- Your Consent
- What Information Do We Collect?
- How Do We Collect Such Information?
- Why Do We Collect Such Information?
- Where Do We Store Personal Information?
- Payee Information
- With Whom Do We Share Personal Information?
- Communications From Tipalti
- Accessing Your Personal Information
- Data Retention
- Contact US and/or Opt-Out
Tipalti provides an AP Automation Platform which includes a Payor AP Hub, Supplier Hub, Supplier Hub iFrame, money transmission services, payment processing services, account direction services, NetNow Services, and all other services offered or facilitated by Tipalti now or in the future, including but not limited to anti-fraud tools, tax compliance tools, invoice processing, multi-entity capabilities, payment methods, early payments, currency options, and all other services offered or facilitated by Tipalti through a Tipalti website, application, software product or any other means (collectively the “Tipalti Services” or the “Services”).
What Information Do We Collect?
Tipalti’s Services unify the phases of supplier payments, from supplier on-boarding and payment method selection to funds disbursement and payment reconciliation. Throughout this process, we collect two general types of information regarding our Users:
- Un-identified and non-identifiable information pertaining to visitors of our website or Services or un-identified Users, which may be made available to us, or collected automatically via their use of the Services (“Non-personal Information”). Such Non-personal Information does not enable us to identify the person from whom it was collected, and mainly consists of technical and aggregated usage information, such as browsing and ‘click-stream’ activity on the Services, session heatmaps and scrolls, non-identifying information regarding their device, operating system, screen resolution, internet browser, language and keyboard settings, ISP, referring/exit pages, date/time stamps, etc.
- Individually identifiable information, namely information that identifies an individual or may with reasonable efforts cause the identification of an individual, or may be of private or sensitive nature (“Personal Information”). Such Personal Information that is collected by us mainly consists of the following types of information (including, for the avoidance of doubt, Non-personal Information that is connected or linked to said Personal Information to the extent such connection or linkage exists (for example, in order to improve the Services we offer)):
- Payee Information: Information concerning Users to whom payments are made (“Payee(s)”) by Tipalti customers (“Payors”) through the Services. Specifically, such information may include, depending on configuration determination or otherwise at our choice or the choice of our Payors and Payees, the names, physical addresses, email address, phone number, VAT ID, Social Security Numbers or US Taxpayer numbers (as applicable) of the Payees and additional information pertaining to Payees which may be required under applicable tax forms for transferring and receiving payments, country, bank account numbers, IBAN, SWIFT code (or alternatively, their account details at other third party payment processing services such as provided by PayPal, as applicable), payment preferences, session IP address, and supplemental documentation as may be required by Payors of Payees, that may contain Personal Information (such as a copy of their government-issued identification card, personal bank statements or other documentation serving as proof of identity or valid address), and any other Personal Information provided to us by either Payors or Payees. For more regarding Payee information and how we treat it, please see Section 6 below.
- Payee Registration Information: Payee Registration is collected by Tipalti in order to provide the Tipalti Services to the Payee. “Registration Information” includes, but is not limited to, contact information such as names, physical addresses, email addresses, phone numbers; and compliance information such as a copy of a government-issued identification card, driver’s license, or passport in order for Tipalti to comply with it legal, regulatory, and other similar obligations.
- Payor Information: Information concerning Payor Users (including authorized personnel of Payor), namely their company name and affiliation, physical address, emails and login credentials to our Services, bank account numbers (or alternatively, their account details at payment processing services such as PayPal, as applicable), payment preferences and transaction history (to the extent that any such information is personally identifiable to any particular persons, otherwise we will deem it as Non-personal Information).
- Other User Information from both registered and unregistered Users: We collect information from you when you contact us for more information regarding our services or register on our website for our support forums, subscribe to our newsletter or webinar series, participate in an online forum, blog, or voluntary survey, download content, fill out a form, or otherwise provide information to Tipalti directly such as during an event. We may collect all or some of the following information: name, email address, phone number, company name, title, department, country and/or industry. Alternatively, you may visit our website anonymously. Any data we request that is not required will be specified as voluntary or optional. We may also collect information when you ask to be included in an email or other mailing list.
How Do We Collect Such Information?
There are three main methods that we use:
- We collect information through the use of our Services. When our Users visit or use our Services, we might be aware of it and may gather, collect and record such uses, sessions and related information, including by using third party services as detailed in Section 8 below, and by using “cookies” and other tracking technologies, as further detailed in Section 9 below.
- We collect information which is provided to us voluntarily. We collect the Personal Information that our Users provide us when registering to our Services, uploading documents to our Services, filling out forms, depositing or withdrawing payments, contacting us, etc. In addition, we may collect Personal Information that is provided to us by a Payor regarding a Payee and vice versa, by banks and payment processing services, and by either a Payor or Payee regarding their employees or representatives using the Services on their behalf.
- We collect information from third party sources. We collect information about you from our Service Providers, third party services, business and channel partners, recruiters, and publicly available sources (such as your LinkedIn profile).
