Privacy Policy
Privacy Notice – Last updated on 06/20/2023
This Privacy Notice applies to the processing of Personal Information collected in the context of our website https://trestleiq.com/, through the services that we offer to our business customers (the “Customers”), and any features or online services provided by Trestle that post or include a link to this Privacy Notice (collectively, the “Services”).
This Privacy Notice describes the types of Personal Information we collect in connection with the Services, the purposes for which we process that Personal Information, the parties with whom we may share it and the measures we take to protect its security. It also tells you about your rights and choices with respect to your Personal Information, and how you can contact us about our privacy practices.
1. Personal Information We May Collect
We may collect the following types of Personal Information:
- General Communication Information
- Account Information
- Billing Information
- Customer Data
- Metadata
- Third party data
- Usage Information
Learn More:
For the purpose of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual. In connection with the provision of the Services, we obtain Personal Information relating to you from the various sources described below.
- Personal Information Provided by You
- General Communication Information. When you contact us (for example via email, phone or online web forms), we will collect Personal Information provided by you, such as your first and last name, telephone number, email address, physical address, employer name, as well as any other content that you provide (“General Communication Information”). If you do not provide certain General Communication Information, we may not be able to answer your requests or queries.
- Account Information. We may collect usernames, passwords, and other details of account-level information from representatives of business Customers when they correspond with us by phone or email, or request support for the Services (“Account Information”). If they do not provide certain Account Information, such as usernames and passwords, they may not be able to use the Services or take advantage of certain features of the Services.
- Billing Information. We may collect billing information from representatives of our business Customers when they purchase our Services, such as billing name and address, ACH, or credit card number.
- Personal Information Provided by Customers
- Customer Data. We collect information in the form of queries submitted to the Services by business Customers for identity verification and fraud prevention and detection purposes. Such queries may contain the name, e-mail address, physical address, phone number, and IP address of the business Customer’s consumers (“Customer Data”). When a Customer submits Customer Data to the Services, Trestle may analyze Customer Data in conjunction with Trestle Data (see below) and other Customers’ data, to create Metadata (see below) to provide results to the Customer’s query.
- Personal Information Derived from Customer Data
- Metadata. We derive information from our analysis of Customer Data, such as the number of times a data element has been queried in a period of time (velocity) or the last time a data element has been seen (recency), and hashed, encrypted Customer Data (“Metadata”). On this basis we identify behavioral patterns that give us insights for our fraud prevention and identity verification services (e.g., patterns confirming that your address is current and genuine).
- Third parties
- Third party data. We obtain Personal Information from publicly available sources and from third party data providers, who may collect the information from publicly available sources or directly from individuals, to enable us to provide our Services. This data collection includes the mapping of IP addresses to non-precise location data (e.g., city, state), and the collection of the following data elements: name, e-mail address, physical address, phone number, and IP address. Trestle includes such third party data together with Metadata (collectively “Trestle Data”) in its own database.
- Personal Information Automatically Obtained from Your Interaction with the Services
- Usage Information (such as cookies and similar technologies). When you visit our website or use our API management portal, we may collect certain information by automated means such as cookies, web beacons, and embedded scripts. This Usage Information may include standard information from a web browser (such as browser type and browser language), an IP address, device identifier numbers, and the actions a website visitor or Customer takes on Pro Insight (such as how a visitor/Customer interacts with the web pages and the links clicked). For detailed information about the use of cookies and similar technologies, please see our below short summary and our Cookie Consent Tool.
Cookies: Our Web pages and Pro Insight use “cookies” and similar technologies. A cookie is a file stored on your device that may be used to identify an individual as a unique user by storing certain personal preferences and user data. We use cookies and other technologies to identify your device, identify authorized users of Pro Insight, and track affiliate referrals.
Web Beacons: We may also use web beacons, small graphic images, or other web programming code which may be included in our Web pages and e-mail messages. - Log files, IP addresses, URLs, embedded scripts, and similar data: We gather certain information automatically to administer the Services and analyze trends in the aggregate. This information may include IP addresses (or the proxy server a business Customer uses to access the Services), device and application identifiers, browser type, Internet service provider, the pages and files viewed, searches conducted, operating system and system configuration information, and date/time stamps associated with usage. This information is used to analyze overall trends, and to provide and improve the Services. For example, Trestle collects IP addresses from Customers when they log into the Services as part of security features to confirm identity or detect compromised accounts. Trestle may also use embedded scripts, which are programming code designed to collect information about an interaction with a Web site, such as the links clicked on. The code is temporarily downloaded onto a device from our Web server or a third-party service provider, is active only while you are connected to the Web site containing the embedded script, and is deactivated or deleted thereafter.
