Last updated: 1 November 2023

Privacy Policy

Trace Space, Inc. ("Trace.Space", "we" and "us") respect your privacy. Please review the privacy policy below for ourcommitment to safeguarding your privacy online.This policy describes how we use Personal Data (as defined below) whenyou browse our Website, visit or use our Platform (including our Website and Services), with whom we share it, your rightsand choices, and how you can contact us about our privacy practices.Please note that any capitalized terms used and nototherwise defined below have the meanings assigned to them in the Terms Of Service or any applicable Master Service Agreement (MSA) which we have entered into with you.

Summary

We only collect and process information with your consent, or on another legal basis; we only require the minimum amountof personal data that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties, and weonly use it as this Privacy Policy describes.

If you're visiting us from the European Union (EU), European Economic Area (EEA), Switzerland, or the United Kingdom (UK),please see our global privacy practices: we are compliant with the EU General Data Protection Regulation (the "GDPR") and,in certain cases, with the certain local data protection laws (e.g., the “Federal Data Protection Act” in Germany, or theCalifornia Online Privacy Protection Act in the USA).

If you are visiting us from California, the USA, please note that you may have specific rights under the California OnlinePrivacy Protection Act, the California Consumer Privacy Act of 2018, and certain other privacy and data protection laws.No matter where you are, where you live, or what your citizenship is, we provide a high standard of privacy protection to allour users around the world, regardless of their country of origin or location.

1. What information do we collect

A. Personal Data Subjects. We may collect information from visitors to and/or users of our Platform (collectively, “Users” or“you”). This includes:

  • visitors of our Website who have not (yet) signed up to our Platform or Services;
  • natural persons who are our Customers (as defined in the Terms of Service or MSA), and.

We only collect and process information with your consent, or on another legal basis; we only require the minimum amount of personal data that is necessary to fulfill the purpose of your interaction with us; we don't sell it to third parties, and we only use it as this Privacy Policy describes.

If you're visiting us from the European Union (EU), European Economic Area (EEA), Switzerland, or the United Kingdom (UK), please see our global privacy practices: we are compliant with the EU General Data Protection Regulation (the "GDPR") and, in certain cases, with the certain local data protection laws (e.g., the “Federal Data Protection Act” in Germany, or the California Online Privacy Protection Act in the USA).

If you are visiting us from California, the USA, please note that you may have specific rights under the California Online Privacy Protection Act, the California Consumer Privacy Act of 2018, and certain other privacy and data protection laws.

No matter where you are, where you live, or what your citizenship is, we provide a high standard of privacy protection to all our users around the world, regardless of their country of origin or location.

1. What information do we collect

A. Personal Data Subjects. We may collect information from visitors to and/or users of our Platform (collectively, “Users” or “you”). This includes:

  • visitors of our Website who have not (yet) signed up to our Platform or Services;
  • natural persons who are our Customers (as defined in the Terms of Service or MSA), and
  • Authorized Users - individuals who are registered or permitted by one of our Customers to access an Organization's Workspace (as defined in the Terms of Service or MSA) and/or use the Services.

B. Types of Information. Information about you can be divided in two groups:

  • “Personally identifiable information” or personal data that can be used to identify or contact you (the “Personal Data” or “PII”). See Subsection C below.
  • “Aggregated Information” - information or data we collect that are anonymous or where all identifiable information has been removed. See Subsection D below.

Generally, no one is under a statutory or contractual obligation to provide any Personal Data or Aggregated Information (collectively “User Data”). Certain User Data has been collected automatically and, if some User Data such as the names and emails of the Authorized Users is not provided, we will be unable to provide the Services.

C. Personal Data. Personal Data is any piece of information that can potentially be used to identify, contact, or locate a user uniquely. We need this information so we can interact with each other and so that we can provide our Services in a high-quality way that is specific to your needs. You provide your Personal Data, for example, by signing up on our Platform or paying for the Services or visiting our Website.

For example, when you visit our Website, our systems automatically maintain web logs to record technical data about all visitors of our Website and store this information in our databases. These weblogs may contain information about you including the following: IP address, type(s) of operating system you use, type of device you use, date and time you visited our Website, your activity and/or referring websites and the pages most frequently accessed. Personal Data collected by us is protected as personal data under applicable data protection laws, for example, under the GDPR.

