Privacy Policy

    This privacy policy sets out the basis on which any information that we collect from you, or that you provide to us, will be processed by us.

    Policies

     

    www.TransWorldCompliance.com

     

    Page 1

     

    TRANS WORLD COMPLIANCE PRIVACY AND DATA PROTECTION POLICIES

    Trans World Compliance (“TWC”) is committed to your privacy and support the EU’s General Data Protection Regulation1

    1 http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf (“GDPR”) and the EU-U.S. Data Privacy Framework (DPF)2

    2 https://www.dataprivacyframework.gov/Program-Overview .

    NOTICE & CHOICE

    Affirmative Statement of Participation in the EU-US Data Privacy Framework (DPF)

    This Statement complies with the Data Privacy Framework as set forth by the U.S. Department of Commerce and GDPR as set forth by the European Union regarding the collection, use, and sharing of personal information. This Privacy and Data Protection Policies statement describes how TWC collects, uses, and transfers data. Please also refer to TWC’s web privacy policies available here.

    Jurisdiction

    TWC certifies that it adheres to the Data Privacy Framework and GDPR Principles. TWC states that if there is any conflict between the terms of any TWC privacy policy and Data Privacy Framework or GDPR Principles, the Data Privacy Framework and GDPR Principles shall govern. TWC is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) and the European National Data Protection Authorities3

    3 http://ec.europa.eu/newsroom/article29/document.cfm?doc_id=50044 .

    Scope

    TWC’s Privacy and Data Protection Policies applies to its collection, use, and sharing of commercial data (data that TWC processes on behalf of its clients or their partners) and internal data (data that TWC collects for TWC internal purposes such as requests for additional information or to apply for employment with TWC).

    TWC’s Data Collection Processes

    TWC creates B2B solutions to help companies comply with US FATCA, CRS, and other international tax obligations. TWC does not have access to our client’s data and does not see or use any client data without the explicit permission of our clients and only for the specific reason of providing application support. Data processed includes:

    Individual and Entity Account Holder information including identifiable information such as name, address, data of birth, and phone numbers

    Tax ID numbers of the aforementioned individuals and entities

    Financial information concerning Accounts held by individuals and entities

    www.TransWorldCompliance.com

    Page 2

     

    TWC collects personal information for various internal purposes such as sales or HR. This information is collected only with the consent the owner, includes only necessary for specific business purposes, and will be deleted upon request by an owner.

    TWC End User Data & Privacy Policies

    Both TWC and our clients are responsible for end user privacy. TWC provides end user data and privacy policies for our SaaS solutions, as well as a separate policy for the TWC marketing websites (see next section).

    TWC requires that its clients provide the necessary notices and obtain informed consents from their end users for data collection using TWC software solutions.

    TWC will delete any or all client data upon request from a client. Requests must be in writing and will be deleted within fourteen (14) calendar days of a request.

    TWC Employee & Internal Data & Privacy Policies

    TWC has an employee data and privacy policy. TWC employees are aware of and have been trained on this policy, which is also available on the company’s intranet.

    TWC website privacy policy is available on our marketing websites and detail the data collected and intended use of such data.

    CLASSIFICATION OF DATA TYPES

    Management must establish criteria for determining how data sets and information within the environment should be used, handled, and protected, based on its content and level of sensitivity to the business and TWC’s customers.

    The following four data types define the classification criteria and mandatory handling requirements: Data Type

    Description

    Examples

    Handling Requirements

    Restricted

    Highly sensitive data that, if compromised, could put the company at severe financial or legal risk. Subject to state, federal, or international privacy regulations.

    Personally Identifiable Information (PII), Credit Card Information, Intellectual Property (IP), Social Security Numbers (SSNs), PHI.

    Mandatory Encryption (AES-256) at Rest and in Transit. Access restricted to strict "need to know" basis.

    Privacy Shield

    Trans World Compliance (“TWC”) is committed to your privacy and support the EU’s General Data Protection Regulation[1] (“GDPR”) and the EU-U.S. Data Privacy Framework (DPF)[2].

