Privacy Policy

TrueXess Privacy policy


1. Introduction

1.1. ‘TrueXess’ or “Application” means the TrueXess Online Platform, TrueXess website and TrueXess mobile App. TrueXess is owned and operated by the company ‘TrueXess ltd’.
‘We’ means the company TrueXess ltd.
‘You’ or “user” means the user of TrueXess and visitor of our website TrueXess.com, either as member of a Customer or as an individual.
1.2. At TrueXess ltd we are committed to safeguarding the privacy of TrueXess users. In this policy we explain how we will process your personal information, including information shared within/on TrueXess.
1.3. By using TrueXess and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.
1.4. In respect of the users' rights and obligations under this engagement regarding the Personal Data, the users acknowledge and agree that Customer is the data controller and TrueXess is the data processor and accordingly TrueXess agrees that it will Process all Personal Data in accordance with applicable privacy regulations.
1.5. The following words are ascribed to the following meanings:
  • "Adequate Country" means a country or territory that is recognized under EU Data Protection Laws from time to time as providing adequate protection for personal data;
  • "Novimix" means TrueXess and any corporate entities which are from time to time under Common Control with Novimix ltd;
  • "Customer" means Customer and any corporate entities which are from time to time: (a) under Common Control with Customer; and (b) established and/or doing business by using TueXess, ie by enrolling its members (their employees, their customers, their suppliers, their partners) to use TrueXess.
  • "EU Data Protection Laws" means all laws and regulations, including laws and regulations of the European Union, the European Economic Area, their member states and the United Kingdom, applicable to the Processing of Personal Data under the Main Agreement, including (where applicable) the GDPR;
  • "GDPR" means General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the Processing of personal data and on the free movement of such data;
  • "Personal Data" means all data which is defined and regulated as ‘Personal Data’ in the EU Data Protection Laws and which is provided by Customer to TrueXess or accessed, stored or otherwise Processed by TrueXess in connection with the TrueXess Services;
  • "Properties" means the websites, apps, platforms, APIs or other online properties and services owned or operated by or on behalf of Customer and/or other members of Customer Group, or their respective clients, in connection with which Customer uses the Services; and
  • "Processing", "data controller", "data subject", "supervisory authority" and "data processor" will have the meanings ascribed to them in the EU Data Protection Laws.

2. Collecting personal information

2.1. Based on your privacy settings, we may collect, store and use the following kinds of personal information:
(a) information about your computer and about your visits to and use of this TrueXess (including your IP address, geographical location, browser type and version, operating system, referral source, applications accessed, duration of visit, page views and TrueXess navigation paths);
(b) information that you provide to us when registering with TrueXess (including names, roles, email addresses, organizational units, managers, company affiliation);
(c) information that you provide when completing your profile on TrueXess (such as names, roles, email addresses, organizational units, managers, photo/avatar, company affiliation, information about your manager);
(d) information that you provide to us for the purpose of subscribing to our email notifications, RSS/newsfeeds and/or newsletters (including your name and email address);
(e) information that you provide to us when using the services on TrueXess, or that is generated in the course of the use of those services (including the timing, frequency and pattern of service use);
(f) information that you provide in TrueXess (including names, roles, email addresses, organizational units, managers, photo/avatar, company affiliation, information about your superior);
(g) information contained in or relating to any communication that you send to us or send through TrueXess (including the communication content and metadata associated with the communication); and
(h) Biometric information to authenticate you. We may ask you to provide biometric information to authenticate you, such as your fingerprint or facial patterns (facial recognition), although we do not keep this data.
(i) any other personal information that you choose to send to us or share in TrueXess.
2.2. TrueXess ltd has minimal control over the nature and scope of the personal data that Customer chooses to Process using the TrueXess Platform, minimal insight into the identity of the Customer’s users, and no role in the Customer’s decision-making as to the purpose for which the personal data is Processed.
2.3. Before you disclose any information to us about other users, such as your employees and customers, for example by enrolling them to TrueXess on their behalf, you must obtain as the controller the consent of the user or administrator of that organization (or unit) to both the disclosure and the processing of that information in accordance with this policy and, if any, the policy of that organization.
2.4. When you opt out by customizing your privacy settings, we will only use your anonymized information for the purposes mentioned in section 3.

