Privacy Policy

Effective Date: August 15, 2025
Last Updated: December 31, 2025

Introduction

Trislaa ("we," "us," or "our") is committed to protecting the privacy and security of personal information entrusted to us by our clients, partners, and website visitors. This Privacy Policy describes how we collect, use, disclose, and protect personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

This policy applies to all personal data processed by Trislaa through our website, digital platforms, client engagements, and business operations.

1. Data Controller and Contact Information

Trislaa

Email: privacy@trislaa.com
Data Protection Officer: dpo@trislaa.com

For privacy inquiries, data subject requests, or concerns regarding the processing of your personal information, please contact us using the information above.

2. Scope and Application

This Privacy Policy applies to:

• Visitors to our website and digital properties
• Prospective and current clients and their representatives
• Service providers, vendors, and business partners
• Job applicants and employees (supplemented by additional internal policies)
• Participants in our events, webinars, and educational programs

3. Categories of Personal Data We Collect

3.1 Identity and Contact Information

• Full name, professional title, and role
• Business and personal email addresses
• Business and mobile telephone numbers
• Postal addresses and location data
• Company name and organizational affiliation

3.2 Professional Information

• Employment history and professional credentials
• Areas of expertise and specialization
• Educational background and certifications
• Professional memberships and affiliations

3.3 Technical and Usage Data

• IP addresses and device identifiers
• Browser type, version, and configuration
• Operating system and platform information
• Pages visited, navigation paths, and engagement metrics
• Access times, frequency, and duration of visits
• Referral sources and exit pages

3.4 Communication and Interaction Data

• Content of inquiries, requests, and correspondence
• Survey responses and feedback
• Event registration and participation information
• Webinar attendance and engagement metrics
• Marketing communication preferences

3.5 Transaction and Engagement Data

• Contract details and service agreements
• Billing information and payment records
• Project scopes, deliverables, and milestones
• Engagement history and client relationship data

3.6 Sensitive Personal Data

We generally do not collect sensitive personal data (such as racial or ethnic origin, political opinions, religious beliefs, health information, or biometric data). In rare circumstances where such data may be processed, we will obtain explicit consent or rely on another lawful basis as required by applicable law.

4. How We Collect Personal Data

4.1 Direct Collection

• Information you provide through website forms, contact requests, and inquiries
• Data shared during consultations, meetings, and client engagements
• Registration information for events, webinars, and programs
• Subscription requests for newsletters and communications
• Job applications and recruitment processes

4.2 Automated Collection

• Cookies and similar tracking technologies
• Web analytics tools and performance monitoring
• Email engagement tracking (opens, clicks)
• Chat and support interaction tools

4.3 Third-Party Sources

• Business contact databases and professional directories
• Social media platforms (LinkedIn, Twitter)
• Marketing and event platforms
• Background check services (with consent, for employment)
• Public records and regulatory filings

5. Legal Basis for Processing Personal Data

We process personal data based on the following legal grounds:

5.1 Contract Performance

To execute and deliver services requested by clients and to fulfill our contractual obligations.

5.2 Legitimate Interests

To operate our business, improve our services, conduct marketing activities, protect our systems, and pursue other legitimate business purposes, provided such interests do not override your fundamental rights.

5.3 Legal Obligations

To comply with applicable laws, regulations, court orders, and legal processes.

5.4 Consent

For specific processing activities where required by law, such as marketing communications and certain cookies. You may withdraw consent at any time.

5.5 Vital Interests

In rare circumstances, to protect the vital interests of individuals or public health.

6. How We Use Personal Data

6.1 Service Delivery and Client Management

• Executing and managing client engagements and projects
• Providing consulting, implementation, and support services
• Communicating with clients regarding service delivery
• Managing contracts, invoicing, and payments
• Responding to inquiries and support requests

6.2 Business Operations

• Operating and securing our website and digital infrastructure
• Analyzing usage patterns and improving user experience
• Conducting research, analysis, and business intelligence
• Managing vendor and partner relationships
• Fulfilling internal administrative requirements

6.3 Marketing and Communications

• Sending newsletters, thought leadership, and industry insights
• Promoting events, webinars, and educational programs
• Conducting market research and customer surveys
• Personalizing marketing content and recommendations
• Managing communication preferences

6.4 Legal and Compliance

• Complying with legal obligations and regulatory requirements
• Responding to legal processes and government requests
• Enforcing our terms, policies, and agreements
• Protecting our rights, property, and safety
• Detecting and preventing fraud, abuse, and security incidents

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

Essential Cookies: Required for website functionality, security, and session management.

Performance and Analytics Cookies: Collect aggregate information about website usage to improve performance and user experience. We use tools such as Google Analytics, Adobe Analytics, or similar platforms.

