PRIVACY POLICY

Third Party Risk Institute Ltd. is committed to protecting your privacy. This privacy policy describes how your personal information is collected, used, stored, and disclosed by us, as well as the choices you can make about how we use your information. Please read this policy before using this website or providing any personal data to Third Party Risk Institute Ltd. If you have any questions about this policy, please contact [email protected]. Please click here to read our complete Privacy Policy.

About us

Third Party Risk Institute Ltd., together with its affiliates (collectively, “the Institute”, “we,” or “us”) provides training and education, professional networking, and best practices, frameworks, tools, templates, and risk insight.

Third Party Risk Institute Ltd. is committed to protecting your privacy and the personal information collected and processed about you.

About this policy

This is the Privacy and Cookies Policy ("Policy") for the website operated by or on behalf of Third Party Risk Institute Ltd. and hosted at www.thirdpartyriskinstitute.com and www.3PRInstitute.com (“the Institute’s Websites”).

This Policy describes our general privacy policy and practices in relation to the Institute's services offered through the Site or providing your personal information to us at our corporate events (collectively, the “Services”).

This Policy also describes how we collect information about you, what we do with that information, and also what controls you have over that information in relation to your use of our Site and Services.

By visiting and using the Institute’s Website, mobile site, and/or applications (together, the "Site") or using our Services, you acknowledge you have read and understood this Policy.

For the purposes of the European Economic Area data protection law (the "Data Protection Law"), this Policy applies to the information collected by Third party Risk Institute Ltd., and any of its respective affiliate entities.

General information

The data controller for the Site and Services is Third Party Risk Institute Ltd. (“the institute ”), [email protected]

What “Personal Data” does Third Party Risk Institute Ltd. collect?

How we collect and store information depends on the activities in which you participate and the Services you use. You can use some of the Services without providing any information, although several categories of information are automatically collected from you when you use the Services via the Site.

When using the Services, we may collect and process the following information about you:

Information provided directly by you

Information (such as your name, company name, email address, postal address, telephone number and other contact details that you provide by completing forms on the Site or using the Service, including information about you if you register as a user of the Site or subscribe to a Service, information about you that you upload or submit to the Site or Service, or information you provide to us when requesting information or material from us;
Information and other details of any transactions made by you through the Site including but not limited to financial and billing information, including account numbers, billing name and address, credit card number, the total number of employees within the organization that will be using the Services and other financial-related information (“Billing Information”) provided by you when making transactions through the Site or when using our Services;
Information contained in communications you send to us, for example, to report a problem or to submit queries, concerns, or comments regarding the Site (or its content) or the Services;
Questionnaires and surveys. We may invite you to participate in questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any Personal Data. If you nonetheless enter Personal Data in a questionnaire or survey, we may use such Personal Data to improve our products and services
Information from any employment materials you send us; or
Other additional information that you provide to us when attending our corporate events.

Information that we may collect from you when you use our Site

We may automatically collect certain information about the computer or other devices that you use to access the Site or use the Services, including mobile devices, through commonly-used information-gathering tools, such as cookies and web beacons (see our Cookies section below).

We may also collect information when you access the Site or use our Services such as: (i) location information (as described in the next section below), unique device identifiers and other information about your mobile phone or other mobile device(s) such as your Internet Protocol ("IP") address, browser types, browser language, operating system, the state or country from which you accessed the Services; and (ii) information related to the ways in which you interact with the Services, such as referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, error logs, and other similar information. If you do not want to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device; provided your device allows you to do this.

Creation of anonymized data sets. We may aggregate and/or de-identify information collected by use of the Site or the Services so that the information is not intended to identify you. We may anonymize Personal Data provided under this Privacy Policy to create anonymized data sets, which will then be used to improve Third Party Risk Institute Ltd. and its affiliates’ products and services. This Policy does not restrict our use or disclosure of aggregated and/or de-identified information.

Information about you collected from third parties

We may process your personal information that we have either obtained from you or obtained from somewhere else. Personal information which is not collected directly from you may be collected:

From your employer in connection with your job and how it relates to us.
If you use any Site operated by us.
From third parties we work closely with (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, and search information providers).

We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

If you access the Site or use the Services through a third-party connection or log-in, you authorize Third Party Risk Institute Ltd. to collect, store, and use, in accordance with this Policy, any and all information available to the Institute through the third-party interface.

Why Third Party Risk Institute Ltd. needs your Personal Data?

