Procurify Technologies Inc. and its affiliates or subsidiaries (“we“, “us“, “our“, and similar expressions) value your privacy and we want you to understand how we collect, use, share, and protect your personal information when you visit www.procurify.com and any of its sub-domains (our “Website“), buy products through us, use our services, sign up for an account with us (an “Account“), use our software platform (the “Platform“) (the foregoing collectively, the “Services“), and otherwise interact with us. By using our Website or any of our Services, you are agreeing to the terms of this Privacy Policy.
1. What is personal information?
“Personal information” is generally any information about an identified or identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a natural person.
2. What personal information do we collect about you and how do we collect it?
- Information you give to us.
- Contact data and account profile data. We collect personal information you give us directly when you create an Account, activate a subscription or purchase of our Services, or upload data to the Platform. For example, when you create an Account or place an order for Services with us you will give us information like your email address, first and last name, payment information, and your username and password. You may also provide us with other optional information as part of your Account profile, such as avatars or profile images, other contact information, and links to social network profiles you have (including when used for authentication purposes).
- Data in contracts and other legal agreements. We may also collect information directly from you for contractual or legal reasons. For example, we may ask you to select your jurisdiction when you sign up for Services.
- Information to verify your identity. We collect information to verify your identity, which may include your name, date of birth, social security number, social insurance number, driver’s license number, passport number, government-issued identification details, and similar information to verify your identity.
- Communications. We may collect personal information you include in your communications with us, such as information you include in SMS (text) messages, form submissions on the Website, communication means in the Services, and other electronic messages between you and us (collectively, “Electronic Messages”), or by phone or mail.
- Marketing preferences, surveys, contests, or promotions. We collect information you include in your marketing preferences with us or that you provide as part of a survey, contest, or promotion that we run and in which you participate.
- Social and community content. We receive content you post on our social media pages and the public areas of our Website (e.g., if you post a comment on an article we feature on the Website).
- Business and financial information. We may receive information from you about your business, your finances, expenses, invoices, details of your financial transactions, payment details, tax details, details about your customers, vendors, or employees, or other business and financial information when you use our Services.
- Device and contact data. If you grant permission in your device settings, certain features may have access to your device and contacts information.
- Payment processing information. If you have made a purchase through us, or if you make a financial transaction using our Services, we or any third-party payment processors we use will collect information about the purchase or transaction. This includes billing details, credit card information, account, and authentication information.
- Information you upload. We collect personal information about you when you upload it to the Platform or otherwise give it to us when we provide our Services to you. This includes information we collect when you complete a transaction with us.
- Information about you that we get from other sources. We may receive personal information about you from other third parties where you have provided consent or where we are permitted by applicable law to receive the information. We protect and process the personal information we receive from third parties as described in this Privacy Policy, consistent with any additional restrictions imposed by the source of the information. Our third-party sources may vary over time and depend upon how you use the Services. For example, we receive information from:
- Other customers and users of our Services. Our Services connect our customers with other people and businesses. This means others may input personal information about you to our Services. For example, another customer of our Services may share your contact details to the Platform when they acquire your products and services and track their spending with your business. Another example is when an Account administrator includes personal information about authorized users, such as names and email addresses, to allow those users to access and use the Services with that Account.
- Service providers. We use a variety of third-party service providers to help us deliver our Services and these service providers may give us information about you. For example, we may get information from our marketing service providers to support our marketing initiatives, improve our Services, and better monitor, manage, and measure our ad campaigns, such as details about when our service provider shows you one of our ads on or via its advertising platform. We may hire research firms that help us understand our market and where allowed under applicable laws, these researches may provide us with personal information. We may receive personal information about you or your interaction with the Services from certain third parties for troubleshooting purposes, for example when we obtain information about your interaction(s) with customer support and information about technical issues you have raised, including call center recordings, call monitoring records, voicemails, photographs, and chat records.
- Business partners. We may also collect information about you from our business partners that assist us with providing our Services, developing our business, and understanding our market. For example, we facilitate you having certain financial products, such as our Bill Pay and Spending Card products, that are provided to you through collaborations we have with our business partners, such as Stripe. To deliver these products and services to you, we may be given information about you from the applicable business partner (e.g., Stripe).
- Supplemental information and identity verification providers. We also collect personal information about you from third-party service providers that assist us with verifying your identity. For our Bill Pay and Spending Card products, this may include “know your client” information needed to comply with applicable laws and the requirements of our financial product business partners. Our Services may also use single sign-on integrations through other platforms and providers (e.g., signing in through a social media account), which includes information sharing between us and the single sign-on provider.
- Linked third-party services. If you choose to integrate a third-party service with your Account, we may receive information from that third-party service according to your settings with that third-party.
- Risk management, cybersecurity & anti-fraud providers. We may receive personal information from third parties that help us assess risks associated with our offerings, including to help combat fraud and illegal activity and to help protect your personal information.
- Joint offering partners. We may offer co-branded services or experiences or engage in joint-marketing activities with others, including through our conferences or live events.
- Government agencies. We receive information from government agencies, including from various tax agencies, to help verify your business information or to facilitate your use of our Services.