    A. NOTICE & CHOICE

    Affirmative Statement of Participation in the EU-US Data Privacy Framework (DPF)

    This Statement complies with the Data Privacy Framework as set forth by the U.S. Department of Commerce and GDPR as set forth by the European Union regarding the collection, use, and sharing of personal information. This Privacy and Data Protection Policies statement describes how TWC collects, uses, and transfers data. Please also refer to TWC’s web privacy policies available here.

    Jurisdiction

    TWC certifies that it adheres to the Data Privacy Framework and GDPR Principles. TWC states that if there is any conflict between the terms of any TWC privacy policy and Data Privacy Framework or GDPR Principles, the Data Privacy Framework and GDPR Principles shall govern. TWC is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) and the European National Data Protection Authorities[3].

    Scope

    TWC’s Privacy and Data Protection Policies applies to its collection, use, and sharing of commercial data (data that TWC processes on behalf of its clients or their partners) and internal data (data that TWC collects for TWC internal purposes such as requests for additional information or to apply for employment with TWC).

    TWC’s Data Collection Processes

    TWC creates B2B solutions to help companies comply with US FATCA, CRS, and other international tax obligations. TWC does not have access to our client’s data and does not see or use any client data without the explicit permission of our clients and only for the specific reason of providing application support. Data processed includes:

    • Individual and Entity Account Holder information including identifiable information such as name, address, data of birth, and phone numbers
    • Tax ID numbers of the aforementioned individuals and entities
    • Financial information concerning Accounts held by individuals and entities

    TWC collects personal information for various internal purposes such as sales or HR. This information is collected only with the consent the owner, includes only necessary for specific business purposes, and will be deleted upon request by an owner.

    TWC End User Data & Privacy Policies

    Both TWC and our clients are responsible for end user privacy. TWC provides end user data and privacy policies for our SaaS solutions, as well as a separate policy for the TWC marketing websites (see next section).

    TWC requires that its clients provide the necessary notices and obtain informed consents from their end users for data collection using TWC software solutions.

    TWC will delete any or all client data upon request from a client. Requests must be in writing and will be deleted within fourteen (14) calendar days of a request.

    TWC Employee & Internal Data & Privacy Policies

    TWC has an employee data and privacy policy. TWC employees are aware of and have been trained on this policy, which is also available on the company’s intranet.

    TWC website privacy policy is available on our marketing websites and detail the data collected and intended use of such data.

    B. ACCOUNTABILITY FOR ONWARD TRANSFERS

    To effectively process data on behalf of our clients to fulfill our client’s compliance obligations, TWC software must share data with certain tax authorities. In all cases and for each transfer, our clients must explicitly initiate the transfer. With the exception of the aforementioned tax reporting, TWC does not have access and does not forward or share any client data to any other companies for any purpose whatsoever.

    For internal data, TWC may share some data with external providers (for example, employee background checks). All employees will be specifically notified of any sharing of data, TWC will only share data when necessary, and only with firms that adhere to TWC’s data privacy policies. Marketing data collected by TWC may be shared with partners.

    C. SECURITY

    TWC uses reasonable and appropriate measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account any inherent risks and the nature of the personal data involved.

    TWC is a SaaS company that operates within segregated private datacenters as well as the public cloud. Data collected by TWC is co-located in secure locations operated by Amazon Web Services (US, Canada, Brazil), Art Motion (Switzerland) and SALT (Cayman Islands). Additional data center providers may be added in the future.

    D. DATA INTEGRITY & PURPOSE LIMITATION

    The TWC data pledge expressly disclaims ownership of data in favor of the TWC client. Furthermore, it is the TWC client, not TWC, that determines the “purposes and means” of data processing, include data retention and termination. Under EU law, TWC is the “data processor” that processes data on instruction from the client or data controller (the entity that determines the “purposes and means” of the data processing in question).

    E. ACCESS

    TWC processes data on behalf of its business clients and is not an end user facing company. For any access request or request to be forgotten, TWC would refer the end user to the TWC client’s that has the direct relationship with the individual or entity in question.

    TWC does collect certain personal data for internal purposes such as sales and HR. TWC will honor any requests to review data and/or any requests to be forgotten (have personal data deleted).

    TWC will not honor any 3rd party requests for access to client data without explicit written instructions to do so by the TWC’s client.

