GTN Applications and Services Privacy Policy

Effective: 23 July 2018

Introduction and Scope

Global Tax Network US, LLC and our controlled U.S. subsidiaries (“GTN” “we,” “us,” “our”) takes the protection of your personally identifiable information (PII) very seriously. This GTN Applications and Services Privacy Policy is designed to assist you in understanding how we process your personal data (PII):

This Privacy Policy does not apply to personal data processed outside of the systems and services described above, such as our front-end website located at https://www.gtn.com, or our sales and marketing systems.

The GTN website Privacy Policy is available here: https://www.gtn.com/privacy-policy.php

If we make any material changes to this privacy policy, we will provide notice of such change(s) in accordance with the process described below in the section Changes to this Privacy Policy.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

With respect to PII processed in the scope of this privacy policy, GTN complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”) as adopted and set forth by the U.S. Department of Commerce and the European Commission regarding the collection, use, retention, and transfer of PII from European Union member countries, as well as from Iceland, Liechtenstein, and Norway. GTN commits to adhere to and has certified that it adheres to the Privacy Shield Principles, in each case with respect to all PII that GTN receives in reliance on the Privacy Shield.

To learn more about the Privacy Shield, and to view GTN’s certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.

VeraSafe Privacy Program

GTN is a member of the VeraSafe Privacy Program, meaning that with respect to PII processed in the scope of this privacy notice, VeraSafe has assessed GTN’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.

Dispute Resolution

Where a privacy complaint or dispute cannot be resolved through GTN’s internal processes, GTN has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

Controllership

Within the scope of this privacy policy, GTN acts as either a joint data controller or a data processor for the PII we process, depending on our relationship with you. For example, if GTN processes your PII in the course of providing Professional Services, GTN is a joint data controller with your employer and other cooperating companies, such as relocation management services and cooperating tax offices, for your PII that we process. Conversely, if your employer uses our Web Applications, but GTN does not process your PII in the course of providing Professional Services, GTN is a data processor for your PII that we process.

Data We Collect

Data We Automatically Collect

When you access our Web Applications, whether by computer, mobile phone or other device, we automatically collect certain data about your use of our Web Applications. This data may include, without limitation:

We do not link such data to your PII, except to your IP address, which may be personally identifying in some circumstances.

In the course of providing Professional Services to you, GTN may also collect PII including your IP address, email address, and name in connection with the digital execution of agreements.

Data You Provide to Us

In some situations, you or Your Agent may provide us with your PII. Such PII may include your:

You, or Your Agent, may provide us with your PII when:

Cookies

A “cookie” is a small file stored on your hard drive that contains data about your computer. By showing how and when visitors use the Web Applications, cookies help us identify how many unique users visit us, save user preferences and track user trends and patterns. We use session cookies, which are cookies that are deleted when you leave our Web Applications, and persistent cookies, which are cookies that remain after you leave our Web Applications, so that you are recognized when you return.

The use of cookies is industry standard, so your browser may be set to accept cookies. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of the features of our Web Applications.

How We Use Your Data

GTN Will Use Data We Automatically Collect To:

GTN Will Use PII To:

Basis of Processing

In general, we process your PII on the basis of:

Please note that where we process your PII based on your consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing that was conducted based on consent given before the withdrawal, however, nor will it affect processing performed on other lawful grounds.

Where we receive your PII directly from you for the purpose of providing you with our Professional Services, we require such PII to be able to perform our contractual obligations to you. Without the necessary PII, GTN will not be able to provide Professional Services to you.

Sharing PII with Third Parties

We may use third parties to perform certain services on our behalf. We may share your PII with these third parties, as necessary, solely to enable them to perform those specific services for us.

Such third parties include those:

We contractually obligate that those third parties only provide access to your PII to persons who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. GTN remains liable for the protection of your PII that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

We may also share your PII with:

The PII that GTN shares with such third parties is limited to the following:

Where European Union data protection laws are applicable to the processing of your PII, and if we would need to transfer your PII to third countries, as defined in European Union data protection laws, this will be subject to appropriate safeguards and other requirements, as required by applicable law.

Other Disclosure of Your PII

We may disclose your PII (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, or (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change, or (iii) to our subsidiaries or affiliates only if necessary to provide Professional Services or Web Applications to you.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any PII, about our Web Applications’ users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible clients and customers.

If we must disclose your PII in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII.

Automated Decision-Making

We do not engage in automated decision-making activities, such as profiling.

Data Retention

Where we are a joint data controller, we retain your PII for as long as is required by law, professional standards, or professional codes of conduct to which we are subject. Typically, PII relating to U.S. citizens must be retained for at least seven (7) years, in order to comply with Internal Revenue Service requirements.