We will collect and use your information as described in this Policy and as permitted by applicable laws (including, if you are located in Australia, the Privacy Act 1988 and the Australian Privacy Principles), including in circumstances where it is necessary: (i) to provide or fulfil Services requested by or for you; (ii) for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract; (iii) for compliance with a legal obligation to which we are a subject; (iv) to pursue our legitimate interests; or (v) where you have given us your express consent.

We collect and use your information for the following purposes:

To perform the Services requested by you. For example, if you fill out a “Contact Me” web form, we will use the information provided to contact you about your interest in the Services. This data processing is necessary to provide or fulfil a service requested by or for you.
To plan and host events. For example, corporate events, host online forums and social networks in which event attendees may participate and populate online profiles in relation to the Services. This data processing is necessary to provide or fulfil a service requested by or for you.
For marketing purposes. For example, we may use your information to further discuss your interest in the Services and to send you information regarding the Institute and our group companies and our partners such as information about promotions, events, products, or services. We will only send you marketing communications and updates about our products, services, and events with your prior consent, where required by law or otherwise in our legitimate interests provided these interests do not override your right to object to such communications. You can withdraw your consent at any time.
In order to keep you up-to-date/request feedback. Within an existing business relationship between you and us, we may inform you, where permitted in accordance with local laws, about its products or services (including webinars, seminars, or events) which are similar or related to such products and services you have already purchased or used from us. Furthermore, if you have attended a webinar, seminar, or event of Third Party Risk Institute Ltd. or purchased products or services from us, we may contact you for feedback regarding the improvement of the relevant webinar, seminar, event, product, or service.

You can object to further marketing at any time by checking and updating your contact details within your account, or/and selecting the “unsubscribe” link located at the bottom of the Institute marketing emails. Additionally, you may send a request to [email protected].

You have the right to contact us at any time to object to the further processing of your information for the purposes of direct marketing to you, including any profiling related to such marketing.

For financial and payment purposes. For example, for checking financial qualifications and collecting payment from you, where applicable. This data processing is necessary to provide or fulfil a service requested by or for you.
For operating and improving the Institute’s Sites and your customer experience. For example, we may collect and analyze data on your use of our website and process it for the purpose of improving our online customer experience. Data collected could include data about your device, such as unique device identifiers, information about your mobile phone or other mobile device(s), browser types, browser language, operating system, and the state or country from which you accessed the Services. Data collected could also include information related to the ways in which you interact with the Services, such as referring and exit pages and URLs, platform type, the number of clicks and domain names. This data allows us to understand our customers, their interaction with our website and improve our website to better serve our customers. We may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information. Data processing for analytical and operational improvement purposes is a legitimate business interest.
For security purposes. For example, we may use your data to protect Third Party Risk Institute Ltd. and its third parties against security breaches and to prevent fraud and violation of applicable agreements. Data processing for security purposes is a legitimate business interest.
For hosting purposes. For example, if you are our customer, we may collect and host your data to provide Services to you. If your employer is our customer, we may process your data in accordance with providing Services to them. However, we will not review, share, distribute, or reference any such data except as provided in a services agreement between us and our customer, or as may be required by law. Data processing for the purpose of hosting our Services is a legitimate business interest.
For customizing the Services with location-based information, advertising, and features. For example, if location-tracking on your mobile device shows you are close to a Third Party Risk Institute Ltd. corporate event, we may reach out to you and let you know you should visit our nearby event. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this. This data processing is necessary to provide or fulfil a service requested by or for you and can be disabled by you. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this.
Protection of the Institute and Others. For example, we may disclose your information to (i) comply with legal obligations; (ii) enforce any agreements that you entered into with us; (iii) respond to claims that any content violates the rights of third parties; (iv) respond to your requests for customer service; and/or (v) the extent necessary for the purposes of the legitimate interests pursued by us or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subjects. We may also disclose information to law enforcement agencies in emergency circumstances, where the disclosure of such information is consistent with the types of emergency disclosures permitted or required by law. This is data processing for compliance with a legal obligation.
Business Transfers. For example, we reserve the right to disclose and transfer all of your information, to a successor (or potential successor) company in connection with a merger, acquisition, or sale of all, or components, of our business, or in connection with due diligence associated with any such transaction. Data processing for this purpose is a legitimate business interest.

From What Types of Third Parties does Third Party Risk Institute Ltd. obtain Personal Data?

