Effective May 25, 2018
- What information we collect about you and how we collect it
- How we use the information we collect
- Taulia’s legal basis for processing your personal information
- How we share the information we collect with third parties
- How we store and secure the information we collect
- How we transfer information we collect internationally
- How to access and control your information
- How to contact us about privacy questions or comments
- Other important privacy information
Where we provide the Services under contract with an organization (for example your employer) that organization may be the “controller” of the Personal Information processed by the Services. For more information, please see Notice to End Users below.
Personal Information refers to any information relating to an identified or identifiable natural person. It does not include data where the identity of the individual has been removed.
What information we collect about you and how we collect it
We collect Personal Information from you when you contact us regarding our Services, register on our site for support services, subscribe to our newsletter or webinar series, register for or attend our events, ask to be included on an email or other mailing list, participate in an online forum, blog, or voluntary survey, download content or fill out a form. We may collect all or some of the following information: name, email address, phone number, company name, title, department, country and/or industry. Alternatively, you may visit our site anonymously. Any data we request that is not required will be specified as voluntary or optional.
We may provide you the opportunity to participate in surveys on our site. If you participate, we will request certain personally identifiable information from you. Participation in these surveys is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact information such as name, email, and phone number, and demographic information such as job title, income, location, and company size.
We use this information to send notice(s) to you, monitor site traffic, personalize the site, send participants email newsletter(s), and better understand our customers and prospects.
We may use a third party service provider to conduct these surveys; that company will be prohibited from using our users’ personally identifiable information for any other purpose. We will not share the personally identifiable information you provide through a survey with other third parties unless we give you prior notice and choice.
Use of the Taulia Hosted Services
When you use any of the Taulia hosted services, such as Electronic Invoicing or Working Capital Management, we collect information about you when you input it into the Services or otherwise provide it directly to us.
Account and Profile Information: We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you provide your contact information and, in some cases, billing information when you register for the Services. You also have the option of adding job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.
Content you provide through our products: The Services include the Taulia products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include, such as business contact information, and remittance information to be used by your customers. Content also includes the files and links you upload to the Services.
Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, so that we can update you on the status of your support request or seek further information that would be helpful in resolving the issue.
Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; your election of invoicing or early payment options, and the type, size and filenames of attachments you upload to the Services.
Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Information we receive from other sources
We receive information about you from other Service users, from third-party services, from our related companies, from your customers, and our business and channel partners.
Other users of the Services: Other users of our Services, including your customers, or your employer, may provide information about you when they submit content through the Services. We also receive your email address from other Service users when they provide it in order to invite you to the Services. Similarly, an administrator may provide your contact information when they designate you as the billing, technical, or other contact on your company’s account.
Taulia Partners: We work with a global network of partners who help us to market and promote our products, generate leads for us, and resell our products. We receive information from these partners, such as billing information, billing and technical contact information, company name, what Taulia products you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.
Other Partners: We receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements.
How we use the information we collect
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
- To administer your account and facilitate your transactions
- To respond to customer service requests
- To send periodic emails when you have requested to receive them. (The email address you provide for order processing, may be used to send you information and updates pertaining to your order or request, in addition to receiving occasional company news, updates, promotions, related product or service information, etc.)
- To provide you the Taulia services you have requested
- To improve our websites. (We continually strive to improve our website offerings based on the information and feedback we receive from you.)
- To personalize your experience. (Your information helps us to better respond to your individual needs.)
To market, promote and drive engagement with the Services: We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you.
For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
What basis do we have for processing your Personal Information
Legal bases for processing (for EEA users):
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies our legitimate business interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
How we share the information we collect
Third Parties With Whom Taulia Shares Personal Information
Taulia Partners: We work with third parties who provide consulting, sales, and technical services to deliver and implement customer solutions around the Services. We may share your information with these third parties in connection with their services.
In cases of onward transfer to third parties of data of EEA individuals, this is only done pursuant to the EU-US Privacy Shield or other legitimate basis as provided by law.
Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Taulia, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
If Taulia is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
How we store and secure the information we collect
The security of your Personal Information is important to us. We use data hosting service providers in the United States and the European Union to host the Personal Information we collect, and we use technical measures to secure your data. These security measures include: password protected directories and databases to safeguard your information and PCI Scanning to actively protect our servers from hackers and other vulnerabilities. Taulia is also backed by security controls designed to protect your data, and we undergo an annual SSAE16 audit, resulting in SOC1/SOC2 Type 2 audit reports.
We implement these safeguards to protect your information, but no security system is impenetrable, and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. Please contact us at email@example.com with questions regarding our security measures.
You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications at all times.
How long will the data be stored
We will retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. How long we keep the information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. Personal data associated with transactions on the Taulia Platform is retained for the period of time legally required for audit purposes, typically 7-10 years, depending on the applicable law.
We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
Information you share on the Services: If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided.
Managed accounts: If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account.
Marketing information: We retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your Taulia account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
How we transfer information we collect internationally
International transfers of information we collect
We collect information globally and primarily store that information at hosted data centers in the United States and European Union. We transfer, process and store your information outside of your country of residence, as required for Taulia or our third-party service providers to provide you the Services. Whenever we transfer your information, we take steps to protect it.
Privacy Shield Notice
Taulia complies with the EU-U.S. Privacy Shield Certification program as set forth by the U.S. Department of Commerce regarding the collection, use, retention and transfer of data from the European Union. Taulia has certified that it adheres to, and is committed to comply with, the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability. Our commitment to comply with the Privacy Shield Principals is enforceable by the U.S. Federal Trade Commission (FTC). To learn more about the Privacy Shield program, and to view Taulia’s certification, please visit https://www.privacyshield.gov/.
