Error

Privacy Statement

Version 1.0

Download

Table of Contents

    PRIVACY STATEMENT
    Updated September 2022
    This Privacy Statement (“Privacy Statement”) describes the various ways in which Emburse, Inc., for itself and on behalf of its affiliates, (collectively "Emburse," "we," “us,” and “our”) collects, processes, uses, and shares Personal Data about individuals (also “users” and “Data Subject”) in the context of sales, marketing activities, and for its own business purposes.
    If a company has retained Emburse services, different or additional Privacy Protections may govern the service agreement between the company and Emburse. Data Subjects should contact their employer for information about the Privacy Protections that apply directly to them.
    “Personal Data” means any data that directly or indirectly identifies a Data Subject. Personal Data typically includes, for example, a person’s first and last name, email addresses, telephone numbers, residence (country, state/province, city), title, department, job description, and financial information. Personal Data does not include information that identifies a company or organization.
    For the purpose of this Privacy Statement, “Services” is intended to include access to Emburse’s websites, offerings, contests, sweepstakes, non-marketing related newsletters, whitepapers, events, conferences, webinars, seminars, and any other Emburse content.
    “Websites” shall mean any and all web pages, applications, any other electronic channel owned or controlled by Emburse.
    Use of Emburse Websites by Children. Emburse’s Websites are not directed to users under the age of 13. Children younger than 13 may not use our Websites. Parents or guardians who believe we may have collected information about a child, please contact us at privacy@emburse.com.
    HOW PERSONAL DATA IS COLLECTED
    Data Collection. We collect Personal Data directly, indirectly, and automatically as described below.
    When permitted by applicable law, we may combine the Personal Data collected about a Data Subject. We treat all this information as Personal Data.
    Direct Collection
    We directly collect Personal Data when voluntarily provided to us in a few different ways. For example, we collect Personal Data when individuals:
    • Submit online forms
    • Registrate at Emburse sponsored events, webinars, and webinars recordings
    • Allow us to scan their badge at an Emburse sponsored event
    • Complete lead cards at Emburse sponsored events
    • Provide information at Emburse sponsored events
    • Download information from the Emburse Websites
    • Request information about our businesses and partners
    • Subscribe to Emburse communications
    • Connect with us through the Emburse online chat
    • Submit questions through the Emburse “contact us” form
    • Post information or materials on our chat rooms
    • Subscribe to Emburse marketing communications
    • Complete Emburse questionnaires and surveys
    • Participate in Emburse sponsored sweepstakes and contests
    Indirect Collection
    We also obtain Personal Data, as allowed by applicable laws, indirectly from third party sources. For example:
    • Information collected by third parties providing sales and marketing services to Emburse such as: lead generation providers, opt-in list providers, data aggregators, and industry and association event organizers
    • Information provided on Emburse contracted or allied third party websites
    • Publicly available Personal Data
    Personal Data collected indirectly through third party websites is governed by the privacy policies posted on those third party websites. We ask that Data Subjects review the third party’s privacy policy to better understand how they handle Personal Data. Individuals interested in opting-out, should visit the third party’s website and follow their instructions. We are not responsible for the third parties’ privacy policies and practices.
    Automatic Collection
    We collect Personal Data automatically through the use of tracking technologies when Data Subjects access, use, and interact with the Emburse Websites.
    We also automatically assign a device identifier number to the desktop, laptop, and mobile device individuals use to access the Emburse Websites. This enables us to use tracking technologies to collect and analyze information about browser activities. Personal Data collected automatically includes:
    • Device’s operating system
    • Internet Protocol (IP) address
    • City and/or Zip Code
    • Device Identifier (device ID)
    • Web Browser
    • Device type
    • Domain of the website requested
    • Duration of the visit
    • Time stamp
    • Referring URL
    • New and repeat information
    • Language preferences
    • Behavioral data about usage and activity, for example, websites visited, click paths, content downloaded, and dates and times of these activities
    • Information obtained from third parties on an individual’s interests
    Information collected through tracking technologies may be considered Personal Data under applicable Data Protection Laws. For additional information about our use of Tracking Technologies, please see below under “How We Follow Visits and Usage (Cookies and Analytics).”