You are responsible for ensuring the accuracy of all Personal Data that you submit to us. Inaccurate Personal Data may affect your experience when using the Services and/or our ability to contact you as described in this Policy.We may transfer your Personal Data without de-identification or anonymization to our partners and service providers if it’s needed to improve our Services and Platform in case you have consented to this.

D. Aggregated Information. Aggregated Information is non-personally identifiable/anonymous Information about users of the Platform. Aggregated Information is used in a collective manner and no single person can be identified by the information compiled.We may de-identify or anonymize your Personal Data so that you cannot be individually identified by this data anymore. For example, we may de-identify your weblog data by removing all device identifiers (such as the identifying parts of your IP address).

We may provide that de-identified information to our partners, vendors and/or affiliates. We also may combine your de-identified information with that of other users to create aggregate de-identified data that may be disclosed to third parties who may use such information to understand how often and in what ways people use our Services so that they can provide you with an optimal online experience. For example, we may use the information gathered to create a composite profile of all the users of the Platform to understand users’ needs in order to design appropriate features and tools.

2. How do we collect your Personal Data

The Information that you provide directly to us will be apparent from the context in which you provide the data. In particular, we collect the following User Data:

A. Contact Information. When you create or update your Organization's Workspace we collect your full name, email address, phone number, company's name, role in your organization and account login credentials (audit logs).

When you fill in our online form to contact our sales team (e.g., schedule a call), we collect your full name, email, country, your guests' emails, phone number and anything else you tell us about your project, needs and timeline.
When you respond to Trace.Space emails, newsletters or surveys, we collect your email address, name and any other information you choose to include in the body of your email or responses.

B. Billing Details. When you subscribe to a paid plan version of the Services, our payment processor or bank collects your billing details. Different payment methods may require the collection of different types of information, such as your payment card number, CVC, expiration date and/or bank account number and/or a billing address.

Please note that payment information submitted by you will be processed by our payment processor or bank. We do not intentionally receive or process your billing information. However, we have access to some of our Customers’ billing details via our account with the payment processor or bank.

C. Information we collect automatically. Even if you do not provide information to us, we automatically collect technical data such as weblogs about your use of and interaction with our Platform and/or Website as described in Section 1 above. We use the technical data to troubleshoot problems, gather information for analysis of the Platform and/or Website usage, customize your experience when accessing our Platform, Services and for other business purposes.

D. Data from Third-Party Services. Our Customers can choose to permit or restrict Third-Party Services needed for better collaboration in their Organization’s Workspace. Typically, Third-Party Services refer to software that integrates into our Platform (e.g., Jira, Asana, GitHub) and the Customer can enable and disable these integrations. Once enabled, the provider of a Third-Party Service may share certain information with Trace.Space and vice versa. For example, if a cloud storage application is enabled to permit the import of files to your Organization’s Workspace, we may receive a user's name and email address, along with additional information that the application has elected to make available to Trace.Space to facilitate the integration. Authorized Users should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to Trace.Space. We do not, however, receive or store passwords for any of these Third-Party Services when connecting them to the Platform.

E. Third-Party Data. We may receive Information about you from outside sources, such as commercially available demographic or marketing information, and add or combine it with your information to provide better service to you and inform you of Services or other information that may be of interest to you. This data may be combined with the User Data we collect and might include aggregate level data, such as which IP addresses correspond to which zip codes or countries, or it might be more specific: for example, how well an online marketing or email campaign performed. We also offer you the functionality of using your social media credentials (e.g., Google, GitHub, Microsoft) and corporate identity management tools (e.g., Okta) for single sign-on to enter our Platform, and in that manner, we may also collect certain information from you as you log on. We will not collect more information from you when using your social media credentials beyond the information that third parties disclose to us.

F. Additional Information. We receive your Personal Data when you submit it to our Platform, if you participate in an offer, program or promotion, focus group, contest, webinar, activity or event, apply for a job, request support, interact with our social media accounts, sign up for email updates, give us your business card or contact details at conferences or other events, provide feedback or otherwise communicate with our team.

