1.1 We post our Privacy and Confidentiality Policy to inform you, as a visitor to our marketing website or as a user of Trealth, what kinds of information we may gather about you or your organization, how we may use that information, whether we disclose it to anyone, the choices you have regarding our use of information, and your ability to correct that information. By visiting Trealth and/or using our services, applications, products and content, you are consenting (i) to this Privacy and Confidentiality Policy and (ii) to having your personal data transferred to and/or processed in the United States in accordance with the terms of this Privacy and Confidentiality Policy. Trealth collects all data collected through www.Trealth.com and is responsible for implementing and ensuring compliance with this Privacy and Confidentiality Policy. Trealth participates in the Safe Harbor program developed by the U.S. Department of Commerce and the European Union. To view our certification, visit the U.S. Department of Commerce's Safe Harbor website.
1.2 Please note that this Privacy and Confidentiality Policy applies only to our websites, and not to other companies' or organizations' websites to which we link or to companies to which we refer our members, as an example to companies who may provide services for our members. These sites may collect information about you. Trealth does not control sites that are operated by others and is not responsible for the information practices of these sites and this Privacy and Confidentiality Policy does not address the information practices of those websites or operators thereof.
2.1 When you visit our marketing website, www.Trealth.com, we do not collect personally identifiable information about you except when you specifically and knowingly provide it. For instance, if you request information from us, you will be asked to provide basic information about you and your organization, including your name, company, title, country, e-mail address, your company's industry and other information that may assist us in providing services to your organization (the "Basic Information"). Trealth does not intentionally or knowingly collect sensitive personal information such religious beliefs, political opinions, health, sexual orientation, race or union membership. Trealth is not intended for and does not knowingly collect information from children under the age of 13.
2.2 We do not sell, trade, or rent to any third party any of the Basic Information that you provide to us prior to your organization becoming a member of Trealth. We may provide Basic Information to third parties who provide services to us, and who agree to abide by the terms of this Privacy and Confidentiality Policy. We will use the Basic Information you provide to respond to your requests for additional information by email and also by telephone if you have consented to telephone contact. We also will use the Basic Information for future mailings informing you of products and services available to your organization. If you would like to opt-out of receiving future mailings, simply follow the unsubscribe directions at the bottom of the mailing, or send us an e-mail with your name referencing "Remove" in the subject line to email@example.com.
Type of Cookies
|Required cookies||Required cookies enable you to navigate Trealth websites and use their features, such as accessing secure areas of the websites and using Trealth services.||Because required cookies are essential to operate Trealth sites and services, there is no option to opt out of these cookies and continued use of the site implies consent.|
|Performance cookies||Performance cookies collect information about how visitors use our site, including which pages visitors go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies a visitor. All information these cookies collect is aggregated and anonymous. It is only used to improve functionality and performance of our site.||To learn how to opt out of performance cookies using your browser settings click here.|
|Functionality cookies||Functionality cookies remember information you have entered or choices you made (such as your username, language, or your region) and provide enhanced, more personal features.||Opting out may impact the functionality of the sites. To learn how to opt out of functionality cookies using your browser settings click here.|
|Targeting or Advertising cookies||Third party advertising and retargeting pixels and cookies are used to manage and track the effectiveness of our marketing efforts. From time-to-time, third parties track and analyze usage and volume information from individuals who are referred to the site from ads. Third party advertising networks may collect IP addresses and other information from web beacons, emails, and on third-party websites, in order to provide advertisements about products and services tailored to your interests. You may see these advertisements on other sites.||To learn more about these and other advertising networks and their opt out instructions, click here and here.|
2.4 Our system logs some basic and generic information about your computer, including its: IP address, Operating system and Browser software. We use this information about your computer to perform routine website maintenance, to generate aggregate website traffic reports, and enhance the performance of our website on different browsers and devices.
2.5 We are committed to providing reasonable and practical access to you to identify and to correct any inaccuracies in the information you may provide. Visitors who have provided Basic Information on our marketing website can contact us at firstname.lastname@example.org to correct any inaccuracies.
3.1 If your organization chooses to apply for membership to Trealth, you may be asked to provide Basic Information for individuals who will act as contacts on Trealth and detailed financial and business information about your organization. This information may be shared with financial service providers and payment providers to enable your organization to qualify for credit risk and payment services. During this registration process, we will allow you to choose whether or not you would like us to contact your organization's trading partners for membership and other services related to transactions.
