Effective: July 1, 2020

This Privacy Policy describes the privacy practices of AppZen, Inc., its subsidiaries, and affiliates (collectively, “AppZen”, “we”, “us”, or “our”) with respect to personal information. This Privacy Policy describes the personal information that AppZen collects from or about users of our websites, our products and services, and sets out how we collect, use, disclose, and otherwise process the information, as well as the rights available to individuals with respect to their information.

AppZen is the data controller in relation to the personal information we process in connection with our websites (including job applications submitted through our websites) and is primarily responsible for how our website users’ personal information is processed. AppZen is the data processor in relation to the personal information we process in connection with our products and services and we process such information only on behalf of and upon the instruction of the relevant customer.

Personal information we collect

Whose information we collect

We may collect information about a variety of individuals who interact with AppZen, including visitors to our websites, our customers as well as their employees or contractors, and others.

How we collect the information

We may collect information about individuals:

  • Directly from individuals
  • Through our websites
  • From customers of our products and services
  • From third-party expense reporting tools, as authorized by our customers
  • From social media services that you connect with through our websites or when using our products or services
  • From third-party vendors or business partners

Types of information we collect

The types of information we collect include:

  • Contact information (such as name, employer name, and email address)
  • Employee identification number
  • Expense report details (such as merchant information)
  • Information individuals submit in connection with expense reports such as copies of receipts, names, and affiliations of attendees at activities incurring expenses, and explanations of business purposes/justifications
  • Username and password that an individual may select in connection with establishing an account for use of our products and services
  • Geolocation information from users of our websites
  • For job applicants, information of the type that would be included on a resume, such as work experience, education, and languages spoken

We, our service providers, and our business partners may also collect certain information about the use of our websites by automated means. Please see the “Cookies and other information collected by automated means” section of this Privacy Policy for more information.

How we use personal information

In this section, we set out the purposes for which we process personal information and identify the legal grounds on which we rely to process the information.

In some cases, AppZen has a legitimate interest to process the personal information that we collect, such as to support our recruitment activities, administer our products and services (including to support, communicate about, and analyze the use of our products and services), establish and maintain customer accounts, and operate, evaluate, and improve our business, our websites, and other products and services we offer (including research and development of new products and services), or facilitate a sale of assets or merger or acquisition.

In other cases, AppZen processes personal information to fulfill our contracts with our customers and provide the requested products and services.

AppZen may also process personal information with individuals’ consent, for which individuals will receive notice at the time of collection.

In limited situations, it may be necessary for AppZen to process personal information in order to comply with our legal obligations, such as to protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites, products or services), claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide.

We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose, and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis as well as business planning – without restriction.

How we share personal information

AppZen may share personal information as described in this Privacy Policy. In all cases, we take measures to share only the information that is needed to fulfill the purposes for which we share the information.

We may share personal information with:

  • AppZen affiliates and subsidiaries, for the purposes described in this Privacy Policy
  • Service providers that perform services on our behalf, or partners whom we may collaborate with, in each case for the purposes described in this Privacy Policy. The types of service providers and partners with whom we may share personal information may include:
    • Customer service and support providers
    • Technology providers (including technology support, central reservation system providers, keyless entry providers, email and web hosting providers, and email communications providers)
    • Advertising and marketing partners
    • Analytics organizations

Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets (or during the negotiations of such sale or transfer). If we engage in such sale or transfer (or related negotiations), we will – where required by applicable law – make reasonable efforts to direct the recipient to use the personal information we provide in a manner that is consistent with this Privacy Policy. After such sale or transfer, individuals may contact the recipient with any inquiries concerning the processing of their personal information.

In addition, we may share personal information to comply with legal and regulatory requirements to protect against and prevent fraud or illegal activity, (such as identifying and responding to incidents of hacking or misuse of our websites, products or services), claims, and other liabilities.

Cookies and other information collected by automated means

We, our service providers, and our business partners may collect certain information about the use of our website by automated means, such as cookies, web beacons, and other technologies. A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected devices to uniquely identify the visitor’s browser or store information or settings in the browser. Please see our Cookies Policy for further information. A “web beacon,” also known as an Internet tag, pixel tag, or clear GIF, is used to transmit information back to a web server. We, and our service providers and business partners, may collect information about individuals’ online activities over time and across third-party websites when an individual uses our website.

The information that may be collected by automated means includes:

  • Details about the devices that are used to access our websites (such as IP address, operating system, and web browser)
  • Location information, for example, of a mobile device accessing our websites
  • Dates and times of visits to, and use of, our websites
  • Information about how our websites are used (such as the content that is viewed on our websites and how users navigate between our web pages)
  • URLs that refer visitors to our website
  • Search terms used to reach our websites

Web browsers may offer users of our websites the ability to disable certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.

