Data Privacy and Security Policy
OmniTrust Security, LLC
Effective date: February 27, 2026
This data privacy and security policy (“Privacy Policy”) describes how OmniTrust Security LLC and its affiliates (“OmniTrust”), collect and process information, including Personal Information and Company Data.
OmniTrust collects and processes information from many sources, including, but not limited to, trade shows, conferences, and other events; through business interactions with actual and potential customers and suppliers, and their personnel; and through the websites and other information systems that it controls, including, but not limited to, www.omnitrust.com, www.autoauth.com and all other websites and applications that either (1) are controlled by OmniTrust; or (2) link to this policy (collectively, the “Services”). This Privacy Policy details how OmniTrust uses and protects data, including Personal Information, that comes into its possession.
1. Definitions. As used in this Privacy Policy, the following terms capitalized terms shall be given the following meaning:
“Company Data” or “OEM Data” means data belonging to any company or original equipment manufacturer (“OEM”) and includes, without limitation APIs, Vehicle Model Unlock Codes, technical and non-technical information (and documentation related thereto), patent, copyright, trademark, trade secret, proprietary information, intellectual property, techniques, sketches, drawings, models, inventions, know-how, processes, apparatus, equipment, design details and specifications, architecture, and Personal Information provided by an OEM.
“Data Protection Requirements” means applicable data protection laws and regulations wherever OmniTrust Security, LLC or its affiliates conduct business, including the data protection principles contained in the EU General Data Protection Regulation (2016/679) (the “GDPR”); the GDPR as implemented in the UK together with the UK Data Protection Act 2018; the California Consumer Privacy Act of 2018 (“CCPA”); and the Massachusetts Data Privacy Protection Act (“MDPPA”) and associated regulations (e.g., 201 CMR 17.00).
“Personal Information” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Information is any information or combination of information that can be used to distinguish or trace a natural person’s identity. Personal Information includes, without limitation, given name, middle name, surname, maiden name, social security number, driver’s license number, passport number, taxpayer identification number, military identification number, government issued identification number, other identification numbers, biometric data records, phone numbers, job titles, employers, e-mail addresses, residential address, work address, date of birth, place of birth, mother’s maiden name, schools attended, credit card number(s), debit card number(s), payment card data, bank account number(s), bank account routing number(s), retirement account number(s), instant messaging user identifier(s), and social media screen name(s). As used in this Privacy Policy, Personal Information includes all “Personal Data” as that term is defined by the EU GDPR and UK GDPR, as well as “Personally Identifiable Information” as defined by NIST FIPS 201-3.
“You” means a user of the Services as defined above, or a person who has accessed this Privacy Policy, regardless of whether the user is a natural person, business entity, association, or any other legally recognized person.
2. Personal Information Collected by OmniTrust
OmniTrust collects Personal Information from a variety of sources, including from You directly (e.g. when You contact OmniTrust, complete a form, sign up for an account, complete a transaction with OmniTrust, or otherwise provide OmniTrust with Your Personal Information), information OmniTrust generates about You in the course of our relationship with You (e.g. data collected from cookies and other similar technologies), and information we collect about You from other sources, including commercially available sources, such as lawful publicly available databases.
We may be required by law to collect certain Personal Information about You or as a consequence of any contractual relationship we have with You. Failure to provide this information may prevent or delay the fulfillment of these obligations.
Information we collect directly from You
The categories of information that we may collect directly from You include the following:
- personal details, including, but not limited to, name, job title, and company;
- government issued identification numbers, including, but not limited to, driver’s license number, passport number, taxpayer identification number, and military ID number;
- contact details, including, but not limited to, phone number, email address, fax number, postal address, and mobile number;
- account details, including, but not limited to, type of product or service, username, password, payment method, and authorized users;
- transaction details including, but not limited to, when You purchase, what You purchase, how You pay for purchases, and how You respond to offers;
- product or service details, including, but not limited to, which products and services You have purchased from OmniTrust, how You use Your products and services, what information You download from our websites and other information systems, what product inquiries You have made, and what type of business You are in;
- communications , including, but not limited to, when You contact OmniTrust, what You contact OmniTrust about, which message boards or forums You participate in, which polls or surveys You respond to, and which products or services You review, comment upon, or request; and
- licensing details, including, but not limited to, licensee name, entity type, contact name, e-mail address(es), authorized user(s), license term, and types of products licensed.
Information we collect about Your use of OmniTrust Services
The following are examples of the other categories of information which OmniTrust may use that relate to You:
- Technical information collected from Your computer or mobile device, including, but not limited to, Your IP address, browser type, and operating system;
- Information about Your usage of OmniTrust’s Websites, including, but not limited to, Your login history, the pages You visit when using the Services, the duration of Your use of the Services, the files You download, the search terms You enter on the Services, how often You use the Services, and the pages You access before and after accessing the Services; and
- Information which we generate as a result of Your use of the OmniTrust Services, including, but not limited to, OmniTrust’s understanding of Your interests as a result of Your use of the OmniTrust Services and whether You are a regular or occasional user of the OmniTrust Services.
