Notice Date: April 30, 2018
Effective Date: May 30, 2018
- Your Consent (please read carefully!)
Please note: you are not obligated by law to provide us with any information. You hereby acknowledge, warrant and agree that any information you do provide us is provided of your own free will and consent, for the purposes and uses described herein.
- What Information Do We Collect?
Tipalti’s Services unify the phases of supplier payments, from vendor on-boarding and payment method selection to funds disbursement and payment reconciliation. Throughout this process, we collect two general types of information regarding our Users:
- Un-identified and non-identifiable information pertaining to visitors of our Services or un-identified Users, which may be made available to us, or collected automatically via their use of the Services (“Non-personal Information“). Such Non-personal Information does not enable us to identify the person from whom it was collected, and mainly consists of technical and aggregated usage information, such as browsing and ‘click-stream’ activity on the Services, session heatmaps and scrolls, non-identifying information regarding their device, operating system, screen resolution, internet browser, language and keyboard settings, ISP, referring/exit pages, date/time stamps, etc.
- Individually identifiable information, namely information that identifies an individual or may with reasonable efforts cause the identification of an individual, or may be of private or sensitive nature (“Personal Information“). Such Personal Information that is collected by us mainly consists of the following types of information (including, for the avoidance of doubt, Non-personal Information that is connected or linked to said Personal Information to the extent such connection or linkage exists (for example, in order to improve the Services we offer)):
- Payee Information: Information concerning Users to whom payments are made (“Payee(s)“) by Tipalti customers (“Payors“) through the Services. Specifically, such information may include, depending on configuration determination or otherwise at the choice of our Payors or their Payees, the names, physical addresses, e-mail address, phone number, VAT ID, Social Security Numbers or US Taxpayer numbers (as applicable) of the Payees and additional information pertaining to Payees which may be required under applicable tax forms for transferring and receiving payments, country, bank account numbers, IBAN, SWIFT code (or alternatively, their account details at other third party payment processing services such as provided by PayPal, as applicable), payment preferences, session IP address, and supplemental documentation as may be required by Payors of their Payees, that may contain Personal Information (such as a copy of their government-issued identification card, personal bank statements or other documentation serving as proof of identity or valid address), and any other Personal Information provided to us by either Payors or Payees. For more regarding Payee information and how we treat it, please see Section 6 below.
- Payor Information: Information concerning Payor Users (including authorized personnel of Payor), namely their company name and affiliation, physical address, E-mails and login credentials to our Services, bank account numbers (or alternatively, their account details at payment processing services such as PayPal, as applicable), payment preferences and transaction history (to the extent that any such information is personally identifiable to any particular persons, otherwise we will deem it as Non-personal Information).
- Other User Information from both registered and unregistered Users: We collect information from you when you contact us for more information regarding our services or register on our site for our support forums, subscribe to our newsletter or webinar series, participate in an online forum, blog, or voluntary survey, download content or fill out a form. We may collect all or some of the following information: name, email address, phone number, company name, title, department, country and/or industry. Alternatively, you may visit our site anonymously. Any data we request that is not required will be specified as voluntary or optional. We may also collect information when you ask to be included in an email or other mailing list.
- How Do We Collect Such Information?
There are two main methods that we use:
- We collect information through the use of our Services. Namely, when our Users visit or use our Services, we might be aware of it and may gather, collect and record such uses, sessions and related information, including by using third party services as detailed in Section 8 below, and by using “cookies” and other tracking technologies, as further detailed in Section 9 below.
- We collect information which is provided to us voluntarily. For example, we collect the Personal Information that our Users provide us when registering to our Services, uploading documents to our Services, filling out forms, depositing or withdrawing payments, contacting us, etc. In addition, we may collect Personal Information that is provided to us by a Payor regarding its Payees and vice versa, by banks and payment processing services, and by either a Payor or Payee regarding their employees or representatives using the Services on their behalf.
- Why Do We Collect Such Information?