In most cases the Institute collects Personal Data from you. The Institute might also obtain Personal Data from third parties if the applicable national law allows the Institute to do so. The Institute will treat this Personal Data according to this Privacy Statement, plus any additional restrictions imposed by the third party that provided the Institute with it or the applicable national law. These third-party sources include:

Third Party Risk Institute Ltd.’s business dealings with your employer
Third parties you directed to share your Personal Data with the Institute

How long will Third Party Risk Institute Ltd. store my Personal Data?

The Institute will only keep your information as long as it remains necessary for the identified purpose(s) for which it was originally collected and for up to five (5) years afterwards or otherwise permitted by local laws, or as required for our business operations.

We may need to retain certain personal information even once a customer account has been closed or deleted to enforce our terms, for fraud prevention, to identify, issue or resolve legal claims and/or for proper record-keeping purposes. We may also retain a record of any stated objection by you to receiving our updates for the purpose of ensuring we can continue to respect your wishes and not contact you further. For example, if you request to stop receiving emails from us, we will retain your email address for use on an email “suppression list” to ensure you do not receive further emails, as requested.

All retained information will remain subject to the terms of this Policy. If you request that your name be removed from our databases, it may not be possible to completely delete all your information due to technological and legal constraints.

The Institute will also retain your Personal Data for additional periods if applicable laws require it.

Who are the recipients of your Personal Data and where will it be processed?

Your Personal Data will be passed on to the following categories of third parties to process your Personal Data:

Vicarious agents, e.g., third party servicers for training, education, third party risk management content, consulting services and other additional related services
Other service providers, e.g., for the provision of the website or newsletter dispatch
State agencies and bodies, e.g., based on entry requirements or police activities and investigations
Our agents, partners or contractors who assist us in providing the Services we offer through our Site. The assistance provided by our agents, partners or contractors may be related to our marketing activities such as updating marketing lists, data analytics, advertising, market research, participation in a contest or sweepstakes, and receiving and sending communications.
Transactional assistance may also be provided by our agents, partners, or contractors, including processing transactions, fulfilling requests for information, billing, sales execution, and fulfilment of orders. Other support services provided may include data storage, transfer, analysis and processing, legal services, providing IT, and in other tasks as requested, from time to time. Our agents, partners and contractors will only use your information to the extent necessary to perform their functions under this Policy and are subject to contractual restrictions prohibiting them from using your information for any other purpose.
From time to time, the Institute may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly offered product or service from the Institute, we may share information about you collected in connection with your purchase or expression of interest with our joint promotion partner(s). If you do not want your information to be shared in this manner, you may email [email protected] However, we do not control our business partners’ use of the information that we share with them about you that we collect, and their use of the information will be in accordance with their own privacy policies.
To protect the Institute and others: We may disclose any of your information to: (i) comply with legal process; (ii) enforce any agreements that you entered into with us; (iii) respond to claims that any content violates the rights of third parties; (iv) respond to your requests for customer service; and/or (v) the extent necessary for the purposes of the legitimate interests pursued by us or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subjects. We may also disclose information to law enforcement agencies in emergency circumstances, where the disclosure of such information is consistent with the types of emergency disclosures permitted or required by law.
California Do Not Track Disclosure. We are committed to providing you with meaningful choices about the information collected on the Services that is shared with third parties, and that is why we provide the opt-out choices set forth in this Policy. However, we do not recognize or respond to browser- initiated Do Not Track (“DNT”) signals, in part because no common industry standard for DNT has been adopted by industry groups, technology companies, or regulators, nor is there a consistent standard of interpreting user intent. We take privacy and meaningful choice seriously and will make efforts to continue to monitor developments in these areas.

As part of a global group of companies operating internationally, Third Party Risk Institute Ltd. may have affiliates and third-party service providers outside of the European Economic Area (the “EEA”) and will transfer your Personal Data to countries outside of the EEA. If these transfers are to a country for which the EU Commission has not issued an adequacy decision, Third Party Risk Institute Ltd. uses the EU standard contractual clauses to contractually require that your Personal Data receives a level of data protection consistent with the EEA. You can obtain a copy (redacted to remove commercial or irrelevant) of such standard contractual clauses by sending a request to [email protected]. You can also obtain more information from the European Commission on the international dimension of data protection here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension- data-protection/standard-contractual-clauses-scc_fr

What are your data protection rights?

