Privacy Policy Update NotificationNew Privacy Policy Effective September 10, 2017

Tipalti Inc. and our affiliates (“Tipalti”, “we”, “our” or “us”) respect your privacy.  This Privacy Policy (“Policy”) informs you of our policies and procedures regarding the collection, use and disclosure of Personal Information.  “Personal Information” means information about an identifiable individual as more particularly described under applicable privacy legislation, and includes your name, country of residence and email address.  Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements.

BY ENTERING, ACCESSING OR USING THIS SITE AND/OR THE SERVICES, YOU FULLY UNDERSTAND AND CONSENT TO THE TERMS AND PRACTICES DESCRIBED IN THIS POLICY.  IF YOU DO NOT AGREE TO THE TERMS OF THIS POLICY, YOU MUST NOT USE THE SITE OR THE SERVICES.  THIS POLICY MAY BE AMENDED OR UPDATED FROM TIME TO TIME BY POSTING A REVISED VERSION ON OUR WEBSITE.  THE REVISED VERSION WILL BE EFFECTIVE AS OF THE PUBLISHED EFFECTIVE DATE. YOU ARE ADVISED TO CONSULT THIS POLICY REGULARLY FOR ANY CHANGES.  

1. TO WHOM DOES THIS POLICY APPLY?

Tipalti provides products and services through its proprietary payment automation platform as well as related services (collectively, “Services”).  Tipalti’s Services unifies the phases of supplier payments from vendor on-boarding and payment method selection to funds disbursement.  As part of our payment processing function, we routinely collect and retain Personal Information about our customers (“Payers”) as well as the third parties with whom the Payers do business and to whom payment is made through the Services (such third parties referred to as “Payees”).

  1. This Policy applies to:
  • Users who visit the www.Tipalti.com website (the “Site” and such user “User”); or
  • A Payer or Payee who registers for, accesses or uses our Services via our Site or a Payer’s website, unless otherwise agreed to by separate contract (whether the contract is with us or a third party) (see “Exclusions” below).

We may refer to a User, Payee or Payer as “you” or “your” in this Policy.  

  1. Exclusions:  This Policy does not apply to:
  • A Payer who has entered into a separate agreement with us addressing Personal Information handling practices;
  • A Payee who has entered into a separate agreement with another party (such as a Payer) addressing Personal Information handling practices. For example, even though we may be the one collecting your Personal Information, we are simply acting as your Payer’s agent and payment services provider.  The collection and use of your Personal Information may be governed by your Payer’s privacy policy; or
  • Personal Information handling practices of companies or Web sites that we do not own or control. Tipalti is not responsible for such third parties’ actions, including their information handling practices.  We encourage you to read the privacy policy of each Web site that you visit or use.  

 

2. HOW DO WE COLLECT YOUR PERSONAL INFORMATION?

We collect your Personal Information from:

  • You when you use our Site or our Services; and
  • Third parties such as: our affiliates, Payers, research companies (i.e. Lexis Nexis) and identity verification service providers.

 

3. WHAT KIND OF INFORMATION DO WE COLLECT?

Personal Information

Personal Information that we may collect include:

  • Contact Information such as: name, telephone number, email address and/or mailing address;
  • Payment Account Information such as: bank account numbers, payment services account information (for example, Paypal), credit card numbers and/or social security/insurance numbers;
  • Transactional Information resulting from your use of our Services such as: transactional history,  unsuccessful or invalidated transfers and confirmation of payments;
  • Proof of Identification Information such as: date and city of birth and copies of government issued ID (i.e. driver’s license or passports);
  • Proof of Valid Address such as: a personal bank statement, utility bill, credit card statement, lease agreement, mortgage statement and other information; and/or
  • Login Information such as:  your username and password, both of which you will use to log in to access the Services (see “How You Should Protect Your Information” below).

Non-Personally Identifiable Information.

Like many websites, when you access or use our Services or access our Site, we may use industry-wide technologies such as “cookies” (or similar technologies like web beacons, pixel tags and e-tags) to collect certain information.  The information is then automatically stored on your computer (“Local Storage”) and will allow us, among other things, to enable automatic activation of certain features and make your service experience much more effortless.  Your browser may also automatically collect non-personally identifiable information and transmit it to us.  We may also anonymize or aggregate your Personal Information in such a way as to ensure that you are not identified or identifiable from it.  We may share such anonymized or aggregated data with our global affiliates and with other third parties. To find out more about the purposes for which such information is used, see our section on “How do we use the information that we collect from you” below.

