Privacy

Effective July 21, 2021


This Privacy Policy (“Policy”) is here to help you understand how we collect, use, disclose, and process your personal data. We also describe your choices and rights with respect to how we process your personal data. Please read this Policy carefully.

WHO WE ARE

This is the Policy of TraceGains, Inc. (“TraceGains,” “us,” “our,” or “we”), a Delaware corporation with offices at 10385 Westmoor Dr., Bldg. 5, Suite 200, Westminster, CO 80021. You can contact us here.

APPLICABILITY

This Privacy Policy applies to our “Services,” which include our websites that link to/post this Privacy Policy, including any subdomains or mobile versions (the “Site(s)”), mobile applications (the “Mobile App(s)”), and our ‘software-as-a-service’ platform (the “Platform”).

AGREEMENT

This Policy is incorporated into the Terms of Use governing your use of any of our Services. Any capitalized terms
not defined in this Privacy Policy will have the definitions provided in our Terms of Use.
Following notice to you or your acknowledgement of this Privacy Policy (including any updates), your
continued use of any of our Services indicates your consent to the practices described in this Policy.
THIRD PARTIES
TraceGains is revolutionizing information exchange across the supply chain by connecting TraceGains customers
with their suppliers (collectively, the “Clients”). TraceGains delivers full-service supplier, compliance, and regulatory
document management services. Our solutions address the unique needs of the food and beverage industry by
connecting partners, collecting critical documents, and capturing data to predict and reduce risk. In each case, we
provide a platform for use by Clients, and this Policy reflects the data processed and activities undertaken through our
Services. However, the Policy does not apply to the Client’s own uses of your data, including processing they may
choose to undertake that is not described in, or different from, this Policy.
This Policy also does not apply to information processed by other third parties, for example, when you visit a thirdparty website or interact with third-party services, unless and until we receive your information from those parties.
Please review any third parties’ privacy policies before disclosing information to them. See our list of third parties for
more information regarding our sources and recipients of personal data.
COLLECTION AND USE OF PERSONAL DATA
Data We Collect
We collect and process the following types of information, including data that relates to identified or identifiable
individuals (“Personal Data”) (note, specific Personal Data elements listed in each category are only examples and
may change):
“Identity Data”: Personal Data about you and your identity, such as your name, username, company affiliation
and title, and other Personal Data you may provide on applications, registration forms, or as
part of an account profile.
“Contact Data”: Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone
number(s), or communications platform usernames/handles, as well as a name or other
salutation.
“Device Data”: Personal Data relating to your device, browser, or application e.g. IP addresses, MAC
addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and
similar browsing metadata, and other data generated through applications and browsers,
including cookies and similar technologies.
“Custom Content”: Information that a user provides in a free text or other unstructured format, or pursuant to
custom fields created by a Client; this may include Personal Data to the extent provided by the
user.
Processing of Personal Data
Service Use
Data: Users may access, view, and engage with certain areas of our Services, including but not limited to support
communities and message boards. When you participate in these Services, we process certain Personal Data,
which typically includes Identity Data, Contact Data, and Custom Content that may be provided. Any
materials you choose to share on such public areas of the Services are public and non-confidential.
Uses: Depending on the public service in use, we may use Identity Data and Contact Data as necessary to enable
posts and communications on the Platform or our public Services. Subject to Your Rights and Choices, we
may also use Identity Data as part of our efforts to improve our Services, and on behalf of the Client, we may
process Identity Data and Contact Data in connection with marketing communications.
Client Application/Registration
Data: Clients may submit inquiries, company and product information, requirements, and offerings through our
Services. When you submit an application relating to either a Supplier or Customer, we process certain
Personal Data on behalf of the Client, which typically includes Identity Data, and Contact Data, and if
requested by the Client, Custom Content (“Application Data”) Additionally, we may collect Identity Data,
and Contact Data, and if requested by the Client, Custom Content in connection with you use or register for
an account on the Platform (“Registration Data”)
Uses: On behalf of the Clients, we use all Application/Registration Data as necessary to provide our Services to the
Clients, including in connection with the assessment of applications and prospective applicants, operate the
Platform, and as necessary to create, maintain, and provide you with important information about your
account and the products and services you may be offering as a Supplier or soliciting as a Customer. Subject
to Your Rights and Choices, we may also use Identity Data, Contact Data, and Custom Content on behalf of
Clients: (i) in connection with the maintenance of Client records; and (ii) to provide marketing or other
communications between customers and suppliers.
Client Comments, Messaging & Custom Content