You can request from Third Party Risk Institute Ltd.: access at any time to information about which Personal Data the Institute processes about you and the correction or deletion of such Personal Data. Please note, however, that the Institute can or will delete your Personal Data only if there is no statutory obligation or prevailing right of the Institute to retain it. Kindly note further that if you request that the Institute deletes your Personal Data, you will not be able to continue to use any service that requires the Institute’s use of your Personal Data.

If the Institute uses your Personal Data based on your consent or to perform a contract with you, you can further request from the Institute a copy of the Personal Data that you have provided to the Institute. In this case, please contact [email protected] and specify the information or processing activities to which your request relates, and whether the Personal Data should be sent to you or another recipient. The Institute will carefully consider your request and discuss with you how it can best fulfill it.

Furthermore, you can request from the Institute that the Institute restricts your Personal Data from any further processing in any of the following events: (i) you state that the Personal Data the Institute has about you is incorrect, subject to the time the Institute requires to check the accuracy of the relevant Personal Data, (ii) there is no legal basis for the Institute processing your Personal Data and you demand that the Institute restricts your Personal Data from further processing, (iii) the Institute no longer requires your Personal Data but you state that you require the Institute to retain such data in order to claim or exercise legal rights or to defend against third party claims, or (iv) in case you object to the processing of your Personal Data by the Institute based on the Institute’s legitimate interest (as further set out below), subject to the time required for the Institute to determine whether it has a prevailing interest or legal obligation in processing your Personal Data.

For individuals within the State of California, you instead have the right:

to request from the Institute access to your Personal Data that the Institute collects, uses, discloses, or sells (if applicable) about you;
to request that the Institute delete Personal Data about you;
to opt-out of the sale of Personal Data, if applicable;
to non-discriminatory treatment for exercise of any of your data protection rights
in case of request from the Institute for access to your Personal Data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance.

Please note, however, that the Institute can or will delete your Personal Data only if there is no statutory obligation or prevailing right of the Institute to retain it. Kindly note further that if you request that the Institute deletes your Personal Data, you will not be able to continue to use any service that requires the Institute’s use of your Personal Data.

How can you exercise your data protection rights?

Please direct any requests to exercise your rights to [email protected] or, if you are located in the State of California, you can also call collect using the numbers provided at www.thirdpartyriskinstitute.com. You can also designate another person to submit requests to exercise your data protection rights to the Institute. You can give authorization to such a person by granting them a limited power of attorney to exercise your data protection rights on your behalf.

How will Third Party Risk Institute Ltd. verify requests to exercise data protection rights?

The Institute will take steps to ensure that it verifies your identity to a reasonable degree of certainty before it will process the data protection right you want to exercise. When feasible, the Institute will match the Personal Data provided by you in submitting a request to exercise your rights with information already maintained by the Institute. This could include matching two or more data points you provide when you submit a request with two or more data points that are already maintained by us.

In accordance with the verification process set forth in the California Consumer Privacy Act (“CCPA”), the Institute will require a more stringent verification process for deletion requests, or for Personal Data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your Personal Data. If the Institute must request additional information from you outside of the information that is already maintained by the Institute, the Institute will only use it for the purposes of verifying your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.

the Institute will decline to process requests that are manifestly unfounded, excessive, fraudulent, or are not otherwise required by local law.

If you take the view that the Institute is not processing your Personal Data in accordance with the requirements in this Privacy Statement or under applicable EEA data protection laws, you can at any time lodge a complaint with the data protection authority of the EEA country where you live or with the data protection authority of the country or state where the Institute has its registered seat.

Processing based on a statutory permission

Why does Third Party Risk Institute Ltd. need to use my Personal Data and on what legal basis is the Institute using it?

Processing to fulfill contractual obligation

The Institute requires your Personal Data to deliver goods or services you order under a contract the Institute has with you, to establish a contract for goods or services between you and the Institute, and process payments and/or send you invoices for ordered goods or services. The Institute processes Personal Data to fulfill contractual obligations pursuant to Article 6(1), Subparagraph 1(b) GDPR. Additionally, the Institute requires your Personal Data to provide you, at your request, with access to Institute events or the Institute materials such as whitepapers.