Where we are a data processor, we retain your PII for as long as is necessary for us to perform under our engagement with the data controller.

Please note that in some cases, data processed in the Web Applications may be archived in backup volumes and it may not be reasonably possible for us to delete data from those locations.

Security

We have implemented commercially reasonable measures to protect against unauthorized access to and unlawful interception or other processing of your PII that we process. All data you or Your Agent submits via our Web Applications is transmitted to us via TLS encryption. Unfortunately, data transmission over the Internet is never 100% secure, so we cannot guarantee the security of any data transmitted to us or from our Web Applications. Therefore, you use our Web Applications at your own risk.

You are responsible for protecting the security of your username and password that you use to access the Portal.

Third Party Websites

Our Web Applications may contain links to third party content or websites that GTN does not control. This includes links from advertisers, sponsors, and partners. Please note, that if you click on these links and enter a third party’s website, these third parties may use their own cookies to collect data or solicit PII. You should read the third party website’s privacy policy to learn how they will collect and use your data, as their policies may differ from ours and will apply to your use of their website.

GTN is not responsible for the treatment of your PII or any of your data by these third parties.

Revoking or Limiting Consent and Opting Out

Where we are a joint data controller, you may opt out of having your PII shared with third parties by us, and you may revoke your consent that you have previously provided for us to share your PII with third parties, except as required by law. To do this, you may send your request to our Privacy Officer using the information in the “Contact Us” section of this privacy policy.

You may also make updates or changes to your preferences regarding receiving future promotional messages from us by logging into the Portal and making the desired changes.

Please note that if you opt out of promotional/marketing emails, you may continue to receive certain communications from us, such as messages about your account in the Web Applications, and regarding our provision of Professional Services to you.

Accessing, Changing or Updating Your Data

Where we are a joint data controller, you may review, correct, update, or delete your PII you have provided to us by logging into the Portal and making the desired changes. Alternatively, you may contact our Privacy Officer using the information in the “Contact Us” section of this privacy policy to request access, correction, updating, or deletion of your PII in the Portal or in other information systems maintained by GTN in the course of providing the Professional Services.

Where we act as a data processor, and you wish to review, correct, update, or delete your PII that we process, please contact the data controller who has provided your PII to us.

Restriction and Objection to Processing, Portability

If you are a data subject whose PII we process, you may have the right, under certain circumstances, to have the processing of your PII limited (restricted), as well as the right to object to the processing of your PII. You may also have the right to ask to have your PII exported in a machine-readable format.

Where we act as a joint data controller, please contact our Privacy Officer using the information in the “Contact Us” section of this privacy policy, to exercise such rights where applicable. Where we act as a data processor, you may exercise your rights under this section by contacting the data controller who has provided your PII to us.

Children’s Privacy

Our Web Applications are not directed at, nor intended for use by, children under the age of 13. We do not knowingly allow anyone under 18 to provide any PII on our Web Applications. Children should always get permission from a parent or guardian before sending PII over the Internet. If you believe that your child may have provided us with PII, you can contact our Privacy Officer using the information in the “Contact Us” section of this privacy policy and we will delete the data.

EU Supervisory Authority Oversight

If you are a data subject whose PII we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union Member States.

Changes to this Policy

We may update this privacy policy from time to time by posting a new version on our website. You should visit this page occasionally to ensure you agree with any changes. When we post a revised privacy policy on our website, we will update the "Effective” date above to reflect the date of the changes.

By continuing to use our Web Applications or Professional Services after we post any such changes, you accept the privacy policy as modified.

EU Representative

GTN has appointed VeraSafe as our representative in the EU for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union (GDPR). VeraSafe may be contacted in addition to GTN only on matters related to the processing of PII. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative

Alternatively, VeraSafe can be contacted as follows:

Matthew Joseph
Zahradníčkova 1220/20A
Prague 15000
Czech Republic

VeraSafe Ireland Ltd
Unit 3D
North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

If you are a resident of the European Union, you may have the right to lodge a complaint with a data protection regulator in one or more of the EU member states.

Contact Us

If you have any questions about this Policy or our processing of your PII, please write to us by email at privacy@gtn.com or by postal mail at:

Global Tax Network US, LLC
Attn: COO / Data Privacy & Security Officer
7950 Main Street N, Suite 200
Maple Grove, MN 55369
USA

We will respond to your inquiry within one month or less.

Binding Arbitration

If a privacy dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you, pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.

U.S. Regulatory Oversight

GTN is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Get in touch

Learn how GTN can keep you one-step ahead on your mobility tax journey.

+1.888.486.2695
info@gtn.com

Or select an option below:

UP DOWN