Data Privacy Framework Statement

Trinket complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Trinket has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data transferred from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF. Trinket has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data transferred from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Scope

This Data Privacy Framework Policy (the “Policy”) sets forth the privacy principles that Trinket follows when processing Personal Data received from customers or prospective customers located in the European Economic Area (“EEA”), Switzerland, and the United Kingdom while providing services from the United States (“U.S.”). For purposes of this Policy, Personal Data means data about an identified or identifiable individual that is received by Trinket in the United States from the EEA, Switzerland, or the United Kingdom, and recorded in any form, and is within the scope of Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), the Swiss Federal Data Protection Act, or the UK Data Protection Act 2018, respectively.

Data Privacy Framework Principles

The following privacy principles apply to the transfer, collection, use or disclosure of Personal Information from the E.U., UK and Switzerland by Trinket.

Notice

Trinket informs individuals in the E.U., UK and Switzerland about the purposes for which it collects and uses their Personal Information, how to contact Trinket, the types of third parties with which Trinket shares their Personal Information, and the choice and means Trinket offers for limiting the use and disclosure of their Personal Information.

Choice

Trinket will not process Personal Information about E.U., UK or Swiss individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the individual unless the individual affirmatively and explicitly consents (“opt-in”) to the processing, or unless an exception applies. Trinket also provides E.U., UK and Swiss individuals with the opportunity to withdraw consent at any time (“opt-out”), in which case their Personal Information will not be further processed.

Accountability for Onward Transfers

Trinket complies with the DPF Principles for all onward transfers of personal data from the EU, UK and Switzerland, including the onward transfer liability provisions. Trinket will only transfer Personal Information about E.U., UK and Swiss individuals to third-parties where the third-party (a) has provided satisfactory assurances to Trinket that it will protect the information consistently with this Statement; or (b) is located in the E.U. or a country considered “adequate” for privacy by the EC, and therefore is required to comply with the E.U. data protection laws or substantially equivalent privacy laws depending upon where the Personal Information originated. Where Trinket has knowledge that a third-party to whom it has provided E.U., UK or Swiss Personal Information is processing that information in a manner contrary to this Statement, Trinket will take reasonable steps to prevent or stop the processing.

Security

Trinket takes reasonable precautions to protect E.U., UK and Swiss Personal Information in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Data Integrity and Purpose Limitation

Trinket seeks to ensure that any Personal Information held about E.U., UK and Swiss individuals is accurate, complete, current and otherwise reliable in relation to the purposes for which the information was obtained. Trinket collects Personal Information that is adequate, relevant and not excessive for the purposes for which it is to be processed. E.U., UK and Swiss individuals have a responsibility to assist Trinket in maintaining accurate, complete and current Personal Information about them.

Access and Correction

Upon written request to Trinket, Trinket will provide E.U., UK and Swiss individuals with reasonable access to their Personal Information. Trinket will also take reasonable steps to allow E.U., UK and Swiss individuals to review their information for the purposes of correcting their information. There are certain limitations to the Access and Correction right, as set forth on the DPF website.

Recourse, Enforcement, and Liability

Trinket has established internal mechanisms to verify its ongoing adherence to this Statement. Trinket is also subject to the investigatory and enforcement powers of the US federal government, including the Federal Trade Commission (FTC). Trinket also encourages individuals covered by this Statement to raise any concerns about our processing of their Personal Information by contacting the appropriate Trinket officer at the address below or by contacting their local privacy officer or Legal Department. Trinket will seek to resolve any concerns. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Trinket commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

Complaints, Dispute Resolution, Data Subject Requests, Arbitration and Limiting the Use and Disclosure of Personal Information

In compliance with DPF Principles, Forkable Inc. commits to resolve complaints about our collection or use of your personal information, respond to requests made by individuals to access their personal data and limit the use and disclosure of personal data. European Union, Swiss, and United Kingdom individuals with DPF inquiries or complaints should first contact Trinket’s Data Protection & Privacy Department by emailing privacy@trinket.io or by calling 919-561-6075.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, contact our US-based third-party dispute resolution provider (free of charge) by using the TRUSTe Feedback and Resolution System. In addition, and as described in the Data Privacy Framework Principles, you also have the option of invoking binding arbitration after other dispute resolution procedures have been exhausted.

Last update: 01/27/2024