Unlock the power of cash
Accelerate your cash flow today.
Privacy Policy
Effective April 19, 2022
You can view our GDPR statement here
Introduction
Taulia LLC, Taulia UK Ltd, Taulia GmbH, and Taulia Bulgaria EOOD, and any future corporate affiliates (“Taulia”, “we”, “us” or “our”) are committed to protecting our users’ privacy. This Privacy Policy covers the information we collect about you when you use our services, or otherwise interact with Taulia, for example by visiting www.taulia.com/de, requesting information in electronic form, or attending an event, unless a different policy is displayed at that time.
This Privacy Policy is intended to help you understand the following:
- 1. What information we collect about you and how we collect it
- 2. How we use the information we collect
- 3. Taulia’s legal basis for processing your personal information
- 4. How we share the information we collect with third parties
- 5. How we store and secure the information we collect
- 6. How we transfer information we collect internationally
- 7. How to access and control your information
- 8. How to contact us about privacy questions or comments
- 9. Other important privacy information
Services
Individuals may interact with Taulia across a range of services and products, from seeking information available on or by request at our website, up through use of Taulia’s hosted solutions, such as Electronic Invoicing or Working Capital Management. We refer to all of these services and products in this Privacy Policy as our “Services.”
User Options
This Privacy Policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of your Personal Information and how you can access and update certain information about you. If you do not agree with this policy, please do not access or use our Services or interact with any other aspect of our business.
End Users
Where we provide the Services under contract with an organization (for example your employer) that organization may be the “controller” of the Personal Information processed by the Services. For more information, please see Notice to End Users below.
Personal Information
Personal Information or Personal Data refers to any information relating to an identified or identifiable natural person.
1. What information we collect about you and how we collect it
We collect Personal Information from you when you contact us regarding our Services, register on our site for support services, subscribe to our newsletter or webinar series, register for or attend our events, ask to be included on an email or other mailing list, participate in an online forum, blog, or voluntary survey, download content or fill out a form. We may collect all or some of the following information: name, email address, phone number, company name, title, department, country and/or industry. Alternatively, you may visit our site anonymously. Any data we request that is not required will be specified as voluntary or optional.
A. Surveys
We may provide you the opportunity to participate in surveys on our site. If you participate, we will request certain personally identifiable information from you. Participation in these surveys is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact information such as name, email, and phone number, and demographic information such as job title, income, location, and company size.
We use this information to send notice(s) to you, monitor site traffic, personalize the site, send participants email newsletter(s), and better understand our customers and prospects. We may use a third-party service provider to conduct these surveys; that company will be prohibited from using our users’ personally identifiable information for any other purpose. We will not share the personally identifiable information you provide through a survey with other third parties unless we give you prior notice and choice.
B. Use of the Taulia Hosted Services
When you use any of the Taulia hosted services, such as Electronic Invoicing or Working Capital Management, we collect information about you when you input it into the Services or otherwise provide it directly to us.
Account and Profile Information: We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information when you register for the Services. You also have the option of adding job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.
Content you provide through our products: The Services include the Taulia products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include, such as business contact information, and remittance information to be used by your customers. Content also includes the files and links you upload to the Services.
Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, so that we can update you on the status of your support request or seek further information that would be helpful in resolving the issue.
Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; your election of invoicing or early payment options, and the type, size and filenames of attachments you upload to the Services.
Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Cookies and Other Tracking Technologies: Taulia and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. For more information, please see our Cookies and Tracking Notice, which includes information on how to control or opt out of these cookies and tracking technologies.
C. Information we receive from other sources
We receive information about you from other Service users, from third-party services, from our related companies, from your customers, and our business and channel partners.
Other users of the Services: Other users of our Services, including your customers, or your employer, may provide information about you when they submit content through the Services. We also receive your email address from other Service users when they provide it in order to invite you to the Services. Similarly, an administrator may provide your contact information when they designate you as the billing, technical, or other contact on your company’s account.
Taulia Partners: We work with a global network of partners who help us to market and promote our products, generate leads for us, and resell our products. We receive information from these partners, such as billing information, billing and technical contact information, company name, what Taulia products you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.
Other Partners: We receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements.
2. How we use the information we collect
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
- To administer your account and facilitate your transactions
- To respond to customer service requests
- To send periodic emails when you have requested to receive them. (The email address you provide for order processing, may be used to send you information and updates pertaining to your order or request, in addition to receiving occasional company news, updates, promotions, related product or service information, etc.)
- To provide you the Taulia services you have requested
- To improve our websites and Services. (We continually strive to improve our website offerings based on the information and feedback we receive from you.)