Non-Personally Identifiable Information may include:

  • Browsing data;
  • The number of Users accessing our Site and locations from which our Site is accessed;  
  • Statistics on page views; and/or
  • Your computer’s Internet Protocol (IP) address, device ID or unique identifier.

You may be able to manage your preferences so that collection is limited.  See “How Can I Manage My Preferences” below.

How Can I Manage My Preferences

Cookies – A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. It is easy to prohibit the Local Storage. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit. Click “Help” in the toolbar of your browser for instructions, or review the cookie management guide produced by the Interactive Advertising Bureau – www.allaboutcookies.org.  However, if you block or erase cookies, your online experience may be limited and you may not be able to use all portions of the Site or all functionality of the Services.  

Google Analytics – This Site uses Google analytics, a web analytics service provided by Google, Inc. (“Google”). Non-personally identifiable information is transmitted to and stored by Google on servers. Please visit Google Analytics to find out how Google uses such information or how you can opt out of being tracked.

 

4. HOW DO WE USE THE INFORMATION THAT WE COLLECT FROM YOU?

Subject to your consent if required by law, we may use your Personal Information and non-personally identifiable information for the following purposes:

Personal Information:

  • To register you for and provide the Services (including customer support);
  • To verify your identity, including during account creation and password reset processes;
  • To process transactions and send notices about your transactions;
  • To facilitate a request for a quote from a third party service provider;
  • To assist banks, payment processors and correspondents in providing our Services;
  • To address complaints, collect fees, and resolve problems;
  • To manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities.  For example, we may:
    • use Payee’s Personal Information received from Payer to assess risk on the transactions carried out by us on behalf of the Payers;
    • assist third parties in mitigating their exposure to fraud or illegal activities; and/or
    • integrate with third party fraud-detection and sanctions list screening services;
  • To detect, prevent or remediate violations of this Policy or applicable user agreements;
  • To comply with applicable laws and/or regulations. For example, as required by applicable laws, we may:
    • scan Payee names and identification documents against government issued restricted lists to facilitate legal compliance;
    • monitor the Services for suspicious activity;
    • use Personal Information to prevent money laundering and the financing of terrorism; and/or
  • to complete tax and other forms as per your instructions.

Non-Personally Identifiable Information:

  • To automatically activate certain features of our Services for your ease and convenience;
  • To improve our Site, our products and services and for the development of future products and services;
  • To analyze statistics;
  • To manage and protect our information technology infrastructure;
  • To recognize you as a Payer, Payee or a User;
  • To mitigate risk and exposure to fraud or illegal activities and to assist third parties in the foregoing; and/or

From time to time, we may, where appropriate, request your specific consent for the collection, use and disclosure of your Personal Information for other purposes.

 

5. HOW DO WE SHARE THE INFORMATION THAT WE COLLECT FROM YOU?

Our business is headquartered in California but we also have affiliates outside of the U.S. Please note that your Personal Information may be disclosed to recipients located outside of your country of residence, where the privacy laws may not be as protective as those in your jurisdiction, including to our affiliates and third parties engaged to help us run our business, subject to your consent if required by law.  Please rest assured that: (a) the receiving party is bound to protect your Personal Information in a manner consistent with this Policy; and (b) we do not sell, trade or rent your Personal Information to others.  

To whom do we disclose your Personal Information and why?

Third parties to whom we may disclose your Personal Information are:

    • Affiliates: Our affiliates who may be retained to provide sanctions list screening, AML screening or fraud screening services;
    • Payers (and where you are the Payee):  Your Personal Information is collected on your Payer’s behalf and provided to it so that they can process payment transactions to you;

 

  • Banks, Payment Processors & Correspondents: In order for such parties to: (a) assist us in the delivery of our Services to you; or (b) deliver their services to you;

 

  • Credit Bureaus/Collection Agencies (where you are the Payer):  In order to obtain commercial and credit information to establish, maintain or renew a Payer’s registration, as may be required to provide any of the Services for which a Payer has subscribed;
  • To Governmental/Law Enforcement Agencies or other third parties (in relation to enforcement or investigation): In response to a court order or a request for cooperation from a regulatory, law enforcement or other government agency.  We may disclose Personal Information when we believe that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, counter terrorist financing verification requirements, fraud, or other wrongdoing; to protect and defend the rights, property or safety of Tipalti, its customers, staff, suppliers or others;

