1. Overview
TrustDecision Pte. Ltd. and its affiliates (collectively, “TrustDecision”, “we”, “us” or “our) are committed to protecting your Personal Data and respecting your right to privacy.
TrustDecision is a global risk intelligence company helping organizations make faster, smarter, and safer decisions across fraud prevention and credit risk management (collectively, the “Services”) to our Business Clients (“Clients”) on their websites, mobile applications and other digital channels (collectively, the “Client Sites”), using our AI-powered decision engine.
This Privacy Policy describes what Personal Data TrustDecision collects from the individuals who visit and interact with our Clients Sites as end users (“End Users”) when our Clients use our Services, the visitors of our website https://trustdecision.com/ (“Website”) and any other persons that interact with us directly (collectively, “you” or “your”). This Privacy Policy also describes how we use your Personal Data, who we share it with, certain rights you may have with respect to your Personal Data, how we safeguard your Personal Data, and how to contact us about our privacy practices which may vary among the countries in which we operate to reflect local practices and legal requirements.
Depending on the context, TrustDecision may act as either a Data Controller or a Data Processor. For End User data collected through our Clients’ Sites, we act strictly as a Data Processor, processing such data only on behalf of and under the instructions of our Clients. For data collected from visitors of our own Website or persons interacting directly with us, we act as an independent Data Controller.
Please read and understand this policy carefully.
2. What type of information we collect
In order to provide the Services to you and our Clients, we need to collect and process certain information about you, which information may include data that identifies or can be used to identify you, including name, address, telephone number and email address, and transaction, behavioral, device and connection data, as well as other information about you that is associated with or linked to any of the foregoing data (such data, “Personal Data”), as further described below.
(1) End Users Information provided by our Clients
Our Clients provide us with data and information about End Users and their interactions on their Client Sites through our Application Programming Interfaces (APIs). Our Clients ultimately decide what Personal Data to send to us for use in connection with the Services.
While the exact nature and scope of Personal Data sent to us by our Clients through our APIs will vary depending on the particular Services provided by us, Personal Data sent by our Clients via our APIs typically includes the following categories:
(i) Contact Information, Account, Profile Information
●Such as End Users’ first name, last name, phone number, postal address, email address, date of birth, and profile photo.
(ii) Identity Verification and Payment Information
●Such as images of End Users’ government issued ID (as permitted by applicable laws), End Users’ ID number or other verification information, bank account or payment account information. If a copy of the ID is provided to us, we may scan, use, and store information contained in the ID to verify End Users’ identity.
(iii) Payment Transaction Information
●Such as payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode, PayPal or other payment instrument account information, IBAN information, address, and other related transaction details.
(2) Information we automatically collect when the End Users visit a Client Site
We use mobile software development kits (SDKs) to automatically collect certain behavioral, device and connection data while the End Users are interacting with a Client Site.
Our Clients ultimately decide what pages on their Client Sites to embed our SDKs, and our SDKs are ultimately only placed on the Client Sites where such placement is necessary for us to provide the Services.
While the exact nature and scope of Personal Data that is automatically collected by us through our SDKs will vary depending on the particular Services provided, Personal Data collected through our SDKs typically includes the following categories:
(i) Browser, device and connection data
●Such as information about the personal computer or mobile device you use to access the Client Sites. Such information may include technical information transmitted by your device, including certain software and hardware information such as the browser used to access the Client Site, the device model and operating system, unique device identifiers, and the Internet Protocol (IP) address through which you accessed the Client Site.
(ii) Behavioral data
●Such as information regarding your activity on a Client Site, such as the time and frequency of access, the referrer page domain, pages viewed.
(3) Information we automatically collect when you visit our Website or interact with us directly
(i) Location Information
●Such as precise or approximate location determined from your IP address.
(ii) Usage Information
●Such as the pages or content you view, searches for Listings, bookings you have made, and other actions on the TrustDecision Platform.
(iii) Log Data and Device Information.
●Such as details about how you’ve used the TrustDecision Platform (including if you clicked on links to Third Party applications), IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash data, cookie data, and the pages you’ve viewed or engaged with before or after using the TrustDecision Platform. We may collect this information even if you haven’t created an TrustDecision account or logged in.
(iv)Contact Information
●Such as your name, phone number, email and mailing address, professional title and company name.
(v)Marketing Information
●Such as your Contact Information and your communication preferences.
We may process sensitive categories of personal data (e.g., biometric, financial account identifiers, health, government IDs) for fraud prevention and credit risk purposes. Where laws require, we will conduct a Data Protection Impact Assessment (DPIA) before such processing.
