TRAINPOINT PRIVACY POLICY

trainPOINT Privacy Policy

Effective April 21^st, 2020

trainPOINT Privacy Policy – Effective June 15th, 2021

At trainPOINT, accessible from https://trainpoint.com/, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that are collected and recorded by trainPOINT and how we use them.

trainPOINT does not share or sell any personal information collected from clients or viewers of this site with anyone. All data logged or collected is used internally to better serve our customers.

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

Information we collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

How we use your information

We use the information we collect in various ways, including to:

Provide, operate, and maintain our website

Improve, personalize, and expand our website

Understand and analyze how you use our website

Develop new products, services, features, and functionality

Communicate with you directly, including for customer service, to provide you with updates and other information relating to our company, and for marketing and promotional purposes

Send you emails

Find and prevent fraud

Log Files

trainPOINT follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as a part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

Cookies and Web Beacons

Like any other website, our website uses cookies. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.

Request that a business delete any personal data about the consumer that a business has collected.

Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Children’s Information

trainPOINT does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

Privacy Shield Notice

trainPOINT (“we,” “us,” “our”) respects individual privacy and values the confidence of its customers, vendors, business partners and others. trainPOINT adheres to the Privacy Shield Privacy Policy concerning the transfer of personal data from the European Union member countries and Switzerland to the United States of America. Accordingly, we follow the PrivacyShield Principles published by the U.S. Department of Commerce. Privacy Shield Privacy Policy (the “Policy”) sets forth the privacy principles that trainPOINT follows with respect to transfers of personal information anywhere in the world, including transfers from the European Union (EU) and Switzerland to the United States. trainPOINT is subject to the regulatory and enforcement authority of the US Federal Trade Commission (FTC).

trainPOINT complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. trainPOINT has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

Processor on Behalf – trainPOINT provides enterprise compliance management software designed to help companies manage data more effectively. trainPOINT does not own or control any of the information it processes on behalf of the trainPOINT customer. trainPOINT does not process HR data on its own employees. trainPOINT: personal data or PII data is not required nor is it needed for the applications use. It is up to our clients/customers to determine if they are going to provide and use personal data, such as social security and employee name, in the creation of records. All such information is owned and controlled by the trainPOINT customer. In this capacity, trainPOINT receives information transferred from the EU and Switzerland to the United States merely as a processor on behalf of its clients which are made up of various companies and organizations who wish to track safety related incidents. With the exception of performing data imports or as otherwise directed by its clients, trainPOINT does not collect or enter data into its clients’ software systems. trainPOINT does not transmit data to third parties without permission from its clients. Third parties can include, Insurance Carriers clients use for employee injuries. Any access to or use of client data by trainPOINT is incidental to performing trainPOINT’s contractual obligations to its clients as a processor.

trainPOINT as a Processor on Behalf – When trainPOINT acts as a processor on behalf of its customer, the policies outlined below apply to all data processing operations concerning personal information that has been transferred from the EU and Switzerland to the United States.

The PrivacyShield is based on the following Principles:

Notice.

Individuals are notified of trainPOINT being a data processor by their employer. In its role as data processor, trainPOINT does not require individuals to provide any PII.

Choice.

As a data processor for its clients, trainPOINT will work with individuals (may refer back to our client) regarding the purposes for which their personal information is collected and used by its clients (the individuals’ employers). trainPOINT relies on its clients to provide and comply with any required options. Individuals wishing to exercise their choice regarding the processing of their personal data or access their personal data must contact our customer who is also their employer.

Onward Transfer.

trainPOINT occasionally transfers personal information to third parties that act as agents for its clients (with regard to interfaces/integrations with third party software products) or for trainPOINT (with regard to software implementations). When trainPOINT transfers personal information as described above, trainPOINT enters into a written agreement with the third party requiring the third party to provide at least the same level of privacy protection as is required by the relevant Principles. trainPOINT may be liable for the third party transfer of personal data.

Security.

Security is extremely important to trainPOINT and our clients. Accordingly, trainPOINT takes significant security precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. trainPOINT relies on its clients to establish in the software appropriate password requirements and user roles and levels of access.

Data Integrity.

As a data processor for its clients, trainPOINT does not typically collect, access or use the personal information provided by its clients. trainPOINT relies on its clients (the data subjects’ employers) to ensure that personal information is relevant for the purposes for which it is used, reliable for its intended use, accurate, complete and current.

Access.

trainPOINT acknowledges the individual’s right to access their personal data. Personal information may be accessed only by authorized users at trainPOINT and its clients. As a data processor for its clients, trainPOINT must refer all individual requests to our client, who remains the data controller.

Enforcement.

trainPOINT utilizes the self-assessment approach to assure its compliance with our privacy statement. trainPOINT periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the Principles. We encourage interested persons to raise any concerns with us using the contact information below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy.

trainPOINT notifies and trains appropriate team members regarding its privacy policies and practices and the consequences for failing to comply with them. Any person who we determine is in violation of our privacy policies will be subject to a disciplinary process.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

trainPOINT’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, trainPOINT remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless trainPOINT proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, trainPOINT commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints should first contact trainPOINT by email at privacypolicy@trainpoint.com

Ricardo Figueroa:rfigueroa@trainpoint.com

Vice President of Technology

trainPOINT has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.

If your complaint involves human resources data transferred to the United States from the European Union, [the United Kingdom, or Switzerland] in the context of the employment relationship, and trainPOINT does not address it satisfactorily, trainPOINT commits to cooperate with the panel established by the EU data protection authorities (DPA Panel), [the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner, as applicable] and to comply with the advice given by the DPA panel [ICO, or FDPIC, as applicable] with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD. Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Contact Information

Founder – Elle Field

If you have any questions regarding our privacy policy, please contact us at: privacypolicy@trainpoint.com

Changes

trainPOINT reserves the right to revise this policy at any time in accordance with the PrivacyShield Principles. You agree to be bound by any such revisions and should therefore periodically visit this page to determine the current terms to which you are bound.