- Public information. We collect individual and household demographic information and preference information from publicly available sources, such as open government databases, social media platforms, and others.
- Automatic data collection. We, our service providers, and our business partners may automatically collect personal information about you, such as:
- Information from your use of the Website and Services. We collect personal information about you when you use our Website and Services. This includes information like your Internet protocol (IP) address, your geographic location, the website you visited before coming to our Website, your browser type and settings, log data, your device information (for example, if you’re using a tablet, mobile phone, or desktop computer and the operating system), the date and time when you visited the Website, information about your browser configuration and plug-ins, your language preferences, and other unique identifiers.
- Usage information. We may collect information about your use of our Services, such as the pages you viewed, the services and features you used or interacted with, your browser type, and details about any links or communications with which you interacted.
- Information stored locally. Some of our web-enabled desktop services and offerings synchronize with the information on your computer. In doing so, we may collect information such as device information, product usage, and error reports. We may also store personal information locally on your device.
- Communication interaction data. We or our third-party service providers may collect information from email providers, communication providers, and social networks, such as your interactions with our email, text, or other communications (e.g., whether you open or forward emails). We may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.
- Online behavioral data. We may automatically collect certain personal information about your use and interactions with our Website, customers’ websites or e-commerce stores, social media websites, and marketing campaigns that we or our customers organize, including device information (such as your IP address and unique device IDs), page view information and search results, links, and if you are a customer contact, whether or not a campaign presented or sent to you using our offerings has been viewed, delivered, opened, clicked on, whether it has bounced or was treated as spam.
- Information from cookies and other tracking technologies. We collect information about you through cookies and similar tracking technologies to provide and support our Website and the Services. More information on our use of cookies is available in our Cookie Policy.
- Sensitive personal information. Our Services may ask you to input sensitive personal information, for example when you request financial products we make available to you through collaborations with our business partners, such as our Bill Pay and Spending Card products offered through the services of Stripe. The sensitive personal information will be identified at the time we request it from you and may include financial information about you.
3. How and when do we use your information?
We use information that we collect about you or that you provide to us, including any personal information, for several purposes:
- Consent. We use your personal information when you have consented to the use of it in a particular way. When you consent, you can change your mind at any time. We’ll normally let you know when information is required, and the consequences of failing to provide it or withdrawing your consent. If you do not provide personal information when requested, you may not be able to use our Services if that information is necessary to provide you with the Service or if we are legally required to collect it.
- To make our Website and Services available to you. We use your personal information to provide your Account and our Website and Services to you and to respond to your requests.
- To fulfill the purposes for which you provided the information to us. We use your personal information when you give it to us for a specific purpose or for reasons that were described when it was collected, such as providing Services to you, or any other purpose for which you provide it, including for any other reason described in this Privacy Policy.
- To determine your eligibility. We may use your personal information to evaluate your eligibility for marketing offers, products, and services. Sometimes this may involve deciding whether you are approved for our Services or to offer you financing arrangements we make available to you through collaborations with our business partners, such as may be the case with our Spending Card and Bill Pay products.
- To connect you with others. We may use your personal information in connection with our Services to connect you with other people and businesses in the way intended by our Platform. For example, we collaborate with certain marketplace providers through what is commonly referred to as a “punchout” integration; this allows our Platform to exchange information with third party platforms to enable you to purchase goods and services from the third-party platform provider or its marketplace participants.
- To process payments. We use your personal information to process payments through our Website and Services.
- To communicate with you and verify your identity. We use your personal information to communicate with you, including to send you Electronic Messages and other communications about the Services and your relationship with us. We also may use your personal information to verify your identity. If we are interacting with you in person, such as when you attend our offices, events, or the location of others that are providing a venue on our behalf, we may use your personal information for security purposes, such as creating a visitor or attendee log.
- To market and promote our business to you. We use your personal information to market our Website, Services, and business to you, including through surveys and promotions. We may use your information to send you tailored marketing communications about products, services, offers, programs, and promotions of ours and those of our partners and measure the success of those campaigns. For example, we may send different marketing communications to you depending on what we think may interest you based on other information we hold about you. We use your personal information to analyze your interactions with our Website and Services and third parties’ services so we can tailor our advertising to what we think will interest you. For example, we may decide not to advertise our Services to you on a social media site if you already signed up for an Account or follow us, and we may choose to serve you a particular advertisement based on your service choices with us.
- To customize your experience. We use your personal information to provide you with customized services. For example, we use your location information to determine your language preferences or display accurate date and time information. We also use cookies and similar technologies for this purpose, such as remembering your preferences.
- To create inferences and for profiling. We use personal information we collect from you and the other sources identified in our Privacy Policy to create a profile about you to reflect your preferences, characteristics, behavior, and other similar characteristics to better understand you and how our Website and Services may be relevant to you. Some jurisdictions give individuals a right to have profiling activities restricted. Please contact our Privacy Officer with any requests or information about our use of your personal information for profiling.