Processing to ensure compliance

the Institute and its products, technologies, and services are subject to the export laws of various countries including, without limitation, those of the European Union and its member states, and of the United States of America. You acknowledge that, pursuant to the applicable export laws, trade sanctions, and embargoes issued by these countries, the Institute is required to take measures to prevent entities, organizations, and parties listed on government-issued sanctioned-party lists from accessing certain products, technologies, and services through the Institute’s websites or other delivery channels controlled by the Institute. This could include (i) automated checks of any user registration data as set out herein and other information a user provides about his or her identity against applicable sanctioned-party lists; (ii) regular repetition of such checks whenever a sanctioned-party list is updated or when a user updates his or her information; (iii) blocking of access to the Institute’s services and systems in case of a potential match; and (iv) contacting a user to confirm his or her identity in case of a potential match. Any such use of your Personal Data is based on the permission to process Personal Data in order to comply with statutory obligations (Article 6 para. 1 lit. c GDPR) and Third Party Risk Institute Ltd. ‘s legitimate interest (Article 6 para. 1 lit. f GDPR).

Processing based on Third Party Risk Institute Ltd.’s legitimate interest

The Institute can use your Personal Data based on its legitimate interest (Article 6 para. 1 lit. f GDPR) as follows:

Fraud and Legal Claims. If required, the Institute will use your Personal Data for the purposes of preventing or prosecuting criminal activities such as fraud and to assert or defend against legal claims. Questionnaires and survey. the Institute could invite you to participate in questionnaires and surveys. These questionnaires and surveys will be generally designed in a way that they can be answered without any data that can be used to identify you. If you nonetheless enter such data in a questionnaire or survey, the Institute will use this personal data to improve its products and services.
Contract Performance. If you purchase or intend to purchase goods or services from the Institute on behalf of a corporate customer or otherwise be the nominated contact person for the business relationship between a corporate customer (a “Customer Contact”) and the Institute, the Institute will use your Personal Data for this purpose. This includes, for the avoidance of doubt, such steps which are required for establishing the relevant business relationship. In case that an existing Customer Contact informs the Institute that you are his or her replacement, the Institute will, from the point in time of such notification, consider you to be the relevant Customer Contact for the respective customer until you object as further set out below.
Creation of anonymized data sets, the Institute will anonymize Personal Data provided under this Privacy Statement to create anonymized data sets, which will then be used to improve its and its affiliates’ products and services.
Personalized Newsletter. If you opt-in to receive marketing communications such as newsletters from the Institute, the Institute will collect and store details of how you interact with the newsletters to help create, develop, operate, deliver, and improve our newsletter communications with you. This information is aggregated and used to help the Institute provide more useful information and to understand what is of most interest.
Recordings for quality improvement purposes. In case of telephone calls or chat sessions, the Institute may record such calls (after informing you accordingly during that call and before the recording starts) or chat sessions in order to improve the quality of our services.
To keep you up-to-date or request feedback. Within an existing business relationship between you and the Institute, the Institute might inform you, where permitted in accordance with local laws, about its products or services (including webinars, seminars, or events) which are similar or related to such products and services you have already purchased or used from the Institute. Furthermore, if you have attended a webinar, seminar or event of the Institute or purchased products or services from the Institute, the Institute might contact you for feedback regarding the improvement of the relevant webinar, seminar, event, product, or service.

You can at any time object to the Institute’s use of your Personal Data as set forth in this section by sending an email to [email protected]. In this case, the Institute will carefully review your objection and cease further use of the relevant information, subject to the Institute’s compelling legitimate grounds for continued use of the information, which override your interest in objecting, or if the Institute requires the information for the establishment, exercise, or defence of legal claims.

Processing under applicable national laws

If the applicable national law allows the Institute to do so, the Institute will use information about you for a business purpose, some of which is Personal Data

to plan and host events
to host online forums or webinars
for marketing purposes such as to keep you updated on the Institute’s latest products and services and upcoming events
to contact you to discuss further your interest in the Institute's services and offerings
to help the Institute create, develop, operate, deliver, and improve the Institute’s services, products, content, and advertising and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the Institute to provide more personalized information to you
for loss prevention
for an account and network security purposes
for internal purposes such as auditing, analysis, and research to improve the Institute’s products or services
to verify your identity and determine appropriate services
to assert or defend against legal claims
detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
debugging to identify and repair errors that impair existing intended functionality
Short-term, transient use, provided the personal information is not disclosed to a third party and is not used to build a profile about you or otherwise alter your individual experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction
Undertaking internal research for technological development and demonstration.
Undertaking activities to verify or maintain the quality or safety of a service that is owned, manufactured, manufactured for, or controlled by the Institute

California Consumers: In accordance with the disclosure requirements under the CCPA, the Institute is exempt from providing a notice to opt-out because it does not and will not sell your Personal Data.

