Privacy Policy

Effective date August 16, 2024

Who we are

Trax Technology Solutions Pte Ltd. (“Trax,” “we,” “our,” or “us”) develops and provides advanced computer vision and deep learning solutions for in-store optimization, shelf strategy and retail management (the “Platform”).

Our Platform, our website available at www.traxretail.com (the “Site”) and the Trax mobile application (the “App,” and together with the Site and Platform – the “Services”) allow manufacturers and retailers (each, our “Customer” or “Users” or “you”) to easily photograph and upload in-store or in-venue images of product shelves, and analyze such images to optimize their product planning, marketing, distribution and sales.

When using the term “Personal Data” in this Privacy Policy, we mean “any information relating to an identified or identifiable natural person”.

Some terms we use in this Privacy Policy explained:

When processing Personal Data in accordance with this Privacy Policy, Trax may act as a “Data Controller” or “Business” or a “Data Processor” or “Service Provider”.

The terms “Data Controller” or “Business” are used where Trax, alone or jointly with others, determines the purposes and means of the processing of the Personal Data outlined in this Privacy Policy.

The terms ‘Data Processor” or “Service Provider” are used where Trax is processing Personal Data on behalf of our Customer or another Data Controller or Business.

This Privacy Policy relates to the processing of:

The Personal Data that we collect when Customers or Users sign up to and use the Services.
The Personal Data that we collect from Customers’ own field reps, employees and other agents and representatives when these individuals use the Services, including the App on behalf of a Customer.
The personal information of any other person that visits our website, signs up to or uses our Services and/or provides additional information to us (each, our “Visitors”).

If you have any questions about this Privacy Policy then we are happy to help – please contact us at: [email protected]

This Privacy Policy is split into the following sections:

How do we collect your Personal Data?
What Personal Data do we process about you and why?
2.1. Trax as a “Data Processor” or “Service Provider”
2.2. Trax as a “Data Controller” or “Business”
How long do we keep your Personal Data for?
Who do we disclose your Personal Data to?
How do we use cookies and similar technologies?
Your rights and choices
Children’s Personal Data
International operations and transfers of personal information (for individuals in the EU/EEA, the UK and Switzerland
The EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-US Data Privacy Framework – how do we comply with it and what are your rights?
Security
Changes and updates to this Privacy Policy
How to contact us

1. How do we collect your Personal Data?

We collect personal information about you and visitors to our Services from the following sources depending upon the types of Services you have signed-up to.

From information you provide directly to us through your use of the Services or when you contact or engage with us through any other communication channels.
From information provided by a Customer about their own field reps, employees or other agents or representatives to enroll such Users in and enable them to use the Services.
From information automatically transmitted or collected from the App and Services or when you visit our website or access our Services – such as your Device ID, IP address, information collected via website cookies, pixels and other tracking technologies.
From other Trax Group companies if you have used or engaged with those Services and in accordance with their individual Privacy Policies.
From third party providers of business information and publicly available sources such as social media platforms for marketing and promotional purposes.

2. What Personal Data do we process about you and why?

2.1. Trax as a “Data Processor” or “Service Provider”
Where Trax is acting as a “Data Processor” or “Service Provider” in providing, operating and facilitating access to our Services on behalf of our Customers.

To operate, facilitate access to and provide our Services.
We collect the following types of Personal Data from the Customer and their own field reps, employees or other agents or representatives that use or access our Services.

Name
Business email address and/or telephone number (unless you provide a personal email or contact number to use when you sign-up to the Services)
Username
Password (hashed)
IP address, Device ID and related device information such as model and version
Data and logs relating to your use of the Services
Precise geolocation data (this can be switched off by the Customer or User if required)
Store visit KPI data when related to an individual User such as date and time and duration of visit and quality of images taken
Store manager details (name, email and telephone number)

2.2. Trax as a “Data Controller” or “Business”
Trax is acting as a “Controller” or “Business” for the following purposes and collects the following Personal Data.