Data: On behalf of the Clients, we process Identity Data, Contact Data, and if provided, Custom Content when you
use our Services to fill out forms relating to products offered or sought, message a Client, or if you otherwise
submit any Custom Content (e.g. on a comment board or other free form content submission form).
Uses: On behalf of the Clients, we use Identity Data and Contact Data as necessary to carry out the processes you
request. Subject to Your Rights and Choices, we may also use Identity Data to improve our Services and, on
behalf of the Client, we may make certain Custom Content and Identity Data contained in Client profiles
available on our site for viewing by other Clients, and we may process Identity Data and Contact Data in
connection with marketing communications.
Note: We do not screen messages, comments, or other postings for personal or inappropriate content.
Mobile Apps
Data: If you use our Mobile Apps in connection with our annual conference (“TGCon”), we may process certain
Personal Data, which typically includes Identity Data, Contact Data, and Device Data. Note, you may also
be able to view other attendees, connect on social media, and receive additional speaker information through
our Mobile App.
Uses: On behalf of the Clients, we process the Identity Data, Contact Data, and Device Data as necessary to deliver
the Service and fulfill your requests. Subject to Your Rights and Choices, we may use the Identity Data,
Contact Data, and Device Data to improve our services.
Cookies and Similar Technologies
Data: We, and certain third parties, may process Device Data when you interact with cookies and similar
technologies. We may receive this data from third parties to the extent allowed by the applicable partner.
Please note that the privacy policies of third parties may apply to these technologies and information
collected.
Uses: In connection with our legitimate interests in providing and improving the user experience and efficiency of
our Services, and understanding information about the devices and demographics of visitors to our Services,
we use this information (i) for “essential” or “functional” purposes, such as to enable various features of the
Services such as your browser remembering your username or password, maintaining a session, or staying
logged in after a session has ended; and (ii) for analytics and site performance purposes, such as tracking
how the Services are used or perform, how users engage with and navigate through the Services, what sites
users visit before visiting our Services, how often they visit our Services, and other similar information.
Additionally, in some cases (and subject to your consent where required by law), we may collect and process
certain information about use of the Platform (e.g. feature use, navigation, or Platform performance) by you
or the Client/Supplier/Customer’s on whose behalf you use the Platform (“Personal and Company
Analytics Data”). We may associate the Personal and Company Analytics Data with your Registration Data
and data relating to the relevant Client/Supplier/Customer. We use Personal and Company Analytics to
understand how users and Clients/Suppliers/Customers use the Platform, provide you with customer service
and support, and to otherwise improve the Platform. Note, if we do associate Personal and Company
Analytics with your Registration Data, we may still derive aggregate statistics from it to assess the use by
Clients/Suppliers/Customers. We use a third party to collect and process Personal and Company Analytics
Data, and we may make such data available to our personnel with a need to know such information in
connection with support requests.
Note: Some of these technologies can be used by third parties to identify you across platforms, devices, sites, and
services; however, we do not permit Personal and Company Analytics Data nor the associated Registration
Data to be used except in connection with our Platform. Clients may also have access to information, such
as reports and analytics, generated through these Services.
Marketing Communications
Data: We may process Identity Data and Contact Data in connection with email marketing communications,
including (i) on behalf of Clients, when you register for an account, and choose to enroll, or are enrolled by
the Client, to receive marketing communications; (ii) on behalf of Clients, when you open or interact with, a
Client’s electronic marketing communications; (iii) on our own behalf when you contact us directly, or
express an interest in our products and services; and (iv) on our own behalf when you open or interact with
our marketing communications.
Uses: We use Identity Data and Contact Data as necessary to provide marketing communications, and consistent
with our legitimate business interests, we may send you marketing and promotional communications if you
sign up for such communications or purchase services from us. See Your Rights and Choices for information
about how you can limit or opt out of this processing.
Additional Processing
If we process Personal Data in connection with our Services in a way not described in this Policy, this Policy will still
apply generally (e.g. with respect to Your Rights and Choices) unless otherwise stated when you provide it.
Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For
example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any
individuals, or otherwise in the public interest. Please see the Data Sharing section for more information about how
we disclose Personal Data in extraordinary circumstances.
DATA SHARING
Generally
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which
that information was provided. We generally transfer Personal Data to the following categories of recipients:
Clients: We process data on behalf of Clients and may share your Personal Data with Clients to the