- To improve our Website, Services, and customer experience, and for general research and development. We use your personal information to analyze and learn about how you access and use the Website and Services, to evaluate and improve our Website and Services (including by developing new products and services and managing our communications), and to monitor and measure the effectiveness of our advertising. We usually do this based on anonymous, pseudonymized, or aggregated information which does not focus on you individually. For example, if we learn that most people using our Services in a location or for a particular purpose tend to use a specific integration or feature, we might wish to expand on that integration or feature.
- To de-identify or anonymize your personal information and to aggregate it with other data. We combine and anonymize information about your interactions with us to create de-identified personal information, anonymized data, and aggregated data for research and development, marketing, promoting, improving, and developing our Services. Personal information does not include information that has been anonymized in such a way that it can no longer be used to identify a specific natural person, whether on its own or in combination with other information. We may use your personal information to create this kind of anonymized or aggregated data.
- To make our Website and Services secure. We use your personal information to keep our Website and our Services secure, such as when we use your personal information to verify your identity and access credentials.
- To manage our third-party relationships. We use your personal information to manage our vendor, service provider, and partner relationships.
- To enforce our rights and to meet our obligations. We use your personal information to carry out our obligations and enforce our rights under contracts and our terms of service, for billing matters, or to comply with legal requirements. We may also use your personal information to protect our and others’ interests, rights, and property where we have a legitimate interest in doing so.
- To comply with the law. We use your personal information to comply with applicable legal requirements, such as tax and other government regulations, contracts, and law enforcement requests.
- Notices about our relationship with you. We will also use your personal information to give you notices about your relationship with us.
- Whistleblower reporting. When you report any concern of non-compliance, unethical conduct, or other alleged violation of our policies or terms of service, personal information you provide will be processed as a part of the investigation of the allegations and retained in accordance with our internal policies until the investigation is complete. While we make every effort to maintain confidentiality, depending on the investigation, disclosing your identity to other individuals may be necessary.
4. Automated decision-making and your personal information
We may use machine learning algorithms and forms of automated decision-making. For example, we use automated decision-making to prevent risk and fraud, to personalize your experience and make it more efficient, and to determine eligibility for certain services or features we offer on our Website and Services. We may also use such technologies to provide and improve the Website and Services and how we deliver them to you. Some jurisdictions give individuals a right to have these automated decisions reviewed by a person. Please contact our Privacy Officer with any requests or information about our use of automated decision-making technologies with your personal information.
5. How do we share your personal information?
In addition to other scenarios we have discussed in this Privacy Policy, we may share your personal information in the following ways:
- Information we collect and share with others for their own purposes. Our business includes collecting information and data about people and companies that use our Website and Services and sharing that information with other organizations so that they can use it for their own purposes. For example, when you request or order the products and services of third parties through our Services, we will share your request and the information within it, including personal information, to facilitate the transaction.
- For certain product features. We may use third party integration services, often through an API, to enable you to use certain product features. If you choose to use those features, you acknowledge and agree that you are also bound by the third party’s privacy policy. You may manage your data by visiting the third party’s security settings page or by contacting the third party. When you use these third party integrations, you consent to us sharing your personal information with the owner or operator of the third party integration.
- Affiliates and subsidiaries. We share personal information with our affiliates and subsidiaries when it is reasonably necessary or desirable, such as to help provide services to you or analyze and improve the services we or they provide, or for other purposes that we identify at the time we collect the personal information from you.
- Business partners. We may share personal information with our business partners. For example, we may share your personal information when our Website, Services, or other assets are integrated with the services of other parties, but only when you have been informed or would otherwise expect such sharing. Some of our products, such as Bill Pay and Spending Card, are offered to you through collaborations with other companies. We also use “punchout” integrations with certain third-party market providers to allow you to purchase their or their customers’ products and services. We share your personal information to facilitate these transactions.
- Service providers. We share personal information with our service providers that perform services on our behalf. For example, we may use third parties to help us provide customer support, manage our advertisements on other sites, send marketing and other communications on our behalf, to complete purchase and order requests, or to assist with data storage and processing. We use a variety of service providers in connection with the Website and Services. We only share your personal information when you have been informed or would otherwise expect such sharing, such as for verification of authenticity, to provide our Services to you, to follow up on your inquiries, or as disclosed at the time the information is collected.
- Process payments. We transmit your personal information via an encrypted connection to our payment processor.
- Following the law or protecting rights and interests. We disclose your personal information if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or to prevent fraud or abuse. In particular, we may disclose your personal information in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements. The laws regarding how this personal information may be used will vary by jurisdiction.
- Our own advertising. We share personal information with third parties so we can provide you with tailored advertising for our business and measure and monitor its effectiveness. For example, we may share your actual or pseudonymized email address with a third-party social media platform on which we advertise to avoid serving ads to people who already use our Services.
- Business transfers. If we’re involved in a reorganization, merger, acquisition, or sale of some or all of our assets, your personal information may be transferred as part of that deal or the negotiation of contemplated deals.
