I. THE TYPE AND NATURE INFORMATION THAT WE COLLECT
- personal information collected on behalf of or processed on behalf of our customers; and
- individual users of our digital identity authentication services; that are gathered or received through any IdenTrust website (our "Websites"), through other web-based or digital services or by third parties contracted with IdenTrust.
What Personal Information is Collected
IdenTrust collects personal information, or processes such information received from third parties, in connection with digital identity services. Such information may be obtained directly from an individual, from an employer, or may be obtained from third parties (i.e., through a Registrar in the IdenTrustT Trust Network, a registration agent, or a Registration Authority (collectively "Registration Authorities" or descriptively "Registration Authority") for the purpose of providing such services.
Whenever you send us personal correspondence, such as email and letters, sign up to receive newsletters or announcements, or when other users or third parties send us correspondence about your activities or postings on the Site, we may also collect and store such information, but it will not be disclosed externally.
What Other Information is Collected
As you visit our Websites, we collect traffic data to help us understand how our Websites are being used and how we can improve them. This automatically-gathered data includes your computer's IP or "Internet Protocol" address, statistics about how visitors navigate through our Websites, search terms entered, and information provided through the use of "cookies." Cookies are small files that we send to and store on your computer so that we may recognize it as a unique machine the next time you visit our Websites.
IdenTrust may provide aggregate information about users of its products or services that does not allow them to be identified or contacted ("Aggregate Information") by third parties. For example, we may inform third parties regarding the number of users completing transactions through the Websites.
- to keep track of your information for your own convenience and to help you avoid having to re-key in data;
- to help us optimize your online experience by altering our content to provide you with information more likely to be relevant to you; and
IdenTrust is committed to protecting the privacy of children. Our Websites are not intended for minors. We do not intend and do not wish to collect any information from, or about, any person who is under the age of 18 years. If you are under 18, you should not provide any information to us in any manner including through our Websites.
II. HOW YOUR PERSONAL INFORMATION IS USED
IdenTrust will only use your personal information:
IdenTrust uses the personal information for the purpose of issuing or processing digital certificates, revocation or suspension instructions, validation requests or responses, or certificate revocations, authenticating your identity, confirming your employment, responding to your inquiries, completing transactions, and processing payments.
- for the purpose that such personal information is collected; and/or
- as specifically authorized by you.
We also may use your contact information to send you information about our products and events, and announcements and changes to our Websites or our policies. You may elect not to receive, or opt-out of receiving such e-mail correspondence by contacting us at helpdesk@IdenTrust.com.
Please note that the purposes of issuing digital certificates include disclosing certain information about the certificate holder to any person who relies upon the certificate. Accordingly, all information contained in a digital certificate or a revocation or suspension instruction, validation request, validation response or certificate revocation list (collectively, "Credential Documents") is not considered confidential and can be viewed by others. A third party may access, review, and rely on such Credential Documents. The information that may be included in the Credential Documents is defined by the applicable Governing Documents and may include, but is not limited to, your name, Public Key, email address; your organization's name; the certificate serial number; and/or the certificate expiration date.
III. WITH WHOM THE PERSONAL INFORMATION IS SHARED
IdenTrust will hold and safeguard all data collected. IdenTrust will not disclose personal information to any third party, except as described herein or as authorized by you.
Disclosures to Third Parties Assisting In Our Operations
Some personal information that we maintain may be shared on occasion with outside auditors, attorneys, consultants and others we hire to assist in supporting or hosting our Websites or performing other functions necessary to operate our business. If we make a disclosure of this type, the recipient must agree to:
(i) view the personal information only on our premises and not remove it,
(ii) use it only for the purpose that we have specified,
(iii) return it or destroy it as soon as the need for the personal information expires; and
Change in Ownership
Disclosure for Law Enforcement Purposes
In addition to the circumstances described above, we may disclose your personal information if required to do so by law, court order, subpoena, or as requested by other government or law enforcement authority, or in our good faith belief that disclosure is otherwise necessary or advisable including, without limitation, to protect our rights and property and the rights and property of others with whom we do business.
IV. HOW YOU CAN CORRECT OR UPDATE THE INFORMATION
IdenTrust will endeavor to ensure that your personal information is reliable for its intended or authorized use, is accurate, complete, and current. However, you should update IdenTrust with changes in your personal information.
If you are a holder of a certificate issued by the IdenTrustT Trust Network (e.g., you enrolled through a Participant financial institution that is a Registrar), and you desire to review, amend, correct or delete your personal information, you should contact that Registrar. If you are a holder of a certificate issued under the ACES or ECA programs by a trusted agent who works at your employer, and you desire to review, amend, correct or delete your personal information, you should contact that trusted agent. If you received your certificate through enrollment via our Websites, and you desire to review, amend, correct or delete your personal information, please email us at helpdesk@IdenTrust.com. If you are unsure of who issued your certificate, please email a copy of your certificate to helpdesk@IdenTrust.com and we will direct you to the correct entity.
V. ENFORCEMENT AND DISPUTE RESOLUTION
With respect to the IdenTrustT Trust Network system Certification Authority (i.e. a "Certificate Authority" function within a PKI system) services provided by IdenTrust Services, LLC to member institutions complaints should be directed to the member institution that was the Registrar of the relevant digital certificate or, alternatively, complaints may be directed to helpdesk@IdenTrust.com. Complaints from member institutions shall be addressed through London Court of Arbitration (LCIA) dispute resolution procedures, as provided for by the agreements under which digital certificates are issued.
VI. YOUR ROLE IN PROTECTING YOUR PRIVACY
If you access our Websites through an e-mail or Internet account maintained by your employer, please note that it is possible that your employer may monitor your e-mail or Internet communications. Also, if you share a computer with others, it is your responsibility that any personal or sensitive information accessed through our Websites is not shared with others. It is also your responsibility to read and understand your responsibilities under the applicable Governing Documents.
VII. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
The personal information collected by IdenTrust is stored in a manner to permit identification only for as long as necessary, as determined in the applicable Governing Documents, to perform the services on behalf of IdenTrust's clients and complete the purposes for which the Information has been acquired.
IX. NOTIFICATION OF CHANGES
X. HOW TO CONTACT US; QUESTIONS
If you are a holder of a certificate issued by the IdenTrustT Trust Network, you should contact the entity identified in the certificate as the "Issuer".
If you are a holder of a certificate issued under the ACES or ECA programs by a trusted agent who works at your employer, you should contact that trusted agent. If you received your certificate through enrollment via our Websites, please email us at helpdesk@IdenTrust.com. If you are unsure of who issued your certificate, please email a copy of your certificate to helpdesk@IdenTrust.com and we will direct you to the correct entity.
XI. NOTICE TO USERS OUTSIDE THE UNITED STATES
XII. NOTICE OF IDENTRUST PRIVACY SHIELD POLICY