- Usage Information (such as cookies and similar technologies). When you visit our website or use our API management portal, we may collect certain information by automated means such as cookies, web beacons, and embedded scripts. This Usage Information may include standard information from a web browser (such as browser type and browser language), an IP address, device identifier numbers, and the actions a website visitor or Customer takes on Pro Insight (such as how a visitor/Customer interacts with the web pages and the links clicked). For detailed information about the use of cookies and similar technologies, please see our below short summary and our Cookie Consent Tool.
2. How We May Use Your Personal Information
We may use your Personal Information:
- To provide, improve, and develop our Services and Trestle Data.
- To understand, diagnose, troubleshoot, and fix issues with the Services.
- To evaluate and develop new features, technologies, and improvements to the Services.
- For marketing, promotion, and advertising purposes.
- To comply with legal obligations, and to establish, exercise, or defend against legal claims.
- To conduct business planning, reporting, and forecasting.
- To manage our customer, vendor and partner relationships.
Learn More:
We set out below the purposes for which we process Personal Information. We indicate the categories of Personal Information per processing purpose. We will only process your Personal Information when we have a legal basis for the processing as identified in the table below.
Processing Purpose | Legal Basis | Categories of Personal Information |
---|---|---|
To provide the Services and Trestle Data | We, or our Customers, have a legitimate interest in combating fraud or fraudulent use of our Customers’ services We may also rely on the “performance of a contract” legal ground when we process Personal Information to fulfill individuals’ requests e.g., to respond to individuals’ inquiries | Account Information, Customer Data Usage Information (such as cookies and similar technologies), Billing Information, Trestle Data, Metadata |
To understand, diagnose, troubleshoot, and fix issues with the Services | We have a legitimate interest in ensuring the safety, security and performance of our Services | Account Information, Customer Data, Usage Information (such as cookies and similar technologies), Trestle Data, Metadata |
To evaluate and develop new features, technologies, and improvements to the Services (e.g., to measure the functioning of a Service by processing a Service’s traffic) | We have a legitimate interest in improving and developing our products and services | Account Information, Customer Data, Usage Information (such as cookies and similar technologies), Trestle Data, Metadata |
For marketing, promotion, and advertising purposes | We have a legitimate interest in promoting our business. When we send electronic direct marketing communications, or when we tailor our advertising, we will obtain individuals’ prior consent if required in accordance with applicable laws | General Communication Information, Account Information |
To comply with legal obligations and law enforcement requests | Compliance with legal obligations | General Communication Information, Account Information, Customer Data, Usage Information (such as cookies and similar technologies), Billing Information, Trestle Data, Metadata |
To establish, exercise, or defend against legal claims | We, or a third party, have a legitimate interest in protecting against legal claims | General Communication Information, Account Information, Customer Data, Usage Information (such as cookies and similar technologies), Billing Information, Trestle Data, Metadata |
To conduct business planning, reporting, and forecasting, including data analyses | We, or our Customers, have a legitimate interest in analyzing Personal Information for internal business purposes | Account Information, Usage Information (such as cookies and similar technologies), Billing Information |
To manage our customer, vendor and partner relationships, including processing purchases | We have a legitimate interest in managing our Customer, vendor and partner relationships as necessary to operate our business | Account Information, Billing Information |
3. How We Share Your Personal Information
We may share Personal Information with:
- Our service providers acting on our behalf.
- Customers
- As required by law.
- In the event of a sale or transfer of our business or assets.
Learn More:
Trestle may provide your Personal Information to the following third parties for the purposes set out below:
- Subsidiaries and Affiliates
We may share the Personal Information we collect with our subsidiaries and affiliates, if any, for the purposes described in this Privacy Notice. - Service Providers
We may share Personal Information with our service providers who perform services on our behalf and in relation to the purposes described in this Privacy Notice. Examples of our service providers include analytics providers, data storage providers and payment processing providers. We require these service providers by contract to only process Personal Information in accordance with our instructions and as necessary to perform services on our behalf or comply with legal requirements. We also require them to have safeguards designed to protect the security and confidentiality of the Personal Information they process on our behalf. - Third-Party Business Partners
We may share Personal Information with third-party data providers in order to supplement our database. For example, we may send an email address to a data provider to see whether and when the data provider may have seen the email address before.
