Effective: 26 July 2023

Introduction and Scope

Global Tax Network US, LLC (GTN”, “we,” “us,” “our) takes the protection of your personally identifiable information (“PII”) very seriously. This GTN Applications and Services Privacy Policy (“Privacy Policy”) is designed to assist you in understanding how we process (e.g. collect, record, organize, structure, store, adapt, alter, use, disclose, erase, destroy, etc.) your PII:

  • when we provide services to you, or to someone acting on your behalf (“Your Agent”), based on an engagement letter entered into between you or Your Agent and us (the “Professional Services”);
  • when you or Your Agent uses the My GTN Portal at https://www.mygtnportal.com or https://mygtnportal.com (the “Portal”); or
  • when you or Your Agent uses the GTN payment application at https://payment.gtn.com (collectively with the Portal, the “Web Applications”).

This Privacy Policy does not apply to PII processed outside of the systems and services described above, such as our front-end website located at https://www.gtn.com, or our sales and marketing systems. The GTN Website Privacy Policy is available here: https://www.gtn.com/privacy-policy 

EU-US and Swiss-US Data Privacy Frameworks

With respect to PII processed in the scope of this Notice, GTN complies with the EU-U.S. Data Privacy Framework (and its UK Extension) and Swiss-U.S. Data Privacy Framework (the “Data Privacy Framework”) as adopted and put forward by the U.S. Department of Commerce. GTN commits to upholding, and has certified to the Department of Commerce that it adheres to, the Data Privacy Framework Principles.

To learn more about the Data Privacy Framework, and to view GTN’s certification, please visit https://www.dataprivacyframework.gov/s/ and https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000PDFuAAO&status=Active, respectively.

VeraSafe Privacy Program

GTN US is a member of the VeraSafe Privacy Program, meaning that with respect to PII processed in the scope of this Privacy Policy, VeraSafe has assessed GTN US’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.

Dispute Resolution

If a privacy complaint or dispute relating to PII received by GTN US in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/ 

Controllership

Within the scope of this Privacy Policy, GTN acts as either a joint data controller or a data processor for the PII we process, depending on our relationship with you. For example, if GTN processes your PII in the course of providing Professional Services, GTN is a joint data controller with your employer and other cooperating companies, such as relocation management services and cooperating tax offices, for your PII that we process. Conversely, if your employer uses our Web Applications, but GTN does not process your PII in the course of providing Professional Services, GTN is a data processor for your PII that we process.

What Data Do We Collect?

Data We Automatically Collect

When you access our Web Applications, whether by computer, mobile phone or other device, we automatically collect certain data about your use of our Web Applications. This data may include, without limitation:

  • geographical location of your computer, mobile or other device;
  • bandwidth used;
  • system and connection performance;
  • browser type and version;
  • operating system;
  • referral source;
  • length of visit;
  • page views;
  • your mobile carrier (if applicable); and
  • IP address or other unique identifier for your computer, mobile phone or other device.

We do not link such data to your PII, except to your IP address, which may be personally identifying in some circumstances.

In the course of providing Professional Services to you, GTN may also collect PII including your IP address, email address, and name in connection with the digital execution of agreements.

Data You Provide to Us

In some situations, you or Your Agent may provide us with your PII. Such PII may include your:

  • biographical data;
  • professional data, including your title and your travel history;
  • contact data;
  • financial data;
  • Individual Taxpayer Identification Numbers, non-U.S. tax ID or social insurance numbers;
  • any other data you choose to submit to GTN; and
  • any other data we collect about you that by itself is not PII but if combined with PII could be used to help personally identify you.

You, or Your Agent, may provide us with your PII when:

  • entering data into the Web Applications;
  • sending source documents to us via the document sharing feature in the Portal or via other document sharing tools;
  • providing data to us to enable or support our provision of Professional Services to you or your Agent;
  • submitting a payment to GTN;
  • contacting us via the Portal;
  • registering and/or setting up an account or profile to access, visit and/or use the Portal; and
  • engaging in any other transaction with us on, or in relation to, our Web Applications.

We may also receive your PII from other third parties, such as dependents and spouses, tax or other government authorities, cooperating tax offices, and relocation providers.

Cookies

A “cookie” is a small file stored on your hard drive that contains data about your computer. By showing how and when visitors use the Web Applications, cookies help us identify how many unique users visit us, save user preferences and track user trends and patterns. We use session cookies, which are cookies that are deleted when you leave our Web Applications, and persistent cookies, which are cookies that remain after you leave our Web Applications, so that you are recognized when you return.

The use of cookies is industry standard, so your browser may be set to accept cookies. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject some or all cookies, except for strictly necessary cookies which are essential to provide the basic functions of the Web Applications. Note, if you reject certain cookies, you may not be able to access all of the features of our Web Applications.

How We Use Your Data

GTN Will Use Data We Automatically Collect to:

  • improve your experience on our Web Applications;
  • count users who visit our Web Applications or open our HTML-formatted email messages;
  • improve the delivery of our web pages to you; and
  • measure traffic on our Web Applications.