    F. NOTIFICATION

    In the unlikely event of a security breach, within 24 hours of discovery, Trans World Compliance will notify the owners of any affected data and, where applicable by law, relevant Data Protection Authorities.

    G. RECOURSE & ENFORCEMENT

    For questions or complaints please contact our Data Protection Officer at:

    Data Protection Officer

    Trans World Compliance, Inc.

    1829 Greenplace Terrce

    Rockville, MD 20850

    USA

    Phone: 301-825-5137

    Email: info@transworldcompliance.com.

    In instances where other redress possibilities have been exhausted under EU law, or where the complaint has not been resolved by any other means, TWC will provide US and EU end users a binding arbitration option.

    Liability is limited to TWC’s contractual terms[4] or penalties stated in law (GDPR or Data Privacy Framework or other relevant law), whichever is higher.

    H. DISCLOSURES TO LAW ENFORCEMENT

    TWC may disclose data in response to lawful requests by public authorities, and to meet national security or law enforcement requirements. Unless expressly prohibited by law or it will violate an order, TWC will provided notice to affected clients of any such disclosure.

    I. RETENTION & DATA SECURITY

    TWC does not have direct access to any personnally identifiable client data in our cloud or installed applications. Should a client provide access or send data to TWC personnel:

    • If a client transmits personally identifiable client information to an employee for the purposes of support, loading, or otherwise, the employee should delete this after use or within 30 days, which ever is sooner.
    • All data transmission must be secured with (at a minimum) password level encryption.

    Cloud installation data retention:

    • Legally required retention is at least six years (under local law it may be more).
    • For our cloud solutions, upon written request, TWC will permenantly delete all client data from our servers and backups and will provide written confirmation of the same.

    Any questions about Data Retention or Data Security should be forwarded to the Data Protection Officer.

     

     

     

    [1] http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf

    [2] https://www.dataprivacyframework.gov/Program-Overview

    [3] http://ec.europa.eu/newsroom/article29/document.cfm?doc_id=50044

    [4] http://www.transworldcompliance.com/terms-001.html

    Data We Collect From You

    Why do we collect Information on the Websites?

    We collect any information you voluntarily provide when you visit the Websites to learn more about TWC and its products, the company, investment opportunities, or for other information. The type of information collected will depend on your request. For example, if you sign up for a TWC newsletter, we will ask for your name and email address. In contrast, if you are considering employment at TWC and submitting a job application, we will collect other details such as your address and phone number.

    What Information does TWC collect on the Websites?

    When you visit the Websites, we automatically collect information about your computer or device, and your use of the Websites, so that we can recognize you as an end user and optimize your experience accordingly. We store this information in log files and may share this data with partners, affiliates, and other vendors, who help us analyze overall activity trends and administer the Websites, track end users activity on the Website for analytics purposes, and gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies from these companies on an individual or aggregated basis.

    Here are the different categories of information that may be collected from your device by the Websites, or by partners, affiliates, and other vendors acting on our behalf:

    • The type of browser you used to access the Websites
    • The times you accessed the Websites
    • The IP address of the device you used to access the Websites
    • The pages on the Websites that you viewed
    • The pages you visited before navigating to the Websites
    • Information about the computer or mobile device you use to access the Websites-hardware model, operating system and version, and mobile network information. TWC uses a variety of technologies to collect this data including cookies, beacons, tags, and scripts

    How do we Use Information Collected on the Websites?

    We use the information we collect on the Websites for various purposes based on your request, including but not limited to:

    • Ensuring our Websites remain relevant to your needs and easy to use by providing analytics and other data regarding your use of our Websites as an end user
    • Delivering TWC newsletters, blogs and other content in response to your request
    • Providing confirmations, invoices, technical notices, updates, security alerts, as well as all other support and administrative messages involved in your request or purchase of TWC products and services
    • Alerting you to new products, special offers and promotions that may be offered by TWC and our selected partners
    • Keeping you informed about TWC promotional events
    • Contacting you regarding an open position at TWC for which you had previously applied

    Third Party Processors

    Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
    “Digital Marketing Service Providers
    We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.  Our appointed data processors include:
    (i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”