Some of the business partners that collect information about users’ activities on our websites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. For example, users may opt-out of receiving targeted advertising on websites through members of the Network Advertising Initiative or the Digital Advertising Alliance. European users may opt-out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance, selecting the user’s country, and then clicking “Choices” (or similarly-titled link). Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.

Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.

Data retention

Our retention periods for personal information are based on business needs and legal requirements. We retain personal information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible related purpose. When we no longer need the personal information we collect, we either irreversibly anonymize the information (in which case, we may further retain and use the anonymized information) or securely destroy the information.

Privacy preferences, rights, and choices

Individuals have certain rights and may make certain choices regarding AppZen’s processing of their personal information.

Please note that if the exercise of these rights limits our ability to process personal information, we may be precluded from providing our products or services to individuals who exercise these rights, or from otherwise engaging with such individuals going forward.

We reserve the right to verify the identity of the individual in connection with any requests regarding personal information to help ensure that we provide the information to individuals whom the information pertains to and allow only those individuals or their authorized representatives to exercise rights with respect to that information.

You can make choices about AppZen’s collection and use of your data. How you can access or control your personal data will depend on which Sites or Services you use.

Your communication preferences.

You can choose whether to receive promotional email, text messages, telephone calls and/or postal mail from AppZen. To manage your available communication preferences:

  1. Visit our Subscription Center to opt-out of receiving email.
  2. Follow the instructions included in a promotional email from us to unsubscribe.
  3. Send us a message to the email or postal address, including your name, email address and specific, relevant information about the communications you no longer wish to receive.For information about the rights and choices users have in respect to cookies, online advertising and tracking, please see the “Cookies and other information collected by automated means” section of this Privacy Policy.

    General objections to the processing of personal information

    To the extent provided by applicable law, individuals may withdraw any consent previously provided to us or object at any time on legitimate grounds, to the processing of their personal information. We will apply these preferences going forward. In some circumstances, withdrawing consent to AppZen’s use or disclosure of personal information may mean that AppZen will no longer be able to provide certain products or services to individuals who withdraw consent.

    Access to personal information

    Individuals may request access to the personal information AppZen maintains about them. If we grant this request, we will provide the individual with a copy of the personal information we maintain about them in the ordinary course of business, in a commonly used format. Individuals may request to correct any errors in their personal information. We may reject such requests to access or correct personal information, as permitted by applicable law. If we reject such requests, we will notify the requester of the reason(s) for the rejection.

    Deletion of personal information

    Individuals may request that we delete their personal information. We may reject such requests, as permitted by applicable law. If we reject such a request, we will notify the requester of the reason(s) for the rejection.

    Marketing emails

    Individuals may unsubscribe from receiving marketing or other commercial emails from AppZen by following the instructions included in the email or by contacting AppZen using the contact information below. However, even if an individual opts out of receiving such communications, we retain the right to send them non-marketing communications (such as changes in our website terms).

    How we protect personal information

    AppZen maintains reasonable administrative, technical, and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. However, we cannot guarantee that the measures we maintain will ensure the security of personal information.

    Links to websites and third-party content

    We may provide links to websites and other third-party content that are not owned or operated by AppZen. The websites and third-party content to which we link may have separate privacy notices or policies. AppZen is not responsible for the privacy practices of any entity that it does not own or control.

    Your California Privacy Rights

    This section provides information regarding Californian residents’ rights under the California Consumer Privacy Act (CCPA). The CCPA provides rights to California consumers to be notified about the collection, use and sale of their personal information, their right to request access to their personal information, request to opt out of the sale of personal information, request for deletion of personal information and the right to non-discrimination for exercising these rights.

    You have a right to know about personal information AppZen has collected, used, or disclosed about you in the last 12 months. We do not sell personal information. You may exercise your rights allowed to you under the CCPA by completing and submitting this form here or by emailing to ciso@appzen.com. We may ask you to verify your identity prior to us fulfilling your request.

    AppZen will not discriminate against you for exercising your rights under CCPA. Specifically, we will not:

    • Deny access to our software or services;
    • Charge a different rate for the use of our software or services; or
    • Provide a different quality of product or service;

    International data transfers

    Privacy Shield for EEA and Swiss Individuals

    AppZen complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. AppZen has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, and to view our certification, please visit https://www.privacyshield.gov/.

    The US Federal Trade Commission (FTC) has jurisdiction with enforcement authority over AppZen.

    AppZen’s participation in the Privacy Shield applies to all personal data that is received from the European Union and Switzerland. AppZen will comply with the Privacy Shield Principles in respect to such personal data.

    The types of personal data received by AppZen in the course of it providing its subscription service to a customer typically include names, addresses, email, network files (such as Expense Receipts, Microsoft Word, PowerPoint, Excel docs), HR Information, Supplier Address, Supplier Contact, Supplier Payment Information and image files. All data received by AppZen including personal data will be preserved in its original state throughout processing.