To provide our Customers, Users and Visitors with assistance and support and for Service related tasks such as billing and contract management

Name and contact details
Username
Signature
Password (hashed)
IP address, Device ID and related device information such as model and version
Data and logs relating to your use of the Services
Any Personal Data you send to us when raising a request for support or in other communications to Trax

To the extent that such Account Data concerns a non-human entity (e.g. the bank account of a company or business), we will not regard it as “Personal Data” and this Privacy Policy shall not apply to it.

For individuals in the EU, EEA and UK we rely on the following lawful basis to process the above personal information:

Processing is necessary to fulfil the requirements of the contract we have entered into with the Customer
Processing is necessary to meet a legal obligation which we are subject to
Processing is in our legitimate interest to deliver the services agreed with our customers and to generate revenue in relation to those agreed services and is not overridden by an individual’s data protection interests and fundamental rights and freedoms

To further develop, customize and improve the Services and your user experience and to support and enhance our data security measures

IP address, Device ID and related device information such as model and version
Data and logs relating to your use of the Services
Store visit KPI data when related to an individual User such as date and time and duration of visit and quality of images taken

For individuals in the EU, EEA and UK we rely on the following lawful basis to process the above personal information:

Processing is necessary to fulfil the requirements of the contract we have entered into with the Customer
Processing is necessary to meet a legal obligation which we are subject to
Processing is in our legitimate interest to deliver the services agreed with our customers, to protect the safety and security of Trax and customer data and to generate revenue in relation to those agreed services and is not overridden by an individual’s data protection interests and fundamental rights and freedoms

To contact our Customers, Users and Visitors with general or personalized service-related messages (such as password-retrieval or billing) and marketing or promotional messages (such as newsletters, webinars and offer certain events and promotions)

Name and contact details
Username
IP address, Device ID and related device information such as model and version
Data and logs relating to your use of the Services

For individuals in the EU, EEA and UK we rely on the following lawful basis to process the above personal information:

Processing is necessary to fulfil the requirements of the contract we have entered into with the Customer
Processing is in our legitimate interest to deliver the services agreed with our customers, to protect the safety and security of Trax and customer data and to generate revenue in relation to those agreed services and is not overridden by an individual’s data protection interests and fundamental rights and freedoms

We may also use the Personal Data listed in this Section to meet our legal and regulatory obligations and to create aggregated, de-identified, anonymized data which we or our business partners may use to improve our own and our partner’s related Services.

3. How long do we keep your Personal Data for?

We always strive to retain your Personal Data only for as long as is reasonably necessary to fulfil the purpose for which it was collected. However, if necessary, we may retain your Personal Data for longer periods of time, until set retention periods and deadlines expire, for instance where we are required to do so in accordance with legal, tax and/or accounting requirements set by a legislature, regulator, or other government authority or as otherwise communicated to you.

To determine the appropriate amount of time that we retain your Personal Data for, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting, and other applicable obligations.

Where we have no continuing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

Trax has in place a Data Retention Policy. If you have any questions about this policy, please contact us at [email protected]

Where Trax is acting as a “Data Processor” or “Service Provider” in accordance with this Privacy Policy we will agree a data retention schedule in collaboration with the Customer. By default, we generally store Personal Data processed on behalf of the Customer for a period of twenty-four (24) months, prior to secure deletion or anonymization.

4. Who do we disclose your Personal Data to?

We take care to allow your Personal Data to be accessed only by those who really need it to perform their tasks and duties, and by third parties who have a legitimate purpose for accessing it.

We may share your Personal Data with the following third parties for the purposes outlined in Section 2 above, ‘What personal information do we process about you and why?’