Processing based on consent

In the following cases, the Institute will process your Personal Data if you granted prior consent to the specific proposed processing of your Personal Data (Article 6 para. 1 lit. a GDPR).

Children. The Site and Services are not directed to users below the age of 16 years or the equivalent minimum age in the relevant jurisdiction. If you are younger than 16, you cannot register with and use the Site or Services.

U.S. Children’s Privacy. the Institute does not knowingly collect the Personal Data of children under the age of 13. If you are a parent or guardian and believe the Institute collected information about a child, please contact the Institute as described in this Privacy Statement. the Institute will take steps to delete the information as soon as possible. Given that the Site and Services are not directed to users under 16 years of age and in accordance with the disclosure requirements of the CCPA, the Institute does not sell the Personal Data of any minors under 16 years of age.

Marketing

The Institute requires your Personal Data to inform you about the Institute’s latest products, service offers and events. Any such use of information is based on the consent you grant hereunder.

News about Third Party Risk Institute Ltd.’s Products and Services.

The Institute will use your name, email and postal address, telephone number, job title and basic information about your employer (name, address, and industry) as well as an interaction profile based on prior interactions with the Institute (prior purchases, participation in webinars, seminars or events or the use of (web) services in order to keep you up to date on the latest product announcements, software updates, software upgrades, special offers, and other information about the Institute’s software and services (including marketing-related newsletters) as well as events of the Institute and in order to display relevant content on the Institute’s websites. In connection with these marketing-related activities, the Institute will provide a hashed user ID to third party operated social networks or other web offerings (such as Twitter, LinkedIn, Facebook, Instagram, or Google) where this information is then matched against the social networks’ data or the web offerings’ own databases in order to display to you more relevant information.

Forwarding your Personal Data with Third Party Risk Institute Ltd.

The Institute will transfer your Personal Data to other affiliated companies of undertakings for the purpose to inform you about their latest products, service offers and events in the same way the Institute does under this Privacy Statement. In such cases, the Institute use the Personal Data for the same purposes and under the same conditions as set forth in this Privacy Statement.

Forwarding your Personal Data to other third Parties. The Institute will transfer your Personal Data to partners for the purpose that such partners inform you about the Institute’s or the partner's latest products, service offers and events. Any such use of information is based on the consent you grant.

Social media features

The Institute offers social network functionality in various parts of our website and on apps. We give you the opportunity to share and recommend your content on social networks in our online offerings. If you visit our website and use the recommendation features, we pass on the URL to the social network you select where your Personal Data will be then used by the social network according to the social network’s own privacy statement. We recommend that you read the privacy statement of the respective social networks carefully.

Profiles

The Institute offers you the option to use services, including viewing tutorials or taking training, that require you to register and allow you to create a user profile. User profiles provide the option to display personal information about you, including but not limited to your name, photo, address, email, telephone number, professional and personal interests, skills, etc. Profile data is processed to personalize the interaction with other users to foster the quality of communication and collaboration via such services. Profile data might also be shared with other web offerings and services across the Third Party Risk Institute Ltd. The provision of any such information about you as well as the decision to share information with other services is at your free will and based on the consent that you grant.

Third Part Risk Institute events

Event profiling. If you register for an event, seminar, webinar, or training of the Institute, the Institute shares basic registration information (your name, company, title, and email address) with other participants of the same event, seminar, or webinar for the purpose of communication and the exchange of ideas.

Tracking during an event. The Institute requires your Personal Data, including any occasion where you allowed that your event badge was scanned, to evaluate behavioural aspects by means of tracking during the Institute events. The Institute might process tracking data in the context of the Institute events for purposes of tracking attendance, determining the attendees’ interests in certain topics and identifying drivers for the attendees’ satisfaction and dissatisfaction to optimize planning and investments for future events. Any such use of information is based on the consent you grant.

The Institute does not share data about event attendees with business partners unless: (i) you specifically opt-in such sharing via an event registration form; or (ii) you attend an Institute event and have your attendee badge scanned by a business partner. If you do not want your information to be shared, you may email info[email protected].If you choose to share your information with business partners in the manners described above, your information will be subject to the business partners’ respective privacy policies.

Processing Special Categories of Personal Data. When you register for or request access to an event or seminar, the Institute asks whether you require any accommodations because of your health or dietary restrictions. Any such use of information is based on the consent you grant. Kindly note that if you do not provide the Institute with information regarding what accommodations you require, the Institute will not be able to accommodate for it.

