IdenTrust protects the privacy and security of the:
IdenTrust complies with the U.S. - E.U. Safe Harbor framework and the U.S. - Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland.
With respect to such data, IdenTrust has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.
To learn more about the Safe Harbor program, and to view the related certification by IdenTrust, please visit www.export.gov/safeharbor.
By using our Website or any service offered by or through IdenTrust or such contracted third parties (collectively, "Services"), you
please do not use our Websites or the Services. Your continued use of our Websites or the Services
I. THE TYPE AND NATURE OF YOUR INFORMATION, OR YOUR COMPANY'S,THAT WE COLLECT
- personal information collected on behalf of or processed on behalf of our customers; and
- individual users of our digital identity authentication services; that are gathered or received through any IdenTrust website (our "Websites"), through other
web-based or digital services or by third parties contracted with IdenTrust.
What Personal Information is Collected
IdenTrust collects personal information, or processes such information received from third parties, in
connection with digital identity services. Such information may be obtained directly from an individual,
from an employer or may be obtained from third parties (i.e., through a Registrar in the IdenTrust Trust
Network, a registration agent, or a Registration Authority (collectively "Registration Authorities" or
descriptively "Registration Authority") for the purpose of providing such services.
You may be asked to provide certain personal information necessary to the use of our products or
services. The type of personal information depends on the type of product and/or service that you select,
and is governed under the applicable Certificate Policy, Certification Practices Statement or other
documentation governing that product and/or service (collectively, "Governing Documents"). For
example, you may be asked to provide your name, address, email-address, telephone number, social
security number, credit card number, and name of employer. Your social security number, if required,
may be used for internal purposes of identification and your credit card number may be used to obtain
payment, but neither will be otherwise disclosed. You should consult the terms of the applicable
Governing Documents applicable to the products and/or services you subscribe to for a detailed listing of
the information that we require. Whether you subscribe to our products and/or services directly via our
Websites or through a Registration Authority, we will protect your personal information in accordance
the collection and use of your personal information may be subject to additional privacy policies or
statements of one of the Participant financial institutions who may serve as your Registrar. If you use
products or services provided directly by IdenTrust, the collection and use of your personal information
may be subject to additional provisions set forth in the applicable Governing Documents, subscriber
agreement or other policy applicable to such product or service, each of which is available on our
Websites. You should refer to such documents, if any, for further details.
Whenever you send us personal correspondence, such as email and letters, sign up to receive newsletters
or announcements, or when other users or third parties send us correspondence about your activities or
postings on the Site, we may also collect and store such information, but it will not be disclosed
What Other Information is Collected
As you visit our Websites, we collect traffic data to help us understand how our Websites are being used
and how we can improve them. This automatically-gathered data includes your computer's IP or "Internet
Protocol" address, statistics about how visitors navigate through our Websites, search terms entered, and
information provided through the use of "cookies." Cookies are small files that we send to and store on
your computer so that we may recognize it as a unique machine the next time you visit our Websites.
IdenTrust may provide aggregate information about users of its products or services that does not allow
them to be identified or contacted ("Aggregate Information") by third parties. For example, we may
inform third parties regarding the number of users completing transactions through the Websites.
- to keep track of your information for your own convenience and to help you avoid having to re-key in data;
- to help us optimize your online experience by altering our content to provide you with information more likely to be relevant to you; and
IdenTrust is committed to protecting the privacy of children. Our Websites are not intended for minors.
We do not intend and do not wish to collect any information from, or about, any person who is under the
age of 18 years. If you are under 18, you should not provide any information to us in any manner
including through our Websites.
II. HOW YOUR PERSONAL INFORMATION IS USED
IdenTrust will only use your personal information:
We also may use your contact information to send you information about our products and events, and
announcements and changes to our Websites or our policies. You may elect not to receive, or opt-out of
receiving such e-mail correspondence by contacting us at helpdesk@IdenTrust.com.
- for the purpose that such personal information is collected; and/or
- as specifically authorized by you. IdenTrust uses the personal information for the
purpose of issuing or processing digital certificates, revocation or suspension instructions, validation
requests or responses, or certificate revocations, authenticating your identity, confirming your
employment, responding to your inquiries, completing transactions, and processing payments.
If you are providing your personal information to a third party Registration Authority you should look to
your personal information.
Please note that the purposes of issuing digital certificates include disclosing certain information about the
certificate holder to any person who relies upon the certificate. Accordingly, all information contained in
a digital certificate or a revocation or suspension instruction, validation request, validation response or
certificate revocation list (collectively, "Credential Documents") is not considered confidential and can be
viewed by others. A third party may access, review, and rely on such Credential Documents. The
information that may be included in the Credential Documents is defined by the applicable Governing
Documents and may include, but is not limited to, your name, Public Key, email address; your
organization's name; the certificate serial number; and/or the certificate expiration date.