Why Do We Collect Such Information?
We collect Non-personal and Personal Information for the following purposes:
- To facilitate, operate, and provide our Services, including determining your initial and continued eligibility to use our Services;
- To verify the identity of our Users, and comply with other legal, regulatory, and contractual obligations we have as a business and a financial services provider;
- To further develop, personalize, and improve our Services, and to provide you with information about our Services, including any new or enhanced Services;
- To provide our Users with ongoing customer assistance and technical support;
- To contact our visitors and Users with general and personalized service-related notices, surveys and promotional messages (as further detailed in Section 9 below), or for other marketing purposes including identifying other similar prospective customers;
- To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we, our Users or our business partners may use to promote, operate and improve our Services;
- To maintain the safety and security of our Services, including assessing risk, enhancing our data security and fraud prevention capabilities, and helping to protect against error, fraud or any illegal or prohibited activity;
- To act as permitted or required by law including any court order, subpoena, or other legal proceeding, including responding to any government or regulatory inquiry; and
- To enforce or apply our Tipalti Services Agreement and other agreements, including for billing and collection purposes.
Where Do We Store Personal Information?
Information regarding our Users may be maintained, processed and stored by Tipalti and our authorized affiliates and Service Providers (including our secured cloud storage providers) in the United States of America, in Israel, and in other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law (as further explained in Section 8 below).
Tipalti is based in the United States with offices in San Mateo, California and in Israel with offices in Herzliya. Israel is considered by the European Commission to be offering an adequate level of protection for the personal information of EU Member State residents.
We are committed to attempt to resolve privacy complaints under the EU-US Privacy Shield and Swiss-US Privacy Shield principles.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Tipalti commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Under certain conditions, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. The Federal Trade Commission (FTC) has jurisdiction over Tipalti’s compliance with the Privacy Shield.
Tipalti may collect, store and process certain Non-personal and Personal Information of Payees, on our Payor Users’ behalf and at their direction. For example, our Payors are able to upload certain Payee information to our Services, as well as require Payees to upload certain Personal Information during or following their registration and on-boarding to the Services. Such Personal Information is then stored with Tipalti (and its third party service providers), on the Payor’s behalf.
For such purposes, Tipalti serves and shall be considered as a “Data Processor” and not as the “Controller” (as both such capitalized terms are defined in the European Data Protection Directive and the upcoming General Data Protection Regulation) of such Payee information. The Payor Users shall be considered as the “Controllers” of such Payee information, and are responsible for complying with all laws and regulations that may apply to the collection and control of such information, including all data protection laws of any relevant jurisdiction.
Payors are responsible for the security, integrity and authorized use of Payee information, and for obtaining any consents and permissions required for the collection, processing and use of such information.
If you are a Payee of any of our Payors and have had your Personal Information collected on such Payor’s behalf, we recommend that you contact such Payor directly with any privacy or data-related concern you might have. For example, if you wish to access, correct, amend or delete inaccurate information processed by Tipalti on behalf of its Payor Users, please correct the information on the same website from which it was originally entered by you or contact the relevant Payor directly (as they are the “Controller” of such data). If requested to remove any Payee Personal Information, we will respond to such request within thirty (30) days. Unless otherwise instructed by our Payor User, we will retain Payees’ Personal Information for the period set forth in Section 12 below.
If a Payee has entered a direct agreement and relationship with Tipalti, under which such Payee’s Personal Information is provided by Payee to Tipalti or otherwise collected for any services provided by Tipalti directly to Payee, Tipalti shall be deemed as the “Controller” of such information, and Payee may contact it directly, as further explained in Section 15 below.
With Whom Do We Share Personal Information
Tipalti may share your Personal Information with third parties (or otherwise allow them access to it) only in the following manners and instances:
Third Party Services: Tipalti has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, internet service providers, operating systems and platforms; data and cyber security services; banks, financial institutions, payment processors, payment accelerators, financial services providers, capital providers, and correspondents; Credit Bureaus, collection agencies, fraud detection and prevention services; data and web analytics, email distribution and monitoring services; session recording, remote access services; service providers that help us verify your identity and help us comply with our legal and regulatory obligations to screen and monitor transactions; recruiters and companies that provide background checking services; and our business, legal, tax, financial, and other advisors with whom we have a confidential relationship (collectively, “Third Party Services”). Such Third Party Services may receive or otherwise have access to our Users’ Personal Information, depending on each of their particular roles and purposes in facilitating and enhancing our Services and business, and may only use it for such purposes. Tipalti remains responsible and liable for any Personal Information processing done by Third Party Services on its behalf, except for events outside of its reasonable control.
Sharing Payee Information with Payors: If you are a Payee, we may share your Personal Information with your respective Payor so we can process payments for you from that particular Payor. For further information, please see Section 6 above.
