Privacy

PRIVACY OVERVIEW

Trifecta Collective understands that privacy is important. When we collect your personal information, we strive to inform you of your rights and make it easy for you to exercise them. Where possible, we also let you manage your preferences about how much information you choose to share with us, or our partners.

Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws.

How we collect or obtain information about you

Trifecta Collective collects Personal Data that has been provided by you directly through your interactions with us, when you join our email list, become a member, when you register and/or attend our events or conferences (“Events”) or interact with us for any other purpose as well as personal information gathered:

• When you visit our Websites
• Through your use of our Services
• By trusted third parties

Personal Data

• Contact information such as first name, last name, email address and other personal information as provided
• Information found on your business card such as job title, company name, company address and phone number
• Industry sector details
• Educational, nationality and professional information
• Demographic information such as gender and birth date
• Order and purchase history
• Comments, feedback, ratings, posts and other content submitted, including survey information
• Interests and communication preferences including marketing permissions where appropriate
• Location information, such as provided through a mobile app and Bluetooth beacons
• Details specific to your attendance at our events including dietary needs and accommodations

Information we collect

We and our third-party service providers (including any third-party content, advertising, and

analytics providers) may automatically collect certain information from your device or web browser when you register for an event or interact with the Services to help us understand how our users use the Services (collectively “Usage Data”).  We may also collect this information from third party partners and public sources to the extent permitted by applicable data protection law. For example, each time you visit the Services we and our third-party service providers may automatically collect and use:

Usage Data

• IP address
• Website and communication usage information
• Information from cookies or other tracking technologies
• Information about your computer or device (e.g. device and browser type)
• Information about how you use our website (e.g. pages viewed; time you viewed those pages and what you clicked on)
• Online source that referred you to our Website
• Geographical location which you accessed our website (based on IP address)
• Estimated demographics such as age and gender (based on your IP address)
• If accessing Services by or through a mobile device, we may collect certain information including but not limited to: mobile device identifier or other unique identifier, IP address, operating system, browser

How we use your information: for administrative and business purposes particularly to contact you, to update you on Events, to process orders you place on our third-party registration software; to improve our business, website, and email marketing; to advertise our Events; to analyze your use of our website and email campaigns; and in connection with our legal rights and obligations.

We and our third-party service providers may use such Usage Data for a variety of purposes

including to diagnose problems with our servers and software, to administer the Services, to gather demographic information and to target advertising to you on the Services and elsewhere online. Accordingly, our third-party advertising networks and ad servers will also provide us with information, including reports that will tell us how many ads were presented and clicked on the Services in a manner that does not identify personally any specific individual. The Usage Data we collect is generally non-identifying, but if we specifically identify or associate it with you, we will treat it as Personal Data.

Disclosure of your information to third parties: on our registration form we ask if you want to opt out of communications about Event news and information. If you do not opt out then we only share information on U.S. based attendees with our Event co-producer partner, The Electronic Transactions Association (ETA) ; only to the extent necessary to run our Events; to our service providers; to fulfill the Events purchases that you make with us; and where required by law or to enforce our legal rights.  Trifecta Collective does not rent or sell your information to third parties.

How long we retain your information: for as long as necessary, taking into account any legal obligations we have (e.g. to maintain records for tax purposes) or any other legal basis we have for using your information (e.g. your consent, performance of a contract with you or our legitimate interests as a business).

How we secure your information: using appropriate technical and organizational measures such as storing your information on secure servers, encrypting transfers of data to or from our servers using Secure Sockets Layer (SSL) technology, and only granting access to your information where necessary.

Use of cookies [and similar technologies]: we use cookies and similar information-gathering technologies such as web beacons on our website, including essential and statistical cookies.

Transfers of your information outside the European Economic Area: Your information will be gathered and stored outside the European Economic Area (EEA) if required to do so by law and because our company and its third-party vendors are located in the U.S.A.

Use of automated decision making and profiling: we do not use automated decision making. Regarding profiling, our web analytics service, Google Analytics, collects information such as your location (based on your IP address) and your behavior (based on cookies) when you access our website (such as the pages you visit and what you click on).