- To provide insights, metrics, and benchmarking data. We share personal information to provide insights, metrics, and information that other organizations, people, and companies may find useful as follows: to help promote or sell its own products or services; to provide market insights and economic data; or for other purposes we disclose to you at the time we collect the information. We only provide anonymized or anonymous aggregate data for such purposes unless we have your permission in advance or as otherwise disclosed at the time the information is collected.
- For legal reasons. We may share your personal information with third parties for legal reasons without your consent, and as permitted by law, including: when we reasonably believe disclosure is required in order to comply with a subpoena, court order, or other applicable law, regulation or legal process; to protect our, our customers’, and others’ rights, property, or safety; to enforce, remedy, or apply our terms of service or other agreements; to detect or prevent fraud, cybersecurity attacks, or illegal activity; for debt collection; and with regulatory agencies, including government tax agencies, as necessary to help detect and combat fraud, or protect our customers, users, or as required for risk control programs.
6. Your rights and choices
- Rights to access, update, change, or delete personal information. Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to access, update, change, or delete your personal information. You can access, update, delete, or change your personal information directly in your Account or by contacting us at [email protected] to request the required changes. You can exercise your other rights (including deleting your Account) by contacting us at the same email address. Please note that we may need to verify your identity in connection with your requests, and such verification process may require you to provide us with additional information (e.g., government identification). Even if you have access to your Account, we may request additional information if we believe it’s necessary to verify your identity. If we are unable to verify your identity or request, we may not, in accordance with applicable law, be able to fulfill your request. Please note that, for technical reasons, there is likely to be a delay in deleting your personal information from our systems when you ask us to delete it. When we delete your personal information, it will no longer be retrievable. Please ensure you have exported or otherwise saved your personal information before you ask us to delete it.
- Withdrawal of consent. If we rely on consent for the collection, use, or disclosure of your personal information, you have the right to withdraw it at any time and free of charge. When you do so, this will not affect the lawfulness of the collection, use, or disclosure of your personal information before your withdrawal of consent. If you wish to withdraw consent, please contact our Privacy Officer, or follow the instructions on opting-out of collection and use of your personal information through your Account. Please note that if you withdraw consent, certain features of the Service or your Account may not have full functionality because certain features rely on your personal information to work as intended.
- Data processing and portability. Some jurisdictions’ laws may give you the right to restrict or object to the processing of your personal information or to exercise a right to data portability. If such rights apply to you, you may exercise them by contacting our Privacy Officer or following the instructions in your Account.
- Commercial electronic messages. Like many other companies, we may ask you to sign up to receive emails and other Electronic Messages from us. If you no longer wish to receive those messages, you can opt-out by following the unsubscribe link in the messages or by contacting us.
- Complaints. You may have the right to lodge a complaint with a competent supervisory authority, subject to applicable law.
7. Québec privacy statements
- Québec residents. This section applies only to Québec residents. It describes how we collect, use, and share personal information of Québec residents in our capacity as an “enterprise” under the Act respecting the protection of personal information in the private sector (“Private Sector Act”) and your rights with respect to that personal information. For purposes of this section, the term “personal information” has the meaning given in the Private Sector Act but does not include information exempted from the scope of the Private Sector Act. Please note that we may claim legal exemptions for certain types of personal information from all or certain parts of the Private Sector Act. In some cases, we may provide a different privacy notice to certain categories of Québec residents, such as employees and job applicants, in which case that notice will apply instead of this section.
- Data residency. Personal information may be communicated outside of Québec. Unless exempted under the Private Sector Act, prior to communicating personal information outside of the province we take into account (1) the sensitivity of the information, (2) the purposes for which it is to be used, (3) the protection measures that would apply to it, and (4) the legal framework applicable in the jurisdiction in which the information would be communicated, including the legal framework’s degree of equivalency with the personal information protection principles applicable in Québec. The information may be communicated if the assessment establishes that it would receive protection equivalent to that afforded under the Private Sector Act. We also ensure that where required under the Private Sector Act, the communication of the information is subject to a written agreement that takes into account the results of our assessment and, if applicable, the terms agreed on to mitigate the risks identified in the assessment.
- De-indexing. Under certain conditions, you may have the right to have the personal information we make available about you through hyperlinks de-indexed or re-indexed with correct information. To exercise this right, please contact our Privacy Officer.
- Portability. You may request portability of your personal information in a readily usable format. To make such a request, contact our Privacy Officer or access the settings available in your Account.
- Access. You may request a copy of the personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Correction. You can edit and correct your personal information at any time by changing it directly in our products and services or by contacting our Privacy Officer or accessing the settings available in your Account.
- Withdraw consent. If we communicate your personal information with your consent, you can withdraw your consent at any time.
- Third persons to whom we communicate your personal information. If applicable, you have the right to be given the name of the third person for whom your personal information is being collected, and the names of the third persons or categories of third persons to whom it is necessary to communicate the personal information for the purposes for which it was collected.
8. California privacy statements
- California residents. This section applies only to California residents. It describes how we collect, use, and share personal information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”) and your rights with respect to that personal information. For purposes of this section, the term “personal information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA. Please note that we may claim legal exemptions for certain types of personal information from all or certain parts of the CCPA. In some cases, we may provide a different privacy notice to certain categories of California residents, such as employees and job applicants, in which case that notice will apply instead of this section.