extent such information was provided to us for processing on the Client’s behalf. For example,
any forms, applications, messages, or other material may be processed by us for Clients, and
all Personal Data processed on behalf of the Client may be available to the Client and its users.
These parties may engage in direct marketing, or other activities that are outside our control.
Service Providers: In connection with our general business operations, product/service improvements, to enable
certain features, and in connection with our other legitimate business interests, we may share
your Personal Data with service providers or sub-processors who provide certain services or
process data on our behalf.
Affiliates: In order to streamline certain business operations, develop products and services that better
meet the interests and needs of our customers, and inform our customers about relevant products
and services, we may share your Personal Data with any of our current or future affiliated
entities, subsidiaries, and parent companies.
Corporate Events: Your Personal Data may be processed in the event that we go through a business transition,
such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example,
Personal Data may be part of the assets transferred, or may be disclosed (subject to
confidentiality restrictions) during the due diligence process for a potential transaction.
Legal Disclosures: In limited circumstances, we may, without notice or your consent, access and disclose your
Personal Data, any communications sent or received by you, and any other information that we
may have about you to the extent we believe such disclosure is legally required, to prevent or
respond to a crime, to investigate violations of our Terms of Use, or in the vital interests of us
or any person. Note, these disclosures may be made to governments that do not ensure the same
degree of protection of your Personal Data as your home jurisdiction. We may, in our sole
discretion (but without any obligation), object to the disclosure of your Personal Data to such
parties.
YOUR RIGHTS & CHOICES
Your Rights
To the extent required under applicable law, and subject to our rights to limit or deny access/disclosure under
applicable law, you have the following rights in your Personal Data. You may exercise your rights by contacting us at
the address below.
Access: You may receive a list of your Personal Data that we process to the extent required and
permitted by law.
Rectification: You may correct any Personal Data that we hold about you to the extent required and permitted
by law. You may be able to make changes to much of the information you provided directly via
the Service via your account settings menu.
Erasure: To the extent required by applicable law, you may request that we delete your Personal Data
from our systems.
Data Export: To the extent required by applicable law, we will send you a copy of your Personal Data in a
common portable format of our choice.
Direct Marketing: Residents of California (and others to the extent required by applicable law) may request a list
of Personal Data we have disclosed about you to third parties for direct marketing purposes
during the preceding calendar year. This request must be written, signed, and mailed to us.
Regulator Contact: You have the right to contact or file a complaint with regulators or supervisory authorities about
our processing of Personal Data. To do so, please contact your local data protection or consumer
protection authority.
We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove
your identity.
Your Choices
It is possible for you to use some of our Services without providing any Personal Data, but you may not be able to
access certain features or view certain content. You have the following choices regarding the Personal Data we
process:
Consent: If you consent to processing, you may withdraw your consent at any time, to the extent
required by law.
Direct Marketing: You have the choice to opt-out of or withdraw your consent to processing related to direct
marketing communications. You may have a legal right not to receive such messages in
certain circumstances, in which case, you will only receive direct marketing
communications if you consent. You may exercise your choice via the links in our
communications or by contacting us re: direct marketing.
Cookies & Similar Tech: If you do not want information collected through the use of cookies, you can manage/deny
cookies (and certain technologies) using your browser’s settings menu, or through tools or
interfaces that allow for the management of cookies and similar technology that we may
make available on the Site or Platform from time to time. You may be required to opt out
of third-party services directly via the third party. For example, to opt-out of Google’s
analytic and marketing services, visit Google Analytics Terms of Service, the Google
Privacy Policy, or Google Analytics Opt-out. To learn more about how to opt out of
Google’s use of cookies, visit Google’s Ads Settings, here. Please note, at this time, our
Service does not respond to your browser’s do-not-track request.
Other Processing: You may have the right under applicable law to object to our processing of your Personal
Data for certain purposes. You may do so by contacting us re: data rights requests. Note
that we may not be required to cease processing based solely on an objection.
Note Regarding Clients’ Data
TraceGains is a processor of Personal Data in our Clients’ possession. We may notify Clients of your data rights
requests; however, we may be unable to directly fulfill rights requests regarding Personal Data unless we control or
have the necessary rights of access. TraceGains may not have access to or control over all or some Personal Data