Your rights in relation to your information

• to access your information and to receive information about its use
• to have your information corrected and/or completed
• to have your information deleted
• to restrict the use of your information
• to receive your information in a portable format
• to object to the use of your information
• to withdraw your consent to the use of your information
• to complain to a supervisory authority

Sensitive personal information: we do not knowingly or intentionally collect what is commonly referred to as ‘sensitive personal information’. Please do not submit sensitive personal information about you to us. For more information, please see the main section below titled Sensitive Personal Data.

How and what information we collect

Information we collect when you sign up for conference email updates

We offer site visitors the opportunity to sign up for email news and updates on Events. When visitors willingly opt-in for the updates, they provide first and last name, city, state/region, country, and email address. That information is sent to and stored with our third-party email marketing service, Mailchimp.

Information we collect when you visit our website

We collect and use information from Website visitors in accordance with this section and the section titled Disclosure and additional uses of your information.

Website statistics information

We use third-party website statistics service, Google Analytics, the privacy policy of which is available here: https://policies.google.com/privacy. Google Analytics automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed; information requested; the date and time of the request; the source of your access to our website (e.g. the website or URL (link), or social media channel, which referred you to our website); your browser version and operating system; certain assumed demographic information such as gender, age, and language; whether you are a new vs. returning visitor; and your frequency of visits.

Google’s servers are located in the following locations:

https://www.google.com/about/datacenters/inside/locations/index.html, and, accordingly, your information is transferred outside the European Economic Area (EEA). For further information and information on the safeguards used, please see the section of this privacy policy titled European Privacy Rights.

Website server log information

We use a third-party service to host our website, named WPEngine, the privacy policy of which is available here: https://wpengine.com/legal/privacy/.

Use of website server log information for IT security purposes

Our third-party hosting provider, WPEngine, collects and stores server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analyzing log files to help identify and prevent unauthorized access to our network, the distribution of malicious code, denial of services attacks and other cyber-attacks, by detecting unusual or suspicious activity. Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.

Legal basis for processing: compliance with a legal obligation to which we are subject (Article 6(1)(c) of the General Data Protection Regulation).

Legal obligation: we have a legal obligation to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of our processing of information about individuals. Recording access to our website using server log files is such a measure.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests: we and our third party hosting provider have a legitimate interest in using your information for the purposes of ensuring network and information security.

Use of website statistics information to analyze website use and improve our website

Google Analytics automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed; information requested; the date and time of the request; the source of your access to our website (e.g. the website or URL link, or social media channel, which referred you to our website); your browser version and operating system; certain assumed demographic information such as gender, age, and language; whether you are a new vs. returning visitor; and your frequency of visits.

We use the information gathered from the analysis of this information to improve our website. For example, we use the information gathered to change the information, content and structure of our website and individual pages based according to what users are engaging most with and the duration of time spent on particular pages on our website.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: improving our website for our website users and getting to know our website users’ preferences so our website can better meet their needs and desires.

Cookies and similar technologies

Cookies are data files which are sent from a website to a browser to record information about users for various purposes.

We use cookies and similar technologies on our website, including essential, functional, and analytical cookies, and web beacons.

You can reject some or all of the cookies we use on or via our website by changing your browser settings or non-essential cookies by using our cookie control tool (click the beige-colored icon in the lower left of the site) but doing so can impair your ability to use our website or some or all of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org.

Information we collect when you contact us

We collect and use information from individuals who contact us in accordance with this section and the section titled Disclosure and additional uses of your information.

Contact form

When you send an email through the contact form on our website we collect your email address and any other information you provide in that email (such as your first and last name, reason for your message, and your message to us).

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest(s): responding to enquiries and messages we receive and keeping records of correspondence.

Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why necessary to perform a contract: where your message relates to us providing you with goods or services or taking steps at your request prior to providing you with our goods and services (for example, providing you with information about such goods and services), we will process your information in order to do so.

For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below titled European Privacy Rights.

Information we collect when you interact with our Website

We collect and use information from individuals who interact with particular features of our website in accordance with this section and the section titled Disclosure and additional uses of your information.

E-Newsletter

When you sign up to receive event news and updates from us on our website “updates” page, we collect first and last name, city, state/region, country, and email address. When you register for Events through our third party registration form (ExpoTracker) and you willingly choose to not opt out of news and updates, we collect your first and last name, title, company name, country, address, city, state/region, zip/postal code, email address, phone number, or industry type, for the purpose of sending you periodic news and information about the Events. Conversely, you opt out of communications by clicking the box(es) and telling us the communications you do not wish to receive.

