This Privacy Statement (“Privacy Statement”) describes the various ways in which Emburse, Inc., for itself and on behalf of its affiliates, (collectively "Emburse," "we," “us,” and “our”) collects, processes, uses, and shares Personal Data about individuals (also “users” and “Data Subject”) in the context of sales, marketing activities, and for its own business purposes.
If a company has retained Emburse services, different or additional Privacy Protections may govern the service agreement between the company and Emburse. Data Subjects should contact their employer for information about the Privacy Protections that apply directly to them.
“Personal Data” means any data that directly or indirectly identifies a Data Subject. Personal Data typically includes, for example, a person’s first and last name, email addresses, telephone numbers, residence (country, state/province, city), title, department, job description, and financial information. Personal Data does not include information that identifies a company or organization.
For the purpose of this Privacy Statement, “Services” is intended to include access to Emburse’s websites, offerings, contests, sweepstakes, non-marketing related newsletters, whitepapers, events, conferences, webinars, seminars, and any other Emburse content.
“Websites” shall mean any and all web pages, applications, any other electronic channel owned or controlled by Emburse.
Use of Emburse Websites by Children. Emburse’s Websites are not directed to users under the age of 13. Children younger than 13 may not use our Websites. Parents or guardians who believe we may have collected information about a child, please contact us at email@example.com.
HOW PERSONAL DATA IS COLLECTED
Data Collection. We collect Personal Data directly, indirectly, and automatically as described below.
When permitted by applicable law, we may combine the Personal Data collected about a Data Subject. We treat all this information as Personal Data.
We directly collect Personal Data when voluntarily provided to us in a few different ways. For example, we collect Personal Data when individuals:
We also obtain Personal Data, as allowed by applicable laws, indirectly from third party sources. For example:
We collect Personal Data automatically through the use of tracking technologies when Data Subjects access, use, and interact with the Emburse Websites.
We also automatically assign a device identifier number to the desktop, laptop, and mobile device individuals use to access the Emburse Websites. This enables us to use tracking technologies to collect and analyze information about browser activities. Personal Data collected automatically includes:
Information obtained from third parties on an individual’s interests
Information collected through tracking technologies may be considered Personal Data under applicable Data Protection Laws. For additional information about our use of Tracking Technologies, please see below under “How We Follow Visits and Usage (Cookies and Analytics).”
Please contact us at firstname.lastname@example.org for more information about Emburse Personal Data collection practices.
HOW PERSONAL DATA IS PROCESSED AND USED
Legal Basis for Processing. We process Personal Data under the following legitimate purposes:
Voluntary Consent. In certain situations, Data Subjects may choose to voluntarily share their Personal Data. This means that they voluntarily consent to the collection and processing of their Personal Data. Data Subjects are always free not to share Personal Data. However, there is some Personal Data that is necessary in order to benefit from Emburse’s Services. This means that, if a Data Subject chooses not to share the required Personal Data, Emburse may not be able to offer some Services.
Purposes of Processing. We use and process Personal Data for purposes described below:
HOW WE TRACK VISITS AND USAGE (COOKIES AND ANALYTICS)
We use tracking technologies such as cookies, beacons, tags, and scripts to analyze trends, administer our Websites, track users’ movements around our Websites, and gather demographic information about the user base as a whole.
Local Storage Objects (HTML 5). We use Local Storage Objects (LSOs), such as HTML5 to store content information and preferences. LSOs allow Emburse to store data on a Data Subject’s browser. The data persists even after the browser window is closed. LOSs are useful because they allow users to save usernames and passwords, if a user chooses to do so. Various browsers may offer management tools to remove LSOs, please follow the browser’s directions to personalize LSOs preferences.
Third Party Behavioral Targeting. We partner with third parties to either display advertising on our Websites or to manage our advertisements on other websites.
Our third party partners may use their own tracking technologies to gather information about a Data Subject online behavior. If a Data Subject wishes to not have this information used for the purpose of serving them interest-based ads, they may be able control their preferences using the resources available here. In some cases, Data Subjects may be able to remove all ads by following their browser’s instructions. Please review the browser’s privacy practices to see if that choice is available.
Analytics. We use analytics, including analytics conducted by third party partners, to help improve our Websites and user experience.
