Privacy Policy

The ITRC maintains a strict privacy policy that governs how we obtain, use, and store information from the people who visit our website, mobile application, live chat messaging, and contact center.

The ITRC collects the minimum amount of personal information, which we outline below, needed to assist victims of identity crimes and compromises. We do not sell any of the information we collect from individuals who use our products and services.

By using any of our products or services, including idtheftcenter.org you are consenting to the procedures outlined in the Policy below.

The ITRC collects certain types of information when voluntarily provided by you, but we may also automatically collect some information. Information is collected through our website, Live Chat messaging service, and Contact Center advisors. We refer to these products and services as “Properties” for easier reading in this policy, which applies to all properties where we might obtain information about you.

Information you voluntarily provide: You may be prompted to enter certain information when taking actions on an ITRC Property. This information may include, but is not limited to: name, email, state of residence, telephone number, and zip code.  

The ITRC requests that you do not send us sensitive personal identifiable information (SPII) such as Social Security numbers, dates of birth, crime reports, or any financial/medical account numbers. Any SPII received by the ITRC will not be retained and will be immediately destroyed. 

Information we automatically collect: In order to provide the best experience on our Properties, the ITRC collects data automatically from you that includes, but is not limited to: IP address, location and website activity. This information is never displayed for a specific user and cannot be tied to personally identifiable information like name or email address.

The ITRC uses certain website tools, social media platforms, and phone services to connect with you. The cookies, pixel tags, location, and phone services we use do not collect uniquely identifying information about you.

Our website tools and social media platforms use cookies and pixel tags to optimize experience and communication. Cookies are text files placed on a website and stored on the web browser of a user’s computer.

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by verified third-party partners like Google, Inc. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of our website.

Pixel tags, similar to cookies, are placed on a website invisibly and used to track how you interact with our website. Cookies and pixels used for automatic collection of data on ITRC Properties include but are not limited to: Google Analytics, Google Ads, Google Tag Manager, Facebook, Instagram, Twitter, and Pinterest.

Website and mobile applications have the ability to use device geographical location services to provide improved assistance. Location services are set by you using the preferences settings on your device.

If you call the ITRC Contact Center, we will automatically collect your phone number to help ensure we offer the support services you require in an efficient and speedy manner.

The ITRC uses the information collected from you to communicate effectively and efficiently with you, provide best-in-class mitigation assistance services, and research identity crimes and compromises.

To improve the user experience, we may use information to make enhancements to ITRC Properties. This includes using analytical products or services to anonymously examine behaviors to better serve your needs.

The ITRC does not sell any information about individual users and we do not share information about you except under the limited circumstance described below.

Research is a part of the ITRC’s mission and our goal is to better understand and prevent identity crimes and compromises. We might ask you from time to time to take part in a survey or quiz for research purposes. You will not be identified in the resulting research studies. We may share anonymized information with third-party research partners from time to time for purposes of analysis. We may also ask your permission to share your personal information with third-party research partners, but will not do so if you request to keep your information confidential.

The ITRC collects, uses, and stores certain business contact information, including email addresses and the names of the employees associated with those addresses. We may also collect additional business contact information such as telephone and mobile telephone numbers.

The ITRC does not sell but may share business contact information with affiliated sponsor or partner organizations. When we share business contact information, it is for the purpose of developing relevant content or for the promotion of ITRC business products or services to other businesses.

The ITRC also collects, uses, and stores information about publicly reported data breaches and compromises for sale to businesses, government agencies, academic institutions, and other organizations to help defray the costs associated with providing victim assistance services for free.

The information aggregated in the data compromise database does not contain any personally identifiable information about individuals whose data has been compromised. The information is collected from public sources and is made available in summary form to consumers on the ITRC website.

Our expert advisors may use personal information provided by you to contact and assist you in remediating identity crimes. This may include phone calls, emails, or letters.