In addition, we may partner with a variety of businesses to market or sell our products or services. For instance, partners may co-sponsor our events or offerings. We may share General Communication Information that Customers provide when they sign up for events or other offerings with these Partners so they can send marketing communications and other information of interest. See below for how to withdraw your consent at any time. - Customers
In response to Customers’ queries, we may provide Customers with Metadata and additional Personal Information regarding their customers. - As required by law
We may disclose data about you: (i) if we are required to do so by law or legal process, (ii) in response to a request from a court, law enforcement authorities, or government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. - Sale of business
We reserve the right to transfer Personal Information we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Information you have provided to us in a manner that is consistent with this Privacy Notice.
4. Your Rights and Choices
Subject to applicable law, you have the right to:
- Access your Personal Information, rectify it, restrict or object to its processing, or request its deletion.
- Receive the Personal Information you provided to us to transmit it to another company.
- Withdraw any consent provided.
- Where applicable, lodge a complaint with your supervisory authority.
Learn More:
Subject to applicable law, you have the right to:
- Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
- You may opt out from receiving marketing communications by clicking on the unsubscribe link contained in such communications.
Those rights may be limited in some circumstances by local law requirements.
5. How We Protect Your Personal Information
We maintain appropriate security safeguards to protect your Personal Information and only retain it for a limited period of time.
Learn More:
We maintain appropriate administrative, technical and physical safeguards to protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. The types of measures we take vary depending on the type of data, and how it is collected and stored. We restrict access to Personal Information about you to those employees who need to know that information to provide products or services to you.
We also take measures to delete your Personal Information or keep it in a form that does not permit your identification when this information is no longer necessary for the purposes for which we process it or when you request their deletion, unless we are required by law to keep the information for a longer period. In principle, we keep Customer Data for 90 days for troubleshooting purposes, and we keep Metadata for 7 years to improve our services.
6. Data Transfers
We are a global organization, so we sometimes need to share your personal data with our other offices or with third party service providers and suppliers who are located in countries other than your own. Note in particular that if you are accessing our Services from outside of the United States, your information may be transferred to, stored, and processed by us in our facilities and by those third-parties with whom we may share your personal information (see “How We Share your Personal Information”’), in the United States, and other countries.
If you are a resident in the European Economic Area, then these countries may not have data protection or other laws as comprehensive as those in your country. We will, however, take all necessary measures to protect your personal information in accordance with this privacy policy and applicable law, including, where applicable, ensuring that the transfer is governed by appropriate transfer mechanisms such as the Standard Contractual Clauses for data transfers between EU and non-EU countries.
7. Features and Links to Other Websites
You may choose to use certain features for which we partner with other entities that operate independently from us.
Learn More:
You may choose to use certain features for which we partner with other entities, or click on links to other websites for your convenience and information. These features may operate independently from us. They may have their own privacy notices or policies, which we strongly suggest you review. To the extent any features or linked websites you visit are not owned or operated by us, we are not responsible for the sites’ content, any use of the sites, or the privacy practices of the sites.
8. Children’s Data Policy
The Services are not intended for use by children under the age of eighteen years old. Trestle does not knowingly collect information from children under the age of eighteen.
9. California Resident Privacy Notice
This California Resident Privacy Notice section supplements the information contained in the Notice. This section applies to California residents from whom we collect Personal Information as a business under the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”).
Learn More:
a. Personal Information Collection, Disclosure, and Sale
For the purposes of this California Resident Privacy Notice section, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the CCPA.
Personal Information does not include information that is:
- Lawfully made available from government records.
- Deidentified or aggregated.
- Otherwise excluded from the scope of the CCPA.
The chart below provides the categories of Personal Information (as defined by the CCPA) we have collected, disclosed for a business purpose, or sold in the preceding twelve (12) months since this Notice was last updated. The examples of Personal Information provided for each category reflect each category’s statutory definition and may not reflect all of the specific types of Personal Information associated with each category.
