IDENTITY THEFT RESOURCE CENTER
What information does the ITRC collect and how is it used?
ITRC requests that you do not send us sensitive personal information such as Social Security numbers, dates of birth, crime reports, or any financial/medical account numbers. Any such information received by the ITRC will be immediately destroyed.
The ITRC website does not collect information from a child 13 years or younger without prior parental consent or direct parental notification. The ITRC website is intended for consumers age 14 or older. By using this site, user represents they are age 14 or older. ITRC advises all children under the age of 18 to seek parental consent before using our website.
User Provided Information: The website does have a live chat function for users to speak to ITRC Victim Advisors, but no sensitive personal information will be requested other than the state the user resides in as to provide them with relevant information according to their state’s laws. If the user chooses to provide the ITRC with sensitive personal information via live chat, said information will be immediately destroyed.
Automatically Collected Information: In order to provide the best website experience, the ITRC website does not honor Do Not Track signal requests as this website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Application and Live Chat Feature
The ITRC application does not collect information from a child 13 years or younger without prior parental consent or direct parental notification. The ITRC website is intended for consumers age 14 or older. By using this application, user represents they are age 14 or older. ITRC advises all children under the age of 18 to seek parental consent before using our application.
User Provided Information: The ITRC application may ask the user for their zip code in order to provide the user with the location of pertinent assistance, such as a Social Security office or local police station. The application does have a live chat function for users to speak to ITRC Victim Advisors, but no sensitive personal information will be requested other than the state the user resides in as to provide them with relevant information according to their state’s laws. If the user chooses to provide the ITRC with sensitive personal information via live chat, said information will be immediately destroyed.
The ITRC ID Theft Help app case log feature allows users to make entries into this feature regarding the steps victims have taken during their remediation process. This information can include but is not limited to date, time and duration of calls to specific entities that the victim must contact to remediate their case, forms requested or filed, and actions taken. Sensitive personal information is not collected and victims are instructed to NOT add notes to their log that contain PII. All case log entries are housed on the device upon which they are entered and not collected, retained, or stored by the ITRC.
If you do not want us to use your location for the purposes set forth above, you should turn off the location services for the mobile application located in your account settings or in your mobile phone settings and/or within the mobile application.
ITRC Call Center
The ITRC Call Center does not collect information from a child under the age of 18 years without prior parental consent or direct parental notification. The ITRC Call Center is intended for consumers age 18 or older. By calling the ITRC Call Center, the caller represents they are 18 years or older.
User Provided Information: The ITRC Call Center collects personal information for the sole purpose of identity theft mitigation. This information consists of the caller’s name, telephone number, email address, and state of residence. If you need to have forms mailed to you, we will also collect your mailing address.
Automatically Collected Information: The ITRC Call Center will automatically collect the phone number of the person calling.
Usage of Information
The ITRC uses the information collected solely for the purpose of providing identity theft case mitigation advice and conducting research on and about the crime of identity theft; however, individuals are not identified in the results of these studies.
Do third parties see and/or have access to information obtained by the ITRC?
Yes. We will share your information with third parties only in the ways that are described below:
We may disclose User Provided and Automatically Collected Information:
- as required by law, such as to comply with a subpoena, or similar legal process;
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.
- for research or statistical purposes; however, individuals are not identified in the results of these studies.
- with your express permission, we may share your information with the media or legislators who desire to contact and speak to individuals who have experienced particular identity theft abuses.
Data Retention Policy, Managing Your Information, Disposal
The ITRC will maintain personal information collected via its Call Center in electronic form using SalesForce, a database program specially designed for enterprise business services. The SalesForce database used by ITRC is accessible by ITRC staff and third party vendors for the specific purpose of case remediation only, and with permissions regulated strictly by individual login. Safeguards for the protection of electronic files include both hardware and software firewalls, use of SSL technology for all connections, verified IP for all connections, and discrete user tokens on each user machine, as well as user name and password protection. Information can include name, state of residence, phone number, and/or e-mail address, and in some cases city and street address.
All other personal and non-personal information collected by the ITRC are to be stored in electronic form on the ITRC file server, in an access controlled room, within the ITRC facility. They are protected by appropriate firewalls and intrusion detection. External access to the server is limited to secure VPN only.
Because the ITRC undertakes an advisory role with victims of identity theft, and because the nature of this crime may require years for mitigation, victims have the expectation that ITRC will retain for safekeeping and future access any case information that may be of use to the victim’s case in the future. ITRC has the ability to store client files for safekeeping indefinitely in a secure, locked storage unit housed in the same building as the ITRC offices. Data will be retained for a minimum period of three years and/or destroyed at the request of the victim.
We do not use the ITRC website or application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at firstname.lastname@example.org. We will delete such information from our files within a reasonable time.
We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our services. Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
If you have any questions regarding privacy while using the Application, or have questions about our practices, please contact us via email at email@example.com.