    Please contact us at privacy@emburse.com for more information about Emburse Personal Data collection practices
    HOW PERSONAL DATA IS PROCESSED AND USED
    Legal Basis for Processing. We process Personal Data under the following legitimate purposes:
    • To provide the Services contracted
    • To respond to inquiries
    • To operate our business
    • To meet contractual and legal obligations
    • To ensure compliance with Data Protection Laws and other applicable laws
    • To protect the security of our systems
    • To protect our customers
    • As required or permitted by applicable Data Protection Laws
    • Pursuant to Data Subject consent
    Voluntary Consent. In certain situations, Data Subjects may choose to voluntarily share their Personal Data. This means that they voluntarily consent to the collection and processing of their Personal Data. Data Subjects are always free not to share Personal Data. However, there is some Personal Data that is necessary in order to benefit from Emburse’s Services. This means that, if a Data Subject chooses not to share the required Personal Data, Emburse may not be able to offer some Services.
    Purposes of Processing. We use and process Personal Data for purposes described below:
    • Provide information about Emburse and/or our affiliated companies
    • Send notices, updates and other administrative messages about the Services contracted. Generally, Data Subjects cannot opt-out of these communications, which are required to fulfill Service request(s)
    • Improve Emburse products and services or for insights into customer behavior for public relations purposes. Whenever required by applicable Data Protection and Data Privacy Laws, Personal Data will be anonymized prior to processing
    • Provide customer or technical support
    • Improve the quality of our support services.
    • We may, as permitted by Data Protection and Data Privacy Laws, retain copies of chat conversations.
    • Market, sell, and advertise Emburse services
    • Ensure our records are accurate and up-to-date
    • Provide information and assess satisfaction about webinars, seminars, conferences, and/or events relevant to our Services.
    • Providing access to an event, conference or seminar we may ask for information about disabilities or special dietary requirements during the event. Any such use of information is based on consent and shall be collected upon registration to the event, conference, or seminar. If users choose not to provide such information, Emburse's ability to fully accommodate them may be limited. Enrollment will not be affected by the decision to share or not disability status and/or dietary restrictions
    • Create and maintain a digital user profile
    • Comply with this Privacy Statement, applicable Data Protection and Privacy Laws, and other applicable laws and court orders
    • Verify identity, if and when, a Data Subject decides to exercise their privacy rights under applicable Data Protection and Data Privacy Laws
    • Safeguard against threats to public health and safety
    • Prevent, detect, mitigate, and investigate fraudulent, or illegal activity
    • Develop, provide, and support functionality and security of Emburse services
    • Confirm Personal Data security incidents, notify individuals, customers and authorities of security incidents, and mitigate the effects of security incidents on individuals
    • Perform and enforce Emburse contractual obligations
    • Provide updates to this Privacy Statement and other documents applicable to a Data Subject’s relationship with Emburse
    • Defend against legal claims, and exercise our legal and contractual rights
    • Required or permitted by Data Protection and Data Privacy laws
    HOW WE TRACK VISITS AND USAGE (COOKIES AND ANALYTICS)
    We use tracking technologies such as cookies, beacons, tags, and scripts to analyze trends, administer our Websites, track users’ movements around our Websites, and gather demographic information about the user base as a whole.
    Cookies. Cookies are small text files placed on a device allowing device identification. Emburse uses cookies to remember users’ settings and for account authentication. Data Subjects may control the use of cookies by (1) changing the preferences in their browser, or (2) by clicking on our cookie banner and adjusting the preferences (see below “What Privacy Choices Are Available to Data Subjects” for more information). If a Data Subject rejects cookies, the functionality of our Websites may be affected.
    Local Storage Objects (HTML 5). We use Local Storage Objects (LSOs), such as HTML5 to store content information and preferences. LSOs allow Emburse to store data on a Data Subject’s browser. The data persists even after the browser window is closed. LOSs are useful because they allow users to save usernames and passwords, if a user chooses to do so. Various browsers may offer management tools to remove LSOs, please follow the browser’s directions to personalize LSOs preferences.
    Third Party Behavioral Targeting. We partner with third parties to either display advertising on our Websites or to manage our advertisements on other websites.
    Our third party partners may use their own tracking technologies to gather information about a Data Subject online behavior. If a Data Subject wishes to not have this information used for the purpose of serving them interest-based ads, they may be able control their preferences using the resources available here. In some cases, Data Subjects may be able to remove all ads by following their browser’s instructions. Please review the browser’s privacy practices to see if that choice is available.
    Analytics. We use analytics, including analytics conducted by third party partners, to help improve our Websites and user experience.
    WHAT PRIVACY CHOICES ARE AVAILABLE TO DATA SUBJECTS
    Data Subjects have the right to: (1) accept, reject, or limit cookies; (2) opt-out of third party analytics; and (3) opt-out of receiving interest-based advertising from Emburse at any time. The organizations named below provide guidance to the public on the opt-out mechanisms for Personal Data collection and processing by advertisers and analytics service providers
    Network Advertising Initiative
    Digital Advertising Alliance (US)
    Your Online Choices (EU)
    Digital Advertising Alliance of Canada (Canada)
    Data Driven Advertising Initiative (Japan).