(4) Information We Collect from Third Party Sources
In some cases and to the extent permitted by applicable law, we may combine or enhance the information we collect about you (via our APIs and SDKs) with information we receive from third parties.
3. How We use your information and legal bases for processing
(1) For End User’s Personal Data we collect
We may use it for the following purposes:
(i) to provide the Services to our Clients;
(ii) to improve the Services to provide more accurate recommendations for our Clients;
(iii) to comply with our legal obligations.
Depending on the country in which our Clients’ business are operated and where the End-users are located, and where permitted under applicable laws, we rely on the following legal bases to process End User’s Personal Data (where required under applicable law):
In the case of providing/improve our Services, we process End User’s Personal Data as a processor on behalf of our Clients which act as data controllers. When we act as a processor, controllers are responsible for ensuring a legal basis for the processing of End User’s Personal Data. Please refer to their respective privacy policies for more information regarding the processing of your Personal data in these contexts.
We may also process End User Personal Data as necessary to comply with our legal obligations. We never share End User Data between our Clients.
(2) For your Personal Data we collect when you visit our Website or interact with us
We may use your Personal Data collected through your use of our Website or otherwise in your interactions with us for the following purposes:
(i) to administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
(ii) to manage our relationship with you;
(iii) to provide, maintain and improve our products and services;
(iv) to deliver relevant Website content and advertisements to you and measure and understand the effectiveness of the advertising we serve to you;
(v) to monitor and analyze trends, usage and activities on our Website and improve our Website, products and services and customer relationships and experiences;
(vi) to make suggestions and recommendations to you about products or services that may be of interest to you;
(vii) for compliance purposes, including to respond to requests from law enforcement and other governmental entities, and in connection with litigation management and conducting internal audits and investigations; and
(viii) to conduct due diligence activities in connection with an actual or prospective corporate transaction.
Depending on the country in which you are located and where permitted under applicable laws, we rely on the following legal bases to process your Personal Data:
(i) performance of a contract with you; (ii) necessary for our legitimate interests; (iii) necessary to comply with a legal obligation; (iv) with your explicit consent where required; or (v) when there is a legitimate and overriding interest that necessitates the use.
4. Cookies
Cookies are small text files placed on your device or computer that are used to identify you or your device and to collect certain data about you. This text typically contains identifiers, site names, and some numbers and characters.
We set and use cookies on our Website to make it work and help us improve it and to provide you with a more personalized and interactive experience on our Website. We may also use the information collected through cookies to collect statistics about your usage of our Website, perform analytics, deliver content and advertisements that are personalized to your interests, and perform and measure the effectiveness of our marketing campaigns. Our use of cookies aims to help improve your user experience.
We do not use cookies for any purpose other than those stated in this Policy. You can manage or delete cookies according to your preference.
Where required by applicable laws (such as GDPR, Indonesian PDP Law), we will obtain your consent before setting non-essential cookie (e.g., analytics or advertising cookies). You can withdraw your consent at any time.
5. Who we share your information with
We do not rent or sell your Personal Data, or share your Personal Data with third parties, except as described below. All third party service providers we use are evaluated by us prior to engagement, to ensure such providers implement and maintain appropriate measures to protect your Personal Data.
(1) We may share your Personal Data with the following third parties:
(i). TrustDecision Affiliates: we may share your Personal Data between and among TrustDecision Pte. Ltd. and its affiliates. Those affiliates are listed on our Website.
(ii). Trusted third party service providers: we may share your Personal Data with trusted third-party service providers that we have engaged to assist us in performing the Services (e.g. data hosting providers), as necessary for such third parties to provide services to us. Prior to sharing your Personal Data with our third-party service providers, we ensure that such third parties commit to protecting the security and confidentiality of your Personal Data.
(iii). Data enrichment providers: we may share End User Personal Data with trusted third parties (e.g., identity verification providers) for data enrichment purposes. Enriching End User Personal Data allows us to make more informed recommendations about your activity on the Client Sites. When we share your Personal Data with our data enrichment providers, we require that such data is only used for the purpose of providing a service to us and not for any other purpose. We also ensure that such third parties commit to protecting the security and confidentiality of your Personal Data.
(2) We may also disclose your Personal Data if we believe disclosure of your Personal Data is necessary to:
(i) comply with applicable law or a request from a court, regulator, or other governmental entity;
(ii) enforce our contractual rights and our policies, including in connection with investigations of potential violations thereof;
(iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, including suspected fraud or security issues;
(iv) establish or exercise our rights to defend against legal claims;
(v) to protect the rights, privacy, property or safety us, users of our Website or other third parties; and(vi) to enforce our intellectual property or other legal rights.