WHAT PRIVACY CHOICES ARE AVAILABLE TO DATA SUBJECTS
Data Subjects have the right to: (1) accept, reject, or limit cookies; (2) opt-out of third party analytics; and (3) opt-out of receiving interest-based advertising from Emburse at any time. The organizations named below provide guidance to the public on the opt-out mechanisms for Personal Data collection and processing by advertisers and analytics service providers:
Analytics. To opt-out of Google Analytics web tracking individuals are welcome to download Google Analytics Opt-out Browser Add-on.
Cookies. In addition to what is specified in this Privacy Statement, individuals can manage Cookies preferences directly from their own browser.
Where required by applicable laws, individuals can opt-out of Cookies that are not required to enable core site functionality. Data Subjects can manage Cookie preferences by clicking on the Cookie banner on our Websites.
Third Party Advertisement. Individuals can customize and control the privacy practices of third party advertisers and analytics service providers by following the third party’s opt-out procedures.
Promotional Emails. Individuals can unsubscribe from promotional emails by following the unsubscribe instructions in our emails.
Please remember that even if an individual chooses to unsubscribe from promotional email messages, Emburse may contact them with transactional information related to the Services contracted or requested through our Websites.
Please contact us at email@example.com for additional information about opt-out mechanisms.
HOW PERSONAL DATA IS SHARED
We work with affiliated and third party vendors, consultants, and other service providers that help us run Emburse sales and marketing activities.
These companies provide work and services such as:
In some cases, these companies need access to Personal Data to carry out their work for us. They are not, however, authorized to use said Personal Data for their own promotional or business purposes.
If a Data Subject provides consent, we may share the individual’s contact information with sponsors, co-sponsors, exhibitors at events, and/or conferences organized and hosted by Emburse.
Our sponsors, co-sponsors, and/or exhibitors may directly collect Personal Data at their conference booths or during presentations. Individuals should review the sponsors, co-sponsors, and/or exhibitors’ privacy policies to learn how they use Personal Data prior to sharing it.
If a Data Subject registers for an Emburse event, seminar, webinar, or conference, based on the individual’s consent we may share basic participant information such as name, company, and email address with other participants to foster communication and exchange of ideas.
We may share information in an aggregated form that does not directly or indirectly identify a Data Subject, such as statistical information about visits to our Websites.
We may also share Personal Data in the following circumstances:
Emburse is required under applicable export laws and trade sanctions to take measures to prevent entities, organizations, and parties listed on government-issued sanctioned-party lists from accessing our Embuse services. Such measures may include automated checks of registration data against applicable sanctioned-party lists and repeated checks against updated lists. In the event of a match, Emburse will suspend the individual’s access and verify the individual’s identity.
HOW PERSONAL INFORMATION IS KEPT SAFE
Emburse has implemented data handling and storage practices and procedures that are designed to promote the integrity and confidentiality of Personal Data.
We update and test our security technology on an ongoing basis and use commercially accepted means to protect Personal Data in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. We are unable, however, to guarantee absolute security.
HOW PERSONAL DATA IS TRANSFERRED INTERNATIONALLY
As part of a global group of companies, Emburse has affiliates and third party service providers within, as well as outside of, the European Economic Area (EEA). Therefore, Personal Data may be transferred, accessed, used, processed, and/or stored in the United States or any other country where Emburse operates. Some jurisdictions may not have Data Protection Laws equivalent to those provided in the Data Subject’s home country.
Emburse takes steps designed to ensure that the Personal Data we collect under this Privacy Statement is processed in accordance with applicable Data Protection Laws.
When we receive Personal Data, Data Subjects agree to the transfer, storage, and processing in the United States and other countries outside of the European Economic Area.
In those cases, we implement data transfer safety mechanisms, such as the Standard Contractual Clauses (according to EU Commission Decision 2021/815 od Jun 4, 2021), the UK Contractual Clauses (IDTA), or other acceptable mechanism to contractually ensure that Personal Data is subject to the appropriate level of data protection.
For additional information regarding Personal Data Transfers please contact us to firstname.lastname@example.org.