Legal basis for processing: your consent (Article 6(1)(a) of the General Data Protection Regulation).

Consent: you give us your consent to send you our e-newsletter by not opting out of communications using the steps described above.

We use a third-party service, Mailchimp, to send out our e-newsletter and administer our mailing list. Information you submit to subscribe for our e-newsletter is stored outside the European Economic Area on our third-party mailing list provider’s servers in the U.S.A where our third-party email provider stores your information. For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below titled European Privacy Rights.

For more information about our third-party mailing list provider, please see their privacy policy which is available here: https://www.intuit.com/privacy/statement/.

Information we collect when you place an order on our trusted third-party registration form

We collect and use information from individuals who place an order on our third-party registration forms, ExpoTracker and Map Your Show, in accordance with this section and the section titled Disclosure and additional uses of your information.

Information collected when you place an order

Mandatory information

When you place an order for goods or services on our third-party registration forms, ExpoTracker and Map Your Show, the following information is collected: first and last name, title, company name, country, address, city, state/region, zip/postal code, email address, phone number, industry type, credit card information, billing address, billing country, billing phone, and billing email address. If you do not provide this information, you will not be able to purchase goods or services from us on our website or enter into a contract with us.

Legal basis for processing: necessary to perform a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why necessary to perform a contract: we need the mandatory information collected by our checkout form to establish who the contract is with and to contact you to fulfil our obligations under the contract, including sending you receipts and order confirmations. We ask you for your industry type so that we can know the industry types who attend each year and better structure Events to fit the needs of our attendees.

Legal basis for processing: compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).

Legal obligation: we have a legal obligation to issue you an invoice for the goods and services you purchase from us, and we require the mandatory information collected by our checkout form for this purpose. We also have a legal obligation to keep accounting records, including records of transactions.

Optional information

We collect optional information from you, such as dietary preferences (for the Event meals). We provide the ability to opt out of receiving event news and updates from us. For further information, see ‘Marketing communications’ in this section below. If you do not supply the optional information requested at checkout, we may be limited in what special requests we can accommodate.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests: We ask you to designate AIA number so that we can give you credit for your sessions attended, and we ask for your dietary preferences so that we can order the appropriate meals based on your preferences.

Processing your payment

After you place an order on our third-party registration forms, ExpoTracker and Map Your Show, you will need to make payment for the goods or services you have ordered. We use two third party payment processors, ExpoTracker Payment Services and Stripe, to process your payment.

ExpoTracker Payment Services collects, uses and processes your information, including payment information, in accordance with their privacy policies.

Stripe collects, uses and processes your information, including payment information, in accordance with their privacy policies. You can access their privacy policies via the following link(s): https://stripe.com/privacy

ExpoTracker is located in the U.S.A. Information relating to the processing of your payment is collected, accessed from, transferred to, or stored in the United States or in other countries where ExpoTracker operates, including countries outside the European Economic Area (EEA), Switzerland, and UK.

Stripe is a global business. Information relating to the processing of your payment is stored within and outside the European Economic Area on their third-party payment processor’s servers in the European Union, U.S.A., and India.

For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below titled European Privacy Rights.

Legal basis for processing: necessary to perform a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why necessary to perform a contract: to fulfill your contractual obligation to pay for the goods or services you have ordered from us.

Marketing communications

We will automatically send you news and updates about the Events once you make a purchase and/or register for attendee passes and/or exhibit spaces. At checkout you will have the option of opting out of receiving emails from us that have news and updates about the Events. You check a box to designate that you do not want these emails.

We use a third-party service, Mailchimp, to administer our mailing list.

Information you submit to subscribe for our e-newsletter will be stored outside the European Economic Area on our third-party mailing list provider’s servers in the U.S.A. For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below titled European Privacy Rights.

For more information about our third-party mailing list provider, please see their privacy policy which is available here: https://www.intuit.com/privacy/statement/.

Information collected or obtained from trusted third parties

This section sets out how we obtain or collect information about you from third parties.

Information shared with us from third parties

It is possible that third parties with whom we have had no prior contact may provide us with information about you. Information shared by third parties will generally be your name and contact details but may include any additional information which they provide to us.

Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation); consent (Article 6(1)(a) of the General Data Protection Regulation); our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Reason why necessary to perform a contract: where a third party has passed on information about you to us (such as your name and email address) in order for us to provide services to you, we will process your information in order to take steps at your request to enter into a contract with you and perform a contract with you (as the case may be).