3. What is our legal basis for processing information

Under specific laws (including the GDPR), we are required to notify you about the legal basis on which we process your Personal Data. We will only collect and process personal data about you where we have a lawful basis. Lawful basis includes:

  • Consent, where you have given explicit consent (Art. 6 (1) (a) GDPR);
  • Contract, where processing is necessary to take steps to enter into, perform or terminate a contract with you (Art. 6 (1) (b) GDPR);
  • Compliance with a legal obligation, e.g. where we need your data for compliance with specific laws (Art. 6 (1) (c) GDPR);
  • Vital or public interest, where processing is necessary for the performance of a task carried out in the public interest of a data subject or another person (Art. 6 (1) (d) and (e) GDPR);
  • “Legitimate interests”, except where such interests are overridden by the interests, rights or freedoms of a data subject (Art. 6 (1) (f) GDPR). For example, we have a legitimate interest in operating, securing, and delivering our Platform to you or providing customer support and/or answering questions you have submitted to us. Please see section 4 below for details on how we use your Personal Data.

Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.

If you have any questions about the lawful basis upon which we collect and use your personal data, please feel free to contact our Data Protection Officer at: privacy@trace.space

4. How will we use your Personal Data

How we use your Personal Data will depend on which Services you use, how you use the Platform and the choices you make in your settings. Personal Data that is transferred by our Customer to Trace.Space in connection with the use of the Platform will be used and processed by us in compliance with the Customer’s instructions, including any applicable contract terms, and as required by applicable law.

When Trace.Space is the controller of the Personal Data (as described below), we use the User Data for operating our Platform, delivering Services, and doing our business.More specifically, we use User Data:

To provide you with our Platform. We process certain User Data (such as technical data and web logs) to operate our Platform and deliver to you our Website and Services.

To facilitate contractual and pre-contractual business relationships. We use Personal Data to enter into business relationships with prospective customers and to perform the contractual obligations under the contracts that we have with existing Customers. For example, we may collect your Personal Data to schedule calls and meetings for the Platform’s demo, preparing offers to you or setting up and managing a Organization’s Workspace on the Platform and performing certain accounting, auditing and billing activities.

To comply with our regulatory and other legal obligations, including Data Processing requirements of the GDPR and “Anti-Money Laundering” (AML) and “Know-Your-Customer” (KYC) obligations.

To personalize the Platform for you by understanding your needs. We use the User Data to customize our Services for you.

To create new features, tools and products. For example, we may improve functionality by using the User Data to help determine and rank the relevance of content to you and make Services suggestions based on historical use and predictive models.

For research and analysis. We conduct aggregate analysis, market research and planning, develop business intelligence, generate statistical studies that enable us to operate, protect, make informed decisions and report on the performance of our business.For customer support. We process User Data submitted to us via email, in-app chats, calls or other means of communications to provide you customer support (e.g. to answer questions you have submitted to us). Your emails, calls and other correspondence to and from us may be recorded for the purpose of improving our customer service, including monitoring customer service quality or compliance, checking the accuracy of the information you provide us or providing training for our personnel or customer service representatives only upon your preliminary consent. Any information obtained from you through Customer support will be treated according to the provisions of this Policy. Where required by applicable law, we will obtain your consent before processing your information for improving our customer service. Where technically possible, we will remove your personal information before we process your data, which then is no longer Personal Data, further for these purposes.

To protect Trace.Space, our Customers and the public. We use your Personal Data to ensure network and information security throughout the Platform, to prevent, investigate or address service errors, security or technical issues and abuses that could harm Trace.Space, our Customers or the public.

For Services-related communications. We may send you service, technical and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our Services, our offerings and important Services-related notices, such as security notices, changes in the privacy policy and terms of the Services. These communications are considered part of the Services and you may not unsubscribe from them.

For marketing and events-related communications. We sometimes send emails about new product features, promotional communications or other news about Trace.Space, our products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so per the applicable consent requirements. These are marketing messages (described in more detail below), so you can control whether you receive them.

