IDENTITY THEFT RESOURCE CENTER PRIVACY POLICY

Effective August 17, 2020

In accordance with state and federal laws the following is the privacy policy for the Identity Theft Resource Center (ITRC).

Your privacy is important to us. 

The ITRC maintains a strict privacy policy that governs how we obtain, use, and store information from the people who visit our website, mobile application, live chat messaging and contact center. The ITRC collects the minimum amount of personal information, which we outline below, needed to assist victims of identity crimes and compromises. We do not sell any of the information we collect from individuals who use our products and services. By using any of our products or services, including idtheftcenter.org you are consenting to the procedures outlined in the below Policy.

What information does the ITRC collect from you and how is it used?

The ITRC collects certain types of information when voluntarily provided by you, but we may also automatically collect some information. Information is collected through our website, mobile application, Live Chat messaging service and Contact Center. We refer to these products and services as “Properties” for easier reading in this policy, which applies to all properties where we might obtain information about you. Information you provide: You may be prompted to enter certain information when taking actions on an ITRC Property. This information may include, but is not limited to: name, email, state of residence, and zip code.  All mobile application case log entries are housed on the device you use and not collected, retained, or stored by the ITRC. The ITRC requests that you do not send us sensitive personal identifying information (SPII) such as Social Security numbers, dates of birth, crime reports, or any financial/medical account numbers. Any SPII received by the ITRC will not be retained and will be immediately destroyed.  Information we automatically collect: In order to provide the best experience on our Properties, the ITRC collects data automatically from you that includes, but is not limited to: IP address, location and website activity. This information is never shown for a specific user and cannot be tied to personally identifiable information like name or email address. How your information is automatically collected The ITRC uses certain website tools, social media platforms, mobile applications and phone services to connect with you. The cookies, pixel tags, location, and phone services we use do not collect uniquely identifying information about you. Our website tools and social media platforms use cookies and pixel tags to optimize experience and communication. Cookies are text files placed on a website and stored on the web browser of a user’s computer. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by verified third-party partners like Google, Inc. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website. Pixel tags, similar to cookies, are placed on a website invisibly and used to track how you interact with our website. Cookies and pixels used for automatic collection of data on ITRC Properties include but are not limited to: Google Analytics, Google Ads, Google Tag Manager, Facebook, Instagram, Twitter, and Pinterest. Website and mobile applications have the ability to use device geographical location services to provide improved assistance. Location services are set by you using the preferences settings on your device. If a device allows, the ITRC might view location to best serve a user and provide accurate information and assistance based on the law in the user’s location. If you call the ITRC Contact Center, we will automatically collect your phone number to help ensure we offer the support services you require in an efficient and speedy manner.

How we use your information 

The ITRC uses the information collected from you to communicate effectively and efficiently with you, provide best-in-class mitigation assistance services, and research identity crimes and compromises. The ITRC does not sell or share any information about individual users. To improve user experience, we may use information to make enhancements to ITRC Properties. This includes using analytical products or services to anonymously examine behaviors to better serve your needs. Research is a part of the ITRC’s mission and our goal is to better understand and prevent identity crimes and compromises. We might ask you from time to time to take part in a survey or quiz for research purposes. You will not be identified in the resulting research studies or your identity linked to your individual answers. We may share anonymous information with third-party research partners from time to time for purposes of analysis, and we may share your information with third-party research partners after obtaining your express permission.

How we collect, use, and store business information

The ITRC collects, uses, and stores certain business contact information, including email addresses and the names of the employees associated with those addresses. We may also collect additional business contact information such as telephone and mobile telephone numbers. The ITRC does not sell but may share business contact information with affiliated sponsor or partner organizations. When we share business contact information, it is for the purpose of developing relevant content or for the promotion of ITRC business products or services to other businesses. The ITRC also collects, uses, and stores information about publicly reported data breaches and compromises for sale to businesses to help defray the costs associated with providing victim assistance services for free. The information aggregated in the data compromise database does not contain any personally identifiable information about individuals whose data has been compromised. The information is collected from public sources and is made available in summary form to consumers on the ITRC website.

