Privacy Notice

Last updated: June 2026

1. Overview

Trusted Advisor Associates provides professional training workshops, online learning courses, and assessment tools to organizations and individuals globally.

We are committed to protecting personal data and processing it responsibly in accordance with applicable data protection laws, including the General Data Protection Regulation, UK GDPR, and Brazil’s Lei Geral de Proteção de Dados.

This notice describes how we collect, use, disclose, and protect personal data.

2. Data Controller

Unless otherwise specified, Trusted Advisor Associates, LLC acts as the data controller for personal data described in this notice.

Company Information

Trusted Advisor Associates, LLC
1405 S. Fern St.
#155
Arlington, VA 22202
United States

Privacy Contact

Email: [email protected]
Role: Privacy Lead / Data Protection Contact

3. Regional Representatives

Where required by applicable data protection laws, we have appointed representatives in certain jurisdictions. Supervisory authorities and individuals may contact these representatives regarding privacy matters.

EU Representative (Article 27 GDPR)

Trusted Advisor Associates LLC (registration number 11157592, USA) has appointed an EU Representative established in Cyprus in accordance with Article 27 of Regulation (EU) 2016/679 (General Data Protection Regulation (GDPR)).

If you are located in the European Union, you may contact our EU Representative regarding matters relating to the processing of your personal data, including requests to exercise your rights under the GDPR.

EU Representative Contact Details

RF PRIVACY MINDERS LTD
33 Konstantinou Paleologou, The Square, 2nd Floor
CY-6036 Larnaca
Cyprus
E-mail: [email protected]

UK GDPR Representative (Article 27 UK GDPR)

Trusted Advisor Associates LLC (registration number 11157592, USA) has appointed a UK GDPR Representative in accordance with Article 27 of the UK General Data Protection Regulation (UK GDPR).

If you are located in the United Kingdom, you may contact our UK GDPR Representative regarding matters relating to the processing of your personal data, including requests to exercise your rights under the UK GDPR.

UK GDPR Representative Contact Details

PRIVACY MINDERS (UK) LIMITED
71-75 Shelton Street
London WC2H 9JQ
United Kingdom
E-mail: [email protected]

Brazil LGPD Representative

Trusted Advisor Associates LLC has appointed a Brazilian DPO Representative.

If you are located in Brazil, you may contact our Brazil LGPD Representative regarding matters relating to the processing of your personal data, including requests to exercise your rights under the Brazil LGPD.

Brazil LGPD Representative Contact Details

MACHER SERVIÇOS EM TECNOLOGIA LTDA
Rua Lauro Muller, 116/3201
Rio de Janeiro – RJ
Brazil
E-mail: [email protected]

4. Categories of individuals covered by this notice

This notice applies to:

  • Workshop participants
  • Employees of client organizations receiving training
  • Users of our learning platform
  • Users of our assessment tools
  • Website visitors
  • Individuals who contact us
  • Prospective clients

5. Personal data we collect

Training and workshop participants

We may collect:

  • Name
  • Email address
  • Employer or organization
  • Job role or title (where provided)
  • Country or region (where provided)

This information may be provided by the participant or by the organization arranging the training.

Online course users

When individuals enroll in or access online courses, we collect:

  • Name
  • Email address
  • Account information
  • Course participation data
  • Learning activity and progress

Assessment tool users

When individuals use our assessment tool via the public portal (https://trustsuite.trustedadvisor.com/):

Required:

  • Email address

Optional:

  • Age range
  • Country
  • Industry

When individuals use our assessment tool via a private program:

Required:

  • Name
  • Email address
  • Additional identifying information (e.g., business unit, role or location), only if requested by the organization requesting the assessment

Website inquiries and contact forms

We may collect:

  • Name
  • Email address
  • Phone number (optional)
  • Message content
  • Marketing preferences

6. Purposes of processing

We process personal data for the following purposes:

Service delivery

  • Deliver training workshops and courses
  • Provide access to assessments
  • Manage learning accounts

Client engagement

  • Communicate with client organizations
  • Manage training engagements

Operations

  • Respond to inquiries
  • Provide support
  • Improve training services

Security and integrity

  • Protect systems and services
  • Prevent fraud or misuse

Legal and compliance

  • Comply with legal obligations
  • Respond to regulatory requests

Marketing (where permitted)

  • Provide information about training and services

7. Legal bases for processing

Where applicable, we rely on the following legal bases:

Contract performance (Contract execution for Brazil): Processing necessary to deliver training services or fulfill agreements.