Information we collect from other sources
OmniTrust may also collect information about You from third-parties such as business partners, conference organizers, publicly available websites, and commercial databases. The following are examples of the categories of information OmniTrust may collect from other sources.
- personal details, such as Your name, job title, and company;
- contact details, such as phone number, email address, fax number, postal address, mobile number; and
- details about advertising preferences, such as products purchased, interaction with advertisements online, and offers You have responded to.
3. How OmniTrust Uses Personal Information
OmniTrust may use Personal Information for the following purposes:
- Identification and authentication: OmniTrust uses Personal Information to verify and authenticate identity whenever anyone accesses and uses OmniTrust Services or any OmniTrust website.
- Operating the Services: OmniTrust processes Personal Information to provide the correct products and Services, based on Your contractual relationship with OmniTrust and on Your specific requests for access to Services and OmniTrust websites. This includes providing licenses, and customer and technical support for OmniTrust products and Services.
- Improving our Services: OmniTrust analyzes information about how our customers, and the general public, use our Services, in order that OmniTrust may provide an improved experience for our customers of all our Services. This includes activities such as product testing and site analytics. OmniTrust has a legitimate business interest in understanding issues with its Services, so that such issues may be corrected and resolved.
- Communicating with You: OmniTrust may use Your Personal Information when it communicates with You. For example, OmniTrust may use Your Personal Information to communicate with You if OmniTrust is notifying You about changes to its terms and conditions, or in the event that You contact OmniTrust with questions. OmniTrust has legitimate interests in providing You with notices about our Services and with addressing Your needs.
- Marketing: OmniTrust may use Your Personal Information to build a profile about You and categorize You within particular marketing segments in order to understand Your preferences better. OmniTrust has a legitimate interest in providing You relevant and interesting information about our Services and product offerings. Where necessary, OmniTrust will obtain Your consent before sending such marketing messages.
- Exercising our Rights: OmniTrust may use Your Personal Information to exercise our legal rights where it is necessary to do so. For example, OmniTrust may use Your Personal Information in order to detect, prevent and respond to fraud claims, intellectual property infringement claims, violations of law, or violations of an OmniTrust software license, service agreement, or terms and conditions.
- Complying with Our Obligations: OmniTrust may process Your Personal Information to comply with our contractual and legal obligations. For example, OmniTrust may process Your Personal Information while carrying out fraud prevention checks or complying with other legal or regulatory requirements, where this is explicitly required by contract or law.
- Customizing Your Experience: When You use an OmniTrust Service, OmniTrust may use Your Personal Information to customize Your experience of the Services, and improve Your experience of the Services.
- Data Analysis: OmniTrust may anonymize Your Personal Information in such a way that You may not reasonably be re-identified by OmniTrust or any other person. OmniTrust may use this anonymized information for data analysis purposes.
Restrictions OmniTrust observes in its use of Your Personal Information:
- Adequate, Relevant and Non-excessive Processing: OmniTrust only processes Your Personal Information when it is strictly necessary for its defined business purposes. This means a “must have” and not “nice to have” approach is taken with respect to the Personal Information that is collected and processed. Personal Information that is not necessary for that intended business purpose is not collected and processed.
- Need-to-Know: Your Personal Information is handled by designated and authorized employees on a “need-to-know” basis.
- Accuracy of Information: The data collection and processing methods used by OmniTrust meet or exceed all industry standards and jurisdictional laws and regulations. OmniTrust employs methods to continually ensure the accuracy of Your Personal Data.
- Retention of Personal Information: OmniTrust retains your Personal Information as may be required by applicable jurisdictional law, which may be up to twenty (20) years. Except as otherwise required by law, OmniTrust does not keep Your Personal Information in a form that permits identification (data which has not been anonymized or de-identified) for longer than is necessary for the purpose(s) for which it was collected. Any Personal Information that no longer serves a legitimate identified business purpose is deleted.
- Anonymized Personal Information: When applicable, OmniTrust encrypts or anonymizes Your Personal Information.
- Security of Personal Data: OmniTrust takes appropriate technical, physical and organizational measures to keep Your Personal Information secure to prevent unlawful or unauthorized processing or accidental loss, destruction or damage to, Your Personal Information. In determining the appropriate measures, OmniTrust considers the industry standards, the security measures available, the cost of their implementation, the nature, scope and purposes of processing, and the risk posed to individuals. The degree of protection meets or exceeds all applicable laws and regulations that protect Your Personal Information
4. How and When OmniTrust Shares Your Personal Information
Your Personal Information may be shared when:
- You Authorize Sharing of Your Personal Information: In the event that You authorize OmniTrust to share Your Personal Information, OmniTrust may share Your Personal Information with other services providers and business partners, only to the extent allowable by law.