How we use information to communicate with you

Our expert advisors may use personal information provided by you to contact and assist you in remediating identity crimes. This may include phone calls, emails, or letters.

How we use information in advertising

We may provide information about ITRC services, capabilities and resources through multiple advertising channels such as social media, keyword advertising, and display advertising. We do not sell or share your information to any third party except as outlined later in this policy, but at no time do we sell your information to advertising platforms or publishers. From time to time, the ITRC does use third-party advertising platforms to serve advertisements based on your interests, demographics, or previous behaviors as well as third-party advertising companies to serve interest-based advertisements. These platforms collect their own information to create targeting capabilities.

How we share your information

• We may disclose your voluntarily provided and automatically collected information in the ways described below. • As required by law, such as to comply with a subpoena, or similar legal process; • When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; • With our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement. • With your express permission, we may share your information with the media, public officials such as legislators or regulators who desire to contact and speak to individuals whose identities have been misused or compromised, and third-party research partners.

How we retain, manage, and dispose of your Information

The ITRC will maintain personal information collected via its Contact Center in electronic form using SalesForce, a database program specially designed for enterprise business services. The SalesForce database used by the ITRC is only accessible by ITRC staff and specific third-party vendors for the specific purpose of case remediation, with controlled access by individual login. Safeguards for the protection of electronic files include both hardware and software firewalls, use of SSL technology for all connections, verified IP for all connections, and discrete user tokens on each user machine, as well as username and password protection. Information may include name, state of residence, phone number, and/or e-mail address, and in some cases city and street address. The ITRC does not sell this information and sharing is limited to those uses outlined in this policy. The ITRC uses the MailChimp email service to send out weekly newsletters to subscribers who have voluntarily provided their name and email address. MailChimp stores the email addresses. MailChimp is a trusted platform that upholds the privacy of this policy. A subscriber may unsubscribe from the MailChimp mailing list at any time and their information will be removed. All other personal and non-personal information collected by the ITRC are stored in electronic form in an ITRC-controlled server in a access controlled room within the ITRC offices or a secure third-party service provider. They are protected by appropriate firewalls and intrusion detection. External access to the server and / or information is limited to secure remote access services and software such as a Virtual Private Network or secure cloud services. Because the ITRC undertakes an advisory role with victims of identity theft, and because the nature of this crime may require years for mitigation, victims have the expectation that the ITRC will retain for safekeeping and future access any case information that may be of use to victims’ case in the future.

How we handle information about children

The ITRC does not use our website to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at itrc@idtheftcenter.org. We will delete such information from our files within a reasonable time. The ITRC Contact Center does not collect information from a child under the age of 18 years without prior parental consent or direct parental notification. The ITRC Contact Center is intended for consumers age 18 or older. By calling the ITRC Contact Center, the caller represents they are 18 years or older. The ITRC properties do not collect information from a child 13 years or younger without prior parental consent or direct parental notification. ITRC Properties are intended for consumers age 14 or older. By using ITRC properties, you represent you are age 14 or older. ITRC advises all children under the age of 18 to seek parental consent before using our website.

How we secure your information

We are dedicated to safeguarding your information. We provide physical, electronic, and process safeguards to protect information we collect, use, and store. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to provide or improve our services or develop new ones. Please be aware that, although we endeavor to provide reasonable security for information we collect, use, or store, no security system can prevent all potential security breaches.

Our privacy policy may change

We update this Privacy Policy from time to time as we deem necessary. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here. You may receive an email or other notification informing you of a Privacy Policy update. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes. You can ask to view previous Privacy Policies by contacting our team at itrc@idtheftcenter.org.

Your Consent

By using the ITRC website or application you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us from time to time. “Processing,” means using cookies on a computer/handheld device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information, all of which activities will take place in the United States. If you reside outside the United States your information will be transferred, processed and stored there under United States privacy standards.

Contact us

If you have any questions regarding this privacy policy, or have questions about our practices, please contact us. Email: itrc@idtheftcenter.org Mail: 365 Ruffin Road #204, San Diego, CA 92123