We May Use Your IP Addresses to:

  • help diagnose problems with our servers;
  • administer our Web Applications;
  • analyze trends, track users' movement through our Web Applications; and
  • gather broad demographic data for aggregate use in order for us to improve the Web Applications.

GTN Will Use PII to:

  • provide the Professional Services to you or Your Agent;
  • respond to your inquiries, and/or other requests or questions;
  • enable your or Your Agent’s use of the Web Applications;
  • contact you regarding your engagement with us;
  • collect payments;
  • send you or Your Agent invoices;
  • send you or Your Agent email notifications which you have specifically requested;
  • send you limited email marketing communications relating to our business; and
  • send you email messages containing company news, or service information.

Basis of Processing

In general, we process your PII on the basis of:

  • your (explicit) consent, where you have provided us with your consent for such processing;
  • the need to perform our obligations under an engagement letter entered into between you and us, where you have entered into such an engagement letter with us; or
  • our legitimate interests, such as our need to perform our obligations under an engagement letter entered into between Your Agent and us.

Please note that where we process your PII based on your consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing that was conducted based on consent given before the withdrawal, however, nor will it affect processing performed on other lawful grounds.

Where we receive your PII directly from you for the purpose of providing you with our Professional Services, we require such PII (and in some cases, we will need your consent to process your PII) to be able to perform our contractual obligations to you. Without the necessary PII, GTN will not be able to provide Professional Services to you.

Sharing PII with Third Parties

We may use third parties to perform certain services on our behalf. We may share your PII with these third parties, as necessary, solely to enable them to perform those specific services for us.

Such third parties include those:

  • hosting our Web Applications;
  • providing tax and accounting software;
  • hosting our document sharing platform;
  • providing cloud-based file backup service;
  • providing e-signature software as a service;
  • managing the functionality of our Web Applications; and
  • processing credit or other payment card payments.

We contractually obligate that those third parties only provide access to your PII to persons who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. Some of these third parties may be located outside of the United States. However, before transferring your PII to these third parties, we will either ask for your explicit consent or require the third party to implement and maintain reasonable security controls to protect the confidentiality, integrity, and availability of such PII, in accordance with the Data Privacy Framework and applicable data protection laws. GTN remains liable for the protection of your PII that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

We may also share your PII with:

  • third parties who provide relocation and other services to you;
  • cooperating tax offices who provide non-U.S. tax services to you (please note that such cooperating tax offices may be located outside of the U.S.); and
  •  governmental authorities as required by applicable law, including tax and immigration authorities.

The PII that GTN shares with such third parties is limited to the following:

  • compensation, payroll, and expense details related to your international assignment, transfer, or work abroad;
  • the result of your tax equalization, tax protection, and/or tax reconciliation settlement calculation(s);
  • the amount of any foreign tax credits utilized and/or carried back to prior years or carried forward to future years;
  • balance due/refund information from your individual tax returns;
  • the amount of any exclusions, deductions or credits related to income related to your international assignment, transfer or work abroad;
  • detail (including location and number) of days present and days worked;
  • detail of taxes paid and/or accrued;
  • a description of the work performed in preparing your tax returns and consulting services for purposes of GTN billing for services rendered;
  • personal financial data included in your individual income tax returns; and
  • data used in the review of your potential income, social, or other tax obligations.

Some of our third party service providers may be located outside of the country that you reside in. In some cases, the authorities in your country may not have determined that the data protection laws in the countries where our third party service providers are located provide a level of protection equivalent to the laws in your country. We will only transfer PII to third parties in these countries when there are appropriate safeguards in place. For example, if you are resident in the EU and the European Commission has not determined that the countries where our third party service providers are located provide an adequate level of protection for your PII, we will ensure that we have appropriate safeguards in place with the third parties, such as  the Standard Contractual Clauses as approved by the European Commission (“SCCs”).

GTN does not currently use the Data Privacy Framework as its data transfer mechanism from the EU, EEA and Switzerland, and uses the SCCs as its primary data transfer mechanism for EEA and Swiss PII. The SCCs are formally integrated into our agreements with third parties from whom and on behalf of whom we receive such PII. In addition, GTN regularly reviews and confirms its compliance with the most up-to-date guidance and obligations on valid data transfer under applicable privacy regulations. If we find it necessary to update the data transfer mechanism used, we will update this Privacy Notice accordingly. We remain liable for the protection of your PII that we transfer or have transferred to third parties through our designated data transfer mechanism, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.

Other Disclosures of Your PII

We may disclose your PII (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, or (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change, or (iii) to our subsidiaries or affiliates only if necessary to provide Professional Services or Web Applications access to you.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any PII, about our Web Applications’ users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible clients and customers.

If we must disclose your PII in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII.

Automated Decision-Making

We do not engage in automated decision-making activities, such as profiling.

Data Retention

Where we are a joint data controller, we retain your PII for as long as is required by law, professional standards, or professional codes of conduct to which we are subject. Typically, PII relating to U.S. citizens must be retained for at least seven (7) years, in order to comply with Internal Revenue Service requirements.

Where we are a data processor, we retain your PII for as long as is necessary for us to perform under our engagement with the data controller.