Our customers – we will share the Personal Data of the users of our Services, including field representatives, employees and other agents and representatives, with individuals approved by their Customer organization. In such cases, sharing such Personal Data means that other individuals from your organization may receive Personal Data on its behalf, and may be able to monitor, process and analyze your Personal Data and associated content.
Other Trax group companies – in order to provide the Services to you, to improve our products and services and to provide you with communications and additional insights that we believe will be of benefit.
Our third-party partners and where our Customers or users have agreed to this data sharing – for example with Salesforce and other software or service providers where our customers or users choose to connect or link their use of the Services to these third parties own software or services.

Other third parties – such as law enforcement, government, federal agencies or other public authorities – but only in specific cases and where we have a legal requirement or connected legitimate interest to do so and for the following types of purposes:
- In connection with the establishment, exercise, or defence of legal claims.
- To comply with laws and regulations or to respond to lawful requests made to us.
- To protect our rights and property and the rights and property of our agents, Merchandiser community, brand and retail partners, and others, including to enforce our agreements, policies and terms of use.
- To detect, suppress, or prevent fraud.
- To reduce credit risk and collect debts owned to us.
- With public authorities in response to lawful requests made by those public authorities. Including to meet national security or law enforcement requirements.
- As otherwise required by applicable law.

Our external auditors and external legal and compliance advisors.

Service providers and vendors who provide services on our behalf – such as IT software and cloud providers, data analytics services, software and data engineer providers, payment processing, marketing service providers, customer management software providers, e-mail distribution and monitoring services, and IT and cyber security services.

Otherwise with your consent or at your discretion – we may disclose your Personal Data to certain other third parties or publicly with your consent or direction. If you post a comment or review on our website or a comment on our social media sites, the information you provide may be displayed publicly online for others to view.

We only share the minimum amount of personal information with our third parties, service providers and vendors to meet the purposes outlined in this privacy notice.

If we go through a corporate sale, merger, reorganization, dissolution or similar event, Personal Data we gather from you may be transferred in connection with such an event. Any acquirer or successor of Trax may continue to use the information as described in this Privacy Policy provided that the acquirer or successor is bound by appropriate agreements or obligations and may only use or disclose your Personal Data in a manner consistent with the use and disclosure provisions of this notice, or unless you consent otherwise.

For individuals based in California and subject to the CPPA and CPRA, we do not “sell” or “share” (as these terms are defined by the CCPA and CPRA) your personal information with any third parties.

5. How do we use cookies and similar technologies?

Our Services use “cookies”, anonymous identifiers and other tracking technologies which help us provide, secure, and improve our Services, personalize your experience and monitor the performance of our activities and campaigns.

You can manage your cookie preferences through the Privacy Preference Centre on our Site at any time by clicking on the ‘Cookie Settings’ button in the left-hand corner of your web browser.

Most browsers also allow you to refuse cookies. You may block our cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. You can find out more about cookies and how to delete and control them on https://allaboutcookies.org/ or click help in your browser menu.

Note, if you block our use of cookies, you may be unable to access certain areas of our website and certain functions and pages will not work in the usual way.

We use the following types of cookies on our website:

Strictly necessary cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.

Analytical/Performance cookies
These cookies allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functional cookies
These cookies enable us to provide enhanced functionality and personalisation on our website. They are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences.

Targeting cookies
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. These cookies allow you to share and like and send information to other websites to customize their advertisements.

Social media cookies
These cookies are set by social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

What kind of information do we collect by using cookies?When you visit our website, we may automatically collect the following types of information from you: your internet protocol (IP) address, your login information, time zone setting, operating system and platform, information about your visits including the URL you came from, your country, the search terms you used in our website, page response times, download errors, length of visits to certain pages, page interaction information, (such as scrolling, clicks, and mouse-overs) and the methods used to browse away from the page.

6. Your rights and choices

Individuals from certain countries, including those in the EU, EEA, UK, Switzerland, certain US States and other countries, may be able to access the following data privacy rights listed below.

Trax as a “Data Processor” or “Service Provider”
Where Trax is acting as a Data Processor or Service Provider in processing Personal Data on behalf of our customers, to make a data privacy rights request, you should contact your employer or the organization that you are performing services for directly. If Trax receives a data privacy rights request, we will refer these directly to your employer/the organization that has commissioned your services in order for them to respond to your request.