3. Using personal information

3.1. Personal information submitted to us through TrueXess will be used for the purposes specified in this policy or specified on the relevant pages of TrueXess.
3.2. Based on your privacy settings and the service plan you choose, we may use your personal information to:
(a) administer TrueXess and business;
(b) personalize TrueXess for you;
(c) authenticate you and enable your use of the services available on TrueXess;
(d) send you marketing commercial communications if you have consented to receive marketing;
(e) send you email notifications that you have specifically requested for;
(f) provide third parties only with anonymized statistical information about our users;
(g) deal with enquiries and complaints made by or about you relating to TrueXess;
(h) keep TrueXess secure and prevent fraud; and
(i) verify compliance with the terms and conditions governing the use of TrueXess.
(j) record and analyze the access behaviors of TrueXess users for the purpose of detecting malicious behaviors.
(k) automatically create a risk profile of TrueXess users for the purpose of being able to identify and respond appropriately to malicious activities.
(l) use fingerprint for authentication, even though we do not keep fingerprint data.
3.3. You may opt out at any point as set out in section 12 to stop us from personalizing TrueXess for you (3.2 b) or contacting you for marketing purposes (3.2d). Other points set out in section 3.2 are required to provide you the service plan you chose.
3.4. We will not, without your express consent, supply your personally identifiable information to any third party for the purpose of their or any other third party's direct marketing.
3.5. The duration of the Processing will be: until expiration or termination of the Subscription Term
3.6. The purpose(s) of the Processing is / are: as necessary for the provision of the Subscription Services

4. Disclosing personal information

4.1. We may only disclose your personal information to any of our employees or subcontractors insofar technically possible and as reasonably necessary for the purposes set out in this policy, such as investigating incidents, providing support and other professional services to you, and when they agree to comply with our privacy policy.
4.2. We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our holding company and all its subsidiaries) insofar technically possible and as reasonably necessary for the purposes set out in this policy, such as investigating incidents, providing support and other professional services to you, and when they agree to comply with our privacy policy.
4.3. We may disclose your personal information insofar technically possible and:
(a) to the extent that we are required to do so by law enforcement;
(b) in connection with any ongoing or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention);
(d) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
4.4. Except as provided in this policy, we will not provide your personal information to third parties.

5. International data transfers

5.1. If you are required to comply with GDPR, you can request us to only store, transfer and process your personal information in and between any of the countries that are in the EU or have an adequacy status under The General Data Protection Regulation (GDPR).
5.2. If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services. Information that we collect may then be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.
5.3. If, in the performance of this Agreement and subject to 5.1, TrueXess transfers any Personal Data to a sub-processor (or any member of the Novimix Group that acts as a sub-processor) other than exclusively in an Adequate Country, TrueXess will in advance of any such transfer ensure that a mechanism to achieve adequacy in respect of that Processing is in place such as:
(a) the requirement for TrueXess to execute or procure that the third party execute standard contractual clauses approved by the EU authorities under EU data Protection Laws;
(b) the requirement for the third party to be certified under the Privacy Shield framework; or
(c) the existence of any other specifically approved safeguard for data transfers (as recognized under the EU Data Protection Laws) and/or a European Commission finding of adequacy.

6. Retaining personal information

6.1. This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
6.2. Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6.3. Without prejudice to the other provisions of this Section 6, we will usually delete or disable personal data falling within the categories set out below at the date/time set out below:
(a) any personal (including profile) data will be disabled or deleted after 30 days after your plan has expired or been cancelled
6.4. Notwithstanding the other provisions of this Section 6, we will retain documents (including electronic documents) containing personal data:
(a) to the extent that we are required to do so by law enforcement;
(b) if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention or forensic investigations).

7. Security of personal information

7.1. We comply with ISO27001 and take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information according to ISO27001.
7.2. We store all the personal information you provide encrypted.
7.3. All transmission of information over the internet from or to TrueXess is protected by encryption technology.
7.4. You are responsible for keeping the password you use for accessing TrueXess confidential; we will not ask you for your password (except when you log in to TrueXess).
7.5. Mandatory privacy breach notification. We will notify you if we are aware of a notifiable privacy breach that affects any information you have provided to us and, if applicable by the local regulation, the appropriate authority. The GDPR requires additionally to notify the EU supervisory authority when it impacts EU data subjects. We will co-ordinate and consult with you on the contents of any such notification(s). Where we consider it necessary, we may notify individuals and/or the Authorities directly.

8. Amendments

8.1. We may update this policy from time to time by publishing a new version on TrueXess.
8.2. We will notify you of changes to this policy by email or through the messaging system on TrueXess. You might not be able to use all the features on TrueXess if you do not accept the new changes.
8.3. You should check this policy to ensure you are happy with any changes to this policy before (continuing) using TrueXess.