For interest-based advertising. When you visit our Platform, both we and certain third parties collect information about your online activities over time and across different sites to provide you with advertising about products and services tailored to your specific interests (this type of advertising is called “interest-based advertising”). These third parties may place or recognize a unique cookie or other technology on your browser (including the use of pixel tags). Where required by applicable law, we will obtain your consent before processing your information for interest-based advertising.

5. Personal Data Trace.Space does not collect

No Sensitive Data. We do not intentionally collect, store, process or transmit any sensitive personal information, such as social security numbers, genetic data, health information or religious information. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data. We might erase the sensitive information that is uploaded to the Platform or otherwise provided to us without our request or consent, if such erasure is necessary for the public interest or compliance with our legal obligations.
Trace.Space is not a Business Associate or subcontractor as defined in terms of the United States Health Insurance Portability and Accountability Act of 1996 (the “HIPAA”).Trace.Space will have no liability for any Sensitive Personal Information, notwithstanding anything to the contrary herein.
We use a third-party payment processor to process payments made to us. In connection with the processing of such payments, we do not retain any financial information such as full credit card numbers. Rather, all such information is provided directly to our third-party processor, Stripe, whose use of your personal information is governed by their privacy policy, which may be viewed at https://stripe.com/us/privacy. We only have access to limited Personal Data in Stripe (i.e., name and email address), and only use this information to verify payments made to us.

No Minorities Data. If you're a child under the age of 16, you may not have an account on Trace.Space . We do not knowingly direct any of our content specifically to or collect information from children under 16. If we learn or have reason to suspect that you are a user who is under the age of 16, we will, unfortunately, have to close your account. Other countries may have different minimum age limits and if you are below the minimum age for providing consent for data collection in your country, you may not use Trace.Space . You may not use Trace.Space in California if you are a California resident under 16.

No End-User Data. We do not intentionally collect the Personal Data of Customers’ end-users that might be stored in your account. Information and content in a Customer's accounts belong to the Customer, and the Customer is fully responsible for it, as well as for making sure that your content complies with our Terms of Service. Any Personal Data within an Organization's Workspace is the responsibility of the Customer, namely the account's owner. The Customer shall be considered as the controller for the purposes of the GDPR. Please see Section 12 below for details.
No decisions are made based on your User Data that go beyond the automated requirements quality checking services of our Platform. No automated decision-making pursuant to Art. 22 GDPR takes place.

6. How We Disclose Personal Data

Please note that our Customers determine their policies and practices for the sharing and disclosure of the Personal Data under their control and Trace.Space does not control how they or any other third parties choose to share or disclose such Personal Data. We share your Personal Data with trusted entities with your explicit consent, based on our instructions and in compliance with appropriate confidentiality and security measures, as outlined below:

  • To Third-Party Vendors and Partners. We do share your Personal Data with a limited number of third-party vendors and business partners who process it on our behalf to provide or improve our Services, and who have agreed to privacy restrictions similar to our Privacy Policy. Our vendors perform functions such as payment processing, customer support ticketing, data storage and other related services.
  • To Third-Party Services. Our Platform enables integrations with third-party software that our Customers may use (e.g., Jira, Asana, GitHub). The Customer has sole discretion over whether to use these integrations. Once enabled, Trace.Space may share certain information with a Third-Party Service provider and vice versa. For example, we will share configuration parameters, including emails linked to the Organization’s Workspace to allow software management tools to integrate into said Workspace.
  • To Corporate Affiliates. We share User Data with our corporate affiliates (parents and/or subsidiaries) for internal administrative, operational, and group business purposes.
  • To Customer's Representatives. Authorized Customer representatives and personnel designated as 'owners' of a Organization’s Workspace may be able to access, modify, or restrict access to Personal Data of the Customer’s Authorized Users. It may include, for example, your employer using Service features to export activity logs from a Organization’s Workspace or accessing or modifying your profile details.
  • During a Change to Trace.Space 's Business. Some or all User Data may be shared or transferred, subject to standard confidentiality arrangements, if Trace.Space engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Trace.Space 's assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g., legal due diligence).
  • To Share Aggregated Data. We may disclose or use aggregated or de-identified Information with others about how our customers, collectively, use Trace.Space , or how our customers respond to our other offerings, such as conferences and events. For instance, we may compile statistics on the proportion of customers by industry and size. However, we do not sell this information to advertisers or marketers.
  • To Collaborate with Others. When an Authorized User submits Personal Data, it may be displayed to other Authorized Users. For example, your profile information, including email address, may be shared with other Authorized Users working in the same Organization’s Workspace.
  • To Share in Public. When you comment on our blogs or in our community forums, the information you provide on these resources may also be read, collected, used and shared by any visitors to these resources. It would be best if you were cautious when deciding whether to disclose your Personal Data in these areas related to the Platform. To request removal of your Personal Data from our community forums or social media pages, contact us at: privacy@trace.space We may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.
  • To Comply with Laws. If we receive a request for information, we may disclose User Data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process. Please find more in Section 15 hereof to understand how Trace.Space responds to requests to disclose data from government agencies and other sources.
  • To enforce our rights, prevent fraud and for safety. To protect and defend the rights, property or safety of Trace.Space or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.

