Privacy Statement

Effective Date: 10 January 2024

Truata Limited (“Truata”, “we”, “us”, or “our”) respects your privacy. This Privacy Policy describes:

  • the types of Personal Data we collect
  • the purposes for which we collect that Personal Data;
  • the other parties with whom we may share it;
  • the measures we take to protect the security of your Personal Data;
  • your rights and choices with respect to your Personal Data; and
  • how you can contact us in relation to our privacy practices.

Your visit to the website www.truata.com (the “Site”) is subject to this Privacy Statement and to our Terms of Use.

Truata is a subsidiary of Mastercard International Inc. (“Mastercard”), but operates as an independent data trust concerning the Truata Anonymization Solution (please see the section titled “Processing in the context of the Anonymization Solution” for more information).

This policy does not apply to the processing of Personal Data by Mastercard or its affiliates in other contexts. To learn more about Mastercard’s privacy practices, please visit please visit Mastercard’s Global Privacy Notice at https://www.mastercard.us/en-us/vision/corp-responsibility/commitment-to-privacy/privacy.html

Processing in the context of your interactions with Truata

For the purpose of this Privacy Statement, “Personal Data” shall have the following definition as given in the General Data Protection Regulation (GDPR): “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

This section explains how we process Personal Data about you when you interact with us. It does not cover the processing of your Personal Data in the context of the Anonymization Solution, which is described in a separate section below.

Personal Data We May Collect
We obtain Personal Information relating to you from the following sources:

  • If you visit one of our websites or platforms, we may collect data about your website, device and mobile app usage, including IP address, and similar information, which may be collected via automated means such as cookies and similar technologies. For more information about the cookies we use and how you can set your preferences in respect of those cookies please review our Cookies Notice.
  • If you register for a restricted part of a website, we will collect your username and password.
  • If you contact us with a query, we may collect the content, date and time of the query and our responses to it, as well as the contact details you used to contact us.
  • You may choose to submit Personal Data directly to us in response to marketing or other communications, such as through our websites or through social media or through participation in an offer, program, or promotion. The information you provide may include your contact details (such as name, postal or e-mail address, and phone number) and business contact information (such as job title, department and name of organization).
  • You may submit Personal Data to us by directly signing up for a Truata product or service or you may be an employee, agent or related third party in respect of a customer or client of Truata which is signing up for a Truata product or service and we may receive Personal Data about you directly or indirectly from your employer, reseller or other authorised third party in connection with the operation and/or delivery and/or resale and/or support of such product and service. This may include Personal Data processed for the purpose of providing you with access to Truata systems and platforms.
  • When you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your contact details (such as name, postal or e-mail address, and phone number) and business contact information (such as job title, department and name of organization) and payment information. We refer to this information as “Order Information.”
  • You may contact and communicate with us and therefore submit Personal Data to us in connection with an actual or potential business, including steps taken as part of a sales or onboarding process in contemplation of entering into a business relationship with Truata. You may be an employee of an organisation seeking such a relationship and communicate with us on your employer’s behalf.
  • We may collect any Personal Data you provide to us directly, or from a recruiter or an employee who refers you to us, in the context of a job application. You may apply via our career page at https://www.truata.com/working-at-truata/, social media outlets such as LinkedIn, or via other means. The Personal Data collected may include your name, postal address, email address and phone number, employment history, curriculum vitae, contact details of your referees and any other Personal Data you choose to submit along with your application.
  • We may collect Personal Data about you from publicly available and licensed resources, including social media and third party databases, to perform market research and contact you about our services.
  • Our business contacts (e.g., your colleagues) may provide us with your contact information in order to establish a connection between you and us.

Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide Personal Data that is necessary to provide you with our products and services, or if we are legally required to collect it, you may not be able to benefit from them.

If you provide us with any Personal Data relating to another individual, you should make sure that the sharing with us, and our further use as described to you from time to time, is in line with applicable laws, so for example you should duly inform that individual on the processing of her/his Personal Data and obtain her/his consent, as may be necessary under applicable laws.

How We May Use Personal Data We Collect
We may use the Personal Data we collect to:

  • Provide, evaluate and improve our websites and platforms.
  • Communicate with you about products and services of Truata and its partners and to respond to your queries.
  • To manage our business relationships, including giving you access to our products and/or services or to provide you with a requested product and/or service which you or your employer has requested or entered into a contract for the provision of.
  • Evaluate your interest in and suitability for employment and contact you regarding possible employment with Truata.
  • Analyze our activities and develop new products and services.
  • Enforce any applicable website or platform terms of use and/or acceptable usage policy or as otherwise necessary to establish, exercise and defend legal rights.
  • Comply with applicable legal requirements, industry standards and our policies, including Know Your Customer, Anti-Money Laundering, anti-corruption and sanctions screening requirements, or as requested by any judicial process, law enforcement or governmental agency having or claiming jurisdiction over Truata or Truata’s affiliates.
  • Create and manage any accounts you may have with us.
  • Perform due diligence reviews, accounting, auditing, billing, reconciliation and collection activities.
  • We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, and providing you with invoices and/or order confirmations) as well as screen orders for potential risk or fraud.

