Skip to main content
purple hex pattern

Personal Data Protection Policy

As a business and an employer, it is necessary for Entrust to collect, store, and process personally identifiable information (PII) about our employees, contingent workers, customers, suppliers and other third parties with whom we engage to provide products or services on our behalf.

To learn more about how we comply with applicable laws governing data protection, you can review our Global Personal Data Protection Policy. This policy is available for download in Chinese, English, French, German, Japanese, Portuguese, and Spanish. If you have any question about Entrust’s Personal Data Protection Policy, please contact [email protected].

Web Privacy Statement

Entrust values and respects your privacy. We believe you should understand how data you share with us is used and protected when you visit our websites. For details, please review our Web Privacy Statement.

The Web Privacy Statement is available for download in Chinese, English, French, German, and Spanish. If you have any questions about Entrust’s Web Privacy Statement, please contact [email protected].

Quick Links

Data Privacy Resources

To share thoughts or feedback related to our program, please email [email protected]

Data Protection Officer (DPO)

For questions about Entrust's Privacy Information Management System, please contact:

Entrust Corporation
Attention: Jenny Carmichael, VP of Compliance
1187 Park Place
Shakopee, MN 55379

[email protected]

Entrust Deutschland GmbH’s assigned Data Protection Officer is Mr. Niels Kill of Althammer & Kill GmbH & Co. KG

[email protected]

Data Processing Addenda (DPAs)

At Entrust, we make it simple for our customers, vendors, and partners to sign and submit our Data Processing Agreement (DPA). Our DPA helps us to meet ongoing requirements under the GDPR and other applicable data privacy legislation.

Entrust’s DPAs are pre-signed. You may enter into a DPA with Entrust by following these instructions:

  • Download the DPA you wish to enter into;
  • Complete and sign the information block with your entity’s full legal name, the signer’s position, the entity’s address, and signatory information; and
  • Submit the completed and signed DPA to Entrust via email to [email protected].

If you have any questions about the DPA, please see our FAQs.

Standard Contractual Clauses (SCCs)

Customer DPA

For engagements where Entrust will be acting as a processor for a Customer that will be purchasing, accessing, and/or licensing Entrust products, services and/or platforms.

faded gray hex background

Partner DPA

For engagements where Entrust will be acting as a processor and controller for a third party entering into partnership with Entrust for product supply, evaluation, and training.

faded gray hex background

Vendor DPA

For engagements where Entrust will be acting as the controller for a third party supplier from whom Entrust will purchase, have access to, and/or license vendor products, services and/or platforms.

faded gray hex background

Sub-Processors

Entrust uses sub-processors to support the delivery of its products and services.

Data Transfers

In light of the Schrems II ruling of the Court of Justice for the European Union and the recommendations from the European Data Protection Board, Entrust has drafted the following documents to help our customers conduct data transfer impact assessments in connection with their use of Entrust products.

The white paper describes the legal regimes applicable to Entrust in the United States, the safeguards Entrust puts in place regarding transfers of customer personal data from the European Economic Area (EEA), and Entrust’s ability to comply with its obligations as a data importer under the Standard Contractual Clauses (SCCs). Entrust’s Response to Government Requests for Customer Data informs Entrust customers of the steps Entrust will follow in the event we receive such a request.

Although the European Commission adopted its adequacy decision for the EU-US Data Privacy Framework effective July 10, 2023, Entrust has no current plans to modify its privacy program and will maintain all privacy protections and measures currently in place for EU data subjects. For more information regarding the adequacy decision, please consult the European Commission’s official Q&A.

For a complete list of countries with adequacy decisions granted by the European Commission, click here.

Compliance with EU Transfer Requirements

Entrust follows the recommendations of the European Data Protection Board (“EDPB”) to help ensure adequate protection of personal data leaving the European Economic Area (“EEA”).

faded gray hex background

Response to Government Requests for Customer Data

This document outlines the steps Entrust will follow in the event we receive such a request.

faded gray hex background

Product Privacy Notices

Learn how Entrust handles personal data collected by our products.

