, and to improve, modify or otherwise enhance our products and services for the benefit of our customers.
How long will your information be stored for?
We will retain your information until you notify us that you’d like to be removed from our contact lists.
Will your information be disclosed to outside parties?
Except as mentioned below, Trulioo does not sell, trade, or otherwise transfer your PII to outside parties without your express consent.
Express consent to share your PII is not required in the case of trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep your information confidential (refer to ‘How is your information collected and stored?’).
Trulioo may also release your PII in cases where we believe such release is necessary to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.
Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Third-party offers on the Trulioo website
Occasionally, at our discretion, Trulioo may refer to third-party products or services on our website. Use of these third-party products or services will require your acceptance of a services agreement.
These third parties have separate and independent privacy policies. Trulioo has no responsibility or liability for, nor direct control over, the content and activities of these third parties.
Your rights regarding your information stored by Trulioo
- Right to access and know – you have a right to know the categories and specific items of personal information we have collected and hold about you, who that information is shared with, why it was collected, where it was collected from (the category of source) and what we use it for.
- Right to rectify – you have the right to ask us to correct incorrect information that we hold about you.
- Right to transfer – you have the right to have the data we hold on you transferred elsewhere.
- Right to be forgotten – at your request, we will delete your personal information from our systems and we will make commercially reasonable efforts to have your information deleted from our partners’ systems.
- Where the information in question is subject to any mandatory retention specified under financial or other legislation, needed to complete the transaction for which it was collected, needed to maintain our security measures, or where deletion would contravene someone else’s rights, we may be unable to comply with a deletion request. If we cannot comply with a deletion request, we will provide the reason why.
- Right to object – you can object to your personal information being processed by us.
Please note that all requests under the rights listed above must be made in writing either by letter or email, and may require subsequent verification procedures in order to validate your identity prior to disclosing any personal information to you. Any such additional information requested will be used only to validate your identity.
This policy was last modified in July 2020.
Contact person for data and privacy inquiries: Joanna Steel, Compliance Analyst
Trulioo Information Services Inc.
1200 – 1055 West Hastings Street
Vancouver, BC V6E 2E9
Via website: Contact Us
By phone: 1 (888) 773-0179