Your privacy is important to us.
What information does the ITRC collect from you and how is it used?
How we use your information
The ITRC uses the information collected from you to communicate effectively and efficiently with you, provide best-in-class mitigation assistance services, and research identity crimes and compromises. The ITRC does not sell or share any information about individual users. To improve user experience, we may use information to make enhancements to ITRC Properties. This includes using analytical products or services to anonymously examine behaviors to better serve your needs. Research is a part of the ITRC’s mission and our goal is to better understand and prevent identity crimes and compromises. We might ask you from time to time to take part in a survey or quiz for research purposes. You will not be identified in the resulting research studies or your identity linked to your individual answers. We may share anonymous information with third-party research partners from time to time for purposes of analysis, and we may share your information with third-party research partners after obtaining your express permission.
How we collect, use, and store business information
The ITRC collects, uses, and stores certain business contact information, including email addresses and the names of the employees associated with those addresses. We may also collect additional business contact information such as telephone and mobile telephone numbers. The ITRC does not sell but may share business contact information with affiliated sponsor or partner organizations. When we share business contact information, it is for the purpose of developing relevant content or for the promotion of ITRC business products or services to other businesses. The ITRC also collects, uses, and stores information about publicly reported data breaches and compromises for sale to businesses to help defray the costs associated with providing victim assistance services for free. The information aggregated in the data compromise database does not contain any personally identifiable information about individuals whose data has been compromised. The information is collected from public sources and is made available in summary form to consumers on the ITRC website.
How we use information to communicate with you
Our expert advisors may use personal information provided by you to contact and assist you in remediating identity crimes. This may include phone calls, emails, or letters.
How we use information in advertising
We may provide information about ITRC services, capabilities and resources through multiple advertising channels such as social media, keyword advertising, and display advertising. We do not sell or share your information to any third party except as outlined later in this policy, but at no time do we sell your information to advertising platforms or publishers. From time to time, the ITRC does use third-party advertising platforms to serve advertisements based on your interests, demographics, or previous behaviors as well as third-party advertising companies to serve interest-based advertisements. These platforms collect their own information to create targeting capabilities.
How we share your information
• We may disclose your voluntarily provided and automatically collected information in the ways described below. • As required by law, such as to comply with a subpoena, or similar legal process; • When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; • With our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement. • With your express permission, we may share your information with the media, public officials such as legislators or regulators who desire to contact and speak to individuals whose identities have been misused or compromised, and third-party research partners.
How we retain, manage, and dispose of your Information
The ITRC will maintain personal information collected via its Contact Center in electronic form using SalesForce, a database program specially designed for enterprise business services. The SalesForce database used by the ITRC is only accessible by ITRC staff and specific third-party vendors for the specific purpose of case remediation, with controlled access by individual login. Safeguards for the protection of electronic files include both hardware and software firewalls, use of SSL technology for all connections, verified IP for all connections, and discrete user tokens on each user machine, as well as username and password protection. Information may include name, state of residence, phone number, and/or e-mail address, and in some cases city and street address. The ITRC does not sell this information and sharing is limited to those uses outlined in this policy. The ITRC uses the MailChimp email service to send out weekly newsletters to subscribers who have voluntarily provided their name and email address. MailChimp stores the email addresses. MailChimp is a trusted platform that upholds the privacy of this policy. A subscriber may unsubscribe from the MailChimp mailing list at any time and their information will be removed. All other personal and non-personal information collected by the ITRC are stored in electronic form in an ITRC-controlled server in a access controlled room within the ITRC offices or a secure third-party service provider. They are protected by appropriate firewalls and intrusion detection. External access to the server and / or information is limited to secure remote access services and software such as a Virtual Private Network or secure cloud services. Because the ITRC undertakes an advisory role with victims of identity theft, and because the nature of this crime may require years for mitigation, victims have the expectation that the ITRC will retain for safekeeping and future access any case information that may be of use to victims’ case in the future.
How we handle information about children
The ITRC does not use our website to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at firstname.lastname@example.org. We will delete such information from our files within a reasonable time. The ITRC Contact Center does not collect information from a child under the age of 18 years without prior parental consent or direct parental notification. The ITRC Contact Center is intended for consumers age 18 or older. By calling the ITRC Contact Center, the caller represents they are 18 years or older. The ITRC properties do not collect information from a child 13 years or younger without prior parental consent or direct parental notification. ITRC Properties are intended for consumers age 14 or older. By using ITRC properties, you represent you are age 14 or older. ITRC advises all children under the age of 18 to seek parental consent before using our website.
How we secure your information
We are dedicated to safeguarding your information. We provide physical, electronic, and process safeguards to protect information we collect, use, and store. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to provide or improve our services or develop new ones. Please be aware that, although we endeavor to provide reasonable security for information we collect, use, or store, no security system can prevent all potential security breaches.
GET ID THEFT NEWS
Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center