Trustwell Privacy Notice
This Privacy Notice (“Notice”) describes how ESHA Research LLC dba Trustwell (“Trustwell”, “we”, “us”, “our”) collects, uses, discloses, secures, and eventually disposes of (collectively “processes”) your personal information. Personal information is any information that does, or could, identify you.
This Notice applies to personal information collected on our public websites (trustwell.com, esha.com, foodlogiq.com), subscription-only platforms (Genesis, FoodLogiQ ), mobile app (FoodLogiQ Connect), their associated services, and in the course of any offline contact with you (collectively the “Services”).
Our Services may contain links to external websites. This Notice does not cover those sites.
In this Notice, “you” refers to anyone about whom we process personal information. You will usually be an employee of a corporate customer of Trustwell, an employee of a supplier to our customer, a visitor to our public websites, or a user of the careers pages on our websites.
When Trustwell processes your personal information in order to provide our Services to your employer, your employer is usually the “controller” of your information and Trustwell is a “processor” (also called a “service provider”). When we act as a processor, we process your information only on the controller’s behalf and according to its instructions.
This Notice describes how we process your information on behalf of the controller/your employer, but does not cover the controller’s/your employer’s processing of your information outside of our Services. For the sake of clarity, nor does this Notice apply to confidential information of your company that is not personal information.
This Notice will indicate those situations where Trustwell is the controller of your information. This applies, for example, to information collected on our public websites.
2. CHANGES TO THIS NOTICE
We will update this Notice from time to time and will communicate material changes to you through an appropriate channel (for example, via a notice in our Services). The Notice was last updated on August 24, 2023.
3. PERSONAL INFORMATION WE COLLECT
3.1 CATEGORIES COLLECTED
We collect the following categories of personal information:
- Identifiers such as your name, e-mail address, and IP address.
- Additional personal information defined by certain applicable US state laws: telephone number.
- Commercial information, such as your purchases from us.
- Internet activity/usage on our websites and platforms.
- Professional and employment-related information, such as your resume or job role.
- Education information, such as you might provide in your resume.
- Inferences drawn from your activity on our public websites and other sources to create a profile reflecting your preferences and other attributes.
- Sensitive personal information: payment card information.
3.2 CATEGORIES OF SOURCES
We collect the categories of personal information listed above from the following categories of sources:
- Directly from you, for example when you complete an online “contact us” or webinar registration form, send us a job application and resume, or provide your payment card details.
- From observing your activity on our Services, for example via cookies, other standard online technologies, and our routine monitoring and recording of your use of our platforms.
- From your employer, for example your name and e-mail address to provide you with access to our subscription-only platforms.
- We may collect information about you from third parties, for example attendee lists from tradeshows and marketing lists from data companies.
3.3 ITEMS OF PERSONAL INFORMATION COLLECTED
When we collect personal information directly from you, you will know the details of that information. It may include your:
- First and last name
- E-mail address, postal address, and telephone numbers
- Login password/credentials
- Company name and job title
- Job application information
- Payment card information
We collect personal information from observing your activity on our services:
- We routinely monitor and record all your interactions with our subscription-only platforms.
When we receive information about you from your employer, it may include your name, e-mail address, and any other items necessary to provide you with access to our Services.
The personal information we collect from third parties is usually restricted to business contact information (that is, the kind of information typically contained on a business card).
4. HOW WE USE YOUR PERSONAL INFORMATION
Trustwell does not sell your personal information.
Trustwell may use your personal information for the following purposes:
- As a processor, to provide our Services to your employer, for example by managing log-ins and maintaining the security and confidentiality of data contained in the Services; communicating useful Services information to you; providing end-user support; facilitating communications among users of the Services; requesting feedback; deriving non-personal data from your use of the Services to be used to help us to improve the Services; and ensuring compliance with our Master Service Agreement.
- As a controller, notably of personal information that is collected on our public websites:
- To help us improve our Services and user experience, for example by identifying the parts of our Services you find useful or difficult to use. Usually, the information used for this purpose does not directly identify you as an individual.
- To respond to your requests or questions, for example when you reach out to us using contact information and forms on our public websites, or apply for a job via our careers pages.
- Where permitted by applicable law, we may send you marketing messages, including targeted advertising, for Trustwell Services that we think may interest you (see Section 9 for information about opting out of such messages).
GENERAL DATA PROTECTION REGULATION (GDPR) LAWFULNESS OF PROCESSING:
When we process your personal information as a controller, the GDPR requires that we provide individuals in the European Union, European Economic Area, UK, and Switzerland with our legal bases for doing so. Our legal basis depends on the purpose of processing:
|Purpose of processing||Legal basis|
|Help us improve our Services||GDPR Article 6,1(f) – our legitimate interests in improving our Services.|
|Respond to your requests, questions, process your job application||GDPR Article 6,1(b) – in order to take steps at your request prior to entering into a contract.|
|Market our services to you||GDPR Article 6,1(a) – your consent, or;
GDPR Article 6,1(f) – our legitimate interests in marketing other similar Trustwell Services to our customers.