HOW PERSONAL DATA IS STORED AND RETAINED
We retain Personal Data as long as:
Retention of Personal Data is also subject to an individual’s requests for restrictions on processing or erasure of Personal Data, objections to processing, and withdrawal of consent to processing, if applicable.
For additional information regarding our data retention practices please contact us at email@example.com.
PERSONAL DATA PROTECTION AND PRIVACY RIGHTS
Applicable Data Protection and Privacy Laws grant Data Subjects certain rights regarding the collection, use, processing, and retention of their Personal Data by Emburse.
US State Privacy Laws. Data Subjects residing within states having comprehensive privacy law may have additional privacy rights. Please refer to the applicable state law to understand those rights. Additional resources are available here.
EU GDPR and UK GDPR.
Right of Access. Data Subjects may request access to and obtain copies of their Personal Data in a structured, commonly used, machine-readable and interoperable format.
Right to Know. Data Subjects may request information about the purposes for collecting and processing their Personal Data, the third parties to which their Personal Data is disclosed or transferred, the period of retention of their Personal Data, an individual’s privacy rights, and any automatic decision making and profiling using their Personal Data.
Right of Rectification.* Data Subjects may request rectification of their Personal Data which they believe to be inaccurate or incomplete.
Right of Erasure.* (Right to be Forgotten). Data Subjects may request the erasure of their Personal Data.
Right to Restrict Processing.* Data Subjects may request restrictions on the processing of their Personal Data.
Right to Object to Processing.* Data Subjects may object to the processing of their Personal Data.
Right to Data Portability. Data Subjects may request the transfer of their Personal Data to a third party.
Right to Non-Discriminatory Treatment. Data Subjects have the right to be protected from discriminatory effects of processing Personal Data on the basis of racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation, or processing that results in measures having such an effect on individuals.
Right to Object to Automated Decision Making or Profiling. Data Subjects have the right to object to decisions made solely on the basis of automated processing or profiling.
Right to Withdraw Consent. Data Subjects may withdraw their consent to the processing of their Personal Data for processing on the basis of the Data Subject’s consent.
Right to Complain to Authorities. Data Subjects may contact authorities designated in applicable Data Protection and Privacy Laws regarding Emburse’s collection, processing, use, disclosure and retention of their Personal Data. Emburse encourages Data Subjects with complaints to first contact Emburse as directed in this Privacy Statement.
*Emburse will restrict or stop processing of Personal Data if an Data Subject’s request states: 1) the Data Subject knows or has reason to believe Personal Data is incorrect or incomplete or 2) the Data Subject alleges Emburse has no legitimate business interest or other legal basis for processing under applicable Data Protection and Privacy Law. Emburse will continue to retain Personal Data if retention is legally required or legally necessary for the individual to make or defend against legal claims and to exercise legal rights.
Please contact us at firstname.lastname@example.org to exercise any of the above rights.
We will promptly respond to Data Subjects’ requests under these rights and in no event later than thirty (30) days from receipt of the request, verification of the requesting individual’s identity, and confirmation of the grounds of the request. Data Subjects shall exercise any of the above rights without fee charged by Emburse.
We are required to verify the identity of the Data Subject making the request to exercise their rights under applicable Data Protection and Privacy Laws, and to confirm the grounds of requests to a reasonable degree of certainty. We may verify a Data Subject’s identity by matching data points contained in the request with data points in our possession, as permitted or required by applicable Data Protection and Privacy Laws.
EMBURSE DOES NOT SELL OR LICENSE PERSONAL DATA IN ANY FORM TO ANY THIRD PARTIES. EMBURSE DOES NOT DISCLOSE OR TRANSFER PERSONAL DATA TO A THIRD PARTY FOR THE THIRD PARTY PURPOSES INDEPENDENT OF ITS BUSINESS RELATIONSHIP WITH EMBURSE.
CHANGES TO THIS PRIVACY STATEMENT
We may update this Privacy Statement from time to time by posting a revised Privacy Statement on our Websites. We encourage users to periodically review this Privacy Statement for the latest information on our privacy practices.
Please contact us at email@example.com with any questions about this Privacy Statement or to file a complaint.
Emburse will investigate and attempt to resolve complaints and disputes regarding the collection, use, and disclosure of Personal Data by referencing the privacy principles stated in this Privacy Statement.