Trax as a “Controller” or “Business”
In order to make a request to exercise any of your data privacy rights, please contact us at: [email protected] or using the postal address here.

We will acknowledge receipt of your data privacy rights request within 5 working days and provide a full response to you within the legally required timescales. Please note that we may require additional information and documents, including Personal Data, to authenticate and validate your identity and to process your request. We will advise you of this when we acknowledge your rights request.

The right to access – You may request access to copies of the personal information that Trax has collected about you. Specifically, you may ask Trax to tell you: (a) the types of personal information Trax holds about you; (b) where the personal information was collected from; (c) the purposes for which Trax collects, uses, or has sold, or shared your personal information; (d) who Trax discloses your personal information to.

The right to deletion – You may request that Trax delete the personal information it holds about you in certain circumstances, such as where it has been unlawfully processed, or where there is no overriding legitimate ground for processing it.

The right to correct inaccurate information – If you are unable to update or correct any inaccurate information through your account settings within the Trax Services, you can ask us to correct inaccurate personal information about you on your behalf.

The right to request the restriction of your personal information from further processing – You may ask Trax to restrict the processing of your personal information in certain circumstances.

The right to withdraw your consent to the processing of your personal information – where we are relying on your consent to do so. Withdrawing your consent will not affect the lawfulness of any processing we carried out prior to your withdrawal, nor will it affect processing of your personal information carried out where we are relying on other lawful grounds other than consent.

The right to opt-out of receiving direct marketing from us – You can opt-out of receiving direct marketing from Trax using the opt-out link or instructions in any of the marketing communications we send to you. Alternatively, you can contact us at: [email protected] to make an opt-out request.

The right to opt-out of the ‘sale’ or ‘sharing’ of your personal information – Individuals in certain US states can request that organizations do not ‘sell’ or ‘share’ their personal information. Trax does not “sell” or “share” your personal information, including your sensitive personal information, with any third parties as these terms are defined in the California Consumer Privacy Act, California Privacy Rights Act or other applicable US privacy laws.

The right to non-discrimination – If you exercise any of the rights listed above, Trax will not discriminate against you for doing so. Because you make or have made a data privacy rights request, Trax will not: (a) deny you the ability to use our services; (b) charge you a different price or rate for the services, including through the use of discounts or other benefits or imposing penalties; (c) provide you with a different level or quality of service, unless your exercise of rights degrades Trax’s ability to deliver the same level or quality of our services; or (d) suggest to you that you will receive a different price or rate for our services or a different level or quality of our services, except where your exercise of rights degrades Trax’s ability to deliver the same level or quality of service.

California’s “Shine the Light” law (CA Civil Code Section § 1798.83) permits users of our website who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

Please note that the above rights are not absolute. There may be instances where applicable law or regulatory requirements allow or require us to refuse to meet your request in part or in full. In the event we cannot accommodate your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions. We will respond to all requests in accordance with applicable data protection laws.

Depending upon your location, you also have the right to raise a complaint about how Trax processes your Personal Data with a supervisory authority.

We would always rather that you raise any complaints or concerns with Trax first before making a formal complaint. We are usually able to resolve any concerns quickly and in partnership with you.

If you would like to raise any questions or concerns about how your personal information is being processed you can do so by contacting:

[email protected]

Enquiries and complaints for individuals in the EU and UK and Switzerland

Trax’s main establishment in the EU (“CVDM Solutions SAS”) and establishment in the UK (“Trax Retail Ltd”) can be contacted to make an enquiry or raise a complaint about how your Personal Data is being processed by Trax. To make such an enquiry, please send an email to [email protected] stating the relevant entity you would like to contact.

