Privacy Policy

This privacy policy sets out the basis on which any information that we collect from you, or that you provide to us, will be processed by us.

Policies

 

  • Performance – Trans World Compliance will use commercially reasonable efforts to update, augment and maintain the content and business rules, as compiled from selected public records and other sources. Subscriber accepts all content and business rules provided by Trans World Compliance on a “AS IS” basis, with no warranty or guarantee as to the accuracy or completeness of the content and business rules.
  • Support – Trans World Compliance will offer e-mail support through the Trans World Compliance Web site www.transworldcompliance.com/contact-twc. All support e-mails submitted during regular business hours will be answered within one business day.
  • Interruption of Service-
    • Scheduled Interruptions. Subscriber acknowledges that service may be temporarily interrupted or curtailed due to equipment modifications, upgrades, relocations, repairs and other similar activities during the operation and upgrade of service. No reduction of payments will be made in the case of scheduled interruption of service, provided such interruptions do not exceed 48 hours during any consecutive 30-day period.
    • Force Majeure. Trans World Compliance will not be liable for interruption or delays in transmission or errors or defects in transmission or failure to transmit when caused by acts of God, fire, water, riots, war, strikes, acts of Government, third party service providers, or any other causes beyond the control of Trans World Compliance.
    • Internet connectivity. Because Subscriber will access the Service over the public Internet, temporary disruptions of network connectivity will occur from time to time. Internet traffic is usually routed through many different Internet backbone providers on the way to its destination. Trans World Compliance will not be liable for interruption or delays in transmission or errors or defects in transmission or failure to transmit when caused by any Internet backbone provider.
    • Liability. In no event shall Trans World Compliance be liable for any damages due to interruption of Service except a refund of paid subscription fees proportional to downtime.
  • Audit- Subscriber understands and agrees that in order to ensure compliance with applicable law; Trans World Compliance reserves the right to conduct periodic reviews of Subscriber’s activity and may, on a random basis, contact Subscriber to provide documentation of executed searches. Trans World Compliance shall also investigate all legitimate reports of abuse or misuse of the Service.
  • Notification-
    • Should a data breach occur, all affected subscribers will be notified by Trans World Compliance.
    • Subscriber shall be notified of any legally binding request for disclosure of the Personal Data by a law enforcement authority unless otherwise prohibited, such as a prohibition under law to preserve the confidentiality of law enforcement investigation.

Privacy Shield

Trans World Compliance (“TWC”) is committed to your privacy and support the EU’s General Data Protection Regulation[1] (“GDPR”) and the EU-U.S. Data Privacy Framework (DPF)[2].

A. NOTICE & CHOICE

Affirmative Statement of Participation in the EU-US Data Privacy Framework (DPF)

This Statement complies with the Data Privacy Framework as set forth by the U.S. Department of Commerce and GDPR as set forth by the European Union regarding the collection, use, and sharing of personal information. This Privacy and Data Protection Policies statement describes how TWC collects, uses, and transfers data. Please also refer to TWC’s web privacy policies available here.

Jurisdiction

TWC certifies that it adheres to the Data Privacy Framework and GDPR Principles. TWC states that if there is any conflict between the terms of any TWC privacy policy and Data Privacy Framework or GDPR Principles, the Data Privacy Framework and GDPR Principles shall govern. TWC is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) and the European National Data Protection Authorities[3].

Scope

TWC’s Privacy and Data Protection Policies applies to its collection, use, and sharing of commercial data (data that TWC processes on behalf of its clients or their partners) and internal data (data that TWC collects for TWC internal purposes such as requests for additional information or to apply for employment with TWC).

TWC’s Data Collection Processes

TWC creates B2B solutions to help companies comply with US FATCA, CRS, and other international tax obligations. TWC does not have access to our client’s data and does not see or use any client data without the explicit permission of our clients and only for the specific reason of providing application support. Data processed includes:

  • Individual and Entity Account Holder information including identifiable information such as name, address, data of birth, and phone numbers
  • Tax ID numbers of the aforementioned individuals and entities
  • Financial information concerning Accounts held by individuals and entities

TWC collects personal information for various internal purposes such as sales or HR. This information is collected only with the consent the owner, includes only necessary for specific business purposes, and will be deleted upon request by an owner.

TWC End User Data & Privacy Policies

Both TWC and our clients are responsible for end user privacy. TWC provides end user data and privacy policies for our SaaS solutions, as well as a separate policy for the TWC marketing websites (see next section).

TWC requires that its clients provide the necessary notices and obtain informed consents from their end users for data collection using TWC software solutions.

TWC will delete any or all client data upon request from a client. Requests must be in writing and will be deleted within fourteen (14) calendar days of a request.

TWC Employee & Internal Data & Privacy Policies

TWC has an employee data and privacy policy. TWC employees are aware of and have been trained on this policy, which is also available on the company’s intranet.

TWC website privacy policy is available on our marketing websites and detail the data collected and intended use of such data.

B. ACCOUNTABILITY FOR ONWARD TRANSFERS

To effectively process data on behalf of our clients to fulfill our client’s compliance obligations, TWC software must share data with certain tax authorities. In all cases and for each transfer, our clients must explicitly initiate the transfer. With the exception of the aforementioned tax reporting, TWC does not have access and does not forward or share any client data to any other companies for any purpose whatsoever.

