1. Who are we ?

This privacy policy (“Policy”) applies to Trasis SA, Rue Gilles Magnée 90, 4430 Ans, Belgium and Trasis Inc. 5126 S Royal Atlanta Dr, Tucker, GA 30084, USA (jointly “we” or “us”) and is applicable to the use of the present website (“Website”). By surfing on this Website, you, as a user, agree to this policy. We reserve the right to modify this policy from time to time. Please kindly check this privacy policy regularly to ensure to be familiar with the latest version.
You can address any questions about this policy at any time to Trasis’ data privacy contact at privacy_trasis@trasis.com.

2. Information collection & use

The Policy consists of the following components:
• Who we are and how you can contact us;
• Sources of the personal data we collect;
• What personal data we collect;
• Why we collect personal data;
• Third parties, international transfers, third part websites and your personal data;
• How long we keep personal data;
• Your rights regarding our collection of personal data;
• Data security particulars.

3. Sources of the personal data we collect

Your personal data can be collected via various sources:

3.1 Directly from you, for example:

• visit and/or communicate with us through, the Website;
• request information about our products or research programs;
• submit a job application to us; or
• otherwise voluntarily provide us with your personal data.

3.2 From third parties:

We may collect and may have collected your personal data from third parties that determined you, or the entity you represent, might be interested in, for example, collaborating, partnering, or investing with us, or licensing or purchasing our products.

3.3 Automatically:

our Website uses cookies and may use other online tracking tools to collect information about you or your use of the Website. To find out more about what cookies we use and how we use them, please see our Cookies Policy.

4. What personal data do we collect?

On or via this Website, the following personal data can be collected:
• Personal identifiers such as your name, physical address, email address, phone numbers, and IP address.
• Internet or other related information, such as your device and browser type, your search history on our Website, and your interaction with our Website.
• Only if volunteered by you, information on age, race, health or financial identifiers.

5. Why do we collect this personal data?

We may have used, and may continue to use, your personal data for the purposes and in reliance on the legal bases set out below.
For our legitimate interests to:
• Operate and manage our business.
• Communicate with you: for example, responding to your questions or requests for information.
• Promote our business: for example, carrying out sales marketing and activities.
• Identify potential candidates for employment.
• Administer day-to-day management of our business, for example, monitor and improve processes, technology and communications solutions and services.
• Enforce or defend our rights and interests and those of third parties, by ourselves or through third parties to whom we delegate this.
If we have (or are seeking to have) a contract with you, to:
• Engage you to provide services to us or us to you.
• Adhere to our contractual obligations.
• Negotiate contractual engagements with you.
With your consent:
• Send you promotional information about our products and services. Do please note you have the right to unsubscribe to receiving our promotional material at any time by contacting the above address.
In some cases we are required by law to collect certain information:
• Monitor product complaints.
• Fraud prevention and detection.
• Respond to legal requests from regulatory, administrative or judicial authorities.

6. Do we provide your information to third parties?

6.1 Sharing your personal data with third parties

Although we may provide your information to service providers that handle information on our behalf, we do not share the information with third parties for unrelated purposes.
We disclose your personal data to subsidiaries/affiliated companies and to third party service providers processing personal data our behalf for the purposes set out above.
Third party service providers include IT services and website hosting companies, (internet) connectivity providers, provider of data analytics (Google) and tracking services, providers of press release and newsletter distribution networks, as well as service providers that provide technical and administrative support for the Website and underlying IT systems. These service providers provide their services from locations within and outside of the European Economic Area (“EEA”), including the USA.
Where obliged by applicable law or regulation, or by a competent court, agency or authority, we may disclose personal information necessary or desirable to comply with legal or regulatory obligations.

6.2 International transfers of personal data

We may need to transfer your data to countries outside the EEA, where the privacy protection is less developed, including the USA.
Where we transfer your personal data to affiliates outside of the EEA, we rely on the Standard Contractual Clauses signed between Trasis SA and its affiliates.
We may equally need to transfer your personal data to certain third-party service providers within the EEA and outside thereof (USA). The transfer of your personal data to third party service providers in countries outside of the that do not ensure an adequate level of (data) protection, equally occurs on the basis of Standard Contractual Clauses that have been executed between Trasis and the relevant third party service provider.
In the absence of the aforementioned appropriate safeguards, we may where permitted by applicable data protection laws (including the GDPR) – rely on a derogation applicable to the specific situation at hand (e.g. the data subjects’ explicit consent, the necessity for the performance of an agreement, the necessity for the defense of legal claims).

6.3 Third party sites

This Website contains links to other websites operated by third parties, including but not limited to certain social media sites such as Facebook, Twitter, Linkedin, YouTube, etc. This Policy does not apply to any website, other than this one. Third party websites are governed by their own terms and conditions. You should therefore always carefully check the privacy and cookie policies of third party websites before accepting to be redirected to them.
We also display social media buttons and a WhatsApp button on our Website. When you click on any of those buttons, your personal data may be transferred to these companies and they may also set cookies or other tracking technologies on your browser. The privacy policies and terms of use of each of those companies govern the collection and use of your personal data when you click on their buttons on our Website.
Prior to installing third party cookies or enabling you to click through to a third party website, we will have requested your consent to do so. Where consent was not given, the cookies will not be installed and the click through to third party websites will only occur after a pop-up notifying you that you are leaving the Trasis space and requesting whether you wish to continue.