We collect such Non-personal and Personal Information for the following purposes:
- To facilitate, operate, and provide our Services;
- To verify the identity of our Users;
- To further develop, customize and improve our Services, and to provide you with any such enhanced Services;
- To provide our Users with ongoing customer assistance and technical support;
- To be able to contact our visitors and Users with general and personalized service-related notices, surveys and promotional messages (as further detailed in Section 9 below);
- To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we, our Users or our business partners may use to operate and improve our respective services;
- To manage and assess risk, enhance our data security and fraud prevention capabilities, and help protect against error, fraud or any illegal or prohibited activity;
- To act as permitted by, and to comply with, any legal or regulatory requirements; and
- To conduct any additional activities that may require the use of your Personal Information, for which we will request your consent in advance.
- Where Do We Store Personal Information?
Information regarding our Users may be maintained, processed and stored by Tipalti and our authorized affiliates and Service Providers (including our secured cloud storage providers) in the United States of America, in Israel, and in other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law (as further explained in Section 8 below).
Tipalti is based in the United States with offices in San Mateo, California and in Israel with offices in Herzliya. Israel is considered by the European Commission to be offering an adequate level of protection for the personal information of EU Member State residents.
We are committed to attempt to resolve privacy complaints under the EU-US Privacy Shield and Swiss-US Privacy Shield principles.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Tipalti commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Under certain conditions, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. The Federal Trade Commission (FTC) has jurisdiction over Tipalti Inc.’s compliance with the Privacy Shield.
- Payee Information
Tipalti may collect, store and process certain Non-personal and Personal Information of Payees, on our Payor Users’ behalf and at their direction. For example, our Payors are able to upload certain Payee information to our Services, as well as require their Payees to upload certain Personal Information during or following their registration and on-boarding to the Services. Such Personal Information is then stored with Tipalti (and its third party service providers), on the Payor’s behalf.
For such purposes, Tipalti serves and shall be considered as a “Data Processor” and not as the “Controller” (as both such capitalized terms are defined in the European Data Protection Directive and the upcoming General Data Protection Regulation) of such Payee information. The Payor Users shall be considered as the “Controllers” of such Payee information, and are responsible for complying with all laws and regulations that may apply to the collection and control of such information, including all data protection laws of any relevant jurisdiction.
Payors are responsible for the security, integrity and authorized use of their Payees’ information, and for obtaining any consents and permissions required for the collection, processing and use of such information.
If you are a Payee of any of our Payors and have had your Personal Information collected on such Payor’s behalf, we recommend that you contact such Payor directly with any privacy or data-related concern you might have. For example, if you wish to access, correct, amend or delete inaccurate information processed by Tipalti on behalf of its Payor Users, please correct the information on the same website from which it was originally entered by you or contact the relevant Payor directly (as they are the “Controller” of such data). If requested to remove any Payee Personal Information, we will respond to such request within thirty (30) days. Unless otherwise instructed by our Payor User, we will retain their Payees’ Personal Information for the period set forth in Section 12 below.
If a Payee has entered a direct agreement and relationship with Tipalti, under which such Payee’s Personal Information is provided by Payee to Tipalti or otherwise collected for any services provided by Tipalti directly to Payee, Tipalti shall be deemed as the “Controller” of such information, and Payee may contact it directly, as further explained in Section 15 below.
- With Whom Do We Share Personal Information
Tipalti may share your Personal Information with third parties (or otherwise allow them access to it) only in the following manners and instances:
Third Party Services: Tipalti has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, data and cyber security services, banks, payment processors and correspondents, Credit Bureaus, collection agencies, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, session recording, remote access services, and our business, legal and financial advisors (collectively, “Third Party Services“). Such Third Party Services may receive or otherwise have access to our Users’ Personal Information, depending on each of their particular roles and purposes in facilitating and enhancing our Services and business, and may only use it for such purposes. Tipalti remains responsible and liable for any Personal Information processing done by Third Party Services on its behalf, except for events outside of its reasonable control.
Sharing Payee Information with Payors: If you are a Payee, we may share your Personal Information with your respective Payor so we can process payments for you from that particular Payor. For further information, please see Section 6 above.
Governmental/Law Enforcement Agencies and Legal Requests or Duties: We may disclose or otherwise allow access to your Personal Information pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, counter terrorist financing verification requirements, fraud, or other wrongdoing.
Protecting Rights and Safety: We may share your Personal Information with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Tipalti, any of our Users, or any member of the general public.