5. DISCLOSURE OF YOUR PERSONAL INFORMATION
Who we disclose your personal information to depends on the specific items of information and the purposes we use them for. Your personal information may be disclosed to the following categories of recipients:
- Other users of the subscription-only platforms: Your business contact information may be shown to other authorized users of the platforms so that they are able to contact you as necessary.
- Employees and contractors of Trustwell: These personnel have roles that require access to your information (a “need to know”). They are bound by employment terms that cover their obligation to keep personal information confidential and secure.
- Service providers (“processors” and “sub-processors”): We use service providers to perform certain tasks for us, for example hosting our job application pages, CRM system, and webinars; or providing website analytics, or payment processing services. Service providers process your data on our behalf and according to our instructions. They are contractually bound to protect your information and are prohibited from using it for their own purposes. We have in the preceding 12 months disclosed the categories of personal information listed in Section 3.1 to service providers.
- Advertising partners: We may share the following categories of personal information with our advertising partners for the purpose of targeting advertisements: identifiers, commercial information, internet activity on our websites.
We will also disclose your personal information in the following exceptional circumstances:
- Corporate event: Your data may be transferred to third parties as a result of a merger, acquisition, or similar corporate event involving Trustwell.
- Legal necessity: We will disclose your information to government agencies, law enforcement, courts, and other authorities and parties if required to by applicable law.
- Individual’s vital interests: If we reasonably believe based on information posted on or provided in relation to our Services that the safety or vital interests of an individual are at risk, we will disclose personal information to relevant parties as necessary to assist the individual.
- Protection of Trustwell’s interests: Where permitted by applicable law, we may disclose personal information to our professional advisors and other qualified parties when we reasonably believe it to be necessary to protect our essential business interests.
6. INFORMATION SECURITY
We employ industry-standard technical, physical, and administrative security measures appropriate to the categories of personal information processed in our Services. Some Trustwell services have obtained SOC 2 certification or are in the process of doing so.
No matter how carefully we safeguard your information, it is unfortunately not possible to guarantee that it will never be accidentally or illegally breached.
7. DATA RETENTION
We will retain your personal information as long as necessary to fulfill the purposes for which it was collected, and to satisfy legal, accounting, and reporting obligations, or to resolve disputes or enforce our agreements.
Section 9 of this Notice below describes your rights to request deletion of your data outside of our normal data retention schedule.
8. INTERNATIONAL TRANSFER
Trustwell is based in the United States and your personal information is stored on our systems in the US.
If you live in the European Union or European Economic Area, note that the European Commission has not issued an unlimited adequacy decision for the US. Privacy safeguards for data transfers from the EU/EEA, and from other jurisdictions requiring safeguards, are the responsibility of the data controller. We collaborate with our international customers to put in place legally recognized safeguards for international transfer.
9. YOUR RIGHTS
US and global laws give you various rights over your personal information. These may include the right to:
- Access personal information held about you
- Correct inaccurate or out-of-date personal information
- Request deletion of your personal information
- Restrict processing of your personal information
- Object to processing for which the legal basis is our legitimate interests
In most cases relating to our subscription-only platforms, you should contact your employer (the controller) with any request to exercise privacy rights. If necessary, however, please contact Trustwell using the contact information in Section 10 of this Notice. We will endeavor to facilitate your request.
Rights requests concerning personal information that we collect and use as a data controller (for example, on our public websites or in our marketing communications) should be addressed to Trustwell using the contact information in Section 10 below.
If you believe that we have infringed your privacy rights, please contact us so that we can try to resolve the issue. However, if you are an EU/EEA/UK resident, you have the right to lodge a complaint with your EU/ EEA local supervisory authority or, in the UK, with the ICO.
Trustwell will never discriminate or retaliate against you because you exercised your privacy rights.
You can opt out of our marketing communications at any time using, for example, the “unsubscribe” in an e-mail message footer or similar functionality in other communication formats.
To opt out of our sharing of your personal information with our advertising partners, please send us your request using the contact information in Section 10.
When required by local law, we will obtain your prior consent for marketing communications. You may withdraw that consent at any time using the “unsubscribe” or similar functionality in a marketing message. Alternatively, please contact us using the contact information in Section 10 below.
Please note that, if you are a user of our subscription-only platforms, you may continue to receive service communications even after you have opted out of marketing communications. “Service” communications contain important information about the service for which you are a current user.
10. CONTACT US
4747 Skyline Rd S, Suite 100
Salem, Oregon 97306