Legitimate interests: Operating, improving, and securing our services.

Consent: Marketing communications or optional information.

Legal obligations: Compliance with applicable laws and regulatory requirements.

8. Controller and processor roles

Our role depends on how training services are delivered.

When individuals register directly with us, we act as the data controller.

When client organizations provide participant information, the client organization may act as the primary controller. We process personal data to deliver training services.

In certain cases, we may act as an independent controller for service delivery.

9. Sharing and disclosure of personal data

We may share personal data with:

Service providers and processors

  • Learning platform providers
  • Cloud infrastructure providers
  • IT and communication providers
  • Assessment hosting providers
  • Contracted training facilitators

Professional advisors

  • Legal and compliance advisors (where necessary)

Authorities

  • Regulatory or law enforcement agencies where required by law.

All service providers are required to protect personal data and process it only under our instructions.

We do not sell personal data.

10. Vendor and subprocessor management

We implement vendor risk management practices including:

  • Data processing agreements with vendors
  • Security and privacy requirements
  • Contractual confidentiality obligations
  • Evaluation of vendor security practices
  • Limiting access to personal data

Key vendors may be disclosed to enterprise clients upon request as part of vendor risk assessments.

11. International data transfers

Our services are operated primarily from the United States.

Where personal data is transferred internationally, we implement safeguards including:

  • Standard Contractual Clauses
  • Contractual data protection commitments
  • Access controls and security protections

12. Data retention

We retain personal data only as long as necessary for legitimate business and legal purposes.

Typical retention periods:

  • Workshop participant data: up to 3 years
  • Course accounts: active period plus up to 2 years after inactivity
  • Assessment data: up to 2 years
  • Contact inquiries: up to 24 months
  • Marketing preferences: until withdrawn

Retention periods may vary where required by law or contractual obligations.

13. Security and data protection measures

We implement reasonable technical and organizational safeguards including:

  • Access controls and role-based permissions
  • Secure cloud infrastructure
  • Vendor security requirements
  • Encryption and secure data transmission
  • Monitoring and incident response procedures
  • Restricted access to personal data

Access to personal data is limited to personnel who require it for legitimate business purposes.

14. Data subject rights

Individuals may have rights under applicable data protection laws, including:

  • Access to personal data
  • Correction of inaccurate information
  • Deletion of personal data
  • Restriction of processing
  • Data portability
  • Objection to certain processing
  • Withdrawal of consent

Requests may be submitted to:

[email protected]

We respond to requests within applicable legal timelines.

15. Data subject request process (DSAR)

We maintain processes to:

  • Verify request identity
  • Evaluate applicable rights
  • Respond within legal deadlines
  • Coordinate with relevant vendors where required

Requests received through regional representatives or regulators will be handled through our privacy response process.

16. Incident and breach response

We maintain procedures for managing security incidents.

If a personal data breach occurs that is likely to pose risk to individuals, we will:

  • Investigate and contain the incident
  • Notify relevant authorities where required
  • Notify affected individuals when legally required

17. Marketing communications

Individuals may opt in to receive communications about our services or content.

Marketing emails include an unsubscribe mechanism.

Individuals may withdraw consent at any time.

18. Children’s data

Our services are designed for professional and business audiences.

We do not knowingly collect personal data from children.

19. Governance and accountability

We maintain internal privacy and data protection practices including:

  • Privacy oversight responsibility
  • Vendor data protection agreements
  • Data minimization practices
  • Data retention controls
  • Periodic review of privacy practices

20. Changes to this notice

We may update this notice to reflect changes in services, legal requirements, or privacy practices.

The current version will always be available on our website.