(3) We may also share your Personal Data with third parties in connection with an actual or contemplated corporate transaction involving TrustDecision, such as a merger, acquisition, divestiture, reorganization, financing or sale of our assets, as well as in connection with an insolvency, bankruptcy or similar proceeding involving us. Any entity that acquires us (in whole or in part) shall be permitted to continue to use your Personal Data as set forth in this Privacy Policy, but shall assume our rights and obligations with respect to your Personal Data, as described in this Privacy Policy.
6. Transfer of your information
TrustDecision is a global business. We may transfer your Personal Data to Singapore and other countries which may not have the same data protection laws as the country in which you initially provided the data, but we will protect your Personal Data in accordance with this Privacy Policy.
Where required by applicable laws (e.g., GDPR, Brazil LGPD, Saudi PDPL, UAE PDPL), we will implement appropriate transfer mechanisms such as Standard Contractual Clauses, Binding Corporate Rules, or obtain regulatory approvals prior to transferring Personal Data outside the relevant jurisdiction. Where data localization is required by law, we will store and process data within the jurisdiction.
For further information about the safeguards and derogations used for such transfers of your Personal Data, please contact us via the method shown in the last clause of this policy.
7. How we safeguard your information
We attach great importance to the security of Personal Data.
We are continuously implementing and updating administrative, technical, and physical security measures to help protect your Personal Data against unauthorized access, loss, destruction, or alteration. We will try to take all kinds of reasonable industry standard security measures (including technical and management) to protect your Personal Data against improper use or unauthorized access, modification, damage, loss or leakage.
We will protect Personal Data by reasonable and practicable means such as encryption and anonymization, and use trusted protection mechanisms to protect Personal Data from malicious attacks.
We have established specialized information security team, security management system and data security procedures to ensure Personal Data security and integrity. We adopt strict data use and access policies to ensure that only authorized personnel can access Personal Data. We also conduct timely data security audits.
We have emergency response plans, and will immediately launch emergency response plans in case of information security incidents. We will strive to prevent the impact and consequences of any security incidents from expanding. Once an information security incident (leakage, loss, etc.) occurs, we will, in accordance with the requirements of applicable laws and regulations, timely inform you of the basic situation and possible impact of the security incident, the disposal measures we have taken or will take. We will timely inform you of the incident in the form of notification, email, letter, SMS and other forms. If it is unrealistic to inform all the impacted users one by one, we will take reasonable and effective ways to make announcements. At the same time, we will also report the security incidents to the competent authorities in accordance with the applicable laws and regulations.
We would like to remind you that the Personal Data protection measures provided in this Policy only apply to related Services provided by us and our Affiliates. We do not have the ability or obligation to protect any Personal Data submitted by you in applications or websites other than the relevant Services. No matter whether you log in or browse the software or websites based on our links or guidance, we do not assume any legal responsibility for this.
8. How long we retain your information
We will retain your Personal Data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by applicable law. For further information about how long we keep your Personal Data, please contact us via the method shown in the last clause of this policy.
9. Your Rights
You can exercise any of the rights described in this section consistent with applicable laws. You may exercise your rights by making a request to us via contact information provided in this Policy. We may ask you to verify your identity and request before taking further action on your request.
(1) Managing Your Data
You can access and update some of your Personal Data through your account settings. You are responsible for keeping your Personal Data up to date.
(2) Data Access And Portability
In some jurisdictions, applicable laws may entitle you to request certain copies of your Personal Data or information about how we handle your Personal Data, request copies of Personal Data that you have provided to us in a structured, commonly used, and machine-readable format, and/or request that we transmit this information to another service provider (where technically feasible).
(3) Data Erasure Or Authorization Revocation
In some jurisdictions, you can request that your Personal Data be deleted or that your authorization be revoked or partly revoked. Please note that if you request deletion of your Personal Data or revocation of your prior authorization, or if your account is suspended, terminated, or voluntarily closed:
(i) We may retain your Personal Data as necessary for our legitimate business interests, such as prevention of money laundering, fraud detection and prevention, and enhancing safety. For example, if we suspend an account for fraud or safety reasons, we may retain information from that account to prevent that user from opening a new account in the future.
(ii) We may retain and use your Personal Data to the extent necessary to comply with our legal obligations. For example, we may keep information for tax, legal reporting, and auditing obligations.