We do not share, sell, rent or trade your Personal Data with third parties for their commercial purposes, except where you have specifically told us to (such as by activating an integration with third-party service providers).

We do not host advertising on Trace.Space. We may occasionally embed content from third-party sites, such as YouTube and that content may include ads. While we try to minimize the number of ads our embedded content contains, we cannot always control what third parties show. Any advertisements on individual Trace.Space web pages are not sponsored or tracked by Trace.Space.

We do not disclose your Personal Information outside Trace.Space, except in the situations listed in this section.

7. What are your data protection rights

A. Your data protection rights. We provide many choices about the collection, use and sharing of your Personal Data. Depending on your location and subject to applicable law, you may have a specific range of rights concerning the Personal Data we hold on you. For example, if you are visiting us from the EU, EEA, Switzerland, or the UK, you have the following rights under the conditions and to the extent provided in the GDPR and/or the UK data protection laws:

  • Delete Data: You can ask us to erase or delete all or some of your Personal Data (e.g., if it is no longer necessary to provide Services to you, Art. 17 GDPR).
  • Change or Correct Data: You can review, correct, or update your Personal Data through your account on the Platform or by contacting us at: privacy@trace.space. You can also ask us to change, update or fix your Personal Data in some instances, mainly if it is inaccurate (Art. 16 GDPR).
  • Object to, Limit or Restrict the Use of Data: You have the right to object to the processing of your Personal Data where the processing is necessary for the performance of a task carried out in the public interest or where the processing is necessary for our legitimate interests, according to Art. 21 (1) GDPR. You can object to the use of your Personal Data for marketing purposes at any time (Art. 21 (2) GDPR). You can limit our use of your Personal Data (e.g., if you contest the accuracy of your Personal Data or if you oppose to the erasure of your unlawfully held Personal Data, Art. 18 GDPR).
  • Right to Access and/or Take Your Data: You can ask us for a copy of your Personal Data (Art. 15 GDPR) and can ask for a copy of the personal data you provided in a standard machine-readable form (Art. 20 GDPR).
  • Right to file a complaint to the supervisory authority if you consider your rights to have been violated (Art. 77 GDPR). See Section 17 for details.
  • Right to withdraw your consent and/or to unsubscribe. You have the right to withdraw your consent to the processing of your Personal Data at any time (Art. 7 (3) GDPR). For example, we will only send you marketing and events-related communications if you expressly consent to this. To withdraw your consent, we provide you with the opportunity to “unsubscribe“ from having and using your Personal Data for specific marketing-related purposes at any time. In particular, Trace.Space offers you the following options to withdraw your consent and/or to unsubscribe:

    - Opt out from Marketing Communications. If you would no longer like to receive the latest insights about thought leadership, events & webinars to learn more about requirements management best practices.
    - Opt out from Blog Communications. If you would no longer like to receive the weekly Trace.Space blog updates.
    - Opt-out from Advertising Networks. We work with Google Ads and other advertising networks. To learn how to opt-out of behavioral advertising delivered by Network Advertising Initiative member companies, please visit the Network Advertising Initiative and Digital Advertising Alliance. You may download the AppChoices app to opt-out in mobile apps.
    - Opt-out from Use of Cookies and/or certain Third-Party Services. You can also opt-out from our use of certain categories of cookies and similar technologies and/or the processing of your Personal Data by certain Third-Party Service providers.

