Transparent Soul is tax exempted under IRS 501(c)(3) tax exempt certificate & Our EIN Number: 47-3564301
Donate

Law Enforcement and Government Demands Policy

1. Introduction

Transparent Soul, and its subsidiaries and affiliates (collectively, “TS“) are committed to maintaining the privacy of employees, customers, and other individuals (collectively, “Data Subjects“) and adhering to the data privacy regulations that apply in the many jurisdictions in which it operates while also making reasonable efforts to cooperate with appropriate law enforcement requests for assistance and information.

Therefore, TS’s business records and other non-public or confidential information about its employees, customers, or other individuals (collectively, “Records“) will generally not be released without proper legal process. This Law Enforcement and Government Demands Policy (“Policy“) establishes the principles that GFM will follow when responding to national security, law enforcement, regulatory, and other legal requests and is intended to guide GFM employees and representatives regarding situations in which Records may be properly disclosed to law enforcement agencies, supervisory authorities, and other government entities (collectively, “Government Authorities“).

2. Scope

This Policy applies to all GFM departments and employees, as well as contractors, temporary employees, outside consultants, or other representatives working on behalf of GFM who possess, control, or otherwise have access to Records.

3. Production for Valid and Binding Orders Only

As a general rule, GFM will only respond to formal, legitimate, and applicable court orders, subpoenas, search warrants, or other legal demands compelling the production of Records (collectively “Orders“) by Government Authorities. Other than in circumstances in which Government Authorities provide sufficient information to demonstrate that an emergency involving imminent threat of death or serious injury to any person, terrorism, cyber-terrorism, kidnapping, contagious viruses, or any other emergency as determined in good faith by GFM in consultation with the Legal Department and the Trust & Safety Team requires disclosure of specific Records without delay (“Exigent Circumstances,” discussed further below), GFM will not engage in the production Records where:

  • The Order is non-binding. TS will not provide Records in response to informal or other non-binding inquiries. TS will inform the requester of its Policy on this issue.
  • The Order is extra-territorial. TS will consider as extra-territorial and non-binding any requests to a specific TS entity in a different jurisdiction than the requesting entity. TS will inform the requester to utilize mutual legal assistance treaties (“MLATs“), the Hague Evidence Convention, or other comparable arrangements to seek the Records. Extraterritorial requests will be handled in accordance with Section 11.
  • The Order has a legal defect. TS will not provide Records in response to an Order that is improperly served, overly broad, or otherwise subject to material legal defect. TS will decide whether to seek a clarification of the Order or resist the Order.  

4. Assessment of Privacy Law Considerations

Even if an Order is valid and binding as per Section 3, TS will seek to avoid production where such activity would create a material risk of non-compliance with applicable privacy, data protection, and other data regulations (“Privacy Law“). In evaluating these Privacy Law risks, TS will consider the Privacy Law obligations applicable to (i) the specific TS entity that is served with the Order; (ii) the specific TS entity that is the contracting party with the Data Subject to whom the Records relate; and (iii) the relevant Data Subject.

5. Potential Conflicts

In potential conflict situations, where a valid and binding Order to produce Records would create a material risk of non-compliance with applicable Privacy Law, TS will make a strategic decision as to whether and/or how to respond. The decision will take into consideration the likelihood and severity of the legal, reputational, business, and other consequences of non-compliance with the Order on the one hand, and of non-compliance with Privacy Laws on the other hand.

6. Service of Process within the Corporate Structure

Due to strict Privacy Law requirements in the various jurisdictions where TS operates, Orders must be served on the TS entity that controls the requested Records. Orders served on one entity pertaining to Records held by another parent, subsidiary, or affiliate entity will not be honored. In some cases, this may mean that multiple Orders must be served on various TS entities to obtain all potentially relevant information. Although a Point of Contact (defined below) from one TS entity may assist Government Authorities in identifying a Point of Contact at the correct entity, a Point of Contact from one entity may not handle or respond to Orders relating to Records held by another entity.

7. Procedure for Handling Records Requests

When a Government Authority presents an oral or written Order to a TS employee or representative, the employee or representative should refer the Government Authority to the GFM Legal Department or its designees at TS Legal@transparentsoul.org (“Point of Contact“).