For internal data, TWC may share some data with external providers (for example, employee background checks). All employees will be specifically notified of any sharing of data, TWC will only share data when necessary, and only with firms that adhere to TWC’s data privacy policies. Marketing data collected by TWC may be shared with partners.

C. SECURITY

TWC uses reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account any inherent risks and the nature of the personal data involved.

TWC is a SaaS company that operates within segregated private datacenters as well as the public cloud. Data collected by TWC is co-located in secure locations operated by Amazon Web Services (US, Canada, Brazil), Art Motion (Switzerland) and SALT (Cayman Islands). Additional data center providers may be added in the future.

D. DATA INTEGRITY & PURPOSE LIMITATION

The TWC data pledge expressly disclaims ownership of data in favor of the TWC client. Furthermore, it is the TWC client, not TWC, that determines the “purposes and means” of data processing, include data retention and termination. Under EU law, TWC is the “data processor” that processes data on instruction from the client or data controller (the entity that determines the “purposes and means” of the data processing in question).

E. ACCESS

TWC processes data on behalf of its business clients and is not an end user facing company. For any access request or request to be forgotten, TWC would refer the end user to the TWC client’s that has the direct relationship with the individual or entity in question.

TWC does collect certain personal data for internal purposes such as sales and HR. TWC will honor any requests to review data and/or any requests to be forgotten (have personal data deleted).

TWC will not honor any 3rd party requests for access to client data without explicit written instructions to do so by the TWC’s client.

F. NOTIFICATION

In the unlikely event of a security breach, within 24 hours of discovery, Trans World Compliance will notify the owners of any affected data and, where applicable by law, relevant Data Protection Authorities.

G. RECOURSE & ENFORCEMENT

For questions or complaints please contact our Data Protection Officer at:

Data Protection Officer

Trans World Compliance, Inc.

1829 Greenplace Terrce

Rockville, MD 20850

USA

Phone: 301-825-5137

Email: info@transworldcompliance.com.

In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, TWC will provide US and EU end users a binding arbitration option.

Liability is limited to TWC’s contractual terms[4] or penalties stated in law (GDPR or Data Privacy Framework or other relevant law), whichever is higher.

H. DISCLOSURES TO LAW ENFORCEMENT

TWC may disclose data in response to lawful requests by public authorities, and to meet national security or law enforcement requirements. Unless expressly prohibited by law or it will violate an order, TWC will provided notice to affected clients of any such disclosure.

I. RETENTION & DATA SECURITY

TWC does not have direct access to any personnally identifiable client data in our cloud or installed applications. Should a client provide access or send data to TWC personnel:

  • If a client transmits personally identifiable client information to an employee for the purposes of support, loading, or otherwise, the employee should delete this after use or within 30 days, which ever is sooner.
  • All data transmission must be secured with (at a minimum) password level encryption.

Cloud installation data retention:

  • Legally required retention is at least six years (under local law it may be more).
  • For our cloud solutions, upon written request, TWC will permenantly delete all client data from our servers and backups and will provide written confirmation of the same.

Any questions about Data Retention or Data Security should be forwarded to the Data Protection Officer.

 

 

 

[1] http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf

[2] https://www.dataprivacyframework.gov/Program-Overview

[3] http://ec.europa.eu/newsroom/article29/document.cfm?doc_id=50044

[4] http://www.transworldcompliance.com/terms-001.html

Data We Collect From You

Why do we collect Information on the Websites?

We collect any information you voluntarily provide when you visit the Websites to learn more about TWC and its products, the company, investment opportunities, or for other information. The type of information collected will depend on your request. For example, if you sign up for a TWC newsletter, we will ask for your name and email address. In contrast, if you are considering employment at TWC and submitting a job application, we will collect other details such as your address and phone number.

What Information does TWC collect on the Websites?

When you visit the Websites, we automatically collect information about your computer or device, and your use of the Websites, so that we can recognize you as an end user and optimize your experience accordingly. We store this information in log files and may share this data with partners, affiliates, and other vendors, who help us analyze overall activity trends and administer the Websites, track end users activity on the Website for analytics purposes, and gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies from these companies on an individual or aggregated basis.

Here are the different categories of information that may be collected from your device by the Websites, or by partners, affiliates, and other vendors acting on our behalf:

  • The type of browser you used to access the Websites
  • The times you accessed the Websites
  • The IP address of the device you used to access the Websites
  • The pages on the Websites that you viewed
  • The pages you visited before navigating to the Websites
  • Information about the computer or mobile device you use to access the Websites-hardware model, operating system and version, and mobile network information. TWC uses a variety of technologies to collect this data including cookies, beacons, tags, and scripts

How do we Use Information Collected on the Websites?

We use the information we collect on the Websites for various purposes based on your request, including but not limited to:

  • Ensuring our Websites remain relevant to your needs and easy to use by providing analytics and other data regarding your use of our Websites as an end user
  • Delivering TWC newsletters, blogs and other content in response to your request
  • Providing confirmations, invoices, technical notices, updates, security alerts, as well as all other support and administrative messages involved in your request or purchase of TWC products and services
  • Alerting you to new products, special offers and promotions that may be offered by TWC and our selected partners
  • Keeping you informed about TWC promotional events
  • Contacting you regarding an open position at TWC for which you had previously applied

Third Party Processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
“Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.  Our appointed data processors include:
(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”