Consent: where you have asked that a third party to share information about you with us and the purpose of sharing that information is not related to the performance of a contract or services by us to you, we will process your information on the basis of your consent, which you give by asking the third party in question to pass on your information to us.

Legitimate interests: where a third party has shared information about you with us and you have not consented to the sharing of that information, we will have a legitimate interest in processing that information in certain circumstances.

For example, we would have a legitimate interest in processing your information to perform our obligations under a sub-contract with the third party, where the third party has the main contract with you. Our legitimate interest is the performance of our obligations under our sub-contract. Similarly, third parties may pass on information about you to us if you have infringed or potentially infringed any of our legal rights. In this case, we will have a legitimate interest in processing that information to investigate and pursue any such potential infringement.

Where we receive information about you in error

If we receive information about you from a third party in error and/or we do not have a legal basis for processing that information, we will delete your information.

Information obtained by us from third parties

In certain circumstances (for example, to verify the information we hold about you or obtain missing information we require to provide you with a service) we will obtain information about you from certain publicly accessible sources, both EU and non-EU, such as business directories, media publications, social media, and websites (including your own website if you have one).

Legal basis for processing: necessary to perform a contract or to take steps at your request to enter into a contract (Article 6(1)(b) of the General Data Protection Regulation);  our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Reason why necessary to perform a contract: where you have entered into a contract or requested that we enter into a contract with you, in certain circumstances, we will obtain information about you from public sources in order to enable us to understand your business and provide services to you or services to a sufficient standard.

For example, we would obtain and/or verify your email address from your website or from a directory where you ask us to send you information by email but we do not possess the information or we need to confirm that we have recorded your email address correctly.

Legitimate interests: in certain circumstances, we will have a legitimate interest in obtaining information about you from public and private sources. For example, if you have infringed or we suspect that you have infringed any of our legal rights, we will have a legitimate interest in obtaining and processing information about you from such sources in order to investigate and pursue any suspected or potential infringement.

Profiling

Profiling is any form of automated processing of your information to evaluate personal aspects about you, in particular to analyze or predict things like your performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Our web analytics service, Google Analytics, uses and collects information such as your location (based on your IP address) and your behavior (based on cookies) when you access our website (such as the pages you visit and what you click on). We will only process information from cookies if you have consented to us setting cookies on your computer in accordance with our cookies policy. Information collected about you, once collected is anonymized and stored on an aggregate basis.

Logic involved: by automatically analyzing and categorizing information such as the location (based on IP address) as well as the behavior and devices of visitors to our Website (using cookies), we are able to gain a better understanding of what our website visitors want (in terms of the content of our Website and our products), how to improve our Website and how to advertise and market our services to them.

Significance and envisaged consequences: cookies will be used to track and store information about your behavior and device on our Website (unless you have opted out from receiving such cookies) and your location will be analyzed based on your IP address.

Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: running and managing our business efficiently.

Disclosure and additional uses of your information

This section sets out the circumstances in which we will disclose information about you to third parties and any additional purposes for which we use your information.

Disclosure of your information to service providers

We may share your personal information with third parties who assist in providing our products and services and administering our business. These include IT and marketing technology host suppliers, web and data hosting providers, mailing houses, ad servers, logistics and general services contractors, debt collection agencies, onsite health and safety partners, event registration partners, sales platform providers, communication tool providers, stand designers/builders/fitters, suppliers of sponsorship/marketing/PR collateral and other event collaboration partners. Personal information will only be shared with third parties if and to the extent it is necessary for them to provide our products and services to you. They are required to comply with appropriate security measures to protect your Personal Data and are bound to compliance through contracts in place that protect the personal information you have shared with us.