Category | We Collect: | We Disclose: | We Sell: |
---|---|---|---|
Identifiers Examples: Name, postal address, unique personal identifier, online identifier, internet protocol address, email address, or other similar identifiers. | Yes | Yes | Yes |
Categories of Personal Information in Cal. Civ. Code Section 1798.80(e) Examples: Name, address, and telephone number. | Yes | Yes | Yes |
Characteristics of Protected Classifications under California or Federal Law Examples: Age (over 40), and gender. | Yes | Yes | Yes |
Commercial Information Examples: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes | Yes | No |
Biometric Information Examples: Physiological, biological, or behavioral characteristics, including DNA, that can be used, singly or in combination with each other or with other identifying data, to establish individual identity, such as imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. | No | N/A | N/A |
Internet or Other Electronic Network Activity Information Examples: Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application or advertisement. | Yes | Yes | Yes |
Geolocation Data Example: IP address. | Yes | Yes | Yes |
Sensory Information Examples: Audio, electronic, visual, thermal, olfactory, or similar information. | No | N/A | N/A |
Professional or Employment-Related Information Examples: Job application or resume information, past and current job history, and job performance information. | No | N/A | N/A |
Non-Public Education Information (as defined in 20 U.S.C. 1232g; 34 C.F.R. Part 99) Examples: Records that are directly related to a student maintained by an educational agency or institution or by a party acting for the agency or institution. | No | N/A | N/A |
Inferences Drawn from Personal Information Examples: Consumer profiles reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Yes | Yes | Yes |
b. Use of Personal Information
We collect, use, and disclose your Personal Information in accordance with the specific business and commercial purposes below:
- Providing Services: Providing our Services to Customers, such as our identity verification and lead verification, identity management, and caller identification products.
- Communicating: Communicating with you, providing you with updates and other information relating to our Services, providing information that you request, responding to comments and questions, and otherwise providing customer support.
- Marketing: Developing and providing promotional and advertising materials that may be useful, relevant, valuable or otherwise of interest to you.
- Personalization: Personalizing your experience on our Services, such as presenting tailored content.
- Facilitating Payments: Facilitating transactions and payments.
- Enabling Transactions: Otherwise enabling or effecting, directly or indirectly, a commercial transaction.
- Deidentification and Aggregation: Deidentifying and aggregating information collected through our Services and using it for lawful purposes.
- Safety Issues: Responding to trust and safety issues that may arise.
- Compliance: For compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
- Auditing Interactions: Auditing related to your interaction with our Services and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with other standards.
- Fraud and Incident Prevention: Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity; providing identity verification and fraud prevention services.
- Debugging: Debugging to identify and repair errors that impair existing intended functionality.
- Transient Use: Short-term, transient use.
- Contracting Vendors: Contracting with vendors and service providers to perform services on our behalf or on their behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services on behalf of the business or service provider.
- Research: Undertaking internal research for technological development and demonstration.
- Improving Our Services: Undertaking activities to verify or maintain the quality or safety of our Services, and to improve, upgrade, or enhance our Services.
- Connecting Third Party Services: Facilitating the connection of third-party services or applications, such as social networks.
- Corporate Transactions: Evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our web site users is among the assets transferred.
- Notified Purpose: For other purposes for which we provide specific notice at the time the information is collected.
c. Collection of Personal Information
In the preceding twelve (12) months, we have collected Personal Information from the following categories of sources:
- Our Customers: Entities that purchase our Services and submit user details, such as, for example, for identity verification and lead verification
- Resellers: Consumer data brokers and other third-party data providers.
- Advertising Networks.
- Social Networks.
- Analytics Providers.
- OS/Platform Provider: Operating systems and platforms.
- Public: Publicly accessible sources.
d. Disclosure of Personal Information
- Advertising Providers: Advertising technology companies, such as advertising networks.
- Personal Information we share: Identifiers; Internet or Other Electronic Network Activity; Geolocation Data.
- Analytics Providers.
- Personal Information we share: Identifiers; Internet or Other Electronic Network Activity; Geolocation Data.
- Vendors: Vendors and service providers.
- Personal Information we share: Identifiers; Categories of Personal Information in Cal. Civ. Code Section 1798.80(e); Characteristics of Protected Classifications under California or Federal Law; Commercial Information; Internet or Other Electronic Network Activity Information; Geolocation Data; Inferences Drawn from Personal Information.
- Resellers: Consumer data brokers.