- Service providers and business partners: we may share Your Personal Information with our service providers and business partners that perform marketing services and other business operations for us for the purposes set forth above. For example, we may partner with companies to sell, distribute and support products, process secure payments, fulfill orders, optimize services, serve online behavioral advertising, send newsletters and marketing messages, support email and messaging services, and analyze information. These service providers and business partners may include advertising agencies and fraud prevention agencies which will use Your Personal Information only in the ways described in this policy.
- Group companies: OmniTrust works closely with its affiliates. We may share portions of Your Personal Information (e.g. Your buying and browsing history on the Services and Your personal and contact information) with OmniTrust affiliates for marketing purposes, security, optimization of products and services, and internal reporting. We do this for the purposes set out above.
- Where required by law: we may share Your Personal Information with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
- In the context of a transaction: we may share Your Personal Information with potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell or transfer all or a portion of our assets or business. Should such a sale or transfer occur, we will use reasonable efforts to obligate the entity to which we transfer Your Personal Information to use it in a manner that is consistent with this Privacy Policy.
5. Your rights over Your Personal Information
Depending on where You live and where You work, the Data Protection Requirements provide You with certain rights regarding the Personal Information OmniTrust hold about You. These may include the rights to access, correct, delete, restrict or object to our use of, or receive a portable copy in a usable electronic format of Your Personal Information. Depending on the jurisdiction in which You reside, You also may have a right to lodge a complaint with Your local data protection or privacy regulator.
We encourage You to contact us to update or correct Your information if it changes or if the Personal Information we hold about You is inaccurate. Where You have provided Your consent to any use of Your Personal Information, You can withdraw this consent at any time.
Requests regarding Your Personal Information can be communicated to OmniTrust in any way, including via email, fax, letter, telephone, website request, customer services or via a third party. Any OmniTrust personnel who receives a request in relation to Personal Information is dedicated to preserving Your rights with respect to Your Personal Information.
To the extent that by exercising Your rights over Your Personal Information, You make it commercially impractical for OmniTrust to deliver Services, OmniTrust may discontinue Your access to the Services. Such discontinuation of Services shall not entitle You to a refund of any fee paid for the Services.
Unless You request OmniTrust to delete Personal Information OmniTrust has about You, OmniTrust retains Your Personal Information for as long as we have a relationship with You. When deciding how long to keep Your Personal Information after our relationship with You has ended, we consider our legal obligations. We may also retain records to investigate or defend against potential legal claims.
Individuals located within the EEA, the UK or Jersey may be able to exercise the following rights:
- Right of Access: You have the right to request access to Personal Information that OmniTrust holds about them.
- Right to Rectification: You have the right to request that any incorrect or inaccurate Personal Information relating to yourself is corrected and/or amended. If required to do so, OmniTrust will comply with such requests. OmniTrust will use reasonable endeavors to maintain the accuracy of Personal Information and keep it up-to-date.
- Right to Erasure: You are entitled to request for Your Personal Information to be deleted from OmniTrust databases. OmniTrust will comply to the extent required by law. Erasure of Your Personal Information may impact Your ability to access OmniTrust products and services.
- Right to Restriction of Processing: You may request that the processing of Your Personal Information to be restricted. OmniTrust will cease processing Your Personal Information when: (i) the accuracy of it is contested by the You; (ii) the processing is unlawful but erasure has not been requested; (iii) the processing is no longer necessary; or (iv) You have objected to the processing and OmniTrust determines that there exists no overriding legitimate grounds to continue processing.
- Right to Data Portability: You have the right to request to receive Your Personal Information in a structured, commonly used and machine-readable format and, where requested and technically feasible, transmit them to another organization.
- Right to Object: You have the right to object to processing of their Personal Information based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific or historical research and statistics.
- Rights against Automated Decision-making, including Profiling: OmniTrust does not use personal data for any automated decision-making or profiling purposes.
Individuals located within the State of California may have the following non-exclusive rights to:
- Request information about the nature and extent of the data collected;
- Request that data that has been collected be deleted;
- Opt in or out of having their data sold to third parties;
- Correct inaccurate information; and
- Limit use of Personal Information.
Please note that we may require additional information from You in order to honor Your requests. If You would like to discuss or exercise any rights You may have under law, please contact us at the contact information set forth below.
6. International Data Transfer
Your Personal Information may be transferred to, stored, and processed in a country that is not regarded as providing the same level of protection for Personal Information as the laws of Your home country, and may be available to the government of those countries under a lawful order made in those countries.