Biometric Data Notice

This notice describes how Entrust and its service providers collect and process biometric data in connection with the identity verification services we provide to our business customers (the “Services”). For additional processing details related to these products, refer to the individual product privacy notices found here.

Our business customers are responsible for their compliance with applicable law governing their collection, possession, storage, use, disclosure, and/or transmission of biometric data, including, for example, by developing and complying with their own biometric data policies.

Data Subject Request (DSR) Form

To submit a Data Subject Request, please use our online form or use one of the other methods described below.

Depending upon the applicable data protection law in your country of residency, and in some cases, your state or province of residence, you may have the right to ask us for information about our processing activities with respect to your personal data, including for information relating to personal data about you that we control and process; to correct, delete, or restrict any active processing of your personal data; and to obtain a copy of your personal data.

Additionally, you may have the right to object to the processing of your personal data in some circumstances. Your right to object to processing of your personal data may be limited in certain circumstances.

We may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. Likewise, if you engage an agent to make the request on your behalf, we may need additional information to verify your agent’s identity and authority to make such a request on your behalf.

If we have collected and processed your personal data on the basis of your consent, then you can withdraw your consent at any time by contacting [email protected].

If you would like to submit a Data Subject Request, please use the link to the DSR form below. If you would like to make your request via telephone, or if special accommodations are required, please leave a message at 1-888-563-9240 and our privacy team will promptly be in touch. If you would like to make your request via email, please send your email to [email protected] with the subject line “Data Subject Request” and clearly state the request(s) you’d like to make.

To opt out of receiving marketing communications from Entrust, please click here.

For more information about our procedure for responding to your request to access your personal data, please view Entrust’s Data Subject Request Procedure.

California Privacy Rights

California residents have certain rights with respect to personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:

  • The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell about you; the categories of sources from which we collected personal information about you; our purposes for collecting or selling personal information about you; the categories of personal information about you that we have either sold or disclosed for a business purpose; and the categories of third parties with which we have shared personal information.
  • The right to request that we delete the personal information we have collected from you.
  • The right to opt out of our sale(s) of your personal information.
  • The right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.

If you would like to submit a Data Subject Request, please use the link to the DSR form below. If you would like to make a data deletion or access request via telephone, or if special accommodations are required, please leave a message at 1-888-563-9240 and our privacy team will promptly be in touch.

Note that we may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will require you to provide, at a minimum full name and email address.

You may designate an authorized agent to make a CCPA request on your behalf by completing this form. We may still require you to provide, at a minimum, full name and email address.

Data Subject Request (DSR)

HIPAA-Covered Services

At Entrust, we make it simple for our IDaaS customers to sign and submit our Business Associate Agreement (BAA). Our BAA helps us to meet ongoing requirements under the Health Insurance Portability and Accountability Act (HIPAA).

Entrust’s BAA is pre-signed. You may enter into a BAA with Entrust by following these instructions:

  • Download the BAA;
  • Complete and sign the form fields; and
  • Submit the completed and signed BAA to Entrust via email to [email protected].

If you have any questions about the BAA, please see our FAQs.

Covered Entity HIPAA Business Associate Agreement

ISO 27701

With global operations and customers located around the world, Entrust continually evaluates its program against current and emerging data privacy regulations. Taking our commitment to protecting personal data one step further, Entrust is ISO 27701 certified.

ISO 27701 is the first global privacy standard that focuses on the protection of personally identifiable information (PII). ISO 27701 extends the requirements of ISO 27001 to include data privacy, and provides a framework for implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS). While there is not a specific EU GDPR certification, ISO 27701 clauses directly map to GDPR articles and also take into account other national and regional data protection laws.

In order to achieve the certification, Entrust's compliance was validated by an independent audit firm after demonstrating an ongoing and systematic approach to managing and protecting company and customer data. Entrust will continue to be audited annually to ensure ongoing compliance.

Please find our ISO 27701 certificate below.