B. Exercising other data protection rights. To use your data protection rights, you can contact us at: privacy@trace.space. We take each request seriously. We will comply with your request to the extent required by applicable law. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.

C. Verification Procedure. For your protection, we may need to verify your identity before responding to your request, such as by verifying that the email address from which you sent the request matches the email address that we have on file for you. If we no longer need to process Personal Data about you to provide our Services, we will not maintain, acquire or additionally process information to identify you in order to respond to your request.

D. Notice to California residents. If you are a natural person resident in California, then, subject to certain limits under California law, you have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to exercise free of charge:
(1) Disclosure of Personal Information We Collect About You. You have the right to know:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information is collected;
- Our business or commercial purpose for collecting or selling personal information;
- The categories of third parties with whom we share personal information, if any;
and
- The specific pieces of personal information we have collected about you.

Please note that we are not required to:
- Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
- Re-identify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
- Provide the personal information to you more than twice in a 12-month period.(

2) Disclosure of Personal Information Sold or Used for a Business Purpose. In connection with any personal information we may sell or disclose to a third party for a business purpose, you have the right to know (i) the categories of personal information about you that we sold and the categories of third parties to whom the personal information was sold; and, (ii) the categories of personal information that we disclosed about you for a business purpose.

(3) Protection Against Discrimination. You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:

  • Deny goods or services to you;
  • Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • Provide a different level or quality of goods or services to you; or
  • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Please note that we may charge a different price or rate, or provide a different level or quality of services to you, if that difference is reasonably related to the value provided to us by your personal information.

8. Cookies

We use cookies and similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s) on, off and across different Services and devices. You can control cookies through your browser settings and other tools.

9. How do we store your data

Data Retention Period. We will process and store the User Data no longer than necessary. Subsequently, the Personal Data will be deleted in accordance with the statutory provisions.
In general, your Personal Data will be stored during the term of our contractual relationships. However, in some cases, Personal Data may be stored for longer due to laws applicable to Trace.Space or for as long as the retention of Personal Data is required due to other legal reasons (e.g. in accordance with Art. 17 (3) GDPR). Thus, among other things, storage and documentation obligations from commercial and tax laws apply. The retention and documentation periods specified there are six to ten years. In addition, the storage period for all other data is based on the statutory limitation periods, which are generally three years.
This may include keeping your Personal Data after you have deactivated your account for the necessary period for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

10. Security of Customer Data

We take the security of data very seriously. We work hard to protect User Data from loss, misuse and unauthorized access or disclosure. Trace.Space has based its practices on internationally recognized SOC 2 Type 2 security certification confirming that Trace.Space has system and organization controls to safeguard the processing, integrity, confidentiality and security of the User Data. To learn more about current practices and policies regarding the security and confidentiality of the Services, please see our documentation and Contracts.
Please note that no method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and safety. In the event of a data breach that affects your Personal Data, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.

11. Privacy Policies of other websites

Our Platform provides the ability to connect to the websites of other Third-Party Services providers. Please see Section 6 above for details. These Third-Party Services are not owned or controlled by Trace.Space, and third parties that have been granted access to your Personal Data may have their own policies and practices for data collection and use. Please check the privacy settings and notices in these Third-Party Services or contact the relevant provider with any questions you may have.
You may see our ads on other websites or mobile apps because we participate in advertising networks. Ad networks allow us to target our message to users based on a range of factors, including demographic data, users' inferred interests and browsing context (for example, the time and date of your visit to our Platform, the pages that you viewed and the links that you clicked on). This technology also helps us track the effectiveness of our marketing efforts and understand if you have seen one of our advertisements. Where required by applicable law (e.g. under GDPR), we will obtain your consent before processing your information for interest-based advertising.
Please see Subsection 7A above to learn more about various un-subscription options from Third-Party Services you have.