- Personal information that we collect, use, and disclose. We summarize here the personal information we collect by reference to the categories of personal information specified in the CCPA, and describe our practices currently and during the 12 months preceding the effective date of this Privacy Policy. Information you voluntarily provide to us, such as in webforms, may contain other categories of personal information not described in this chart.
- Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Access. You may request that we provide the following information about how we have collected and used your personal information during the past 12 months:
- the categories of personal information we have collected about you,
- the sources from which that information was collected,
- the business or commercial purpose for collecting, selling, or sharing your personal information,
- the categories of personal information we shared or sold about you,
- the categories of third parties to whom we shared or sold personal information about you,
- the categories of personal information we disclosed for a business purpose, and
- the categories of third parties to whom we disclosed personal information about you for a business purpose.
- Request a copy of your personal information. You may request a copy of your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Correction. You can edit and correct your personal information at any time by changing it directly in our products and services.
- Deletion. You may have the right, under certain circumstances, to request that we delete the personal information you have provided to us. You may delete your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Opt-out of Sales or Sharing. Like many companies, we use services that help deliver interest-based ads to you as described above. The CCPA may classify our use of some of these services as “sharing” your personal information with the advertising partners that provide the services. You can opt-out of the “sharing” of your personal information by visiting the “Your California Privacy Rights” link in the footer of our website. In addition, if you are a visitor from California and have enabled a recognized opt-out mechanism on your browser, device, or platform, you will automatically be opted out of any “sharings” when you interact with our Services beginning on January 1, 2023.
- Limit processing of sensitive personal information. We only use sensitive personal information as necessary for our (1) Service delivery and operations, (2) compliance and protection, (3) research and development, or (4) Service improvement and analytics purposes in accordance with CCPA. If we use sensitive personal information outside the permitted purposes of CCPA, we will provide you with the right to limit processing of sensitive personal information.
- Non-discrimination. You have the right to be free from discrimination or retaliation related to your exercise of any of your California privacy rights.
- Verification. To protect your personal information from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect your account has been accessed without your authorization, we may ask you to provide additional personal information for verification.
- Authorized agents. You may use an authorized agent to submit a rights request. If you do so, the authorized agent must present signed written authorization to act on your behalf, and you will also be required to independently verify your own identity directly with us and confirm with us that you provided the authorized agent permission to submit the rights request. This verification process is not necessary if your authorized agent provides documentation showing that the authorized agent has power of attorney to act on your behalf under Cal. Prob. Code §§ 4121 to 4130.
- Access. You may request that we provide the following information about how we have collected and used your personal information during the past 12 months:
9. Colorado privacy statements
- Colorado residents. This section applies only to Colorado residents. It describes how we collect, use, and share Personal Data of Colorado residents in our capacity as a business under the Colorado Privacy Rights Act (“CPA”) and your rights with respect to that Personal Data. For purposes of this section, the term “Personal Data” has the meaning given in the CPA but does not include information exempted from the scope of the CPA. Please note that we may claim legal exemptions for certain types of personal information and certain companies in our group of companies from all or certain parts of the CPA.
- Your Colorado privacy rights. As a Colorado resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Access. You may request a copy of your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Correction. You can edit and correct your personal information at any time by changing it directly in our products and services.
- Deletion. You may have the right, under certain circumstances, to request that we delete the personal information you have provided to us. You may delete your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Opt-out of tracking for targeted advertising purposes. You can submit requests to opt-out of tracking for targeted advertising purposes by visiting the “Manage Cookies” link in the footer of our website. We do not otherwise “sell” your Personal Data to third parties for monetary consideration.
- Opt-out of profiling. You can opt-out of the automated processing of your Personal Data to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, to the extent this results in decisions that produce legal or similarly significant effects.
- Sensitive Personal Data. We will not process your sensitive personal data without your consent.
- Non-discrimination. You have the right to be free from discrimination related to your exercise of any of your Colorado privacy rights.
- Authentication. To protect your Personal Data from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect that your account has been accessed without your authorization, we may ask you to provide additional personal information for verification.
10. Connecticut privacy statements
- Connecticut residents. This section applies only to Connecticut residents. It describes how we collect, use, and share Personal Data of Connecticut residents in our capacity as a business under the Connecticut Data Privacy Act (“CDPA”) and your rights with respect to that Personal Data. For purposes of this section, the term “Personal Data” has the meaning given in the CDPA but does not include information exempted from the scope of the CDPA. Please note that we may claim legal exemptions for certain types of personal information and certain companies in our group of companies from all or certain parts of the CDPA.
- Your Connecticut privacy rights. As a Connecticut resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Access. You may request a copy of your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Correction. You can edit and correct your personal information at any time by changing it directly in our products and services.
- Deletion. You may have the right, under certain circumstances, to request that we delete the personal information you have provided to us. You may delete your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Opt-out of tracking for targeted advertising purposes. You can submit requests to opt-out of tracking for targeted advertising purposes by visiting the “Manage Cookies” or “Privacy Settings” link in the footer of our website. We do not otherwise “sell” your Personal Data to third parties for monetary consideration.