Under the EU-U.S. Privacy Shield Framework, we are responsible for the processing of information about you we receive from the EU and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We encourage you to contact us as provided below should you have a Privacy Shield-related (or general privacy-related) complaint. You may also contact your local data protection authority within the European Economic Area for unresolved complaints.
How to access and control your information
Under certain conditions, more fully described on the Privacy Shield website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration. Please see “To Raise a Complaint,” and “How to access and control your information,” below.
You have the right to access your Personal Information. We provide you the opportunity to “opt-out” of having your information used for certain purposes or to unsubscribe from receiving future emails, when we ask for the information. If you no longer wish to receive emails, our newsletter and other promotional communications, you may opt-out of receiving them by following the detailed unsubscribe instructions at the bottom of each email or communication or by emailing us at firstname.lastname@example.org.
If your Personal Information changes, to request removal of your personal information from our blog or community forum, or if you no longer desire our service, you may correct, update, amend, delete/deactivate it by emailing our Customer Support at email@example.com or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request to access within 30 days.
Your rights in relation to Personal Information and how to exercise them (for EEA users)
Under certain circumstances EEA users have the following rights:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your data protection interests.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you. We may need to request specific information from you to help us confirm your identity and right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
How to Contact Us About Privacy Questions or Comments
Taulia Privacy Coordinator
250 Montgomery Street, Suite 400
San Francisco, CA 94104 USA
(415) 376 8280
To raise a complaint
Please contact Taulia as specified above to address any complaints regarding Taulia’s handling of Personal Information. Taulia will take steps to remedy any issues arising out of a failure to comply with the Privacy Shield Principles or the General Data Protection Regulation. If the complaint cannot be resolved through Taulia’s internal processes, it will be referred to Judicial Arbitration and Mediation Services, Inc., (JAMS) under the JAMS International Mediation Rules, which are accessible on the JAMS website at www.jamsadr.com/rules-international-rules. JAMS mediation may also be commenced as provided for in the JAMS International Mediation Rules. You may also submit a claim directly to JAMS through the following site, which is maintained by JAMS: https://www.jamsadr.com/global-reach/file-an-eu-us-privacy-shield-or-safe-harbor-claim. Finally, you will also have the possibility to invoke binding arbitration under certain conditions.
Other important privacy information
California Online Privacy Protection Act Compliance
Because we value your privacy, we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your Personal Information to outside parties without your consent.
Children’s Online Privacy Protection Act Compliance
The Children’s Online Privacy Protection Act (“COPPA”) took effect on April 21, 2000, and imposes certain requirements on Services directed toward children under the age of 13 that collection information on those children, or on Services that know they are collecting personally identifiable information on children under the age of 13. We are in compliance with the requirements of COPPA and we do not knowingly collect any information from anyone under the age of 13. Our website, products and services are all directed to people who are at least 13 years old or older. If we find that we have collected information from a child under age 13, we will delete that information immediately.
We have taken the necessary steps to ensure that we are compliant with the CAN-SPAM Act of 2003
Terms and Conditions
The English version of this policy shall govern in the event of any conflict or substantive translation changes into a non-English language.
- General Data Protection Regulation (GDPR)
- Federal Trade Commission Fair
- California Online Privacy Protection Act
- Children’s Online Privacy Protection Act
- Privacy Alliance
- Controlling the Assault of Non-Solicited Pornography and Marketing Act
Notice to End Users
Our services and products are intended for use by businesses. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services, is responsible for the accounts, and ultimately for your use of the Services. In such circumstances, the only Personal Information held in the Services for most end users will be the user’s name and email address at the organization’s domain name. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
Administrators are able to:
- require you to reset your account password;
- restrict, suspend or terminate your access to the Services;
- access and modify information in and about your account;
- access or retain information stored as part of your account;
- install or uninstall third-party apps or other integrations
- change the email address associated with your account;
- restrict your ability to edit, restrict, modify or delete information
Cookies & Tracking Notice
Taulia and our third party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies.
What types of technologies do we use?
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
If you wish to disable cookies, or if you wish to browse our websites privately/anonymously/incognito, your web browser can be configured to do this.
We use clear gifs to better manage content on our site by informing us what content is effective. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We do not tie the information gathered by clear gifs to our customer’s Personal Information.
Our integrated third party service providers use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.
As is true of most websites, we use third party tracking-utility partners to gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and click stream data.
We use this information to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.
Social Media Features and Widgets
- Where strictly necessary. These cookies and other technologies are essential in order to enable the Services to provide the feature you have requested, such as remembering you have logged in.
- For functionality. These cookies and similar technologies remember choices you make such as language or search parameters. We use these cookies to provide you with an experience more appropriate with your selections and to make your use of the Services more tailored.
- For statistics and analytics. These cookies and similar technologies collect information on how users interact with the Services and enable us to improve how the Services operate. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our products and websites to identify areas for improvement such as navigation, user experience, and marketing campaigns.
- Social media cookies. These cookies are used when you share information using a social media sharing button or “like” button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.
- Marketing Cookies. These cookies collect information about your browsing habits These are cookies used to help companies understand how users interact with their websites, and sometimes to provide targeted ads. We do not use any marketing cookies.
How can you opt-out?
You may also change your cookie consent choices here:
Updates to this notice
This Cookies & Tracking Notice may be updated from time to time. If we make any changes, we will notify you by revising the “effective starting” date at the top of this notice.
Please contact your organization or refer to your administrator’s organizational policies for more information.