12. Identifying Data Controller and Processor

Data protection law in certain jurisdictions (e.g., the GDPR) differentiates between the “controller” and “processor” of Personal Data.
If you are an Authorized User of our Customer, or if you are our Customer yourself, please note that Customer is deemed the controller of all Personal Data that our Customer or its Authorized Users transfer to Trace.Space in connection with the use of the Platform and/or the Services. We only process such Personal Data on behalf of our Customer as a processor. Therefore, requests on such Personal Data should initially be submitted directly to our Customer.
Otherwise (for example, if you are a visitor to our Website who has not signed up to our Platform) we are deemed the controller of your Personal Data. Thus, you have the right to address your requests on the processing of Personal Data to us (please see section 16 for contact details).
Insofar as we are the controller of Personal Data, this is the following company:
Trace Space, Inc.
111 NE 1st St, Suite: 88511, 8th Floor,
Miami, Miami-Dade
FL 33132, USA
privacy@trace.space

13. International Data Transfers

We are a global business. Personal Data may be stored and processed in any country where we have operations or where we engage service providers. We may transfer Personal Data that we maintain about you to recipients in countries other than the country in which the Personal Data was originally collected, including to the United States. Those countries may have data protection rules that are different from those of your country.However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Data remains protected to the standards described in this Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data.
We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce (together, the “DPF”), and we have certified to the U.S. Department of Commerce that we adhere to the DFP Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (together, the “DPF Principles”). A full list of all participating organizations is available on the U.S. Department of Commerce’s dedicated DPF website.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Trace.Space commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-data-privacy-framework for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If your DFP complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not otherwise resolved by other redress mechanisms. For more information about binding arbitration, please follow this link.
The Federal Trade Commission has jurisdiction over Trace.Space ’s compliance with the DPF.
If you are located in the EEA, UK or Switzerland, we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to other countries outside of the EEA, UK or Switzerland (“Third Countries”). Please note that some Third Countries, and certain entities within the USA who are not certified under the DPF, do not guarantee an adequate level of data protection. Transferring data to these Third Countries may therefore involve additional risks for your privacy rights. For example, the enforcement of your rights can be more difficult in these Third Countries.
However, we use our best efforts to ensure that an international data transfer to Third Countries, or a transfer to a non-DFP certified US entity, is governed by an adequate data transfer mechanism based on a risk assessment (comparable to a data protection impact assessment) regarding the transfer. We rely on one or more of the following mechanisms: EU and or UK Standard Contractual Clauses with a data recipient outside the EEA or UK (as the case may be), verification that the recipient has implemented Binding Corporate Rules and/or verification that the European Commission has adopted an adequacy decision in accordance with Art. 45 GDPR for the respective Third Country.

14. Onward Transfer

Trace.Space may disclose personal information to subcontractors and third-party agents who assist Trace.Space in providing its services. Before disclosing personal information to a subcontractor or third-party agent, Trace.Space will obtain assurances from the recipient that it will: (a) use the personal information only to assist Trace.Space in providing the services; (b) provide at least the same level of protection for personal information as required by the DPF Principles; and (c) notify Trace.Space if the recipient is no longer able to provide the required protections. Upon notice, Trace.Space will act promptly to stop and remediate unauthorized processing of personal information by a recipient. Trace.Space will remain liable for onward transfers to its subcontractors and third-party agents.

Trace.Space may also be required to disclose, and may disclose, personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. To the extent permitted, Trace.Space will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.

Trace.Space will not otherwise disclose personal information to third parties.

15. Newsletter

With your consent, we will be happy to send you our newsletter. To do this, you must register for our newsletter. More details on the content of the newsletter in question are explained in the declaration of consent or on the registration page.

For the subscription to our marketing communications, we use a double opt-in procedure for GDPR compliance provided that GDPR applies to the country from which you are registering and the mandatory double opt-in procedure is in effect. After your registration, we will send you an email requesting that you confirm your subscription to the specified email address with a link to click to confirm that you wish to receive our marketing communications. If you do not confirm your registration within 48 hours, your details will not be used in our marketing communications and your data will be deleted as soon as possible but no later than within one month. To prove your registration for our marketing communications, we store the time of registration and confirmation in each case, as well as your IP address at the respective time.