A Point of Contact who receives a request for Records from a Government Authority shall conform to the following procedures:

7.1. Basic Form 

Except for Exigent Circumstances, all Government Authority requests for Records must be submitted in writing. The written request must include the following information to allow the request to be verified:

    • Name of the Government Authority;
    • Name and title of the individual submitting the request;
    • Contact details of the Government Authority (e.g., email and phone number); and
    • Verifiable physical return address.

7.2. Unique Identifiers

Orders must include identifiers unique to the specific Data Subject(s) and sufficient information to accurately and narrowly identify the Records to be produced. Data Subject name without additional information (e.g., date of birth, contact details, job title, or function for employees) is not a sufficiently unique identifier that would allow TS entities to identify a Data Subject.

7.3. Scope

Orders should be as narrow and specific as possible to avoid misinterpretation, delay, or objections in response to overly broad requests. Orders should provide enough details to produce only information related to the Data Subject(s) at issue. Orders for information not included within the body of the signed subpoena, search warrant, or court order will be disregarded.

7.4. Content

Requests for content (e.g., employee disciplinary or medical records, employment-related communications, verbatim records of customer or other third party communications, recordings) should be in the form of a search warrant supported by probable cause which has been approved by a court or a comparable mandatory Order under applicable law.

7.5. Examination Procedure

The Point of Contact shall examine Orders for legal defects, including (i) the manner in which it was served; (ii) the breadth of the request; (iii) its form; or (iv) an insufficient showing of good cause made to a court. If a material defect exists, the Point of Contact shall determine whether to seek clarification of the Order or whether to resist the Order, consulting with supervisory counsel or outside counsel as necessary.

8. Form of Delivery (Electronic Delivery)

In the United States: TS will accept service of Orders electronically by web form here from law enforcement agencies only provided that they are received from an official law enforcement email account or fax number; no physical delivery is necessary in these cases. TS will accept subpoenas or orders for production by any competent court by web form here.  Alternatively, TS will accept service from TS registered agent for the service of the process.

Elsewhere in the World:  TS will not accept service of Orders electronically, unless TS’s prior written consent is obtained in each instance. Instead, service shall be accepted only when pursuant to Sections 3 and 11.

9. Protective Orders

If disclosure is required, the Point of Contact should consider whether it is appropriate to ask the Government Authority and/or any relevant court to enter a protective order to keep Records confidential and limit their use. For example, the Point of Contact might consider doing this in circumstances where Records include TS trade secrets or other proprietary and confidential information.

10. Production Procedures

If proper to produce Records in response to an Order, the Point of Contact will review the information that may need to be produced in response to the Order before releasing the Records and will follow the Order strictly with the intent to avoid providing any information that is not specifically requested in the Order, including, where deemed appropriate by the Point of Contact, by redacting portions of the Records. The Point of Contact may also consider whether to seek a reduction in the Order’s scope with the Government Authority.

11. Extraterritorial Requests

Where an Order from a Government Authority in one jurisdiction seeks to compel the production of Records held or controlled in another jurisdiction, the Point of Contact shall examine whether there are any jurisdictional limitations applicable to the Order and/or whether the production of the requested Records would give rise to potential issues under Privacy Laws, anti-investigatory or blocking statutes, or other local Records production restrictions (“Data Restrictions“).

The Point of Contact’s review of these issues typically will involve analysis of applicable Data Restrictions (which may require that the Government Authority utilize MLATs or similar agreements), as well as terms in the relevant TS privacy notices and procedures. Unless Exigent Circumstances exist, it is the policy of TS not to respond to an Order that exceeds the jurisdictional reach of the requesting Government Authority, and not to violate applicable Data Restrictions when responding to Orders.

Moreover, except in Exigent Circumstances, data shall not be moved from one controller or jurisdiction to (or in) another to facilitate access by Government Authorities. In situations where an applicable Order without legal defect would require the production of Records in a manner that is contrary to applicable Data Restrictions, the Point of Contact shall determine how to respond, consulting with supervisory counsel or outside counsel as necessary.

The TS entity subject to such an Order shall encourage the Government Authority to utilize any MLATs or other comparable arrangements that would facilitate the production of the requested information in a manner that is consistent with any applicable Data Restrictions.