For the avoidance of doubt, Tipalti may share your Personal Information in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use Non-personal Information in our sole discretion and without the need for further approval.
Tipalti uses certain monitoring and tracking technologies, including ones offered by Third Party Services. These technologies are used in order to maintain, provide and improve our Services on an ongoing basis, and in order to provide a better experience to our visitors and Users. For example, these technologies enable us to keep track of our Users’ preferences and authenticated sessions, to better secure our Services and detect abnormal behaviors, to identify technical issues, and to monitor and improve the overall performance of our Services.
Cookies: In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device, for purposes of session and user authentication, security, keeping the User’s preferences, connection stability, monitoring performance and generally providing and improving our Services.
In order to delete or block any cookies, please refer to the “Help” area on your internet browser for further instructions, or look for optional third party add-ons offering cookie management assistance. For example, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit. Click “Help” in the toolbar of your browser for instructions, or review the cookie management guide produced by the Interactive Advertising Bureau – www.allaboutcookies.org. Please note however that deleting any of Tipalti’s cookies or disabling future cookies or tracking technologies may prevent you from accessing certain areas or features of our Services, or may otherwise adversely affect your user experience.
Google Analytics: Our Website uses Google analytics, a web analytics service provided by Google, Inc. Non-personal Information is transmitted to and stored by Google on their servers. Please visit Google Analytics find out how Google uses such information or how you can opt out of being tracked. Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application.
- Communications From Tipalti
Promotional Messages: By registering to our Services and/or providing Tipalti with your e-mail address or any other contact information (such as your mobile phone number), you expressly agree to receive promotional content, messages or calls from Tipalti or our partners (acting on our behalf) through such means. Accordingly, we shall be entitled to call you or send you promotional content or messages by e-mail, SMS, direct text messages, marketing calls and similar forms of communication.
If you wish not to receive such promotional messages or calls, you may notify Tipalti at any time or follow the “unsubscribe” or “stop” instructions contained in the promotional communications you receive.
Service Messages: Tipalti may also contact you with important information regarding our Services. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, payment issues, service maintenance, etc. You will not be able to opt-out of receive such service messages.
- Accessing Your Personal Information
If you wish to exercise your right to access and/or request us to make corrections to your Personal Information that you have stored with us, or would like to receive a summary of what Personal Information (if any) of yours we disclosed to third parties for direct marketing purposes, please send us an e-mail to email@example.com, or mail your request to Tipalti Inc., 1810 Gateway Drive, Suite 300, San Mateo, CA 94404, Attn: Data Protection Officer, and we will respond within a reasonable timeframe and in accordance with applicable laws. Please note that you may also correct, update or remove certain parts of your Personal Information by yourself, or completely deactivate your account, by logging into your account at Tipalti or by going to the same website where you originally provided the Information.
If you are a Payee of any of our Payors, we recommend that you contact such Payor directly if you wish to access, correct, amend or delete inaccurate information processed by Tipalti on behalf of such Payor (for more information, please see Section 6 above).
- Data Retention
We may retain your Personal Information for as long as your User account is active or as otherwise needed to provide you with our Services. We may retain such Personal Information even after you deactivate your account or cease to use our Services, as reasonably necessary to comply with our legal obligations, to resolve disputes regarding any of our Users, prevent fraud and abuse, enforce our agreements and/or protect our legitimate interests.
Tipalti has implemented security measures designed to protect the Personal Information of our Users, including physical, procedural and electronic measures. Among other things, we offer HTTPS secure access to most areas on our Services; we use industry standard SSL/TLS encrypted connections to protect the transmission of information that we believe in good faith to be of a sensitive nature; we use encryption tools to protect such sensitive information stored with us; we regularly monitor our systems for possible vulnerabilities and attacks, and seek news ways and tools for further enhancing the security of our Services and the integrity of the Personal Information that we hold.
Please note however, that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any Personal Information stored with us.
We strongly encourage you to set strong passwords for your User account(s), avoid using the “save password” feature in your browser, and protect your account against unwanted access on your end (for example, do not share your login credentials with others, or allow them free access to your logged-in device).
If you have any questions regarding the security of our Services, please feel free to contact us at firstname.lastname@example.org.