- Opt-out of profiling. You can opt-out of the automated processing of your Personal Data to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, to the extent this results in decisions that produce legal or similarly significant effects.
- Sensitive Personal Data. We will not process your sensitive personal data without your consent.
- Non-discrimination. You have the right to be free from discrimination related to your exercise of any of your Connecticut privacy rights.
- Authentication. To protect your Personal Data from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect that your account has been accessed without your authorization, we may ask you to provide additional personal information for verification. If we are subsequently unable to confirm your identity, we may refuse your rights request.
11. Utah privacy statements
- Utah residents. This section applies only to Utah residents. It describes how we collect, use, and share Personal Data of Utah residents in our capacity as a business under the Utah Consumer Privacy Act (“UCPA”) and your rights with respect to that Personal Data. For purposes of this section, the term “Personal Data” has the meaning given in the UCPA but does not include information exempted from the scope of the UCPA. Please note that we may claim legal exemptions for certain types of personal information and certain companies in our group of companies from all or certain parts of the UCPA.
- Your Utah privacy rights. As a Utah resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Confirmation of Processing. You have the right to know what Personal Data about you we collect, how we use the Personal Data, and whether we sell your Personal Data.
- Access. You may request a copy of your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Portability. You may request portability of your personal information in a readily usable format. To make such a request, contact our Privacy Officer by or access the settings available in your Account.
- Deletion. You may have the right, under certain circumstances, to request that we delete the personal information you have provided to us. You may delete your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Opt-out of tracking for targeted advertising purposes and sales of Personal Data. You can submit requests to opt-out of tracking for targeted advertising purposes by visiting the “Manage Cookies” or “Privacy Settings” link in the footer of our website.
- Opt-out of Sales or Sharing. Like many companies, we use services that help deliver interest-based ads to you as described above. The UCPA may classify our use of some of these services as “sharing” your personal information with the advertising partners that provide the services. You can opt-out of the “sharing” of your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Non-discrimination. You have the right to be free from discrimination related to your exercise of any of your Utah privacy rights.
12. Virginia privacy statements
- Virginia residents. This section applies only to Virginia residents. It describes how we collect, use, and share Personal Data of Virginia residents in our capacity as a business under the Virginia Consumer Data Protection Act (“VCDPA”) and your rights with respect to that Personal Data. For purposes of this section, the term “Personal Data” has the meaning given in the VCDPA but does not include information exempted from the scope of the VCDPA. Please note that we may claim legal exemptions for certain types of personal information and certain companies in our group of companies from all or certain parts of the VCDPA.
- Your Virginia privacy rights. As a Virginia resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Access. You may request a copy of your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Correction. You can edit and correct your personal information at any time by changing it directly in our products and services.
- Deletion. You may have the right, under certain circumstances, to request that we delete the personal information you have provided to us. You may delete your personal information by contacting our Privacy Officer or accessing the settings available in your Account.
- Opt-out of tracking for targeted advertising purposes. You can submit requests to opt-out of tracking for targeted advertising purposes by visiting the “Manage Cookies” or “Privacy Settings” link in the footer of our website.
- Opt-out of profiling. You can opt-out of the automated processing of your Personal Data to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements, to the extent this results in decisions that produce legal or similarly significant effects.
- Sensitive Personal Data. We will not process your sensitive personal data without your consent.
- Non-discrimination. You have the right to be free from discrimination related to your exercise of any of your Virginia privacy rights.
- Authentication. To protect your Personal Data from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect that your account has been accessed without your authorization, we may ask you to provide additional personal information for verification.
13. United Kingdom (UK) and European Economic Area (EEA) privacy statements
- Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European Union and UK data protection laws. Essentially, “personal data” is information about an individual, where that individual is either directly identified or can be identified. It does not include ‘anonymous data’ (i.e., information where the identity of an individual has been permanently removed).
- Legal basis of processing. We use your personal information only as permitted by law. Applicable EEA and UK data protection law requires us to have a “legal basis” for each purpose for which we collect your personal information. Our legal basis for collecting and using the personal information described in this Privacy Policy will depend on the type of personal information and the specific context in which we collect it. However, we will normally process personal information from you when:
- We have your consent to do so;
- We have a contract with you and it is necessary to process your personal information to perform our contract with you, including to provide you with the benefits of our Services and to operate our business;
- The processing is in our legitimate business interests, such as operating our businesses, improving and developing our products and services, communicating with you, marketing our offerings and services and personalizing your experience, and to detect illegal activities; or
- To comply with legal requirements, including applicable laws and regulations.
- Credit, spending, or debit cards. For residents in the UK searching for a credit card, spending card, or a loan or credit product through our Services, we may share your personal information, including your contact details, date of birth, as well as the information you give us about your employment, income, and housing and employment expenses with third parties to determine your eligibility.
- Your privacy rights. If you are a resident of the UK or EEA, you may have the following rights and choices:
- Update your privacy settings. You may update your privacy settings by visiting your account settings.