We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to provide adequate protections for Your Personal Information, regardless of jurisdiction.
7. OmniTrust Data Security
OmniTrust implements security measures designed to safeguard the Personal Information, Company Data, and OEM Data we process through the Services. These measures are aimed at providing on-going integrity and confidentiality for Your Personal Information, Company Data, and OEM Data. OmniTrust evaluates and updates these measures on a regular basis.
In maintaining and processing Personal Information OmniTrust will:
- Use secure authentication protocols, including control of user IDs and other identifiers;
- Use a reasonably secure method of assigning and selecting passwords, or use of unique identifier technologies, such as biometrics or token devices;
- Control the security of passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect;
- Restrict access to the Services to active users and active user accounts only;
- Block access to Personal Identification after multiple unsuccessful attempts to gain access or the limitation placed on access for the particular system;
- Use secure access control measures that restrict access to records and files containing Personal Information to those who need such information to perform their job duties;
- Assign unique identifications plus passwords, which are not vendor supplied default passwords, to each person with computer access, that are reasonably designed to maintain the integrity of the security of the access controls;
- Encrypt all transmitted records and files containing Personal Information that will travel across public networks;
- Encrypt all data containing Personal Information to be transmitted wirelessly;
- Monitor systems for unauthorized use of or access to Personal Information;
- Encrypt all Personal Information stored on laptops or other portable devices;
- Use up-to-date and secure software, hardware, and communications that meet or exceed industry standards;
With Regard to Company and OEM Data, OmniTrust shall:
- Ensure the confidentiality, security and availability of Company and OEM Data;
- Protect against threats or hazards to the confidentiality, security, and availability of Company and OEM Data:
- Protect against unauthorized access, use, disclosure, or destruction of Company and OEM Data;
- Dispose of Company and OEM Data, as and when required, except for such Company or OEM Data that must be retained to comply with law or legal purposes;
- Retain all Company and OEM Data as may be required by existing contracts or jurisdictional laws, which may be up to twenty (20) years;
- Use documented processes and procedures for data security and data controls that are consistent with generally accepted industry standards and practices (“Information Security Program”);
- Provide appropriate training to its employees regarding its Information Security Program and data privacy policies and procedures; and
- Make information concerning the foregoing available to its Corporate and OEM clients upon request.
Access Restrictions:
- OmniTrust shall provide only its own employees with access authority to Personal Information, Company Data, or OEM Data and only to the extent which is necessary to their respective task in fulfilling OmniTrust’s obligations under any relevant Services agreement.
- OmniTrust shall not permit third parties (including, but not limited to, agents and subcontractors) to process Personal Information, Company Data, or OEM Data unless such processing is necessary to perform the Services. In the event that OmniTrust uses third-party services to Process Personal Information, Company Data, and/or OEM Data, OmniTrust shall insure that the third-party adheres to substantially as protective standards as set forth in this Privacy Policy, and (iii) monitor such third parties to confirm that they have satisfied such obligations.
- OmniTrust shall notify OEM promptly in writing in the event that OmniTrust learns that any Processing of OEM Data has occurred in material violation of this Agreement or applicable laws (“Security Incident”).
- OmniTrust shall (i) cooperate with OEM to investigate the Security Incident, and (ii) preserve all relevant information and evidence related to the Security Incident.
- Except as may be required by applicable law, OmniTrust agrees that it will not inform any third party (excluding law enforcement and OmniTrust counsel) of any Security Incident without first obtaining OEM’s prior written consent. To the extent that a Security Incident gives rise to a need to (i) provide notification to public authorities, individuals, or other persons, the timing and content of effectuating any notices shall be determined mutually by OmniTrust and OEM in accordance with applicable law.
Security Audits:
- OmniTrust shall conduct, either itself or through registered third-parties, security audits on at least an annual basis.
- OmniTrust shall maintain reasonable certifications indicating that it maintains reasonable security of Personal Information, Company Data, and OEM Data.
8. Contact Us
OmniTrust is the controller responsible for the Personal Information, Company Data, and OEM Data we collect and process. We are represented in the European Union by our affiliate 3Key s.r.o.
If You have questions or concerns regarding the way in which Your Personal Information, Company Data, or OEM Data has been used, please complete and submit the form at https://ghsiss.com/privacy-contact-us
We are committed to working with You to obtain a fair resolution of any complaint or concern about privacy. If, however, You believe that we have not been able to assist with Your complaint or concern, You may have the right to make a complaint to the data protection authority for the jurisdiction in which you reside.
9. Changes to the Policy
We may modify or update this privacy policy from time to time. If we make any revisions that materially change the ways in which we process Your Personal Information, Company Data, and/or OEM Data, we will notify You of these changes before applying them.