    Pursuant to the Privacy Shield Frameworks, AppZen acknowledges the following:

    • EU & Swiss individuals whose data has been transferred into the United States have the right to access that data. If AppZen holds this data in its capacity as a data processor, any individual requests for access will be referred to our appropriate customer, who is the controller of that data. If you are an EU or Swiss individual who wishes to exercise this right and you either do not know who your controlling data entity is, or you are unable to reach them, please refer to the “How To Contact Us” section of this policy below and we will assist you in locating the correct party.
    • We may be required to disclose an individual’s personal data in response to lawful requests from public authorities including to meet national security and law enforcement requirements.
    • AppZen will only use the data it receives from a customer for the specific purposes outlined in our agreement with that customer.
    • No personal information will be disclosed to any non-agent third parties for purposes other than those for which the data was originally provided. If in the future, this practice changes, AppZen will update this Privacy Policy and provide individuals with a choice regarding the sharing of their personal data with such non-agent third parties.
    • AppZen may share data with agent third parties. For more information on this data sharing practice, please refer to the, “How we share personal information,” section above.
    • AppZen remains liable for the onward transfer of EEA and Swiss personal data according with the Privacy Shield Principles including the onward transfer liability provisions.

    Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, or out of Switzerland, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:

    • Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer. For further details, see EU Model Clauses for the transfer of personal information to third countries.
    • For transfers to third parties in the United States, ensuring they participate in the EU-U.S. Privacy Shield Framework or Swiss-US Privacy Shield Framework.

    Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA or Switzerland.

    In compliance with the Privacy Shield Principles, AppZen commits to resolve complaints about our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding our data privacy practices should contact here.

    AppZen has further committed to refer unresolved Privacy Shield complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. The services of BBB EU Privacy Shield are provided at no cost to the individual.

    As further explained in the Privacy Shield Principles, an individual has the option, under certain conditions, to invoke binding arbitration for complaints not resolved by any of the other Privacy Shield mechanisms noted above. Click here for more detailed information on binding arbitration provisions.

    AppZen commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by the panel or Commissioner with regard to human resources data transferred from the EU or Switzerland in the context of the employment relationship.

    Updates to our Privacy Policy

    AppZen reserves the right to change this Privacy Policy at any time. When we make any updates to this Privacy Notice that are deemed material under applicable legal requirements, we will notify individuals of such changes by updating the date of this Privacy Policy and providing other notification as required by applicable law. We may also provide notification of such changes to the Privacy Policy in other ways, such as via email or using other contact information provided to us.

    For all other changes, please review the Privacy Policy from time to time to stay informed of how we are processing personal information.

    How to contact us

    Individuals may contact us with questions, comments, or complaints about this Privacy Policy or our privacy practices, or to exercise any of the rights or choices they may have under applicable law. Our contact information is as follows:

    Outside of the EEA & Swiss

    Attn: Privacy
    AppZen, Inc.
    6201 America Center Drive, Suite 300
    San Jose, CA 95002

    Within the EEA & Swiss

    AppZen UK Ltd.
    c/o Crowe UK LLP
    2nd Floor, Aquis House,
    49-51 Blagrave Street
    Reading
    RG1 1PL, UK

    Via Email

    Privacy@appzen.com

    AppZen Cookies Policy

    Effective date: July 1, 2020.
    Consent & Cookie Settings
    Customize your cookie settings by going to the Cookie Preference Center

    What are cookies?

    Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating web domain on your subsequent visits to that domain. Most web pages contain elements from multiple web domains so when you visit the website, your browser may receive cookies from several sources.
    Cookies are useful because they allow a website to recognize a user’s device. Cookies allow you to navigate between pages efficiently, remember preferences and generally improve the user experience. They can also be used to tailor advertising to your interests through tracking your browsing across websites.
    Session cookies are deleted automatically when you close your browser and persistent cookies remain on your device after the browser is closed (for example to remember your user preferences when you return to the site).

    What types of cookies does AppZen use?

    We describe the categories of cookies AppZen and its service providers or business partners use at the Cookie Preference Center. You can customize your cookie settings there.

    Furthermore, some parties that set cookies via our site may offer the ability to opt-out of cookies via the Network Advertising Initiative’s consumer opt-out tool, the European Interactive Digital Advertising Alliance’s consumer opt-out tool, or the Digital Advertising Alliance’s Consumer Choice Page.

    Cookies Policy does not cover third-party websites

    Please note that this Cookies Policy does not apply to, and we are not responsible for, the cookie practices of third party websites which may be linked to this Website.

    Changes to the Cookies Policy

    We may update this Cookies Policy and we encourage you to review the policy from time to time to stay informed of how we are using cookies.