    Analytics. To opt-out of Google Analytics web tracking individuals are welcome to download Google Analytics Opt-out Browser Add-on.
    Cookies. In addition to what is specified in this Privacy Statement, individuals can manage Cookies preferences directly from their own browser.
    Where required by applicable laws, individuals can opt-out of Cookies that are not required to enable core site functionality. Data Subjects can manage Cookie preferences by clicking on the Cookie banner on our Websites.
    Third Party Advertisement. Individuals can customize and control the privacy practices of third party advertisers and analytics service providers by following the third party’s opt-out procedures.
    Promotional Emails. Individuals can unsubscribe from promotional emails by following the unsubscribe instructions in our emails.
    Please remember that even if an individual chooses to unsubscribe from promotional email messages, Emburse may contact them with transactional information related to the Services contracted or requested through our Websites.
    Please contact us at privacy@emburse.com for additional information about opt-out mechanisms.
    HOW PERSONAL DATA IS SHARED
    We work with affiliated and third party vendors, consultants, and other service providers that help us run Emburse sales and marketing activities.
    These companies provide work and services such as:
    • Email and postal delivery
    • Collecting business information
    • Event or campaign registration and management
    • Information technology and related infrastructure services
    • Data analysis and insight
    • Auditing
    In some cases, these companies need access to Personal Data to carry out their work for us. They are not, however, authorized to use said Personal Data for their own promotional or business purposes.
    If a Data Subject provides consent, we may share the individual’s contact information with sponsors, co-sponsors, exhibitors at events, and/or conferences organized and hosted by Emburse.
    Our sponsors, co-sponsors, and/or exhibitors may directly collect Personal Data at their conference booths or during presentations. Individuals should review the sponsors, co-sponsors, and/or exhibitors’ privacy policies to learn how they use Personal Data prior to sharing it.
    If a Data Subject registers for an Emburse event, seminar, webinar, or conference, based on the individual’s consent we may share basic participant information such as name, company, and email address with other participants to foster communication and exchange of ideas.
    We may share information in an aggregated form that does not directly or indirectly identify a Data Subject, such as statistical information about visits to our Websites.
    We may also share Personal Data in the following circumstances:
    • When appropriate to:
      • investigate, prevent, or take action regarding illegal or suspected illegal activities
      • protect and defend the rights, property, or safety of Emburse, our users, or others
      • enforce our Terms of Service and other contractual obligations.
    • In connection with a corporate transaction, such as a divestiture, merger, acquisition, consolidation, asset sale (or the negotiation thereof), or in the unlikely event of bankruptcy
    • as required by law and when we believe that disclosure is necessary to protect our rights, comply with a judicial proceeding, court order, data protection authority request, or legal process served to us
    Emburse is required under applicable export laws and trade sanctions to take measures to prevent entities, organizations, and parties listed on government-issued sanctioned-party lists from accessing our Embuse services. Such measures may include automated checks of registration data against applicable sanctioned-party lists and repeated checks against updated lists. In the event of a match, Emburse will suspend the individual’s access and verify the individual’s identity.
    HOW PERSONAL INFORMATION IS KEPT SAFE
    Emburse has implemented data handling and storage practices and procedures that are designed to promote the integrity and confidentiality of Personal Data.
    We update and test our security technology on an ongoing basis and use commercially accepted means to protect Personal Data in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. We are unable, however, to guarantee absolute security.
    HOW PERSONAL DATA IS TRANSFERRED INTERNATIONALLY
    As part of a global group of companies, Emburse has affiliates and third party service providers within, as well as outside of, the European Economic Area (EEA). Therefore, Personal Data may be transferred, accessed, used, processed, and/or stored in the United States or any other country where Emburse operates. Some jurisdictions may not have Data Protection Laws equivalent to those provided in the Data Subject’s home country.
    Emburse takes steps designed to ensure that the Personal Data we collect under this Privacy Statement is processed in accordance with applicable Data Protection Laws.
    When we receive Personal Data, Data Subjects agree to the transfer, storage, and processing in the United States and other countries outside of the European Economic Area.
    In those cases, we implement data transfer safety mechanisms, such as the Standard Contractual Clauses (according to EU Commission Decision 2021/815 od Jun 4, 2021), the UK Contractual Clauses (IDTA), or other acceptable mechanism to contractually ensure that Personal Data is subject to the appropriate level of data protection.
    For additional information regarding Personal Data Transfers please contact us to privacy@emburse.com.