These third-party service providers are located in the USA and India and include the following:

• Email provider(s), including Mailchimp. Their privacy policy is available here: https://www.intuit.com/privacy/statement/
• Hosting provider(s), including WPEngine. Their privacy policy is available here: https://wpengine.com/legal/privacy/
• Registration form software, including ExpoTracker. Their privacy policy is available here: https://www.ExpoTracker.com/en/ExpoTracker-global-privacy-policy
• Customer relationship database manager, including Pipedrive. Their privacy policy is available here: https://www.pipedrive.com/en/privacy
• Cloud database, including Google Drive. Their privacy policy is available here: https://policies.google.com/privacy
• Website traffic analytics, including Google Analytics. Their privacy policy is available here: https://policies.google.com/privacy
• Mobile App provider, including grip. Their privacy policy is available here: https://www.grip.events/utility-pages/privacy-policy
• Additional providers as determined by contract with Trifecta Collective for Services

Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest relied on: where we share your information with these third parties in a context other than where is necessary to perform a contract (or take steps at your request to do so), we will share your information with such third parties in order to allow us to run and manage our business efficiently.

Legal basis for processing: necessary to perform a contract and/or to take steps at your request prior to entering into a contract (Article 6(1)(b) of the General Data Protection Regulation).

Reason why necessary to perform a contract: we may need to share information with our service providers to enable us to perform our obligations under that contract or to take the steps you have requested before we enter into a contract with you.

Disclosure of your information to other third parties

We disclose your information to other third parties in specific, limited circumstances, as set out below.

Providing information to third parties such as Google Analytics. Google collects information through our use of Google Analytics on our website. Google uses this information, including IP addresses and information from cookies, for several purposes, such as improving its Google Analytics service. Information is shared with Google on an aggregated and anonymized basis. To find out more about what information Google collects, how it uses this information and how to control the information sent to Google’s Privacy Policy.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest(s): meeting our contractual obligations to Google under our Google Analytics Terms of Service (https://www.google.com/analytics/terms/us.html)

You can opt out of Google Analytics by installing the browser plugin here: https://tools.google.com/dlpage/gaoptout.

Information collected by Google Analytics is stored outside the European Economic Area on Google’s servers in the United States of America. For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below titled European Privacy Rights.

We may disclose your information with third parties, which are either related to or associated with the running of our business, where it is necessary for us to do so. These third parties include our vendors, consultants, independent contractors and other service providers who perform services on our behalf. These services include payment processors, event fulfillment providers, analyzing website usage/analytics, preventing spam and security threats related to abusive automated software, managing online activities, gathering product feedback, providing help desk support, operating our CRM, facilitating transactions, tracking marketing campaigns, and handling email communications. 

Trifecta Collective may also share your personal information with event partners or producers, as well as banking, legal, insurance and accounting services (who may act as processors or controllers) to the extent we are legally obliged to share or have a legitimate interest in sharing your personal information.  

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest: running and managing our business efficiently.

Sharing your information with a prospective or actual purchaser or seller

In the event we go through a business transition (such as a merger, acquisition by another

company, bankruptcy, or sale of all or a portion of our assets, including, without limitation, during any due diligence process), your Personal Data will likely be among the assets transferred. By providing your Personal Data, you agree that we may transfer such information in those circumstances without your further consent.

Legal basis for processing: legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interest(s): sharing your information with a prospective purchaser, seller or similar person in order to allow such a transaction to take place.

Other Disclosure Scenarios

We reserve the right, and you hereby expressly authorize us, to share User Information: (1) in response to subpoenas, court orders, or legal process, or to establish, protect, or exercise our legal rights or defend against legal claims; (2) if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the safety of any person or property; (3) if we believe it is necessary to investigate, prevent, or take action regarding significant abuse of the Services infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of information); (4) to protect and defend our legal rights or property, our Services or other users, or any other party, and to protect the health and safety of our users or the general public; (5) to our parent company, subsidiaries, joint ventures, or other companies under common control with us (in which case we will require such entities to honor this Privacy Policy); (6) and whenever required by law.

Legal basis for processing: our legitimate interests (Article 6(1)(f) of the General Data Protection Regulation).

Legitimate interests: preventing crime or suspected criminal activity (such as fraud); enforcing our legal rights and taking steps to enforce our legal rights; resolving disputes and potential disputes; where the legal obligations are part of the laws of another country and have not been integrated into the United Kingdom’s legal framework, we have a legitimate interest in complying with these obligations.

How long we retain your information

We will only retain personal information for as long as is necessary and as permitted by applicable laws.

We will retain personal information while we are using it, as described in the sections above. We may continue to retain it after we have ceased such uses for certain legitimate business purposes. For example, if you have opted out of marketing communications from us, we will retain limited details about you to ensure we can honor your opt-out request. We may also continue to retain your personal information to meet our legal requirements or to defend or exercise our legal rights.