9. Your rights and your customer’s rights

9.1. You can execute your rights by contacting us. Providing the rights and freedoms of others are not affected or to the extent permitted or required by European law or local law, TrueXess gives you the ability:
9.1.1. to access, delete and update certain information about you.
a) You can access, delete and update your profile information within the profile settings in TrueXess
b) You can access, delete and update content in TrueXess by requesting our support team to do so.
Note that we may withhold personal information that you want to delete to the extent permitted or required by European law or local law.
9.1.2. to restrict the processing of your personal data. Where only processing has been restricted on this basis, we may continue to store your personal data.
9.1.3. to object to our processing of your personal data on grounds relating to your particular situation. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing.
9.1.4. to obtain your personal data.
9.1.5. to object to our processing of your personally identifiable information for marketing purposes. If you make such an objection, we will cease to process your personally identifiable information for this purpose. In practice, you will usually expressly agree in advance to our use of your personally identifiable information for marketing purposes.
9.2. To the extent that the legal basis for our processing of your personal information is with your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
9.3. If you consider that our processing of your personal information infringes data protection laws, you can request our Data Protection Officer, as described in section 12, for further investigation or lodge a complaint with your supervisory authority responsible for data protection.
9.4. If execution of your rights is not possible through the aforementioned methods, you may exercise any of your rights in relation to your personal data by written notice to us using one of the contact methods described in section 12. The execution may be subject to:
(a) the payment of a reasonable fee; and
(b) the supply of appropriate evidence of your identity.
9.5. Your customer’s rights
9.5.1. If you are a managed service provider or host otherwise data about other parties than about your organization, the data in the Platform is controlled and managed by you. In the first instance we will direct such enquiries to you in relation to your users (including your customers), where permitted by law. This applies in circumstances where individuals make requests in relation to their personal information directly to us.
9.5.2. With respect to all Personal Data, TrueXess agrees that it will
(a) taking into account the nature of Processing and the information available to TrueXess, assist your Customer when reasonably requested in relation to your Customer’s obligations under Data Protection Laws with respect to:
(i) data protection impact assessments;
(ii) notifications to the supervisory authority and/or communications to data subjects by your Customer in response to any Security Breach; and
(iii) Your customer’s compliance with its obligations with respect to the security of Processing.
(b) taking into account the nature of the Processing, assist your Customer by appropriate technical and organizational measures, insofar as this is possible, to respond to data subjects’ requests to exercise their rights. TrueXess will promptly notify your Customer of requests received by TrueXess, unless otherwise required by applicable law. Your Customer may make changes to Personal Data Processed with the TrueXess Platform using the features and functionality of the TrueXess Platform. TrueXess will not make changes to such data except as agreed in writing with your Customer.

10. Third party platforms

10.1. TrueXess may include on the website hyperlinks to, and details of, third party platforms and websites, such as logos of our customers.
10.2. We have no control over, and are not responsible for, the privacy policies and practices of third parties. Do not use those links if you don’t trust them.

11. Cookies

11.1. TrueXess uses cookies. We provide you with options to refuse some of our cookies, but be aware that you might not be able to use all the features on TrueXess.
11.2. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
11.3. We use both session and persistent cookies on TrueXess. Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
11.4. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
11.5. Most browsers allow you to refuse to accept cookies; use these options, but be aware that
(a) blocking all cookies will have a negative impact upon the usability of many platforms and
(b) if you block cookies, you might not be able to use all the features on TrueXess.
11.6. You can delete cookies already stored on your computer, but deleting cookies will have a negative impact on the usability of many platforms.

12. Our details

12.1. The company TrueXess ltd, that owns and operates TrueXess, is registered in Auckland, New Zealand.
12.2. You can contact us for general enquiries over a secure connection by using our contact form on our website TrueXess.com when it concerns our website and in TrueXess at support@truexess.com when it concerns TrueXess Platform; or
12.3. If you have any questions regarding the protection of your personal data, i.e. to exercise your right to oppose, access or correct personal data transmitted to our various services you may contact our Data Protection Officer using the following contact details: DPO[at]TrueXess.com.

13. Law and jurisdiction

13.1. This policy will be governed by and construed in accordance with New Zealand law. Any disputes relating to these terms and conditions will be subject to the exclusive jurisdiction of the courts of New Zealand.