Photograph before or during the event. You will be asked to provide the Institute with your current photograph via e-mail or the Institute could ask to take a picture of you when you arrive at the event. By sending the Institute your photograph or allowing a photo of you to be taken, you acknowledge that the Institute will use your picture for the purposes described in this Privacy Statement.

Withdrawal of consent

You may withdraw your consent(s) for the Institute to process your Personal Data as stated in this Privacy Statement at any time. Once you assert this right, the Institute will not process your Personal Data any longer unless legally required to do so. However, any withdrawal has no effect on past processing by the Institute up to the point in time of your withdrawal. Please direct any such request to [email protected].

How does Third Party Risk Institute Ltd. use cookies?

Our Site uses cookies and/or other similar technologies to enhance & customize your user experience. Cookies are small text files placed on your device that enable us to remember your device, and which can be used to manage a range of features and content as well as store searches and present personalized content.

We use this information to ensure the proper functioning and security of our Site and Services and to optimize our Site or Services.

How do we collect cookies and other technologies?

This section describes our practices with respect to how we use cookies. By using our Services with your browser set to accept cookies, you are consenting to our use of cookies in the manner described herein.

We may collect data about your use of the Services through the use of cookies, Internet server logs, tracking pixels (also called web beacons) and similar technologies. A cookie is a small text file that is placed on your computer or mobile device when you visit a website, that enables us to recognize your computer/device, store your preferences and settings, and enhance your user experience by delivering content specific to your interests, perform searches and analytics, and assist with security administrative functions. An Internet server log is a file where website activity is stored. Server logs are used to track usage and provide security. A tracking pixel, which is also referred to as a web beacon or a clear GIF, is an electronic tag with a unique identifier that is embedded on web pages, in online advertisements and/or in email. These pixels are designed to provide usage information, such as advertising impressions or clicks, measure the popularity of the Services and associated advertising, and access user cookies.

What types of cookies do we use?

Third party cookies

We may use third parties to assist us in advertising, tracking aggregated and/or de-identified site usage statistics, and providing content-sharing services to support the Services. These third parties may also use cookies and similar technologies to collect similar information about your use of the Services. For instance, the cookies may reflect de-identified data linked to or derived from data you voluntarily have submitted to us, e.g., a hashed version of your email address, which we may share with service providers, solely in a non-human readable form. We do not control these third-party technologies, and their use is governed by those parties’ privacy policies.

We also allow other third parties (e.g., ad networks and ad servers) to serve tailored ads to you on the Services and to access their own cookies or other tracking technologies on your computer, mobile phone, or another device you use to access the Site or use the Services.

Session and persistent cookies

We use both session cookies and persistent cookies. A session cookie is used to identify a particular visit to our site. These cookies expire after a short time, or when you close your web browser after using our Services. We use these cookies to identify you during a single browsing session. A persistent cookie will remain on your devices for a set period of time specified in the cookie. We use these cookies where we need to identify you over a longer period of time. For example, we would use a persistent cookie if you asked that we keep you signed in. Another type of cookies is Flash cookies, which are stored with your Adobe Flash Player files and help in the viewing of content that uses the Adobe Flash player.

We use these cookies and other technologies on the basis that they are necessary for the performance of a contract with you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights), and, in some cases, where required by law, where you have consented to their use

Why does the Institute use cookies and similar technologies? The Institute uses cookies and similar technologies for the following purposes:

Authentication and Security: To log you into the Services; to protect your security; and to help us detect and fight spam, abuse, and other activities that violate the Institute’s Website Terms and Conditions. For example, these technologies help authenticate your access to the Services and prevent unauthorized parties from accessing your account. They also let us show you appropriate content through the Services.
Preferences: To remember information about your browser and your preferences, and to remember your settings and other choices you have made.
Analytics and Research: To help us better understand how people use our Services, we work with a number of analytics partners, including Google Analytics; and to help us improve and understand how people use the Services. For example, cookies help us test different versions of our Services to see which particular features or content users prefer. We may include web beacons in e-mail messages or newsletters to determine whether the message has been opened and for other analytics. We might also optimize and improve your experience using the Services by using cookies to see how you interact with the Services, such as when and how often you use them and what links you click on. To find out more about how Google uses data when you visit a website that uses Google Analytics, please

visit https://www.google.com/policies/privacy/partners/.