The length of time for which we will retain your personal information will depend on the purposes for which we need to retain it. After we no longer need to retain your personal information, it will be deleted or securely destroyed, taking into account the following:

• The category of personal information.
• The purpose and use of the information, whether it is necessary to operate or provide our Services in order to continue to perform our obligations under a contract.
• Whether we have any legal basis or obligation to continue to process your information (such as your consent or any record-keeping obligations imposed by relevant law or regulation).
• Any relevant agreed industry practices on how long information should be retained.
• The levels of risk, cost and liability involved with us continuing to hold the information.
• Any relevant surrounding circumstances (such as the nature and status of our relationship with you).

How we secure your information

We have implemented commercially reasonable security measures to help protect your personal information against unauthorized access or disclosure, misuse, accidental loss or destruction, including:

• Only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymized basis wherever possible.
• Using secure servers that store your information with control over who has access.
• Verifying the identity of any individual who requests access to information prior to granting them access to information.
• Using Secure Sockets Layer (SSL) software to encrypt any information you submit to us via any forms on our website and any payment transactions you make on or via our website.

Transmission of information to us

While we take all reasonable steps to ensure that personal information will be kept secure from unauthorized access, we cannot guarantee it will be secure during transmission by you. Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk. We are not responsible for any costs, expenses, loss of profits, harm to reputation, damage, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us.

European Privacy Rights

If you are a resident of the EEA, United Kingdom, or Switzerland, the following information applies with respect to our collection, use, and disclosure of your personal data and additional rights you have under applicable law.

Purposes of processing and legal basis for processing

We process personal data for the purposes described in “Disclosure and How We Use Your Information” above. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide the Services; (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedoms related to data privacy; and (4) where we need to comply with a legal or regulatory obligation. To the extent permitted under applicable laws, we will also process, transfer, disclose, and preserve personal data when we have a good faith belief that doing so is necessary.

Transfers of your information outside the European Economic Area

We may transfer or store your personal information outside your jurisdiction, including to countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator. In certain circumstances we will transfer your information outside the EEA or to an international organization to comply with legal obligations to which we are subject (compliance with a court order, for example). Where we are required to do so, we will ensure appropriate safeguards and protections are in place.

Your rights

Under certain conditions, you may have the right to require us to:

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object to where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.

We hope to resolve any privacy concerns you may have. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to any supervisory authority or other public body with responsibility for enforcing privacy laws.

Questions or Complaints

If you are a resident of the EEA, United Kingdom, or Switzerland, and have a concern about our processing of personal information that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside.

Your privacy rights and choices

Subject to certain limitations on certain rights which you can exercise by writing to Trifecta Collective LLC, 2300 Clarendon Blvd., Ste. 305, Arlington, VA 22201, or sending a message through our contact form. These rights may include, subject to any exceptions or limitations:

• The right to know what personal information is being collected and for what purpose.  
• The right to know what personal information is being ‘sold’ or ‘shared’, for what purpose and the categories of recipients of your personal information.
• The right to access your personal information.
• The right to have your personal information rectified, corrected, or updated.
• The right to have your personal information deleted, including from any third parties where your personal information has been sold, shared, or disclosed.  
• The right to restrict our processing of your personal information.
• The right to opt out of the ‘sale’ or ‘sharing’ of your personal information. 
• The right to withdraw your consent at any time (to the extend processing is based on consent).
• The right to object to the processing of your personal information.
• The right not to be subject to any automated decision making and profiling.  
• The right not to be discriminated against for exercising your rights.

In accordance with Article 77 of the General Data Protection Regulation, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the General Data Protection Regulation. For the purposes of the UK, the supervisory authority is the Information Commissioner’s Office (ICO), the contact details of which are available here: https://ico.org.uk/global/contact-us/.

Further information on your rights in relation to your personal data as an individual

The above rights are provided in summary form only and certain limitations apply to many of these rights. For further information about your rights in relation to your information, including any limitations which apply, please visit the following pages on the ICO’s website:

• https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/; and
• https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

You can also find out further information about your rights, as well as information on any limitations which apply to those rights, by reading the underlying legislation contained in Articles 12 to 22 and 34 of the General Data Protection Regulation, which is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf.