- What if you have any questions?
You may contact us at this address: TIPALTI, INC. 1810 GATEWAY DR., SUITE 300, SAN MATEO, CA 94404, or send an email to: email@example.com.
The primary contract for all privacy inquiries is firstname.lastname@example.org. However, Tipalti appointed VeraSafe as a representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to email@example.com only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Alternatively, VeraSafe can be contacted at: Matthew Joseph, Zahradníčkova, 1220/20A, Prague 15000, Czech Republic; or VeraSafe Ireland Ltd, Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland.
You are not obligated by law to provide us with any information, and any information you do provide is provided of your own free will and consent, for the purposes and uses described herein.
- What information do we collect, how do we collect it, and how do we use it?
Throughout the application and recruitment process, you may provide us (or we may otherwise have access to) personal information about you, such as your identifying information, contact details, work-related information, social media activity, etc. We may collect this information directly from you, as you provide it voluntarily through your application and candidacy review process, or from other sources such as your references or our service providers.
We may use such information solely in order to assess our Applicants’ skills, qualifications and overall to verify, consider and process their application and candidacy for any of our positions, and to communicate with them regarding such processes. We may also use it to manage risk and enhance our security and anti-fraud measures, and to create aggregated statistical or inferred data regarding our Applicants, for further development and improvement of our and our partners’ recruitment processes. In addition, we may use it to act as permitted by, and to comply with, any legal or regulatory requirements, and to conduct any additional activities that may require the use of your information, for which we will request your specific consent in advance.
- Where do we store our applicants’ information, for how long, and how do we secure it?
Information regarding our Applicants will be maintained, processed and stored by Tipalti and our authorized affiliates and service providers in the United States of America, in Israel, in the applied position’s location(s), and as necessary, in secured cloud storage provided by our Third Party Services.
We may retain your information even after the applied position has been filled or closed. This is done so we could re-consider Applicants for other positions and opportunities at Tipalti; so we could use their personal information as reference for future applications submitted by them; in case the Applicant is hired, for additional employment and business purposes related to their work; and as reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our agreements and/or protect our legitimate interests.
Tipalti has implemented security measures designed to protect the personal information of our Applicants, including physical, procedural and electronic measures. Among other things, we offer HTTPS secure access to most areas on our website and services; we use industry standard SSL/TLS encrypted connections to protect the transmission of information that we believe in good faith to be of a sensitive nature; we use encryption tools to protect such sensitive information stored with us; we regularly monitor our systems for possible vulnerabilities and attacks, and seek news ways and tools for further enhancing the security of our Services and the integrity of the personal information that we hold. Please note however, that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any personal information stored with us.
- Who will have access to your information?
Tipalti may share your personal information with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include any recruitment firms that have referred you to us (or vice versa), candidate evaluation centers, background checks providers, hosting and server co-location services, data and cyber security services, banks, payment processors and correspondents, Credit Bureaus, collection agencies, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, session recording, remote access services, and our business, legal and financial advisors (collectively, “Third Party Services“). Such Third Party Services may receive or otherwise have limited access to our Applicants’ personal information, depending on each of their particular roles and purposes in facilitating and enhancing our recruitment process, and may only use it for such purposes. Tipalti remains responsible and liable for any personal information processing done by Third Party Services on its behalf, except for events outside of its reasonable control.
Additionally, we may disclose or otherwise allow access to any Applicants’ personal information pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, counter terrorist financing verification requirements, fraud, or other wrongdoing. We may also share your personal information with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Tipalti, any of our users or employees, or any member of the general public.
Finally, we may share personal information internally within our family of companies, for the purposes described above. In addition, should Tipalti or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your personal information may be shared with the parties involved in such event.
- How can you access your information?
If you wish to exercise your right to access and/or request us to make corrections to your personal information that you have stored with us, please send us an e-mail to firstname.lastname@example.org, or mail your request to Tipalti Inc., 1810 Gateway Drive, San Mateo, CA 94404, Attn: Data Protection Officer, and we will respond within a reasonable timeframe and in accordance with applicable laws. Please note that you may also correct, update or remove certain parts of your personal information by yourself, or completely deactivate your account, by logging into your account at Tipalti.