Governmental/Law Enforcement Agencies and Legal Requests or Duties: We may disclose or otherwise allow access to your Personal Information pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, counter terrorist financing verification requirements, fraud, or other wrongdoing.
Protecting Rights and Safety: We may share your Personal Information with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Tipalti, any of our Users, or any member of the general public.
For the avoidance of doubt, Tipalti may share your Personal Information in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use Non-personal Information in our sole discretion and without the need for further approval.
Tipalti uses certain monitoring and tracking technologies, including ones offered by Third Party Services. These technologies are used in order to maintain, provide and improve our Services on an ongoing basis, and in order to provide a better experience to our visitors and Users. For example, these technologies enable us to keep track of our Users’ preferences and authenticated sessions, to better secure our Services and detect abnormal behaviors, to identify technical issues, and to monitor and improve the overall performance of our Services.
Cookies: In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device, for purposes of session and user authentication, security, keeping the User’s preferences, connection stability, monitoring performance and generally providing and improving our Services.
In order to delete or block any cookies, please refer to the “Help” area on your internet browser for further instructions, or look for optional third party add-ons offering cookie management assistance. For example, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit. Click “Help” in the toolbar of your browser for instructions, or review the cookie management guide produced by the Interactive Advertising Bureau – www.allaboutcookies.org. Please note however that deleting any of Tipalti’s cookies or disabling future cookies or tracking technologies may prevent you from accessing certain areas or features of our Services, or may otherwise adversely affect your user experience.
Google Analytics: Our website uses Google analytics, a web analytics service provided by Google, Inc. Non-personal Information is transmitted to and stored by Google on their servers. Please visit Google Analytics find out how Google uses such information or how you can opt out of being tracked. Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application.
Communications From Tipalti
Promotional Messages: By registering for our Services and/or providing your email address or any other contact information (such as your mobile phone number), you expressly agree to receive promotional content, email messages or calls from Tipalti or our partners through such means. Accordingly, you agree that we may call you or send you promotional content or messages by email, SMS, direct text messages, marketing calls and similar forms of marketing channels now existing or developed in the future. If you wish not to receive such promotional messages or calls, you Contact Us at any time to opt-out, or follow the “unsubscribe” or “stop” instructions contained in the promotional communications you receive.
Service Messages: Tipalti may also contact you with important information regarding our Services. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, payment issues, service maintenance, etc. You will not be able to opt-out of receiving such service messages.
Accessing Your Personal Information
If you are a resident of the European Economic Area (EEA) and you wish to exercise your right to access and/or request us to make corrections to your Personal Information that you have stored with us, or would like to receive a summary of what Personal Information (if any) of yours we disclosed to third parties for direct marketing purposes, please Contact Us and we will respond within a reasonable timeframe and in accordance with applicable laws. Please note that you may also correct, update or remove certain parts of your Personal Information by yourself, or completely deactivate your account, by logging into your account at Tipalti or by going to the same website where you originally provided the Personal Information.
If you are a Payee of any of our Payors, we recommend that you contact such Payor directly if you wish to access, correct, amend or delete inaccurate information processed by Tipalti on behalf of such Payor (for more information, please see Section 6 above).
We may retain your Personal Information for as long as your User account is active or as otherwise needed to provide you with our Services. We may retain such Personal Information even after you deactivate your account or cease to use our Services, as reasonably necessary to comply with our legal obligations, to resolve disputes regarding any of our Users, prevent fraud and abuse, enforce our agreements and/or protect our legitimate interests.
Tipalti has implemented security measures designed to protect the Personal Information of our Users, including physical, procedural and electronic measures. Among other things, we offer HTTPS secure access to most areas on our Services; we use industry standard SSL/TLS encrypted connections to protect the transmission of information that we believe in good faith to be of a sensitive nature; we use encryption tools to protect such sensitive information stored with us; we regularly monitor our systems for possible vulnerabilities and attacks, and seek new ways and tools for further enhancing the security of our Services and the integrity of the Personal Information that we hold.
Please note, however, that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any Personal Information stored with us.
We strongly encourage you to set strong passwords for your User account(s), avoid using the “save password” feature in your browser, and protect your account against unwanted access on your end (for example, do not share your login credentials with others, or allow them free access to your logged-in device).
If you have any questions regarding the security of our Services, please Contact Us.
Contact Us and/or Opt-Out
- Send a letter to Privacy at Tipalti, 1810 GATEWAY DR., SUITE 300, SAN MATEO, CA 94404, or
- Send an email to firstname.lastname@example.org
How to opt-out of receiving Promotional Messages from Tipalti:
- Opt-out landing page, or
- Send an email to email@example.com and request to no longer receive promotional emails and/or phone calls.
EEA Residents Information:
The primary contract for all privacy inquiries is firstname.lastname@example.org. However, Tipalti appointed VeraSafe as a representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to email@example.com only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Alternatively, VeraSafe can be contacted at: VeraSafe Czech Republic s.r.o, Klimentská 46, Prague 1, 11002, Czech Republic.