If you would rather raise a complaint directly with a supervisory authority, you can contact the privacy team for their contact details using the email address above. You can also find a list of the European Supervisory Authorities by following the link here:

For enquiries and complaints relating to personal information processed by Trax Retail Inc. in accordance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the US-Swiss Data Privacy Framework see Section 9 below, ‘The EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the US-Swiss Data Privacy Framework’.

7. Children’s Personal Data

Our Services are not directed at individuals under the age of 18. If you are under the age of 18, please do not use our Services or otherwise provide us with personal data. We do not knowingly collect, sell or share, personal information of individuals under the age of 18. If you believe that we have any such personal data, please contact us at [email protected]

8. International operations and transfers of personal information (for individuals based in the EU/EEA, the UK and Switzerland)

As an international entity, in order to provide our services we may need to transfer and process your Personal Data internationally (including to destinations outside the European Union (the “EU”) European Economic Area (the “EEA“), the United Kingdom (the “UK”) and Switzerland notably throughout the Trax Group of companies and to the jurisdictions in which those entities are based, including those listed on our website.

This means that when we process your Personal Data we may process it in any of these countries. We also use service providers and vendors located in and that store your personal information internationally, including in the United States of America.

As a result, your information may be transferred to and/or processed in countries which may not guarantee the same level of protection for personal information as the country in which you reside. In these cases, we have taken appropriate safeguards to ensure that your Personal Data will remain protected in accordance with this Privacy Policy.

For transfers of your Personal Data within the Trax corporate group:

Trax has in place an Intra Group Data Transfer Agreement which provides safeguards for the transfer of Personal Data amongst its group entities based on the EU Standard Contractual Clauses (including the Swiss amendments) and the UK Standard Contractual Clauses. These require all group companies to apply a high standard of data privacy protection to any Personal Data they receive or share from or with another country.

Trax has implemented a Global Privacy Policy that requires all of Trax’s global entities to apply a similar high standard of data privacy to any Personal Data they process.
All personal information transferred from the EU, EEA, the UK and Switzerland received by Trax Retail Inc. our US entity, is subject to the requirements and Principles of the EU-U.S. Data Privacy Framework and the Swiss-US Data Privacy Framework – see Section 9, ‘The EU-U.S. Data Privacy Framework, the UK Extensionf to the EU-U.S. Data Privacy Framework and the US-Swiss Data Privacy Framework’ below.

For transfers of your personal information to third parties:

Trax has in place the required data privacy agreements, for example with our service provider and vendors, unless we are able to use one of the ‘Additional reasons for transfer’ listed below (we only use these where they are allowed under local data privacy law).
For transfers of personal information from the EU, EEA, the UK and Switzerland, including onward transfers, Trax relies on either:

a) the EU and UK Standard Contractual Clauses (including the Swiss amendments) unless one of the ‘Additional reasons for transfer’ listed below applies. We have also undertaken additional transfer impact assessments where necessary and applied any additional safeguards needed to strengthen the protections offered by the EU and UK Standard Contractual Clauses.

b) for transfers from the EU, EEA, Switzerland and the UK to our US entity, Trax Retail Inc., we rely upon our participation in the EU-U.S. Data Privacy Framework, the UK Extension to the EU U.S. Data Privacy Framework and the Swiss-US Data Privacy Framework for Personal Data subject to this Framework – see Section 9, ‘The EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the US-Swiss Data Privacy Framework’ below.

‘Additional reasons for transfer’ – may be used where the transfer is not regular, concerns only a small number of individuals, is necessary for a compelling legitimate interest and we have properly assessed the risks of such a transfer.

We have your consent to make the data transfer;
The transfer is necessary to perform our employment contract with you;
The transfer is necessary for us to conclude or perform a contract in your interest with another third party;
The transfer is necessary for important reasons of public interest;
The transfer is necessary for us to establish, exercise or defend legal claims;
The transfer is necessary to protect your vital interests or those of another person and where you are unable to give consent;

We will ensure your personal data is treated in accordance with this Privacy Policy and Trax’s Global Privacy Policy wherever we process it. Further information about the transfer of your personal data can be provided by contacting: [email protected]

9. The EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and Swiss-US Data Privacy Framework – how do we comply with it and what are your rights?

