Skip to main content

On-demand webinar coming soon...

On-demand webinar coming soon...

Transparency Report

Introduction

OneTrust LLC and its affiliates (currently Convercent, Planetly and Tugboat Logic) (together, “OneTrust”, “we” or “us”) are committed to being fully transparent about our privacy practices. Here, we describe our policy for managing government and law enforcement requests to access personal information that is stored in our systems, and we provide our Transparency Report that documents the requests we have received to date.

 

Government and law enforcement request policy

OneTrust does not voluntarily disclose any personal data of customers to government authorities or otherwise grant them access to such data. In addition, OneTrust has not built, and will not purposefully build, backdoors to enable government actors to access its data or information systems, and has not changed, and will not purposefully change, its processes in a manner that facilitates government access to data.

However, OneTrust may receive a legally binding subpoena, writ, warrant, or other court order from a government authority requesting that it disclose a customer’s personal data. OneTrust will only provide the requested customer data in response to formal and valid legal process. Where OneTrust receives such a request, OneTrust’s legal team reviews the request to ensure that it satisfies applicable legal requirements. If the legal assessment reveals legitimate and lawful grounds for challenging the request, OneTrust will do so where appropriate. OneTrust’s policy is to construe such requests narrowly to limit the scope of the personal data provided.

For OneTrust to disclose any customer data, the request must also satisfy the following policies:

  • be made in writing and on official letterhead,
  • identify and be signed by an authorized official of the requesting party and provide official contact information, including a valid email address,
  • indicate the reason for, and nature of, the request,
  • identify the customer or customer account that is the target of the request,
  • describe with specificity the data/information sought and its relationship to the investigation, and
  • be issued and served in compliance with applicable law.

Where OneTrust receives a legally binding request for a customer’s personal data, OneTrust’s policy is to notify the customer via email before disclosing any information. To the extent permissible under the request and/or applicable law, the notice will describe the personal data requested, the authority making the request, the legal basis of the request, and any response already provided. This notice gives the customer an opportunity to pursue a legal remedy, such as filing an objection with a court or the requesting authority.

Exceptions to OneTrust’s policy for personal data requests by government authorities:

  • A statute, court order, or other law may prohibit OneTrust from notifying the customer about the request, but OneTrust will make reasonable efforts to obtain a waiver of the prohibition or provide notice once the prohibition requirement ends.
  • OneTrust might not give notice to the customer in exceptional circumstances involving imminent danger of death or serious physical injury to any person or to prevent harm to OneTrust’s services.
  • OneTrust might not give notice to the customer when it has reason to believe that the notice would not go to the actual customer account holder, for instance, if an account has been hijacked.
  • Where OneTrust identifies unlawful or harmful activity, or suspects any such activity, related to a customer’s account, it might notify appropriate authorities, such as in the cases of hacking.

 

Transparency report

OneTrust’s Transparency report shows:

  • The countries where we operate
  • The number of requests received per country
  • The identities of the requesting authorities
  • The number of accounts related to each request
  • The types of personal data requested
  • The number of requests we have challenged
  • The number of times we disclosed personal data in response to the requests

 

 

Business entity

Number of requests received

Name of the country and government/law enforcement authority

Number of customer accounts affected by the request(s)

Type(s) of personal information requested 

Number of requests we challenged

Number of disclosures we made

OT Technology Inc.

0     

OneTrust LLC

0     

OneTrust Technology Limited

0     

OT Technology Spain S.L.U.

0     

OT (Australia) Privacy Ltd

0     

OT Privacy Software Private Limited

0     

OneTrust Canada Inc.

0     

Convercent, Inc.

0     

OneTrust Germany GmbH

0     

 

 

Additional information

For more information on OneTrust’s privacy and security practices, please refer to our Privacy Notice and Trust page.

Details

Atlanta, GA, USA (Co-Headquarters)
1200 Abernathy Rd NE, Building 600
Atlanta, GA 30328
United States
+1 (404) 390-4157

London, England 
82 St John St
Farringdon
London EC1M 4JN

Data Protection Officer

Linda Thielova
Email Address: DPO@onetrust.com
If you have questions, requests or concerns regarding your privacy and rights, please let us know how we can help.