    HOW PERSONAL DATA IS STORED AND RETAINED
    We retain Personal Data as long as:
    • Required by applicable laws. For example:
      • Taxation purposes
      • Legal purposes
      • Accounting
    • Necessary for Emburse’s lawful and legitimate business purposes
    • Judicial and governmental proceedings
    • Compliance with this Privacy Statement.
    • As required to assert or defend against legal claim
    Retention of Personal Data is also subject to an individual’s requests for restrictions on processing or erasure of Personal Data, objections to processing, and withdrawal of consent to processing, if applicable.
    For additional information regarding our data retention practices please contact us at privacy@emburse.com.
    PERSONAL DATA PROTECTION AND PRIVACY RIGHTS
    Applicable Data Protection and Privacy Laws grant Data Subjects certain rights regarding the collection, use, processing, and retention of their Personal Data by Emburse.
    US State Privacy Laws. Data Subjects residing within states having comprehensive privacy law may have additional privacy rights. Please refer to the applicable state law to understand those rights. Additional resources are available here.
    EU GDPR and UK GDPR.
    Right of Access. Data Subjects may request access to and obtain copies of their Personal Data in a structured, commonly used, machine-readable and interoperable format.
    Right to Know. Data Subjects may request information about the purposes for collecting and processing their Personal Data, the third parties to which their Personal Data is disclosed or transferred, the period of retention of their Personal Data, an individual’s privacy rights, and any automatic decision making and profiling using their Personal Data.
    Right of Rectification.* Data Subjects may request rectification of their Personal Data which they believe to be inaccurate or incomplete.
    Right of Erasure.* (Right to be Forgotten). Data Subjects may request the erasure of their Personal Data.
    Right to Restrict Processing.* Data Subjects may request restrictions on the processing of their Personal Data.
    Right to Object to Processing.* Data Subjects may object to the processing of their Personal Data.
    Right to Data Portability. Data Subjects may request the transfer of their Personal Data to a third party.
    Right to Non-Discriminatory Treatment. Data Subjects have the right to be protected from discriminatory effects of processing Personal Data on the basis of racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation, or processing that results in measures having such an effect on individuals.
    Right to Object to Automated Decision Making or Profiling. Data Subjects have the right to object to decisions made solely on the basis of automated processing or profiling.
    Right to Withdraw Consent. Data Subjects may withdraw their consent to the processing of their Personal Data for processing on the basis of the Data Subject’s consent.
    Right to Complain to Authorities. Data Subjects may contact authorities designated in applicable Data Protection and Privacy Laws regarding Emburse’s collection, processing, use, disclosure and retention of their Personal Data. Emburse encourages Data Subjects with complaints to first contact Emburse as directed in this Privacy Statement.
    *Emburse will restrict or stop processing of Personal Data if an Data Subject’s request states: 1) the Data Subject knows or has reason to believe Personal Data is incorrect or incomplete or 2) the Data Subject alleges Emburse has no legitimate business interest or other legal basis for processing under applicable Data Protection and Privacy Law. Emburse will continue to retain Personal Data if retention is legally required or legally necessary for the individual to make or defend against legal claims and to exercise legal rights.
    Please contact us at privacy@emburse.com to exercise any of the above rights.
    We will promptly respond to Data Subjects’ requests under these rights and in no event later than thirty (30) days from receipt of the request, verification of the requesting individual’s identity, and confirmation of the grounds of the request. Data Subjects shall exercise any of the above rights without fee charged by Emburse.
    We are required to verify the identity of the Data Subject making the request to exercise their rights under applicable Data Protection and Privacy Laws, and to confirm the grounds of requests to a reasonable degree of certainty. We may verify a Data Subject’s identity by matching data points contained in the request with data points in our possession, as permitted or required by applicable Data Protection and Privacy Laws.
    EMBURSE DOES NOT SELL OR LICENSE PERSONAL DATA IN ANY FORM TO ANY THIRD PARTIES. EMBURSE DOES NOT DISCLOSE OR TRANSFER PERSONAL DATA TO A THIRD PARTY FOR THE THIRD PARTY PURPOSES INDEPENDENT OF ITS BUSINESS RELATIONSHIP WITH EMBURSE.
    CHANGES TO THIS PRIVACY STATEMENT
    We may update this Privacy Statement from time to time by posting a revised Privacy Statement on our Websites. We encourage users to periodically review this Privacy Statement for the latest information on our privacy practices.
    QUESTIONS
    Please contact us at privacy@emburse.com with any questions about this Privacy Statement or to file a complaint.
    Emburse will investigate and attempt to resolve complaints and disputes regarding the collection, use, and disclosure of Personal Data by referencing the privacy principles stated in this Privacy Statement.