 

  • To Unaffiliated Third Parties:
  • For Fraud Prevention and Risk Management:   We may share your account information with third parties to help protect your accounts from fraudulent activity, to alert you if fraud is detected or to evaluate credit risk; and

 

    • For Professional Services:  We may share your Personal Information with service providers who perform functions on our behalf and provide services to us to support our business operations, including legal, accounting, audit, consulting and other professional service providers. Each of these providers are required to use your Personal Information in accordance with the purposes set out in this Policy;
  • Successors:  To a successor entity in connection with a merger, acquisition, bankruptcy or sale of all or substantially all of our assets.  These successors shall be required to comply with this Policy.  If there are any changes, you will be provided a notice of such changes; and
  • Others with Your Consent:  Other third parties with your consent in accordance with applicable laws.

 

6. HOW CAN YOU OPT OUT OF DATA COLLECTION AND/OR USE?

 

If you are a User or a Payer:

If you wish to withdraw your consent to the collection and processing of your Personal Information (as described in this Policy), you may do so at any time, subject to legal or contractual restrictions and reasonable notice, by writing to us at privacy@Tipalti.com, and we will make reasonable efforts to delete any of your Personal Information subject to any applicable laws or the contractual terms applicable to you and us.  The choice to provide us with Personal Information is always yours, however, your decision to withhold particular details may limit our ability to provide you with any of the Services.

If you are a Payee:

We are your Payer’s service provider and do not control your Personal Information. Any communication that you may receive from us or any collection and processing of your Personal Information by us is carried out on your Payer’s behalf.  Please contact your Payer for more information or where available, refer to your Payer’s privacy policy for guidance.  

 

7. HOW DO YOU ACCESS, MODIFY, AND OBTAIN COPIES OF YOUR PERSONAL INFORMATION?

 

If you believe that any information we have about you is incorrect or incomplete and should be updated, you may be able to access our Services and review and modify your Personal Information and account settings yourself.  You may also be able to obtain copies of your Personal Information through the Services.  If you are not able to do so and:

If you are a User or a Payer:

Please contact us at privacy@tipalti.com. We may request payment of a small fee, in accordance with applicable law.

If you are a Payee:

We may not be able to assist you since we are your Payer’s service provider and do not control your Personal Information. Where any modification or request for copies of your Personal Information cannot be made through our Services, please contact your Payer for more information or where available, refer to your Payer’s privacy policy for guidance.  

 

8. HOW IS YOUR PERSONAL INFORMATION PROTECTED?

 

How we protect your Personal Information:

We store and process your Personal information on computers and servers in the USA where our third party cloud storage service providers are located. We employ a variety of safety measures designed to protect your information from unauthorized access and disclosure, including administrative, technical and physical safeguards, in accordance with our obligations under applicable laws and regulations.  To name just a few measures: security training, contracts, policies and company handbooks are used to educate our personnel and/or our suppliers and require compliance with respect to information handling practices, firewalls and data encryption, database access controls, encryption key rotation, forced password expiry, physical access controls to our data centers, account activity validation procedure and data access authorization controls.  Please remember however that communications over the Internet are not always secure. We cannot and do not promise or guarantee that your Personal Information or private communications will always remain private and secure.

How you should protect your Personal Information:

Though we use many security tools and procedures to protect your Personal Information, there are important steps you can take to protect your Personal Information. For example:

  • Do not use the “save password” feature;
  • Do not share your login information with anyone;
  • Do not leave your computer/device unattended;
  • Do not let anyone use your computer/device until you have logged out; and
  • Do be careful when accessing the Services from a public computer such as a library or coffee shop – the networks are often not secure and people may be able to see your login details.

External Links

This Site may include links and references to third party websites which we do not own, manage or control. These other sites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. Other websites follow different rules regarding the use or disclosure of the Personal Information that you submit. We encourage you to read the privacy policies and other terms of the other websites. We do not review, approve, monitor, endorse, warrant, or make any representations with respect to such websites. In no event will we be responsible or liable, directly or indirectly, to anyone for any loss or damage arising from such sites, including without limitation for your use of such website and for any information submitted by you, or otherwise collected by such websites.