controlled by Clients. Please contact the Client directly for data rights requests regarding Client-controlled
information, and we will assist the Client as appropriate in the fulfillment of your request. Please note that, to the
extent we make interfaces available for you to directly control your data, these will take effect only with respect to the
data on our Service, and Clients may have additional copies of this information that is outside of our control.
SECURITY
We follow and implement reasonable security measures to safeguard the Personal Data we process, however we do
not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information
you provide us will remain secure. We sometimes share Personal Data with, or process data on behalf of third parties,
as noted above. While we may require our service providers to follow certain security practices, we do not have control
over and will not be liable for third parties’ security processes.
Data Retention
We retain Personal Data for so long as it remains relevant to its purpose, and in any event, for so long as is required
by law. As we process Personal Data on behalf of Clients, we may retain information for the periods requested by the
Client or delete information at the Client’s request. We will review retention periods periodically, and if appropriate,
we may pseudonymize or anonymize data held for longer periods.
MINORS
Our Services are intended for use by Clients and are neither directed at nor intended for direct use by individuals under
the age of 16. Further, we do not knowingly collect Personal Data directly from such individuals. If we learn that we
have inadvertently done so, we will promptly delete it. Do not access or use the Services if you are not of the age of
majority in your jurisdiction unless you have the consent of your parent or guardian.
INTERNATIONAL TRANSFERS
We operate and use service providers located in the United States. If you are located outside the U.S., your Personal
Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data
in the European Union. If you are in the EEA/Switzerland/UK, your Personal Data may be transferred to the U.S. on
one of the following bases:
• Standard Contractual Clauses (e.g. Personal Data relating to our Client).
• Binding corporate rules (e.g. data processed by a subprocessor or other vendor under a BCR agreement).
• Pursuant to the derogations provided under applicable law (e.g. consent or necessity to provide the services, e.g.
where users that access the system to provide information to Clients).
• Pursuant to other adequacy mechanisms (e.g. where transfers are within the EEA or to other justification subject
to an adequacy decision).
If you would like additional information regarding the specific transfer mechanism applicable in the context of
transfers of your personal data, please contact us.
CHANGES TO OUR PRIVACY POLICY
We may change this Privacy Policy from time to time. Changes will be posted on this page with the effective date.
Please visit this page regularly so that you are aware of our latest updates. Your acknowledgement of these changes,
or use of the Services following notice of any changes (as applicable) indicates your acceptance of any changes.
CONTACT US
Feel free to contact us with questions or concerns using the appropriate address below.
General Inquires: legal@tracegains.com
Physical Address: TraceGains, Inc.
10385 Westmoor Dr., Bldg. 5, Suite 200,
Westminster, CO 80021
LIST OF THIRD PARTIES
Unaffiliated Parties and Partners
The following is a list of unaffiliated third parties with whom we may share data, or which may engage in processing:
Asana – receives data for internal project management
Avalara – receives data for tax compliance purposes
Calendly – receives data for appointment scheduling
Conga – receives data for document drafting and management
Demandbase – receives data for customer insight, records management, and marketing
DocuSign – receives data for document management
Dropbox – receives data for document storage
FileZilla – receives data for document transfer and storage
Google Analytics – shares data with us for usage analytics
GTR – shares and receives data regarding TGCon Live
Hive Digital Strategy – receives data to optimize our service and customer experience
Hotjar – receives data to optimize our service and customer experience
Hubspot – receives data for customer records management and marketing
InsideView – receives data for customer records management
MeetingOne Adobe Connect – receives data for hosted webinars and training sessions
Microsoft – receives data for hosted services and through Office 365
NetSuite – receives data for customer invoicing
ON24 – receives data for hosted webinars and training sessions
Owler – receives data for customer records management
Pendo – shares and receives data for usage analytics
Rocket Reach – receives data for customer records management
Salesforce – receives data for customer records management
SalesLoft – received data for customer records management and marketing
Sales Navigator – receives data for customer records management, marketing, and sales
Seamless.AI – receives data for customer records management
SEMrush – shares data with us for usage analytics
Sendoso – receives data for customer records management and marketing
Sharekits – receives data for customer records management and marketing
Sprout Social – shares data with us for engagement analytics
Survey Monkey – receives data for surveys
Thought Industries – receives data for online knowledgebase and support request management
VisionE – receives data for location mapping
Wistia – receives data for video hosting, storage and viewing
ZenDesk – receives data for support request management
Note that this list may not always reflect the most recent third-party sharing agreements and may be subject to change.