III. WITH WHOM THE PERSONAL INFORMATION IS SHARED
IdenTrust will hold and safeguard all data collected. IdenTrust will not disclose personal information to
any third party, except as described herein or as authorized by you.
Disclosures to Third Parties Assisting In Our Operations
Some personal information that we maintain may be shared on occasion with outside auditors, attorneys,
consultants and others we hire to assist in supporting or hosting our Websites or performing other
functions necessary to operate our business. If we make a disclosure of this type, the recipient must agree
(i) view the personal information only on our premises and not remove it,
(ii) use it only for the purpose that we have specified,
(iii) return it or destroy it as soon as the need for the personal information expires; and
Change in Ownership
In the event that IdenTrust is merged with, or is acquired by, another entity, then such entity may become
the successor to our obligations with respect to personal information that you have provided to IdenTrust,
which would be necessary for the entity to effectively continue IdenTrust's business. You consent to the
continued retention and use of your personal information for such purpose by such an entity under the
Disclosure for Law Enforcement Purposes
In addition to the circumstances described above, we may disclose your personal information if required
to do so by law, court order, subpoena, or as requested by other government or law enforcement authority,
or in our good faith belief that disclosure is otherwise necessary or advisable including, without
limitation, to protect our rights and property and the rights and property of others with whom we do
IV. HOW YOU CAN CORRECT OR UPDATE THE INFORMATION
IdenTrust will endeavor to ensure that your personal information is reliable for its intended or authorized
use, is accurate, complete, and current. However, you should update IdenTrust with changes in your
If you are a holder of a certificate issued by the IdenTrust Trust Network (e.g., you enrolled through a
Participant financial institution that is a Registrar), and you desire to review, amend, correct or delete
your personal information, you should contact that Registrar. If you are a holder of a certificate issued
under the ACES or ECA programs by a trusted agent who works at your employer, and you desire to
review, amend, correct or delete your personal information, you should contact that trusted agent. If you
received your certificate through enrollment via our Websites, and you desire to review, amend, correct or
delete your personal information, please email us at helpdesk@IdenTrust.com. If you are unsure of who
issued your certificate, please email a copy of your certificate to helpdesk@IdenTrust.com and we will
direct you to the correct entity.
V. ENFORCEMENT AND DISPUTE RESOLUTION
implemented. We have procedures in place to investigate and resolve your complaints (and provide you
recourse, if necessary) and resolve your disputes in an efficient manner. We are subject to the jurisdiction
shall be actionable under Section 5 of the Federal Trade Commission Act.
With respect to the IdenTrust™ Trust Network system Certification Authority (i.e. a “Certificate Authority” function
within a PKI system) services provided by IdenTrust Services, LLC to member institutions complaints should be directed
to the member institution that was the Registrar of the relevant digital certificate or, alternatively, complaints may
be directed to helpdesk@IdenTrust.com. Complaints from member institutions shall be addressed through London Court of
Arbitration (LCIA) dispute resolution procedures, as provided for by the agreements under which digital certificates
With respect to employees of IdenTrust, Inc. located in the EU, complaints should first be directed the employee’s
Human Resources manager. If the matter is not resolved through internal IdenTrust, Inc. procedures, then employees
will be directed to the state or national data protection authority (EU DPA) in the jurisdiction in which the employee
VI. YOUR ROLE IN PROTECTING YOUR PRIVACY
If you access our Websites through an e-mail or Internet account maintained by your employer, please
note that it is possible that your employer may monitor your e-mail or Internet communications. Also, if
you share a computer with others, it is your responsibility that any personal or sensitive information
accessed through our Websites is not shared with others. It is also your responsibility to read and
understand your responsibilities under the applicable Governing Documents.
a Registration Authority. Our Websites contain links to other sites. Please be aware that IdenTrust is not
responsible for and does not know the privacy practices of such other sites. We encourage our users to be
aware when they leave our site and to read the privacy statements of each and every Website that may
collect user information.
VII. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
The personal information collected by IdenTrust is stored in a manner to permit identification only for as
long as necessary, as determined in the applicable Governing Documents, to perform the services on
behalf of IdenTrust's clients and complete the purposes for which the Information has been acquired.
IdenTrust uses reasonable care to ensure that the personal information will be handled in accordance with
theft; misuse; unauthorized access, disclosure, alteration, copying, or destruction.
IX. NOTIFICATION OF CHANGES
regarding use or disclosure of personal information, we will endeavor to provide notice on our Websites.
X. HOW TO CONTACT US; QUESTIONS
If you are a holder of a certificate issued by the IdenTrust Trust Network (e.g., you enrolled through a
Participant financial institution that is a Registrar), you should contact that Registrar. If you are a holder
of a certificate issued under the ACES or ECA programs by a trusted agent who works at your employer,
you should contact that trusted agent. If you received your certificate through enrollment via our
Websites, please email us at helpdesk@IdenTrust.com. If you are unsure of who issued your certificate,
please email a copy of your certificate to helpdesk@IdenTrust.com and we will direct you to the correct