3.2 Once your organization becomes a member of Trealth, your Basic Information and your organization's financial information, other confidential business data, and transaction details may be shared with other Trealth members, Trealth service providers, and Trealth corporate alliances as necessary in order to conduct your transaction(s). Trealth service providers and corporate alliances include, but are not limited to payment providers, payment protection providers, country managers, freight forwarders, inspection agents, logistics providers, financing providers, sales support, marketing agents, and, subject to appropriate restrictions, to third parties who provide services to us regarding our business. In certain circumstances, we may modify the format of information you provide to us to make the format compatible with the Trealth platform. We will not disclose your Basic Information and your organization's financial information, confidential business data, or transaction details to parties other than the ones referenced above without your consent, except as expressly permitted by this Privacy and Confidentiality Policy. In addition, we aggregate your transaction data with that of other Trealth members for statistical analysis and other similar purposes and provide such aggregate data to third parties, provided that in no event will Trealth identify or otherwise disclose specific data as being related to you or your organization. Such aggregate transaction data is the sole property of Trealth.
3.3 Passwords and identity or security devices are private entry keys into the respective Trealth account. A user should never share his or her password or identity or security devices with anyone. If a user needs to walk away from his or her PC for any reason, the user should log off from the Trealth session. Users should select passwords that are difficult to guess and change them frequently. Passwords should not be stored on the PC or on written notes near the PC. Identity or security devices should be stored in a secure place. Trealth is not responsible if the foregoing practices are not complied with.
3.4 When a user logs onto our transaction sites, the Trealth system uses session cookies, small text files placed temporarily on your system, to maintain user session records. These cookies are destroyed as soon as the user logs out and closes the browser and cannot be used to track other information about the user or his or her computer. They are required; a user cannot use the Trealth transaction system unless the user accepts these session cookies.
3.5 We will use the information you provide to contact you, if necessary, to service your organization's account or for other administrative purposes. We may also access and use your organization's information to resolve disputes, to troubleshoot problems, to enforce our Membership Agreement, or for marketing purposes. In addition, the Trealth transaction system uses your transaction details to automate and to streamline your trade transaction by checking for electronic data compliance, providing reporting features, and transferring data from previous forms to those of the current transaction.
3.6 When this Privacy and Confidentiality Policy offers Trealth members the opportunity to "opt in" or "opt out", you may do so by contacting Trealth Member Services at email@example.com.
3.7 Trealth members also have the opportunity to select certain types of emails they would like to receive from Trealth. This can be done easily by utilizing the Email Subscription Table located in the Admin section of the Trealth transaction site.
3.8 We are committed to providing reasonable and practical access to you to identify and to correct any inaccuracies in the information you may provide. Trealth members can use the system's administrative function on the transaction website or contact Trealth Member Services to maintain up to date account information.
3.9 Unless your organization opts out as described above, we may post your company name in the marketing section of our website to indicate that you are a Trealth member.
4.1 We may disclose information about you and your organization to such third parties that you authorize us to disclose. We may also resell financial information about you and your organization that we obtain from third party providers, subject to our agreements with such third parties.
5.1 Trealth reserves the right to change this Privacy and Confidentiality Policy, or any other Trealth policy or practice, at any time. You are responsible for checking this page periodically for changes. When we intend to make material changes to this Privacy and Confidentiality Policy, we will post those changes on this page and such changes are effective immediately upon posting. Your use of the Trealth service following any posted change(s) to the Privacy and Confidentiality Policy will be deemed an acceptance of such change(s). This Privacy and Confidentiality Policy is incorporated into, and part of, the Trealth Membership Agreement between you and Trealth.
5.2 We will endeavor to respond to your request to access, update or delete member information as soon as practicable after you provide such updates to Trealth Member Services at firstname.lastname@example.org.
5.3Trealth takes reasonable precautions to protect your Basic Information and your organization's information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Due to the inherent nature of the Internet as an open global communications vehicle, Trealth cannot guarantee that your information will be absolutely safe from intrusion by others, such as hackers. Any unauthorized access to or use of the Trealth sites or information collected and maintained by the Trealth sites should be immediately brought to the attention of Trealth Member Services at email@example.com. Trealth will investigate, and if necessary take action to prevent or halt, any violation of this Privacy and Confidentiality Policy of which it becomes aware. If you contact Trealth by e-mail, you should be aware that e-mail transmission might not be secure. A third party could view information you send by e-mail in transit. Trealth will have no liability for disclosure of your information due to errors or unauthorized acts of third parties during transmission.