- To personalize your experience. (Your information helps us to better respond to your individual needs.)
To market, promote and drive engagement with the Services: We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you.
For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
3. What basis do we have for processing your Personal Information
Legal bases for processing (for EEA and Brazilian users)
If you are an individual in the European Economic Area (EEA) or Brazil, we collect and process information about you only where we have legal bases for doing so under applicable EU or Brazilian law. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies our legitimate business interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
4. How we share the information we collect
Third Parties With Whom Taulia Shares Personal Information
Service Providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including this Privacy Policy, and other policies and procedures designed to protect your information.
Taulia Partners: We work with third parties who provide consulting, sales, and technical services to deliver and implement customer solutions around the Services. We may share your information with these third parties in connection with their services.
In cases of onward transfer to third parties of data of EEA, Swiss or Brazilian individuals, this is only done pursuant to the contractual arrangements we have with these third parties in accordance with applicable law.
Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Taulia, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
If Taulia is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Third Party Links: Other sites accessible through our website have their own privacy policies and data collection use and disclosure practices. Occasionally, at our discretion, we may include or offer third party products or services on our website as well as provide links to sites that are owned and operated by these third-party providers. Please consult each site’s privacy policy, as the information practices of these third-party sites are not covered by our Privacy Policy. We cannot control their collection of information, and therefore have no responsibility or liability for the content and activities of these linked sites. While we continue to seek to protect the integrity of our own site, you should contact these sites directly if you have any questions about the use of the information that they collect.
We use Lead Forensics to track activity on our website and provide us with the IP address, the date and duration of the user’s visit, and the web pages which the user visits. This information may be used by us for marketing purposes. More information can be found on Lead Forensics’ Privacy Policy.
5. How we store and secure the information we collect
The security of your Personal Information is important to us. We use data hosting service providers in the United States and the European Union to host the Personal Information we collect, and we use technical measures to secure your data. These security measures include: password protected directories and databases to safeguard your information and PCI Scanning to actively protect our servers from hackers and other vulnerabilities. Taulia is also backed by security controls designed to protect your data, and we undergo an annual SSAE18 audit, resulting in SOC1/SOC2 Type 2 audit reports.
We implement these safeguards to protect your information, but no security system is impenetrable, and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. Please contact us at sec[email protected] with questions regarding our security measures.
You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications at all times.
How long will the data be stored
We will retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. How long we keep the information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. Personal Data associated with transactions on the Taulia Platform is retained for the period of time legally required for audit purposes, typically 7-10 years, depending on the applicable law.
We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
Information you share on the Services: If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided.
Managed accounts: If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account.
Marketing information: We retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your Taulia account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
6. How we transfer information we collect internationally
International transfers of information we collect
We collect information globally and primarily store that information at hosted data centers in the United States and European Union. We transfer, process and store your information outside of your country of residence, as required for Taulia or our third-party service providers to provide you the Services. Whenever we transfer your information, we take steps to protect it.
International transfers within the Taulia Companies: To facilitate our global operations, we transfer information to our hosted data centers in either the United States or the European Union and allow access to that information from countries in which the Taulia companies have operations for the purposes described in this Privacy Policy. These countries may not have equivalent privacy and data protection laws to the laws of many of the countries where our customers and users are based. When we share information about you within and among Taulia corporate affiliates, we make use of standard contractual data protection clauses, which have been approved by the European Commission.
International transfers to third parties: Some of the third parties described in this privacy policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of customers in the European Economic Area or Switzerland, we make use of the EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield Frameworks, European Commission-approved standard contractual data protection clauses, or other appropriate legal mechanisms to safeguard the transfer. Please see our Privacy Shield Notice below.
Schrems II
On July 16th, 2020, the CJEU has declared the EU-US Privacy Shield an invalid mechanism for transferring personal data from the E.U. to the U.S. To the extent that Taulia has relied on the EU-US Privacy Shield as the mechanism to transfer personal data across borders, Taulia will be converting to use of the EU Standard Contractual Clauses, or another approved transfer mechanism as a replacement for the EU-US Privacy Shield. In the meantime, Taulia intends to continue to maintain its status and compliance with the EU-US Privacy Shield Principles.
Privacy Shield Notice
Taulia complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Taulia has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
We ensure that the Privacy Shield Principles apply to all information about you that is subject to this privacy policy and is received from the European Union, Switzerland, and the European Economic Area.
Under the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework, we are responsible for the processing of information about you we receive from the EU or Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
We encourage you to contact us as provided below should you have a Privacy Shield-related (or general privacy-related) complaint. You may also contact your local data protection authority within the European Economic Area or Switzerland for unresolved complaints.
