Skip to Main Content
Main Menu
Search Opener
Search Close
Contact us
Legal Center

Government Request Policy for Customer Data

TrustArc is dedicated to protecting the privacy of information, personal, or otherwise, entrusted to TrustArc and/or maintained on behalf of others. This Government Request Policy outlines the guidelines that TrustArc follows to process requests received from law enforcement, national security, and other regulatory bodies (“Government”), for information about our Customers, their employees, and/or their users (“Customer Data”).

General Principles

In general, TrustArc shall not disclose Customer Data and/or personal information (or the equivalent construct under applicable law) to Government authorities unless it is required by law or required to prevent serious injury or death. TrustArc carefully reviews all Government access requests for legitimacy, the need to comply, and where possible, limits the data provided to precisely what is required, and removes information that is not specifically requested/required.

When responding to Government requests TrustArc uses the following principles:

  • Authorities are encouraged to seek information directly from customers or end users before approaching TrustArc;
  • Customer Data will only be shared if the Government possesses appropriate legal authority, such as a valid warrant or court order with applicable jurisdiction;
  • TrustArc ensures that requests are specific and reasonable in scope, and may challenge requests that appear overly broad; and
  • Should TrustArc provide information, it does so minimally, meeting the exact demands of the request.

Customer Notification

TrustArc will, unless otherwise prohibited from doing so (e.g., by applicable law), alert Customers with as much advance notice as possible if their data is subject to a Government request in order to afford the Customer an opportunity to object. If advanced notice is not possible, but notice is otherwise legally permissible, TrustArc will provide as soon as permissible reasonably thereafter.

Requests for Personal Information Controlled by Customers

For requests pertaining to personal information only maintained on behalf of its Customers, but ultimately “controlled,” “owned,” or “entrusted” to Customer by individuals (or data-subjects), TrustArc will typically request that the Government directly submit the data disclosure request to the respective Customer. If the Government consents, TrustArc will assist the Customer, adhering to the terms outlined in their contract, in addressing the request.

International Government Access Requests

For international government access requests, TrustArc shall review each request on a country-by-country and case-by-case basis, balancing local legal obligations with our commitment to user safety and privacy. TrustArc may respond differently to requests from different countries where these commitments conflict with local law.

Submission Requirements

All Government access requests must comply with relevant and applicable laws and be submitted through official channels, such as via executed orders and/or made from official government email addresses.

Requests must be made under appropriate legal basis, and may require a Mutual Legal Assistance Treaty request, a request from a country meeting its legal obligations under the U.S. Cloud Act, a letter rogatory, or another form of domestication.

Government requests must be submitted via email at [email protected].

Each request should include the following information:

  • Agency name
  • Agent name and badge/identification number
  • Agent phone number
  • Agent mailing address
  • Requested response date

While TrustArc agrees to accept requests by email, neither TrustArc nor our Customers waive any legal rights based on this accommodation. Additionally, email requests must be made from an official Government email address.

 

Last Updated: July, 2024

 
Back to Top