We also point out that we evaluate your user behavior when sending email communications, i.e., we can see if you open emails or click on links contained in the email. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your email address and an individual ID. Links contained in the emails also contain this ID. The IDs are linked with further personal data from you, meaning that we can see inter alia your name, company, country, browser and operating system. By evaluating this data, we can assess the general use of our emails and gain insights into which content and parts should be further improved and developed according to user habits. You can prevent the evaluation via web beacons from the beginning by deactivating the display of images in your email program. In this case, our emails will not be displayed to you in full and you may not be able to use all functions.

If you're receiving our marketing communications in the EU, EEA, Switzerland, or the UK, please be informed that the legal basis for the related data processing is Art. 6 (1) (a) GDPR or the corresponding provision in the Swiss and UK legislation, as the email is only sent and evaluated with your consent. You can revoke your consent at any time and unsubscribe from our marketing communications. You can declare the revocation by clicking on the link provided in every email or by sending a message to our contact details given in section 16 below.

The delivery of our marketing communications and the usage analysis of the emails are carried out using Intercom.

The delivery of our marketing communications and the usage analysis of the emails are carried out using Intercom, a service of the Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin 2, Ireland ("Intercom"). For these purposes, Intercom receives and processes the aforementioned information on our behalf. Furthermore, Intercom may use the data for its own purposes to the extend in accordance with its own privacy policy. Insofar we have no influence on the scope and further use of the data. We, therefore, inform you according to our knowledge: The data may be stored by Intercom in user-profiles and processed, for example, to optimize or improve its their own services or to display personalised advertising. You will f ind further information on the data processing by Intercom at: https://www.intercom.com/legal/privacy

Intercom uses server locations in the USA that are not subject to an adequacy decision by the European Commission. The transfer of data to the USA may pose additional risks, for example, it may be more difficult to enforce your rights to this data. Please be aware that you agree to this transfer of data to the USA when you subscribe to our newsletter and give your consent to use Intercom. The transfer of data to the USA therefore takes place based on your consent in accordance with Article 49 (1) (a) GDPR. Such data transfers have further been secured by the standard data protection clauses of the European Commission according to Article 46 (2) (c) GDPR. These standard data protection clauses are intended to ensure that an appropriate level of data protection is maintained in the USA.

16. Changes to our Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our Services, any applicable laws, or for other reasonable grounds. When changes are posted to this Policy, the “Last Updated” date at the top will be revised.

If there are material changes to this statement or in how Trace.Space will use your Personal Data, we will notify you either by prominently posting a notice of such changes prior to implementing the change or by directly sending you an email notification. We encourage you to periodically review this Privacy Policy to remain informed of how Trace.Space is protecting your information.

17. How to contact us

If you have concerns about the way Trace.Space is handling your Personal Data, please let us know immediately. We want to help.
You may contact us by sending an email to: privacy@trace.space with the subject line "Privacy Concerns". We will respond promptly — within 30 calendar days.You may also contact our Data Protection Officer directly as follows:
Trace Space, Inc.
111 NE 1st St, Suite: 88511, 8th Floor,
Miami, Miami-Dade
FL 33132, USA
privacy@trace.space

18. How to contact the appropriate authorities

If you are a resident of the EEA and believe we maintain your Personal Data within the scope of the GDPR, you also have the right to (a) restrict Trace.Space ’s use of the information that constitutes your Personal Data and (b) lodge a complaint with your local data protection authority.
A current list of National Data Protection Authorities, members of the European Data Protection Board can be found here.

19. Glossary

When used in this Privacy Policy, these terms have the following meanings”:
"Services" means the set of software and software-as-a-service (SaaS) requirements management tools and services that Trace.Space may provide from time to time via the Platform, or third party resources, including elements neural, machine requirements suggestions or a combination thereof, software development kits, Trace.Space apps, other educational, productivity, workflow, software development and other tools and services, on a subscription, pay-as-you-go, prepayment, and/or usage basis. For the avoidance of doubt, the term "Services" does not refer to content offered by third parties via Trace.Space apps.
Any capitalized terms not defined in this Policy have the meaning given in the Terms of Service or a master service agreement governing contractual relations between Trace.Space and you.