Last Updated: July 10, 2020

Northern Lights Group, Inc., A Delaware C Corporation GDPR Statement

The General Data Protection Regulation (GDPR) is a European Union regulation which protects the rights of data subjects in the European Economic Area (EEA), with respect to the processing of their “personal data,” as such term is defined in the GDPR.


Table of Contents:
  • Compliance
  • What Personal Data is Collected and How it is Collected
  • How Long is Personal Data Retained
  • Children’s Privacy
  • Legal Basis for Processing
  • Controller and Processor Subprocessors
  • International Data Transfers Your Data
  • Protection Rights Under GDPR
  • Direct Marketing
  • How to Contact Us Changes to this GDPR Statement

Compliance

The ThirdPartyTrust website and platform are designed to meet the principles of the GDPR. Here are some of the actions we’ve taken to ensure our compliance with GDPR:

  • We limit the personal data we collect;
  • We have established a legal basis for the processing of that data;
  • We only retain personal data for a limited time period, after which, the data is deleted

What Personal Data is Collected and How it is Collected

Please see the ThirdPartyTrust Privacy Policy, which describes the categories of information we process, the purposes for which we process personal data, and how we collect that personal data.


How Long is Personal Data Retained

If you provide information to us to request a demo, we will keep that information for up to twelve months after your last communication with us.

We will keep personal information provided by customers for up to three months after the end of our business relationship and subject to our SaaS agreement. All payment information will be deleted three months after processing, unless we are required by law to keep it longer.

If you contact us directly using the contact information provided on the ThirdPartyTrust website, we will retain your contact information for a period of up to three months after we respond to your inquiry. After that, the communications will be deleted from our system, unless we are required by law to retain it longer.


Children’s Privacy

The ThirdPartyTrust website and platform were not developed or intended for individuals that are deemed to be children under applicable data protection or privacy laws, and we do not knowingly collect information from children.


Legal Basis for Processing

If you are a user of the ThirdPartyTrust website or platform located in the EEA, we rely on legitimate interest as the legal basis for processing the personal data we collect via the website and platform.


Controller and Processor

Depending on which features you choose to use, Northern Lights Group, Inc., A Delaware C Corporation is both Controller and Processor of personal data covered by the Privacy Policy for purposes of European data protection legislation.

If you choose to use the Vendor Risk Monitoring, Policy Change Detection, Vendor Lawsuit Alerts, Privacy Law Alerts, and Ask the Privacy Expert feature, ThirdPartyTrust is a Controller when the GDPR applies.

If you choose to use the Consent Management or Subject Rights Management features, ThirdPartyTrust is Processor when the GDPR applies. ThirdPartyTrust’s Data Processing Addendum can be found here. ThirdPartyTrust’s Data Processing Addendum applies only when required under the GDPR and does not apply to Customers who are currently in a trial evaluation period or who are using a free tier of service


Subprocessors

In connection with the operation of our website, ThirdPartyTrust may engage third parties (each a “Subprocessor”) to process your personal data. As a condition of permitting a Subprocessor to process your personal data, ThirdPartyTrust will enter into a written agreement with each Subprocessor containing data protection obligations at least as protective as the technical and organizational measures ThirdPartyTrust has put into place to protect your personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.


We use the following Subprocessors to operate our website and provide our services:

NameSubprocessing ActivityCountry of Origin
Amazon Web Services, Inc.Cloud Service ProviderUnited States
ZenDesk, IncCustomer SupportUnited States
HubSpot, Inc.Content Management SystemUnited States
Google, LLCCollaboration and ProductivityUnited States
DocuSign, IncContract SigningUnited States
Slack Technologies, Inc.Collaboration ToolUnited States
BrainTree, Inc.Payment Processing GatewayUnited States
LiveChat, IncChat Tool providersPoland
MailChimp, IncEmail ProviderUnited States

International Data Transfers

If you are located within the EEA when you visit the ThirdPartyTrust website or platform, we may transfer your personal data outside of the EEA. When we do, we will ensure that an adequate level of protection is provided for the information by using industry-standard encryption at rest and in transit. Visit our Privacy Policy to learn more about the technical and operational measures we implement and our compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.


Your Data Protection Rights Under GDPR

If you are a resident of the European Union, you have certain data protection rights under the GDPR. ThirdPartyTrust will take reasonable steps to allow you to access, review, update, rectify, or delete any personal data we hold about you.

In certain circumstances, you have the following data protection rights:

  • Right of access. The right to obtain access to your personal data.
  • Right to rectification. The right to erase or rectify inaccurate or incomplete data.
  • Right to erasure. The right to obtain the erasure of your personal data in certain circumstances.
  • Right to portability. The right to move, copy, or transfer personal data.
  • Right to restrict processing. The right to restrict processing of personal data.
  • Right to object to processing. The right to object to processing of personal data for certain purposes.

If you wish to exercise one of these rights, please contact us by using the contact details below. We may ask you to verify your identity before responding to these requests.


Direct Marketing

You may opt-out of receiving marketing communications at any time by unsubscribing from email marketing, by changing your notification settings in the ThirdPartyTrust application or by opting-out of any emails we may send to you.


How to Contact Us

If you have any questions about this GDPR Statement, you may contact us online, or you can send correspondence to the following addresses:

USA Headquarters Northern Lights Group, Inc., A Delaware C Corporation 1842 W. Irving Park Rd, #401, Chicago, IL 60613
USA

If contacting us does not provide you with an adequate resolution and your inquiry is related to information collected about you in the European Union/European Economic Area, please contact the applicable EU Data Protection Authority.


Changes to this GDPR Statement

Please visit this page periodically to stay aware of any changes to this GDPR Statement, which we may update from time to time. If we modify this GDPR Statement, we will make the revised overview available at the URL of this page and indicate the date of the latest revision.


Download now