Privacy Policy

OmniTrust Security, LLC

Effective Date: February 27, 2026

This privacy policy describes how OmniTrust Security, LLC and its affiliates (“OmniTrust”, “we”, “our”, or “us”) collects and processes personal information about you through “www.omnitrust.com”, “www.autoauth.com”, and all other OmniTrust websites and applications that link to this policy; through our interactions with you at trade shows, conferences, and other events; and through any other means by which we may receive your personal information (collectively, the “Services”), how we use and protect this information, and your rights in relation to this information.

This privacy policy applies to all personal information we collect or process about you. Personal information is information, or a combination of pieces of information, that could reasonably allow you to be identified.

1. DEFINITIONS

“Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person. This includes, but is not limited to, name, government-issued identification numbers, contact details, biometric records, financial account information, and online identifiers.

“Company Data” / “OEM Data” means proprietary information belonging to our clients, including but not limited to APIs, technical specifications, product designs, manufacturing data, intellectual property, trade secrets, and any other confidential business information provided to OmniTrust in connection with our services. Company Data and OEM Data are treated as confidential and are not considered Personal Information unless they contain Personal Information as defined above.

“Data Protection Requirements” means all applicable laws and regulations relating to the processing of Personal Information, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK Data Protection Act 2018, the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), and the Massachusetts Data Privacy Protection Act.

2. PERSONAL INFORMATION WE COLLECT

We collect personal information about you from a variety of sources, including from you directly (e.g. when you contact us, complete a form, sign up for an account, complete a transaction with us, or otherwise provide us with your information), information we generate about you in the course of our relationship with you (e.g. data collected from cookies and other similar technologies), and information we collect about you from other sources, including commercially available sources, such as public databases (where permitted by law).

We may be required by law to collect certain personal information about you or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations.

Information we collect directly from you

The categories of information that we may collect directly from you include the following:

  • (a) personal details (e.g. name, job title, company);
  • (b) contact details (e.g. phone number, email address, fax number, postal address, mobile number);
  • (c) account details (e.g. username, password);
  • (d) transaction details (e.g. when you make purchases or respond to offers);
  • (e) product or service details (e.g. information about products or services you have purchased from us and how you use them and/or expressed an interest in by downloading datasheets or visiting our web pages);
  • (f) communications (e.g. when you participate in message boards or forums, participate in polls or surveys, write a review or contact us with a question, comment or request); and
  • (g) licensing details (e.g. name, address and email address of named licensed users of our products).

Information we collect about your use of the Services

The following are examples of the other categories of information which we may collect about you:

  • (a) technical information collected from your computer or mobile device (e.g. your IP address, browser type, operating system);
  • (b) information about your usage of our websites (e.g. your login history, the pages you visit when using the Services, the files you download, the search terms you enter on the Services, how often you use the Services, and the pages you access before and after accessing the Services); and
  • (c) information which we generate as a result of your use of the Services (e.g. our understanding of your interests as a result of your use of the Services and whether you are a regular or occasional user of the Services).

Information we collect from other sources

We may also collect information about you from third-parties (e.g., business partners, conference organizers, publicly available websites or databases). The following are examples of the categories of information we may collect from other sources:

  • (a) personal details (e.g. name, job title, company);
  • (b) contact details (e.g. phone number, email address, fax number, postal address, mobile number); and
  • (c) details about advertising preferences (e.g. products purchased, interaction with advertisements online).

3. HOW WE USE YOUR PERSONAL INFORMATION AND THE BASIS ON WHICH WE USE IT

We may use your personal information for the following purposes:

Identification and authentication: We use your identification information to verify your identity when you access and use our Services and to ensure the security of your personal information. This is so we can comply with our contractual obligations to you.

Operating the Services: We process your personal information to provide the products and Services you have requested. This includes providing licenses and customer and technical support for our products and Services. This is so we can comply with our contractual obligations to you.

Improving our Services: We analyze information about how you use our Services to provide an improved experience for our customers of all our Services, including product testing and site analytics. It is in our legitimate business interests to use the information provided to us for this purpose, so we can understand any issues with our Services and improve them.

Communicating with you: We may use your personal information when we communicate with you, for example if we are providing information about changes to the terms and conditions or if you contact us with questions. It is in our legitimate interests that we are able to provide you with appropriate responses and provide you with notices about our Services.

Marketing: We may use your personal information to build a profile about you and place you into particular marketing segments in order to understand your preferences better and to appropriately personalize the marketing messages we send to you. It is in our legitimate interest to provide more relevant and interesting advertising messages. Where necessary, we will obtain your consent before sending such marketing messages.

Exercising our rights: We may use your personal information to exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law or our software license or service agreement.

Complying with our obligations: We may process your personal information to, for example, carry out fraud prevention checks or comply with other legal or regulatory requirements, where this is explicitly required by law.

Customizing your experience: When you use the Services, we may use your personal information to improve your experience of the Services, such as by providing interactive or personalized elements on the Services and providing you with content based on your interests.

We may also anonymize your personal information in such a way that you may not reasonably be reidentified by us or any other company, and may use this anonymized information for any other purpose.