Functionality Cookies: Enable enhanced features and personalization based on your preferences.

Marketing and Advertising Cookies: Track your activity across websites to deliver targeted advertising and measure campaign effectiveness. We may work with advertising partners such as Google Ads, LinkedIn Ads, and others.

7.2 Cookie Management

You can manage cookie preferences through your browser settings or our cookie consent management tool. Disabling certain cookies may limit website functionality.

7.3 Do Not Track

Our website does not currently respond to Do Not Track (DNT) signals, as industry standards are still evolving.

8. Data Sharing and Disclosure

We share personal data with the following categories of recipients:

8.1 Service Providers and Processors

We engage trusted third-party service providers to support our business operations, including:

• Cloud infrastructure and hosting providers (AWS, Microsoft Azure, Google Cloud)
• Customer relationship management (CRM) platforms
• Marketing automation and email service providers
• Analytics and performance monitoring tools
• Payment processors and financial services providers

All service providers are contractually obligated to protect personal data and use it only for specified purposes.

8.2 Professional Advisors

Legal counsel, accountants, auditors, and other professional advisors bound by confidentiality obligations.

8.3 Business Partners

Strategic partners and technology vendors involved in joint service delivery, subject to confidentiality agreements.

8.4 Legal and Regulatory Authorities

Government agencies, regulators, law enforcement, and courts when required by law or to protect our legal rights.

8.5 Corporate Transactions

In connection with mergers, acquisitions, reorganizations, or asset sales, personal data may be transferred to successor entities, subject to continued compliance with this Privacy Policy.

9. International Data Transfers

Trislaa operates globally and may transfer personal data across borders to fulfill our services and business operations. When transferring personal data outside the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection regulations, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs)
• Adequacy decisions by relevant data protection authorities
• Consent or other lawful transfer mechanisms as required

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.

10.1 Retention Criteria

• Client data: Retained for the duration of the engagement and as required by contract, plus applicable limitation periods (typically 7-10 years)
• Marketing data: Retained until you unsubscribe or for a reasonable period based on engagement
• Website analytics: Typically retained for 26-38 months in aggregate form
• Legal and compliance records: Retained as required by law

After the retention period expires, we securely delete or anonymize personal data.

11. Data Security

We implement comprehensive technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction:

11.1 Technical Measures

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Multi-factor authentication (MFA) and access controls
• Network segmentation and firewalls
• Intrusion detection and prevention systems
• Regular vulnerability assessments and penetration testing
• Secure software development lifecycle (SDLC)

11.2 Organizational Measures

• Access controls based on the principle of least privilege
• Employee training on data protection and security
• Confidentiality and non-disclosure agreements
• Incident response and breach notification procedures
• Regular security audits and compliance reviews
• Vendor security assessments and due diligence

While we employ industry-leading security practices, no system is completely secure. We encourage you to take reasonable precautions to protect your own data.

12. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

12.1 Right of Access

Request confirmation of whether we process your personal data and obtain a copy of such data.

12.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

12.3 Right to Erasure (Right to be Forgotten)

Request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes collected or when you withdraw consent.

12.4 Right to Restriction of Processing

Request limitation of processing in certain situations, such as when you contest the accuracy of data or object to processing.

12.5 Right to Data Portability

Receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.

12.6 Right to Object

Object to processing based on legitimate interests, including direct marketing, profiling, and automated decision-making.

12.7 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.

12.8 Right to Lodge a Complaint

Lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

12.9 California-Specific Rights (CCPA/CPRA)

California residents have additional rights, including:

• Right to know what personal information is collected, used, and shared
• Right to delete personal information
• Right to opt-out of the sale or sharing of personal information (we do not sell personal information)
• Right to correct inaccurate personal information
• Right to limit use and disclosure of sensitive personal information
• Right to non-discrimination for exercising privacy rights

To exercise your rights, please contact us at privacy@trislaa.com. We will respond to verified requests within the timeframes required by applicable law (typically 30 days for GDPR and 45 days for CCPA).

13. Children's Privacy

Our services are designed for businesses and professionals. We do not knowingly collect personal data from individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction) without parental consent. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

14. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services not operated by Trislaa. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. We will post the updated policy on our website with a revised "Last Updated" date. Material changes will be communicated through prominent notices on our website or via email when required by law.

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal data.

16. Contact Us

For questions, concerns, or requests related to this Privacy Policy or our data protection practices, please contact:

Trislaa
Email: privacy@trislaa.com
Data Protection Officer: dpo@trislaa.com

If you are located in the European Economic Area, you may also contact your local data protection authority.