- Personal Information we share: Identifiers; Categories of Personal Information in Cal. Civ. Code Section 1798.80(e); Characteristics of Protected Classifications under California or Federal Law; ; Geolocation Data; Inferences Drawn from Personal Information.
- Our Customers:
- Personal Information we share: Identifiers; Categories of Personal Information in Cal. Civ. Code Section 1798.80(e); Characteristics of Protected Classifications under California or Federal Law; Internet or Other Electronic Network Activity Information; Geolocation Data; Inferences Drawn from Personal Information.
- Affiliates.
- Personal Information we share: Identifiers; Categories of Personal Information in Cal. Civ. Code Section 1798.80(e); Characteristics of Protected Classifications under California or Federal Law; Commercial Information; Internet or Other Electronic Network Activity Information; Geolocation Data; Inferences Drawn from Personal Information.
- Third Parties as Legally Required: Third parties as required by law and similar disclosures.
- Personal Information we share: Identifiers; Categories of Personal Information in Cal. Civ. Code Section 1798.80(e); Characteristics of Protected Classifications under California or Federal Law; Commercial Information; Internet or Other Electronic Network Activity Information; Geolocation Data; Inferences Drawn from Personal Information.
- Third Parties in Merger/Acquisition: Third parties in connection with a merger, sale, or asset transfer.
- Personal Information we share: Identifiers; Categories of Personal Information in Cal. Civ. Code Section 1798.80(e); Characteristics of Protected Classifications under California or Federal Law; Commercial Information; Internet or Other Electronic Network Activity Information; Geolocation Data; Inferences Drawn from Personal Information.
- Integrated Third Parties: Third parties integrated into our services.
- Personal Information we share: Identifiers; Internet or Other Electronic Network Activity; Geolocation Data.
- OS/Platform Providers: Operating systems and platforms.
- Personal Information we share: Identifiers; Internet or Other Electronic Network Activity Information; Geolocation Data.
e. Your California Privacy RightsIf you are a California resident, you may exercise the following rights.
- Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information collected, sold, or disclosed by us; (2) purposes for which categories of Personal Information are collected or sold by us; (3) categories of sources from which we collect Personal Information; (4) categories of third parties with whom we disclosed or sold Personal Information; and (5) specific pieces of Personal Information we have collected about you during the past twelve months.
- Right to Delete. Subject to certain exceptions, you may submit a verifiable request that we delete Personal Information about you that we have collected from you.
- Verification. Requests for access to or deletion of Personal Information are subject to our ability to reasonably verify your identity in light of the information requested and pursuant to relevant CCPA requirements, limitations, and regulations. To verify your access or deletion request, please provide us with your email address, name, phone number, and address.
- Right to Opt Out. In some circumstances, you may opt out of the sale of your Personal Information. Click here to opt out of the sale of your Personal Information.
- Right to Equal Service and Price. You have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights, subject to certain limitations.
- Shine the Light. We do not rent, sell, or share Personal Information with non affiliated companies for their direct marketing uses as contemplated by California’s “Shine the Light” law (Civil Code § 1798.83), unless we have your permission.
- Submit Requests. To exercise your rights under the CCPA, please use the link above or visit our website: https://trestleiq.com/do-not-sell-my-personal-information/.
- Authorizing an Agent. If you are acting as an authorized agent to make a request to know, delete, or opt out on behalf of a California resident, you may follow the instructions identified in our web form, by clicking here, and attach a written authorization signed by the resident, or please contact us using the methods identified in the “Submit Requests” subsection immediately above.
10. Updates to This Privacy Notice
This Privacy Notice may be updated periodically to reflect changes in our privacy practices.
Learn More:
This Privacy Notice may be updated periodically to reflect changes in our Personal Information practices. We will notify you of any significant changes to our Privacy Notice and indicate at the top of the notice when it was most recently updated. If we update this Privacy Notice, in certain circumstances, we may seek your consent.
11. How to Contact Us
If you have any questions or comments about the processing of your Personal Information that a Customer provided to us in the context of our fraud prevention and identity verification services, or if you would like to exercise your rights and choices in this context, please contact the relevant Customer.
Alternatively, you may contact us at privacy@trestleiq.com, or write to us at:
Data Protection Officer
Trestle Solutions Inc.
12819 SE 38th st #263
Bellevue, WA 98006,
United States