Under certain conditions, more fully described on the Privacy Shield website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration. Please see “To Raise a Complaint,” and “How to access and control your information,” below.
7. How to access and control your information
Access/Choice/Opt-Out
You have the right to access your Personal Information. We provide you the opportunity to “opt-out” of having your information used for certain purposes or to unsubscribe from receiving future emails, when we ask for the information. If you no longer wish to receive emails, our newsletter and other promotional communications, you may opt-out of receiving them by following the detailed unsubscribe instructions at the bottom of each email or communication or by emailing us at [email protected].
If your Personal Information changes, to request removal of your personal information from our blog or community forum, or if you no longer desire our service, you may correct, update, amend, delete/deactivate it by emailing our Customer Support at [email protected] or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request to access within 30 days (or 15 days for users subject to Brazilian laws).
Your rights in relation to Personal Information and how to exercise them (for EEA and Brazilian users)
Under certain circumstances EEA and Brazilian users have the following rights:
- Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your data protection interests.
- Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you. We may need to request specific information from you to help us confirm your identity and right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
8. How to Contact Us About Privacy Questions or Comments
If you have concerns regarding this Privacy Policy, first contact the Taulia Privacy Coordinator ([email protected]), or send written correspondence to:
Taulia Privacy Coordinator
95 Third Street #284
San Francisco
CA 94103
[email protected]
(415) 376 8280
To raise a complaint
According to the GDPR, you have the right to lodge a complaint with a supervisory authority. However, we recommend that you always first address a complaint to the Taulia Privacy Coordinator ([email protected]) so that we can resolve your concern as quickly as possible and in a customer-oriented manner. Taulia will take steps to remedy any issues arising out of a failure to comply with the the General Data Protection Regulation. If the complaint cannot be resolved through Taulia’s internal processes, it will be referred to Judicial Arbitration and Mediation Services, Inc., (JAMS) under the JAMS International Mediation Rules, which are accessible on the JAMS website at https://www.jamsadr.com/eu-us-privacy-shield/. JAMS mediation may also be commenced as provided for in the JAMS International Mediation Rules. Finally, you will also have the possibility to invoke binding arbitration under certain conditions.
9. Other important privacy information
California Online Privacy Protection Act Compliance
Because we value your privacy, we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your Personal Information to outside parties without your consent.
Children’s Online Privacy Protection Act Compliance
The Children’s Online Privacy Protection Act (“COPPA”) took effect on April 21, 2000, and imposes certain requirements on Services directed toward children under the age of 13 that collection information on those children, or on Services that know they are collecting personally identifiable information on children under the age of 13. We are in compliance with the requirements of COPPA and we do not knowingly collect any information from anyone under the age of 13. Our website, products and services are all directed to people who are at least 13 years old or older. If we find that we have collected information from a child under age 13, we will delete that information immediately.
CAN-SPAM Compliance
We have taken the necessary steps to ensure that we are compliant with the CAN-SPAM Act of 2003.
Terms and Conditions
Please also visit our Terms of Use section establishing the use, disclaimers, and limitations of liability governing the use of our website at www.taulia.com/de/terms-conditions.
Changes to Taulia’s Privacy Policy
If we decide to change our Privacy Policy, we will post those changes on this page, and/or update the Privacy Policy modification date at the top of this page. Policy changes will apply only to information collected after the date of the change. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a prominent notice on our Services. We encourage you to periodically review this page for the latest information on our privacy practices before proceeding to use our Services.
The English version of this policy shall govern in the event of any conflict or substantive translation changes into a non-English language.
Privacy Policy Customer Pledge
We pledge to you, our customer, that we have made a dedicated effort to bring our privacy policy in line with the following important privacy laws and initiatives:
- General Data Protection Regulation (GDPR)
- Lei Geral de Proteção de Dados (LGPD)
- Privacy Shield Principles
- Federal Trade Commission Fair
- California Online Privacy Protection Act
- Children’s Online Privacy Protection Act
- Privacy Alliance
- Controlling the Assault of Non-Solicited Pornography and Marketing Act
Notice to End Users
Our services and products are intended for use by businesses. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services, is responsible for the accounts, and ultimately for your use of the Services. In such circumstances, the only Personal Information held in the Services for most end users will be the user’s name and email address at the organization’s domain name. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
Administrators are able to:
- require you to reset your account password;
- restrict, suspend or terminate your access to the Services;
- access and modify information in and about your account;
- access or retain information stored as part of your account;
- install or uninstall third-party apps or other integrations
- change the email address associated with your account;
- restrict your ability to edit, restrict, modify or delete information
Please contact your organization or refer to your administrator’s organizational policies for more information.