 

9. WHERE DO WE KEEP YOUR PERSONAL INFORMATION AND FOR HOW LONG?

 

Your information may be processed or transferred outside of the jurisdiction where you reside, where the privacy laws may not be as protective as those in your jurisdiction.  See “Region Specific Information” below for more information.  Your information is currently being stored in the United States. Your Personal Information is securely stored by our third party cloud storage service providers.  Please remember however that communications over the Internet are not always secure. We cannot and do not promise or guarantee that your Personal Information or private communications will always remain private and secure.

Our third party cloud service providers will only access, process, transfer, and store your Personal Information in accordance with this Policy.  Our providers protect your Personal Information by employing several security features including:

  • Using encryption technology as appropriate;
  • Using appropriate network access control technology to limit access to the systems on which your Personal Information is stored;
  • Routinely conducting internal and external security checks and penetration tests on the IT systems; and
  • Monitoring for possible vulnerabilities and attacks.

We retain Personal Information only so long as is needed in order to meet the purposes set out in this Policy, including for the purpose of enabling us to meet any legal or regulatory requirements. We have retention policies in place that govern the destruction of Personal Information.

 

10. HOW DO WE PROTECT CHILDREN’S PRIVACY?

 

This Site is not intended for use by children. To use the Services, you must be have attained the age of majority in your state/province/country of residence. If you are under the legal age to form a binding contract in the jurisdiction in which you are located, you may only use the Service under the supervision of a parent or legal guardian who has agreed to any agreement you enter into while using the Service, including the terms of this Policy. We do not knowingly collect Personal Information from minors and do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors are not using the Services. In the event that it comes to our knowledge that a minor is using the Services, we will prohibit and block such User from accessing the Services and will make all efforts to promptly delete any Personal Information stored with us with regard to such User.

 

11. REGION-SPECIFIC INFORMATION

 

Users in the following regions and countries should read the sections below, which contain additional information about regional-specific privacy laws and regulations. In the event of conflict between the information above and the sections below, the sections below will prevail for the regions and countries specified.

By using and accessing our Site and/or our Services, you agree and consent to the transfer to and processing of Personal Information on servers located in the United States, even if you are a resident/citizen of countries and jurisdictions outside of the United States, and that the protection of such information may be different than required under the laws of your residence or location.  This includes transfers between you and us as well as with other third parties as described in this Policy. We will take the necessary measures to ensure protection of your Personal Information collected through the Services in accordance with applicable data privacy laws.

Your European Economic Area Privacy Rights

Information about European Union residents shall be sent to the U.S., where it is processed in accordance with this Policy.  Note that if you are a Payee, the data controller in respect of your Personal Information is a Payer.  As set out above, Payers use the Services to process Personal Information that they collect from Payees for their own purposes. In this respect we act as data processor for the Payer, who will have its own Privacy Policy explaining how it uses the Payees’ Personal Information.

Your profile is maintained on databases in the U.S.  Your Personal Information may be processed by staff operating in the U.S. who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services.  

On October 6, 2015, the European Court of Justice issued a judgment that declared invalid the European Commission’s Decision 2000/520/EC of 26 July 2000 “on the adequacy of the protection provided by the safe harbor privacy principles,” (“Safe Harbor”). Safe Harbor permitted transfers of EU residents’ Personal Information to the United States and ensured that the information was legally protected at an adequate level by EU standards. Since the judgment was issued, the European Union and U.S. have been in negotiations to determine a path forward for Safe Harbor.  At the time that this Policy was revised, the information regarding such path was not yet available. In light of the judgment, Tipalti has executed ‘standard contractual clauses’ with its EU subsidiaries and suppliers who collect and export Personal Information in order to allow transfers and the continued protection of EU residents’ data during the interim period while we await further guidance from the European Commission. When we receive formal written complaints related to Personal Information and privacy matters, it is our policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Information that cannot be resolved between Tipalti and an individual.

 

12. WHAT IF YOU HAVE QUESTIONS?

 

For Payees: Please contact your Payer if you have any questions, comments or requests.  Where available, please refer to your Payer’s privacy policy for guidance.  

For Users and Payers:  Questions, comments and requests regarding this Policy are welcomed and should be addressed to:

TIPALTI

1810 GATEWAY DR., SUITE 260
SAN MATEO, CA 94404

or can be emailed to:

privacy@Tipalti.com
Last Revised: Jan, 2016