- Access, correction, or deletion. You may request to access, to correct, or to delete your personal information by contacting our Privacy Officer or accessing the settings available in your Account. You can edit and correct your personal information at any time by changing it directly in our products and services. Please note that even if you request for your personal information to be deleted, certain aspects may be retained for us to: meet our legal or regulatory compliance (e.g. maintaining records of transactions you have made with us); exercise, establish or defend legal claims; and to protect against fraudulent or abusive activity on our Service. Data retained for these purposes will be handled as described in our Privacy Policy sections on data retention.
- Objection and restriction. You may object to our processing of your personal information or ask us to restrict processing of your personal information.
- Portability. You may request portability of your personal information.
- Withdraw consent. If we process your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- File a complaint. You have the right to file a complaint with a supervisory authority about our collection and processing of your personal information. You can find your data protection regulator here.
- Manage marketing communications from us. To update your marketing communication preferences, you can go to the marketing preference tools in your account settings or contact our Privacy Officer.
- Cookies and other tracking technologies. You may be able to opt-out of interest-based advertising by visiting Network Advertising Initiative or Your Online Choices or by contacting our Privacy Officer or accessing the settings available in your Account.
- International data transfers. We reserve the right to store and process your personal information in the United States and in any other country where we or our affiliates, subsidiaries, or service providers operate facilities in accordance with and as permitted by applicable laws and regulations. Some of these countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective). When we transfer, store, or process personal information outside of your jurisdiction (including to or in the United States, as described above), we take appropriate safeguards to require that your personal information remain protected in accordance with this Privacy Policy and applicable law.If you are a resident of the UK or the EEA, please note that we maintain servers in the United States and your personal information may be stored there and could, in extraordinary circumstances, become subject to orders for disclosure under United States national security and intelligence laws. While it is our practice, if we receive a request for disclosure of personal information by any law enforcement agency, to ask for the judicial order regarding the request and to limit the disclosure to the minimal amount needed to comply, we cannot guarantee how law enforcement agencies will use the personal information we are compelled to share.Some of these recipients of your personal information are located in countries for which the European Commission or UK Government (as and where applicable) have issued adequacy decisions, which means that these countries are recognized as providing an adequate level of data protection under applicable UK or European data protection laws and the transfer is therefore permitted under Article 45 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”).
Other recipients of your personal information are located in countries outside the EEA or the UK that are not the subject of an adequacy decision (for example, the United States). In these cases, we may use the Standard Contractual Clauses approved by the European Commission or, as may be applicable, the International Data Transfer Agreement approved by the UK Government, to help ensure your personal information is protected. For more information on the transfer safeguards we rely on, please contact us by using the details in the “How to contact us” section below.
- UK and EEA legal representative. If you have questions or concerns that have not been addressed by this Privacy Policy, you can contact our Data Protection Officer by writing to [email protected].
14. Brazil privacy statements
- Legal Basis of Processing. We use your personal information only as permitted by law. Applicable Brazil data protection law requires us to have a “legal basis” for each purpose for which we collect your personal information. Our legal basis for collecting and using the personal information described in this Privacy Policy will depend on the type of personal information and the specific context in which we collect it. However, we will normally process personal information from you when:
- We have your consent to do so;
- We have a contract with you and it is necessary to process your personal information to perform our contract with you, including to provide you with our products and services and to operate our business;
- The processing is in our legitimate business interests, such as operating our business, improving and developing our products and services, communicating with you, marketing our offerings and services and personalizing your experience, and to detect illegal activities; or
- To comply with legal requirements, including applicable laws and regulations.
- Sharing with Credit Bureaus. If you are located in Brazil and have requested the canceling of your registration on each of our partners as allowed by Brazilian Federal Law No. 12,414/2011, we will not be able to provide you any more personalized recommendations based on your credit profile.
- Rights and Choices. If you are a resident of Brazil, you may have the following rights and choices:
- Update your privacy settings. You may update your privacy settings by visiting your account settings or contacting us.
- Manage marketing communications from us. To update your marketing communication preferences, you can go to the marketing preference tools in your account settings or contact us.
- Access, Correction, Anonymization or Deletion. You may request to access, to correct, to anonymize or to delete your personal information. You may request a copy of your personal information in your account or by contacting us. You can edit and correct your personal information at any time by changing it directly in our products and services. You may request that we delete or anonymize your personal information in your account or by contacting us.
- Objection and Restriction. You may object to our processing of your personal information or ask us to restrict processing of your personal information. You may request objection, restriction, and portability rights by contacting us.
- Portability. You may request portability of your personal information.
- Withdraw Consent. If we have collected and processed your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- File a complaint. You have the right to file a complaint with a supervisory authority about our collection and processing of your personal information.
15. Mexico privacy statements
- ARCO Rights. If you are a resident of Mexico, you may have the choices and rights we go over in this section, known as “ARCO rights”. Please note that we are required to verify your request prior to exercising your rights. After we have received a request, our response will indicate whether the request for access, rectification, cancellation, or opposition is appropriate and, if so, the determination will be made within 15 business days from such date. The deadlines may be extended under the terms set out in the applicable laws.