Personalized Content: To customize the Services with more relevant content.
Advertising: To provide you with more relevant advertising. As explained below, third parties whose products or services are accessible or advertised via the Services may use cookies to collect information about your activities on the Services, other sites, and/or the ads you have clicked on. This information may be used by them to serve ads that they believe are most likely to be of interest to you and measure the effectiveness of their ads. Targeting and advertising cookies on the Services may include Google and other advertising networks and services we use from time to time.

For more information about targeting and advertising cookies and how you can opt-out, you can visit http://youronlinechoices.eu or www.allaboutcookies.org/manage- cookies/index.html. Please note that to the extent advertising technology is integrated into the Services, you may still receive advertisements even if you opt-out of tailored advertising. In that case, the ads will not be tailored to your interests.

Where are cookies and similar technologies used? We use these technologies on the Services, including our Site. We do not release the information collected from our own cookies to any third parties, other than to our service providers who assist us in providing the Services and only in accordance with this Policy.

What are my privacy options? You have a number of options to control or limit how we and our partners use cookies. Most browsers automatically accept cookies, but you can modify your browser setting to limit or decline cookies by visiting your browser’s help page. The browser manufacturers, not the Institute, control these settings. You can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). You can also manage the use of Flash technologies, including Flash cookies, with the Flash management tools available at Adobe’s website. If you choose to decline cookies, please note that you may not be able to sign in, customize, or use some features of the Services. For general information about cookies and how to disable them, please visit www.allaboutcookies.org.

We neither have access to, nor does this Policy govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other devices you use to access the Services by non-affiliated, third-party ad technology, ad servers, ad networks or any other non-affiliated third parties. Those parties that use these technologies may offer you a way to opt-out of ad targeting as described below.

You may receive tailored advertising on your computer or mobile device through a web browser. If you are interested in more information about tailored browser advertising and how you can generally control cookies, you may visit the Network Advertising Initiative’s Consumer Opt-Out Link, the Digital Advertising Alliance’s Consumer Opt-Out Link, or the European Interactive Digital Advertising Alliance, “Your Online Choices” page to opt-out of receiving tailored advertising from companies that participate in those programs. To opt-out of Google Analytics for Display Advertising or customize Google Display Network ads, you can visit the Google Ads Settings page. Please note that to the extent advertising technology is integrated into the Services, you may still receive advertisements even if you opt-out of tailored advertising. In that case, the ads will just not be tailored to your interests. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.

Your Rights:

This section provides details about your rights in relation to your personal information.

You may ask us to:

Access all the personal information about you held by us, including where applicable, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. On request, we will provide you with a copy of this information. Where a request is manifestly unfounded or excessive (for example, because it is repetitive) we reserve the right to charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested. You can exercise your right of access to your personal information:
1. By emailing us at [email protected]; or
2. By writing to us at the address below.

Please note that we may be required to ask you for further information in order to confirm your identity before we provide the information requested.

Correct or erase your personal information where appropriate. Please note, you may review and update certain user profile information by logging in, as applicable, to the relevant portions of the Services where such information may be updated;
- Restrict the processing of your personal information whilst we investigate your concern;
- Where your processing is based on your consent, you have a right to receive your information in a commonly used electronic format or ask we move the data in that format to another provider where your request relates to the data that you gave us direct and where technically possible (data portability);
- Object to the further processing of your personal data, including the right to object to marketing;
  - Request that your provided personal data be moved to a third party;
    - You may opt out at any time from allowing further access by us to your location data by exiting the site. You can also stop all information collection by un-installing the applicable app. You may use the standard un-install processes as may be available for your mobile device.; and
    - Withdraw your consent at any time when the processing relies upon consent. You can also change your marketing preferences at any time;

If you remain unhappy with a response you receive you can also refer the matter to your data protection supervisory authority (see http://ec.europa.eu/justice/data- protection/bodies/authorities/index_en.htm) or, if you are located in Australia, to the Office of the Australian Information Commissioner.

Changes to this Policy

The Institute reserves the right to change this Policy from time to time. Please check this page periodically for changes. If we make any material changes to this Policy we will notify you before they take effect either through the Site or by sending you a notification. Any such material changes will only apply to personal information collected after the revised Policy took effect.

Contact us

Have additional privacy questions or need further info? This section is about how to contact us.

If you have any questions, comments, or concerns regarding this Policy or the Institute’s privacy practices, they may be submitted via email to [email protected]