Trax Retail Inc.’s compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-US Data Privacy Framework

Our US entity, Trax Retail Inc. participates in and adheres to the Principles of the EU-U.S. Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-U.S. Data Privacy Framework (“UK Extension to the EU-US DPF”) and the Swiss-US Data Privacy Framework (“Swiss-US DPF”) regarding the collection, use and retention of Personal Data from the European Union (“EU”), European Economic Area member countries (“EEA”), the United Kingdom (“UK”) and Switzerland. We have certified with the Department of Commerce that we adhere to the Data Privacy Framework Principles. If there is any conflict between the terms in this Privacy Policy and the Data Privacy Framework or the Principles, the Data Privacy Framework and Principles shall govern.

All Personal Data received from the EU, EEA, UK or Switzerland by Trax Retail Inc. is subject to Trax Retail Inc.’s adherence with and to the Principles of the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF.

To learn more about the Data Privacy Framework Principles, click here. To access the Data Privacy Framework List and our certification, click here.

How to contact Trax Retail Inc. or otherwise make an enquiry or complaint about Personal Data processed through the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework or the Swiss-US Data Privacy Framework

In compliance with the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF, Trax Retail Inc. commits to resolve DPF Principles-related complaints about the collection and use of your Personal Data. EU, EEA, UK and Swiss individuals with enquiries or complaints regarding our handling of Personal Data received in reliance on the EU-US DPF, the UK Extension to the EU-US DPF or the Swiss-US DPF should first contact Trax’s Privacy Team at:[email protected]

Trax Retail Inc. commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (“DPAs”), the UK Information Commissioner’s Office (“ICO”), the Gibraltar Regulatory Authority (“GRA”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of Personal Data received in reliance on the EU-US DPF, UK Extension to the EU-US DPF and the Swiss-US DPF. Should there be any violations of the Principles that Trax has not been able to resolve, you can contact the relevant Data Protection Authority using the links below:

EU/EAA individuals

UK Individuals

Gibraltar individuals

Swiss Individuals

Individuals whose Personal Data is subject to the EU-US DPF (including the UK Extension to the EU-US DPF) and the Swiss-US DPF may have the possibility, under certain conditions, to invoke binding arbitration for complaints relating to Trax Retail Inc.’s compliance with the DPF Principles. Further information can be found here or by contacting Trax’s Privacy Team.

The Federal Trade Commission has jurisdiction over Trax Retail Inc.’s compliance with the EU-US DPF, the UK Extension to the EU-US DPF and the Swiss-US DPF.

Transfers of Personal Data subject to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-US Data Privacy Framework to third parties, including onward transfers

As outlined in Section 4, ‘Who do we disclose your personal data to?, we sometimes provide Personal Data to third parties to perform services on our behalf. If Trax Retail Inc. transfers Personal Data received under the Data Privacy Framework to a third party, the third party’s access, use, and disclosure of the Personal Data must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage. This also applies to any onward transfers of Personal Data made by Trax Retail Inc. where that personal information is received from the EU, EEA, the UK and Switzerland and is covered by this Privacy Notice.

10. Security

We understand that you care how your Personal Data is used and/or shared with others, and we value your trust and seek to safeguard your Personal Data.

We implement appropriate technical and organizational security measures, including physical, administrative and technical safeguards to protect your Personal Data from unauthorized access, use and disclosure. To ensure the security of your Personal Data, we communicate our privacy and security guidelines to all Trax employees and enforce privacy safeguards within our company.

11. Changes and updates to this Privacy Policy<

We may, from time to time, make updates or changes to this privacy notice because of changes in applicable laws or regulations or because of changes in our practices.

We will give you notice of any material changes that impact your Personal Data, and where consent is necessary to make a change to our practices, we will not apply the changes to your Personal Data until we have that consent.