4. HOW AND WHEN WE SHARE YOUR PERSONAL INFORMATION

We may share your personal information with third parties under the following circumstances:

Authorized recipients: We may share your personal information with individuals or entities that you have expressly authorized to receive such information in connection with specific services or transactions.

Service providers and business partners: We may share your personal information with our service providers and business partners that perform marketing services and other business operations for us. For example, we may partner with companies to sell, distribute and support products, process secure payments, fulfill orders, optimize services, serve online behavioral advertising, send newsletters and marketing messages, support email and messaging services, and analyze information. These service providers and business partners may include advertising agencies and fraud prevention agencies which will use your personal information only in the ways described in this policy.

Affiliated companies: OmniTrust works closely with its parent company, subsidiaries, and affiliates. We may share portions of your personal information (e.g. your buying and browsing history on the Services and your personal and contact information) with affiliated companies for marketing purposes, security, optimization of products and services, and internal reporting.

Where required by law: We may share your personal information with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

In the context of a transaction: We may share your personal information with potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell or transfer all or a portion of our assets or business. Should such a sale or transfer occur, we will use reasonable efforts to obligate the entity to which we transfer your personal information to use it in a manner that is consistent with this Privacy Policy.

5. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION

You have certain rights regarding the personal information we hold about you, subject to local law. These may include the rights to access, correct, delete, restrict or object to our use of, or receive a portable copy in a usable electronic format of your personal information. You also may have a right to lodge a complaint with your local data protection or privacy regulator.

We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. Where you have provided your consent to any use of your personal information, you can withdraw this consent at any time.

Rights for EEA, UK, and Jersey residents

If you are located in the European Economic Area, the United Kingdom, or Jersey, you have the following additional rights under applicable data protection laws:

  • (a) Right of access: You have the right to obtain confirmation of whether we process your personal information and to request a copy of the personal information we hold about you.
  • (b) Right to rectification: You have the right to request that we correct any inaccurate personal information and complete any incomplete personal information.
  • (c) Right to erasure: You have the right to request deletion of your personal information in certain circumstances.
  • (d) Right to restriction of processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.
  • (e) Right to data portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • (f) Right to object: You have the right to object to the processing of your personal information where we are relying on legitimate interests as the legal basis for processing.

Rights for California residents

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • (a) Right to know: You have the right to request information about the categories and specific pieces of personal information we have collected, the categories of sources from which we collected the information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we shared the information.
  • (b) Right to delete: You have the right to request the deletion of your personal information that we have collected.
  • (c) Right to opt out: You have the right to opt out of the sale or sharing of your personal information to third parties.
  • (d) Right to correct: You have the right to request that we correct inaccurate personal information.
  • (e) Right to limit use: You have the right to limit the use and disclosure of your sensitive personal information.

Please note that we may require additional information from you in order to honor your requests. If you would like to discuss or exercise any rights you may have under law, please contact us at the contact information set forth below.

6. INTERNATIONAL DATA TRANSFER

Your personal information may be transferred to, stored, and processed in a country that is not regarded as providing the same level of protection for personal information as the laws of your home country, and may be available to the government of those countries under a lawful order made in those countries.

We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to provide adequate protections for your personal information. For more information on the appropriate safeguards in place and to obtain a copy of such safeguards, please contact us at the contact information set forth below.

We retain your personal information for as long as we have a relationship with you. When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal obligations and applicable retention requirements, which may extend up to twenty years depending on the jurisdiction and the nature of the data. We may also retain records to investigate or defend against potential legal claims. Data that no longer serves a legitimate business function will be securely deleted in accordance with our data retention policies.

7. DATA SECURITY

We implement security measures designed to safeguard the personal information we process through the Services. These measures are aimed at providing on-going integrity and confidentiality for your personal information. We evaluate and update these measures on a regular basis.

Our security measures include but are not limited to:

  • (a) secure authentication protocols for system access;
  • (b) encrypted transmission of personal information;
  • (c) access controls limiting personal information access to authorized personnel with a legitimate business need;
  • (d) unique user identifications and password security requirements;
  • (e) monitoring systems designed to detect unauthorized access or use; and
  • (f) annual security audits maintaining industry-standard certifications.

Access to personal information is restricted to employees, contractors, and agents who need such access to perform their job functions and who are subject to contractual confidentiality obligations. Any individual found to be in violation of these obligations may be subject to disciplinary action, including termination of employment or contract.

8. CONTACT US

OmniTrust Security, LLC is the controller responsible for the personal information we collect and process.

If you have questions or concerns regarding the way in which your personal information has been used, please complete and submit the form at https://ghsiss.com/privacy-contact-us. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority of your country of residence.

EU Representative: For individuals in the European Union, our EU representative is 3Key s.r.o. (affiliate). You may contact our EU representative for any matters related to the processing of your personal information under the GDPR.

9. CHANGES TO THE POLICY

We may modify or update this privacy policy from time to time. If we make any revisions that materially change the ways in which we process your personal information, we will notify you of these changes before applying them to that personal information.