12. Exigent Circumstances Procedure

As noted above, Exigent Circumstances are circumstances in which the Government Authority provides sufficient information to the Point of Contact such that the Point of Contact, in consultation with the Legal Department and the Trust and Safety Team, believes in good faith that an emergency involving the imminent threat of death, terrorism, kidnapping, contagious viruses, or serious physical injury to any person required disclosure of specific Records without delay.

A law enforcement officer seeking to demonstrate that Exigent Circumstances exist must be able to sufficiently verify his/her identity (i.e., present a badge or other appropriate government identification) and the nature of the Exigent Circumstance.

In cases of Exigent Circumstances, GFM is permitted, but not required, to voluntarily disclose information, including Records, to law enforcement. Any such disclosure should be narrowly tailored to address the Exigent Circumstances that justify the disclosure. Likewise, TS may decline or defer the production of Records in response to a valid and binding Order if TS believes that such production could give rise to serious physical injury to any person or other Exigent Circumstances are apparent.

13. Data Subject Notification and Consent

TS reserves the right to notify Data Subjects about whom Records are being sought in response to an Order, except where providing such notice is prohibited by the Order itself or by law. TS also reserves the right to seek Data Subject consent to disclosure of the relevant Records.

In any case, in which an Order is made for Records pertaining to one or more Data Subjects, the Point of Contact should determine whether notice to the Data Subject is permitted, and if so, whether it is appropriate. Factors to consider include whether the request relates to a current or former employee or other Data Subject with whom TS has or had a relationship, whether current contact information for the Data Subject is available, and whether the Point of Contact believes that providing notice could create a risk of injury, death, or other serious matter.

The Point of Contact may consult with supervisory counsel or outside counsel as appropriate in making this determination and may consult as to whether the release of Records would be valid and replace the need for an Order. Whenever possible, TS will honor verifiable Data Subject consent for the release of Records pertaining to that Data Subject. No Order is required in such situations.

14. Preservation Requests

Requests to preserve information from a valid legal authority should be directed to a Point of Contact. Any such preservation request should be made in writing and contain the identifying characteristics listed in Procedure for Handling Records (Section 7 above). Preservation requests must include sufficient information to accurately and narrowly identify the information to be preserved. In most cases, the Data Subject’s name without additional information (e.g., date of birth, contact details, job title, or function for employees) will not be sufficient to allow TS to identify the Data Subject.

Upon receipt of a properly completed preservation request, the Point of Contact shall coordinate with the Head of IT to ensure that any responsive Records are stored only for periods required by applicable law or 90 days. Following the expiration of applicable retention periods, the preserved material will be routinely deleted, unless an extension request is received from the Government Authority.

15. Court Orders for Witness Testimony

TS shall not waive service requirements for subpoenas or other court orders seeking witness testimony. Any such court orders must be served either personally upon the person to whom it is directed or upon the applicable TS registered agent for service of process; electronic means are not acceptable. TS shall resist subpoenas for witness testimony that are served with fewer than 10 business days’ advance notice.

16. Civil Subpoenas

In the United States:  Civil subpoenas can be served physically on the relevant GFM entity or its registered agent for service of process, via this web form. A Point of Contact should review any civil subpoena to confirm that its service was proper, it is legally binding, and its scope is reasonable. Civil subpoenas from one jurisdiction served on a TS entity in another jurisdiction will normally be non-binding. The Point of Contact may consult with a supervisory counsel or outside counsel as appropriate when making these determinations.

Elsewhere in the World:  TS will not accept service of civil subpoenas electronically unless TS’s prior written consent is obtained in each instance. Instead, service shall be accepted only when pursuant to Sections 3 and 11.

17. Confidentiality

TS recognizes and values its customers’ and employees’ legitimate expectations of confidentiality. In connection with any Order, TS employees and representatives:

  • Must only access and process Records on a “need to know” basis and with proper approvals.
  • Must only utilize approved TS systems for the storage and processing of Records.
  • Must not discuss, reveal, or otherwise provide access to any Records outside of TS, except as permitted in this Policy.
  • Must not speak publicly about business-related topics that may involve the release of Records.

18. Penalties for Violation of this Policy

To the extent permitted by applicable law, employees and representatives shall be held responsible for violations of this Policy; discipline for violations may be up to and include termination for cause.

19. Questions and Contact Details

If you have any questions about this Policy, you may contact TS by emailing Legal@transparentsoul.org