- Access. You have the right to know what personal data we have about you, what we use it for and the conditions of use we give to it. Electronic copies of your personal data will be provided if you exercise your right of access. You may request a copy of your personal information in your account or by contacting us. When making a request, please provide a clear and precise description of the personal data you wish to access any other element that facilitates the location of your data.
- Rectification. You have the right to request the correction of your personal data if it is outdated, inaccurate, or incomplete. You can edit and correct your personal information at any time by changing it directly in our products and services.
- Deletion/Cancellation. You have the right to request that we remove your personal information from our records or databases when you consider that it is not being used in accordance with the principles, duties, and obligations provided for in the applicable laws. You may request for us to delete your personal information in your account or by contacting us. When making a request, please provide a clear and precise description of the personal data you wish to delete/cancel or any other element that facilitates the location of your data.
- Opposition/Rejection. You have the right to oppose the use of your personal data for specific purposes. You may request objection, restriction, and portability rights by contacting us. When making a request, please provide a clear and precise description of the personal data you wish to oppose, or any other element that facilitates the location of your data.
- Update your privacy settings. You may update your privacy settings by visiting your account settings or contacting us.
- Manage marketing communications from us. To update your marketing communication preferences, you can go to the marketing preference tools in your account settings or contact us.
- How to limit the use and disclosure of your personal information. If you are a resident of Mexico, you also have the right to limit the use or disclosure of your personal information or may withdraw your consent for our processing of your personal information by contacting us.
16. Please use caution when posting on the public areas or features of our Website and Services
You may be able to post or make public communications on certain areas of our Website or Services, such as comments and questions fields, discussion forums, in-Platform communication functions, and other public discussion mechanisms. These kinds of communications are made at your own risk. Although we may monitor or even control these types of public posts, we are under no obligation to do so. We also cannot control the actions of other users of the Website or Services, including how they will use your public posts and any personal information you include in them. We cannot and do not guarantee that unauthorized persons will not view your public posts or respect your privacy.
17. Where we may store and process your information
We are based out of Canada, but we may process, store, and transfer personal information in Canada or elsewhere. For example, we could use third-party service providers, such as managed hosting providers, credit card processors, customer relationship management (CRM) systems, and technology partners to provide the necessary software, networking, infrastructure, and other services that we use to operate the Website and Services. These third-party providers may process or store personal information on servers outside of Canada.
Locations other than Canada may have different privacy laws, which may be more or less protective. If we move personal information to a location other than Canada, the governments, courts, law enforcement, or regulatory agencies of that country may have access to your personal information through their laws. In addition to Canada, your personal information may be collected, used, disclosed, or stored for any purpose stated in this Privacy Policy in the United States.
18. How do we keep your personal information secure?
We follow industry standards on information security management to safeguard sensitive information, such as financial information, intellectual property, and any other personal information entrusted to us. Our information security systems apply to people, processes, and information technology systems on a risk management basis. No method of transmission over the Internet, or method of electronic storage, is completely secure. Therefore, we cannot guarantee the absolute security of your personal information. You can find out more about how we protect your personal information at www.procurify.com/security-overview.
19. How long do we keep your personal information?
In general, we keep your personal information throughout your relationship with us. Once you terminate your relationship with us, we will continue to store archived copies of your personal information for legitimate business purposes in accordance with applicable laws, like defending or enforcing a contractual claim, for audit purposes, to resolve disputes, and to comply with the law. We will continue to store anonymous or anonymized information, such as website visits, without identifiers, to improve our Website and Services. There may be occasions where we are unable to fully delete, anonymize, or de-identify your personal information due to technical, legal, regulatory compliance, or other operational reasons. Where this is the case, we will take reasonable measures to securely isolate your personal information from any further processing until such time as we are able to delete, anonymize, or de-identify it.
20. Children and privacy
Our Website and its features and the Services are not meant for children under 13 years of age. If you are under 13 years old, please do not give us your personal information. If you are the parent or guardian of someone under 13 years of age, please do not give us personal information of that person.
21. How to contact us about privacy questions
If you have a question or a concern about our Privacy Policy or your personal information, please get in touch with us. For GDPR purposes, our data protection officer is Eugene Dong and may be contacted at [email protected].
22. Changes to our Privacy Policy
We may update this Privacy Policy from time to time to reflect, for example, changes to our privacy practices or for other operational, legal, or regulatory reasons. If we make material changes to this Privacy Policy, we will give you notice of such changes by posting the revised policy on our Website, and where appropriate, by other means. By continuing to use the Website or the Services after these changes are posted, you agree to the revised policy.
Contacting us about your privacy
If you have any questions or concerns regarding this Privacy Policy and/or the practices of this website, please contact our Data Privacy Officer by emailing [email protected] or by writing to Procurify Technologies Inc. PO Box 28190, RPO West Pender Vancouver BC V6C 3T7 Canada.
From time to time we may change this Privacy Notice when it is appropriate to do so. We recommend that you review this notice from time to time so that you are aware of any changes.