7. How long do we keep your personal data?

In general, personal data that we do not need for a purpose such as those described above, gets deleted. If we do need to keep personal data about you, we keep this for the duration that is needed to achieve the purpose for which it was collected. If you are a potential customer, we keep the personal data for a period that you are a potential customer (in this case we delete the data after 2 years, if you have not become a customer) and when you are a customer, for the duration when you are a customer plus the duration of our legal, fiscal or judicial obligations or requirements. If you are a supplier, we will keep your details for the duration when you are a customer plus the duration of our legal, fiscal or legal obligations or requirements. If you are a potential employee, we keep the personal data for the time period until the position you applied for is filled, or if you have accepted that we keep your data on record, for 2 years thereafter, and if you become an employee, for the duration when you are our employee plus the duration of our legal, fiscal or judicial obligations or requirements.

8. Your rights as a data subject

You have a right as a data subject to:
• request access to the personal information we hold about you,
• ask that we rectify same,
• ask us to delete personal information we hold about you (subject to legal requirements),
• object to our processing of your personal information where it is carried out (i) for our legitimate interests unless we can demonstrate compelling legitimate grounds for the processing, and/or (ii) for direct marketing purposes,
• ask that information you have provided to us be rendered to you in a machine readable format.
Please contact [privacy@trasis.com] in case you wish to exercise any of these above rights or you wish to complain about the handling of your personal data.
You have also the right to launch a complaint with the privacy authority should you be of the opinion that we have not companied with applicable privacy obligations. Please visit the website of the relevant privacy authority for more information on how to submit such a complaint.

9. Data security

We have put in place certain security measures to ensure that your data, if collected, is safeguarded. These include the use of market practice computer software, virus scanners, spam protection, passwords, as well as the limited access to your data. Though we are committed to safeguarding your personal data through our information security program, even the most stringent security program may not always not be able to prevent all security breaches.

Additional disclosures for California residents

If you are a California resident, you may have separate rights regarding your personal data, in accordance with California law.

California Consumer Privacy Act of 2018

The California Consumer Privacy Act of 2018 (the “CCPA”) grants California residents certain rights with respect to their personal data, including, as described below, the right to know about, and delete, their personal data. These rights are subject to certain limitations, however, such as that they do not all apply to certain uses of personal data about employees, job applicants, and contractors, or information processed exclusively in the business-to-business context (e.g., information about an individual acting in his or her capacity as a representative of an entity). Where exceptions to the CCPA apply to a request you submit, we will provide you with an explanation. Please click [here] for information about these rights.

Right to request disclosure of information we collect or share about you. You can submit a request to us for the following data regarding the personal data we have collected about you in the 12 months prior to our receipt of your request (a “request to know”):

• The categories of personal data we have collected.

• The categories of sources from which we collected the personal data.

• The business or commercial purposes for which we collected the personal data.

• The categories of third parties with which we shared the personal data.

• The categories of personal data we disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed that particular category of personal data.

• The specific pieces of personal data we collected.

Right to request the deletion of personal data we have collected from you. Upon request, we will delete the personal data we have collected about you, except for situations where specific information is necessary for us to provide you with a product or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law.

The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.

How can you make a request to exercise your rights? To submit requests to know or delete, you may contact us at privacy@trasis.com
.

How we will handle a request to exercise your rights. For requests to know or delete, we will first acknowledge receipt of the request within 10 business days of receipt of your request. We will provide a substantive response to your request within 45 days from receipt of your request, although we may be allowed to take longer to process your request under certain circumstances. If we expect your request is going to take us longer than normal to fulfill, we’ll let you know.

When you make a request to know or delete your personal data, we will take steps to verify your identity. These steps may include asking you for personal data, such as your name, address, or other information we maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial.

You are also entitled to submit a request for personal data that could be associated with a household as defined in the CCPA. To submit a request to know or delete household personal data, such requests must be jointly made by each member of the household, and we will individually verify all of the members of the household using the verification criteria explained above, and separately verify that each household member making the request currently resides in the household. If we are unable to verify the identity of each household member with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of our denial.

You may also designate an authorized agent to submit requests on your behalf. If you do so, you will be required to verify your identity by providing us with certain personal data as described above. Additionally, we will also require that you provide the agent with written and signed permission to act on your behalf, and we will separately confirm with you that you provided the agent with permission to submit the request. We will deny the request if the agent is unable to meet submit proof to us that you have authorized them to act on your behalf or if any of the above verification criteria are not met.

We are committed to honoring your rights. If you exercise any of the CCPA rights explained in this Privacy Policy, we will continue to treat you fairly.

Shine the Light

California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California residents asking about the business’ practices related to disclosing certain types of personal data to third parties for the third parties’ direct marketing purposes. We do not disclose personal data to such entities, for such purposes.

Do Not Track

“Do Not Track” signals are options available on your browser to tell operators of websites that you do not wish to have your online activity tracked. We do not engage in the collection of personally identifiable information about your online activities over time and across third-party websites or online services, nor do we allow other parties to do so through our Website. Accordingly, we do not process or comply with automated browser signals regarding tracking mechanisms, which may include “do not track” instructions.