We may provide information about ITRC services, capabilities and resources through multiple advertising channels such as social media, keyword advertising, and display advertising. We do not sell or share your information to advertising platforms or publishers.

From time to time, the ITRC does use third-party advertising platforms to serve advertisements based on your interests, demographics, or previous behaviors as well as third-party advertising companies to serve interest-based advertisements. These platforms collect their own information to create targeting capabilities.

We may disclose your voluntarily provided and automatically collected information in the ways described below.

• As required by law, such as to comply with a subpoena, or similar legal process;
• When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
• With our trusted service providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.
• With your expressed permission, we may share your information with the media, public officials such as legislators or regulators who desire to contact and speak to individuals whose identities have been misused or compromised, and third-party research partners.

The ITRC will maintain personal information collected via its Contact Center in electronic form using Salesforce, a database program specially designed for enterprise business services.

The Salesforce database used by the ITRC is only accessible by ITRC staff and specific third-party vendors for the specific purpose of case remediation, with controlled access by individual login. Safeguards for the protection of electronic files include both hardware and software firewalls, use of SSL technology for all connections, verified IP for all connections, and discrete user tokens on each user machine, as well as username and password protection. Information may include name, state of residence, phone number, and/or e-mail address, and in some cases city and street address. The ITRC does not sell this information and sharing is limited to those uses outlined in this policy.

The ITRC uses the MailChimp email service to send newsletters and research reports to subscribers who have voluntarily provided their name and email address. MailChimp stores the email addresses. MailChimp is a trusted platform that upholds the privacy of this policy. A subscriber may unsubscribe from the MailChimp mailing list at any time and their information will be removed.

All other personal and non-personal information collected by the ITRC is stored in electronic form in an ITRC-controlled server in an access-controlled room within a secure third-party service provider. They are protected by appropriate firewalls and intrusion detection. External access to the server and / or information is limited to secure remote access services and software such as secure cloud services.

Because the ITRC undertakes an advisory role with victims of identity theft, and because the nature of this crime may require years for mitigation, victims have the expectation that the ITRC will retain for safekeeping and future access any case information that may be of use to victims’ case in the future.

The ITRC does not use our website to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at [email protected]. We will delete such information from our files within a reasonable time.

The ITRC Contact Center does not collect information from a child under the age of 18 years without prior parental consent or direct parental notification. The ITRC Contact Center is intended for consumers age 18 or older. By calling the ITRC Contact Center, the caller represents they are 18 years or older.

The ITRC properties do not collect information from a child 13 years or younger without prior parental consent or direct parental notification. ITRC Properties are intended for consumers age 14 or older. By using ITRC properties, you represent you are age 14 or older. ITRC advises all children under the age of 18 to seek parental consent before using our website.

We are dedicated to safeguarding your information. We provide physical, electronic, and process safeguards to protect information we collect, use, and store. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to provide or improve our services or develop new ones. Please be aware that, although we endeavor to provide reasonable security for information we collect, use, or store, no security system can prevent all potential security breaches.

In the event of a security breach that leads to the unauthorized access of personal information stored by the ITRC or a third-party vendor under contract to the ITRC, the ITRC will notify the affected individuals at the email address, if any, on file with the ITRC as well as post a notice on the idtheftcenter.org website and issue a news release.

We update this Privacy Policy from time to time as we deem necessary. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here. You may receive an email or other notification informing you of a Privacy Policy update. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes. You can ask to view previous Privacy Policies by contacting our team at [email protected].

By using the ITRC website or application you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us from time to time. “Processing,” means using cookies on a computer/handheld device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information, all of which activities will take place in the United States. If you reside outside the United States your information will be transferred, processed and stored there under United States privacy standards.

If you have any questions regarding this privacy policy, or have questions about our practices, please contact us.

Email: [email protected]

Mail:    ITRC

2514 Jamacha Rd.
Ste. 502-525
El Cajon, CA 92019-4492