We will only process your Personal Data when we have a valid legal ground for the processing, including if:

  • You have consented to the use of your Personal Data.
  • We need your Personal Data to provide you with products and services or to respond to your queries, such as where the processing is necessary for entering into, or performance of, a contract to which you or your employer are party.
  • We have a legal obligation to process your Personal Data.
  • We, or a third party, have a legitimate interest to process your Personal Data. In particular, we have a legitimate interest to process your Personal Data for security and fraud prevention, to improve out websites and platforms and to develop new products and services.

Where required under applicable law, we have carried out balancing tests for the data processing based on our or a third party’s legitimate interests to ensure that such legitimate interest is not overridden by your interests, fundamental rights or freedoms. For more information on our balancing tests, you may contact us as set out in the “How to Contact Us” section below.

We will not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless you explicitly consented to the processing, the processing is necessary for entering into, or performance of a contract between you and Truata, or when we are legally required to use your Personal Data in this way, for example to prevent fraud.


How We Share Your Personal Data

  • We do not share or otherwise disclose Personal Data we collect about you, except as described in this Privacy Policy or as otherwise disclosed to you at the time the data is collected.
  • We may share your Personal Data with our service providers who perform services on our behalf and in relation to the purposes described in this Privacy Statement. We authorize these service providers to use or disclose the information only as necessary to perform those services on our behalf or comply with legal requirements. We require these service providers by contract to safeguard the privacy and security of Personal Data they process on our behalf. For example, we use Shopify to power our online store–you can read more about how Shopify uses your Personal Data here: https://www.shopify.com/legal/privacy and view the Shopify cookie policy here: https://www.shopify.com/legal/privacy/customers. Shopify may use services providers who perform services on behalf of Shopify including for example the payment processor PayPal.
  • We may disclose information about you (i) if we are required to do so by law or legal process, (ii) when we believe disclosure is necessary to prevent harm or financial loss, or (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity.
  • We also reserve the right to transfer Personal Data we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Data you have provided to us in a manner that is consistent with this Privacy Policy.

Your Rights and Choices
You can at any time opt out from receiving marketing communications by clicking on the unsubscribe link within such communications or by e-mailing us at privacy@truata.com. Subject to applicable law, you have the right to:

  • Request access to and receive information about the Personal Data we maintain about you; update and correct inaccuracies in your Personal Data; restrict or object to the processing of your Personal Data; have the information anonymized or deleted, as appropriate; and easily transfer your Personal Data to another company (data portability);
  • Withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time and free of charge (we will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal); and
  • Lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.

These rights may be limited in some circumstances by local law requirements. You may exercise these rights by contacting us as indicated below.

Features and Links to Other Sites
You may choose to use certain features or services for which we partner with other entities, or click on links on our websites or platforms to other sites for your convenience and information. These features may operate independently from Truata. They may have their own privacy policies, which we strongly suggest you review. To the extent any features or linked sites you visit are not owned or operated by Truata, we are not responsible for their content or privacy practices.

Processing in the context of the Anonymization Solution

To provide customers with our Anonymization Solution, we obtain de-identified data from our customers and apply further de-identification techniques to anonymize it. We apply analytics on the anonymized data to provide our customers with anonymized information such as compilations, analyses, analytical and predictive models and rules, and other aggregated reports. We only share such information with the relevant customer or with an entity which has been duly authorised by the relevant customer to access and process that information on their behalf. More information is available here.

Truata relies on the legitimate interest legal ground to anonymize the data we receive from our customers. The types of data collected vary depending on the customer. For more information or to exercise your rights in relation to the data we receive from our customers, please contact the relevant customer.

Other Information

 Information Security
We maintain appropriate administrative, technical, and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. For example we use SSL encryption on our website from which we transfer certain Personal Data and we also restrict access to Personal Data about you to those employees who need to know that information to operate our business.

Data Retention
We also take measures to delete your Personal Data or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

International Data Transfers
We store your Personal Data in the European Economic Area. However, we may transfer or disclose Personal Data we collect about you to recipients in countries other than your country. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your Personal Data to other countries, we will protect that information as described in this Privacy Statement. We comply with applicable legal requirements when transferring Personal Data to countries other than the country where you are located. In particular, we have established and implemented a set of Binding Corporate Rules (“BCRs”) that have been recognized by EEA data protection authorities as providing an adequate level of protection to the Personal Information we process globally. A copy of our BCRs is available here. We may also transfer Personal Information to countries for which the EU Commission has issued an adequacy decision, or use contractual protections for the transfer of Personal Information to third parties, such as the European Commission’s Standard Contractual Clauses. You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of the EEA.


Updates to this Privacy Statement
We may update this Privacy Policy from time to time to reflect changes to our data governance practices. The revised Privacy Policy will be posted here with an updated revision date. We encourage you to check back periodically for any changes or updates. If we make a material change to our Privacy Policy, we will post a notice at the top of this page for 30 days. By continuing to use our websites, products and services after such revision takes effect we consider that you have read and understand the changes.


How to Contact Us
Truata Limited is the entity responsible for the processing of your Personal Data. If you have any questions about how your Personal Data is gathered, stored, shared or used, or if you wish to find more information on how to exercise any of your rights, please contact our Data Protection Officer at the details below.

  • e-mail our DPO at: privacy@truata.com; or
  • write to us at: Data Protection Officer, Truata Limited, Whelan House, South County Business Park, Leopardstown, Dublin, D18 T9P8, Ireland.