Verifying your identity where you request access to your information

Where you request access to your information, we are required by law to use all reasonable measures to verify your identity before doing so. These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or general unauthorized access to your information. Where we possess appropriate information about you on file, we will attempt to verify your identity using that information. If it is not possible to identify you from such information, or if we have insufficient information about you, we may require original or certified copies of certain documentation to be able to verify your identity before we can provide you with access to your information. We will be able to confirm the precise information we require to verify your identity in your specific circumstances if and when you make such a request.

Your right to object to the processing of your information for certain purposes

You have the following rights in relation to your information, which you may exercise by writing to Trifecta Collective LLC, 2300 Clarendon Blvd., Ste. 305, Arlington, VA 22201, or sending a message through our contact form:

• to object to us using or processing your information where we use or process it to carry out a task in the public interest or for our legitimate interests, including ‘profiling’ (i.e. analyzing or predicting your behavior based on your information) based on any of these purposes; and
• to object to us using or processing your information for direct marketing purposes (including any profiling we engage in that is related to such direct marketing).

You may also exercise your right to object to us using or processing your information for direct marketing purposes by:

• clicking the unsubscribe link contained at the bottom of any marketing email we send to you and following the instructions which appear in your browser following your clicking on that link; or
• sending a message through our contact form.

You can reject some or all of the cookies we use on or via our website by changing your browser settings or non-essential cookies by using our cookie control tool but doing so can impair your ability to use our website or some or all of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org.

Sensitive Personal Data

Sensitive personal data is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation. We do not knowingly or intentionally collect sensitive personal data from individuals, and request you not send or disclose sensitive personal data to us.

If, however, you inadvertently or intentionally transmit sensitive personal data to us, you will be considered to have explicitly consented to us processing that sensitive personal data under Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal data for the purpose of deleting it.

Third party links

Third party links on our websites are subject to separate privacy practices. We are not responsible for the privacy practices of these websites and do not accept any liability in connection with their content. We recommend reviewing the privacy policy of each third- party site linked from this website to determine its use of your personal information.

Changes to our Privacy Policy

We may update and amend our Privacy Policy from time to time. When changes to our Privacy Policy are made, we will update our Privacy Policy with a new effective date. Where material changes are made to the Privacy Policy, or the way in which we treat your Personal Data, we will notify you by email (where possible) or by posting a notice on our website. We may also provide notice to you in other ways at our discretion. You are advised to review this privacy policy periodically for any changes.

Wherever required, we will obtain your prior consent before using your information for a purpose that is different from the purposes for which we originally collected it. Your continued use of the Services after the effective date of the revised Privacy Policy will constitute your consent to those changes.

Children’s Privacy

Because we care about the safety and privacy of children online, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations that protect the privacy of children using the internet. We do not knowingly contact or collect information from persons under the age of majority in your jurisdiction, including any information that requires parental notice and consent. The website is not intended for use or to solicit information of any kind from persons under the age of 18.

It is possible that we could receive information pertaining to persons under the age of 18 by the fraud or deception of a third party. If we are notified of this, we will dispose of that information in accordance with COPPA and other applicable laws and regulations. If you are a parent or guardian and you believe that your child under the age of 13 has provided us with personal information without COPPA-required consent, please notify us by sending a message through our contact email. You may also contact us by postal mail at the following: Trifecta Collective LLC, 2300 Clarendon Blvd, Suite 305, Arlington, VA, 22201.

California and Delaware Do Not Track Disclosures

“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on a Do Not Track signal in their browser, the browser sends a message to websites requesting that they do not track the user. For information about Do Not Track, please visit www.allaboutdnt.org.

At this time, we do not respond to Do Not Track browser settings or signals. In addition, we use other technology that is standard to the internet, such as pixel tags, web beacons, and other similar technologies, to track visitors to the website. Those tools may be used by us and by third parties to collect information about you and your internet activity, even if you have turned on the Do Not Track signal. You can reject some or all of the cookies we use on or via our website by changing your browser settings or non-essential cookies by using our cookie control tool (click the beige-colored icon in the lower left of the site), doing so can impair your ability to use our website or some or all of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org.

Contact us

The data collected with respect to our website is administered by Trifecta Collective LLC. You can contact the data administrator by writing to Trifecta Collective LLC, 2300 Clarendon Blvd., Ste. 305, Arlington, VA 22201, or by sending a message through our contact email.

If you have any questions about this Privacy Policy, please contact the data administrator.