Please note that in some cases, data processed in the Web Applications may be archived in backup volumes and it may not be reasonably possible for us to delete data from those locations.

Security

We have implemented commercially reasonable technical and organizational security measures designed to protect against unauthorized access to and unlawful interception or other processing that may affect the confidentiality, integrity, and availability of your PII that we process. All data you or Your Agent submits via our Web Applications is transmitted to us via TLS encryption. Unfortunately, data transmission over the Internet is never 100% secure, so we cannot guarantee the security of any data transmitted to us or from our Web Applications. Therefore, you use our Web Applications at your own risk.

You are responsible for protecting the security of your username and password that you use to access the Portal.

Third Party Websites

Our Web Applications may contain links to third party content or websites that GTN does not control. This includes links from advertisers, sponsors, and partners. Please note, that if you click on these links and enter a third party’s website, these third parties may use their own cookies to collect data or solicit PII. You should read the third-party website’s privacy policy to learn how they will collect and use your data, as their policies may differ from ours and will apply to your use of their website.

GTN is not responsible for the treatment of your PII or any of your data by these third parties.

Revoking or Limiting Consent and Opting Out

Where we are a joint data controller, you may opt out of having your PII shared with third parties by us, and you may revoke your consent that you have previously provided for us to share your PII with third parties, except as required by law. You may also have the right to opt out if your PII is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized. To do this, you may send your request to our Privacy Officer using the information in the “Contact Us” section of this Privacy Policy.

You may also make updates or changes to your preferences regarding receiving future promotional messages from us by logging into the Portal and making the desired changes.

Please note that if you opt out of promotional/marketing emails, you may continue to receive certain communications from us, such as messages about your account in the Web Applications, and regarding our provision of Professional Services to you. However, if we required your consent in order to process your PII to provide our Professional Services to you and you withdraw your consent, we will no longer be able to provide our Professional Services to you. 

Accessing, Changing or Updating Your Data

In line with applicable data protection laws and the EU-U.S. (and its UK Extension) and Swiss-U.S. Data Privacy Framework Principles, where we are a joint data controller, you may review, correct, update, or delete your PII you have provided to us by logging into the Portal and making the desired changes. Alternatively, you may contact our Privacy Officer using the information in the “Contact Us” section of this Privacy Policy to request access, correction, updating, or deletion of your PII in the Portal or in other information systems maintained by GTN in the course of providing the Professional Services.

Where we act as a data processor, and you wish to review, correct, update, or delete your PII that we process, please contact the data controller who has provided your PII to us.

Restriction and Objection to Processing, Portability

If you are a data subject whose PII we process, you may have the right, under certain circumstances, to have the processing of your PII limited (restricted), as well as the right to object to the processing of your PII. You may also have the right to ask to have your PII exported in a machine-readable format.

Where we act as a joint data controller, please contact our Privacy Officer using the information in the “Contact Us” section of this Privacy Policy, to exercise such rights, where applicable. Where we act as a data processor, you may exercise your rights under this section by contacting the data controller who has provided your PII to us.

Children’s Privacy

Our Web Applications are not directed at, nor intended for use by, children under the age of 13. We do not knowingly allow anyone under 18 to provide any PII on our Web Applications. Children should always get permission from a parent or guardian before sending PII over the Internet. If you believe that your child may have provided us with PII, you can contact our Privacy Officer using the information in the “Contact Us” section of this Privacy Policy and we will delete the data.

EU Supervisory Authority Oversight

If you are a data subject whose PII we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union Member States.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time by posting a new version on our website. You should visit this page occasionally to ensure you agree with any changes. When we post a revised Privacy Policy on our website, we will update the "Effective” date above to reflect the date of the changes.

By continuing to use our Web Applications or Professional Services after we post any such changes, you accept the Privacy Policy as modified.

EU Representative

GTN has appointed VeraSafe as our representative in the EU for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union (GDPR). VeraSafe may be contacted in addition to GTN only on matters related to the processing of PII. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/public-resources/contact-data-protection-representative

Alternatively, VeraSafe can be contacted as follows:

VeraSafe Czech Republic s.r.o.
Klimentská 46
Prague 1, 11002
Czech Republic

VeraSafe Ireland Ltd
Unit 3D
North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

If you are a resident of the European Union, you may have the right to lodge a complaint with a data protection regulator in one or more of the EU member states.

UK Representative

VeraSafe has been appointed as GTN's representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to GTN, only on matters related to the processing of your PII. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.

37 Albert Embankment
London SE1 7TL
United Kingdom

Contact Us

If you have any questions about this Policy or our processing of your PII, please write to us by email at privacy@gtn.com or by postal mail at:

Global Tax Network US, LLC
Attn: COO / Data Privacy & Security Officer
6900 Wedgwood Road N, Suite 400
Maple Grove, MN 55311
USA

We will respond to your inquiry within one month or less.

Binding Arbitration

If a privacy dispute or complaint relating to PII that GTN US received in reliance on the Data Privacy Framework can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you, Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework. 

US Regulatory Oversight

GTN US is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

VeraSafe Trusted Site