5.4 In the event that Trealth, or substantially all of its assets, are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation or liquidation, such databases containing member information may be one of the transferred assets. In using the Trealth services, you consent to such transfer of your information.
5.5 Trealth shall disclose information provided by you about you and/or your organization to the extent required by law through subpoena, search warrant or other legal process or requirement or as necessary to protect the rights, property, or safety of Trealth, our members, or others.
Trealth operates a cloud-based business network and execution platform for global trade and supply chain management. Trealth's security system is built upon five tenets of data security: authentication, authorization, confidentiality, integrity and non-repudiation. These building blocks work together to provide a comprehensive data security infrastructure.
Authentication is accomplished primarily by a login and password mechanism. Logins and passwords are only issued after verifying a registered user's credentials. Users are required to change their password upon initial login and periodically thereafter. Strong passwords are enforced ensuring a minimal length that includes characters, digits and special characters. Passwords are stored encrypted in the database. Trealth may identify and authenticate users to the system using two-factor authentication. When a user is authenticated to the Trealth system with two-factor authentication, s/he provides a unique username and password, as well as a one-time access code generated by the e-identity Security System. The e-identity Security System utilizes a card that generates an access code that is unique to the token. The access code can be used only once to access the Trealth system; a different access code is generated each time the card is used. The card can be taken away or disabled to prevent access to the Trealth system. Each authenticated user session has an inactivity time out. User inactivity for a specific amount of time will require the user to re-authenticate to the Trealth system.
Users of the Trealth system also have to trust that they are connecting to Trealth and not a rogue machine that may be set up to look and act like Trealth. Server authentication is provided by the use of a server certificate. When a browser connects to the Trealth system, the browser automatically uses the certificate to verify that it is connecting with the legitimate Trealth site.
Authorization is the process of granting or denying access to a resource based upon the identity of a user. In the Trealth system, the authorization model defines what actions individual users and parties can perform within the scope of a Trealth transaction. Trealth defines authorization via the configuration of access control lists, user and company roles and business workflow rules within the system.
Access to the documents in a Trealth transaction are configured by a member organization's system administrator who controls what individual users are allowed to see and do within the Trealth system. The business rules interact with the workflow system to control which parties can act on a transaction at any time.
The SSL (Secure Socket Layer) protocol provides a secure mechanism for exchanging data on the Trealth system. Trealth's Server Certificate enables strong (128-bit) encryption on all communications between a user's browser and Trealth's servers.
The integrity of data in a transaction is extremely important to parties involved in it. There needs to be some level of assurance that an unauthorized individual has not altered the information in a transaction. The data must remain exactly as was entered and approved by the different parties involved in the transaction.
Digital signatures help protect the integrity of documents in the Trealth system. When a user first accesses the Trealth system s/he automatically generates a Public/Private key pair. The private key is encrypted with a password that is known only by the user and stored with the unencrypted public key. To apply a digital signature a user must present his/her password to decrypt the private key. The private key is then utilized to create the digital signature on the document data. The Trealth system can prove the integrity of document data at a later date by passing the document data and public key into the digital signature verification algorithm. If the document data has been altered in any way the verification process will fail.
User passwords are never stored in the Trealth system; instead, only hashed values of the password are persisted. No one with access to the Trealth system database will be able to find out a user's password for the purpose of accessing the system.
Non-Repudiation is the ability of a party involved in a transaction to enforce the terms of the transaction against the other party. Trealth seeks to achieve non-repudiation through the use of the four previous tenets of security. Strong non-repudiation means that no party involved in a transaction can successfully deny that it had involvement in the completion of the transaction.
Non-Repudiation in the Trealth system is ensured with the addition of auditing to all the above security tenets. The ability to authenticate users, authorize user access, provide for confidentiality, prove the integrity and the auditing of transactions provides a means for proving a user's involvement in a transaction and enforceability of the transaction terms. Every action a user makes is logged along with the data involved in the action to an audit facility in the Trealth Network the moment that they are performed. This data is captured for auditing purposes only and there is no system access provided to the audited information.