Because we take measures to protect data from accidental or malicious loss and destruction, residual copies of your Personal Data may not be removed from our backup systems for a limited period of time.
In addition, depending on jurisdiction, you may exercise different rights, as detailed in the following examples:
(1) Individuals located in the EEA, UK or Switzerland
If you are located in the EEA, the UK or Switzerland, you have certain rights under the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) with respect to your Personal Data, including the right to:
(i) Access the Personal Data we hold about you;
(ii) Correct any Personal Data we hold about you that may be inaccurate;
(iii) Request that we delete your Personal Data (subject to certain limitations);
(iv) In certain circumstances, restrict or object to us processing your Personal Data;
(v) Transfer your Personal Data to another organization (subject to certain conditions); and
(vi) Withdraw your consent to us processing your Personal Data, where consent was previously provided and was the legal basis on which we relied for our processing of your Personal Data.
(2) Individuals located in California
For purposes of the California Consumer Protection Act 2018 (California Civil Code §§ 1798.100 to 1798.199) including as amended by the California Privacy Rights Act of 2020 (the “CCPA”), TrustDecision acts as a “Service Provider” (as defined in the CCPA) in providing the Services to our Clients, who act as “Businesses” (as defined in the CCPA) with respect to your Personal Data. Accordingly, we do not retain, use, or disclose End User Personal Data of California residents for any purpose other than for the specific purpose of performing the Services or as otherwise permitted by the CCPA and applicable regulations, including to detect data security incidents or protect against fraudulent or illegal activity.
Individuals who are California residents have certain rights under the CCPA with respect to their Personal Data, including the right to:
(i) Request certain information about your Personal Data, including the categories of Personal Data we hold, the categories of sources of Personal Data we collected about you, the business or commercial purpose for which it was collected, the categories of third parties with whom your Personal Data has been shared, and the specific pieces of personal information we have collected about you;
(ii) Request that we delete your Personal Data (subject to certain limitations);
(iii) Opt out of any sale or sharing of your Personal Data (note that we do not rent, sell or share your Personal Data except as stated in this Privacy Policy);
(iv) In some cases, claim compensation for damage caused by our breach of the CCPA; and
(v) Not be discriminated against for exercising any of these rights.
End Users should direct any consumer rights request to the relevant Business from which your Personal Data was collected. As a Service Provider, we will cooperate with our Clients in responding to consumer rights requests.
If you wish to exercise any of the aforementioned rights, you may contact us via the method shown in the last clause of this policy and send us your request. For security purposes, we may require you to provide additional information from you (which may include Personal Data) to help us confirm your identity and will process the request within a reasonable period of time after confirming our identity. Kindly note that if you do not provide us with this additional information, we may be unable to process your request.
The deletion or correction of Personal Data, or revocation of prior consent will not affect the previous Personal Data processing that has been carried out authorization based on your original authorization or consent.
10. Minors
Our products and services are not directed to, likely to be accessed by, or intended for minors (anyone under the age of 16, (or 13 in the United States, or other age thresholds as required under applicable local laws), and we do not knowingly collect Personal Data from minors. In the event that we become aware that Personal Data of a minor has been shared with or collected by us, we will delete such information.
If you have any reason to believe that we have collected Personal Data from a minor, you may contact us via the method shown in the last clause of this policy.
11. Updates to the Policy
This Privacy Policy may be updated periodically to reflect changes in our Personal Data practices. If we update our Privacy Policy, we will post the latest Policy here (on this page) or through our website or notify you separately. In certain circumstances, we may seek your consent. Please regularly follow this page or the notifications we send to you to stay informed of updates to this Privacy Policy. We reserve the right to amend this Privacy Policy from time to time, in our sole discretion.
12. Others
(1) This policy takes effect on the earliest of (i)the effective date, (ii) when you voluntarily provide your information to us, (iii) when you use the services provided by us.
(2) Title and headings in this Policy are for convenience only and do not affect the meaning or interpretation of any provisions in this Policy.
(3) TrustDecision and its Affiliates shall independently and not jointly assume the obligations and liabilities set forth in this Policy.
(4) We have set up a special feedback channel for Personal Data protection. You can contact us via [service@trustdecision.com]. We will reply to your request and try our best to solve it within 15 days after verifying your identity.
(5) Any dispute shall be resolved by arbitration administered by the Singapore International Arbitration Centre (SIAC), unless applicable laws in your jurisdiction require disputes to be heard by local courts or other forums, in which case those mandatory requirements shall prevail.
