This Privacy Policy describes the privacy practices of AppZen, Inc.,  its subsidiaries, and affiliates (collectively, “AppZen”, “we”, “us”, or “our”) with respect to personal information. This Privacy Policy describes the personal information that AppZen collects from or about users of our websites, our products and services, and sets out how we collect, use, disclose, and otherwise process the information, as well as the rights available to individuals with respect to their information.

AppZen is the data controller in relation to the personal information we process in connection with our websites (including job applications submitted through our websites) and is primarily responsible for how our website users’ personal information is processed. AppZen is the data processor in relation to the personal information we process in connection with our products and services and we process such information only on behalf of and upon the instruction of the relevant customer.

Personal information we collect

Whose information we collect

We may collect information about a variety of individuals who interact with AppZen, including visitors to our websites, our customers as well as their employees or contractors, and others.

How we collect the information

We may collect information about individuals:

  • Directly from individuals
  • Through our websites
  • From customers of our products and services
  • From third-party expense reporting tools, as authorized by our customers
  • From social media services that you connect with through our websites or when using our products or services
  • From third-party vendors or business partners

Types of information we collect

The types of information we collect include:

  • Contact information (such as name, employer name, and email address)
  • Employee identification number
  • Expense report details (such as merchant information)
  • Information individuals submit in connection with expense reports such as copies of receipts, names, and affiliations of attendees at activities incurring expenses, and explanations of business purposes/justifications
  • Username and password that an individual may select in connection with establishing an account for use of our products and services
  • Geolocation information from users of our websites
  • For job applicants, information of the type that would be included on a resume, such as work experience, education, and languages spoken

We, our service providers, and our business partners may also collect certain information about the use of our websites by automated means. Please see the “Cookies and other information collected by automated means” section of this Privacy Policy for more information.

How we use personal information

In this section, we set out the purposes for which we process personal information and identify the legal grounds on which we rely to process the information.

In some cases, AppZen has a legitimate interest to process the personal information that we collect, such as to support our recruitment activities, administer our products and services (including to support, communicate about, and analyze the use of our products and services), establish and maintain customer accounts, and operate, evaluate, and improve our business, our websites, and other products and services we offer (including research and development of new products and services), or facilitate a sale of assets or merger or acquisition.

In other cases, AppZen processes personal information to fulfill our contracts with our customers and provide the requested products and services.

AppZen may also process personal information with individuals’ consent, for which individuals will receive notice at the time of collection.

In limited situations, it may be necessary for AppZen to process personal information in order to comply with our legal obligations, including to protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of our websites, products or services), claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide.

We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose, and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis as well as business planning – without restriction.

How we share personal information

AppZen may share personal information as described in this Privacy Policy. In all cases, we take measures to share only the information that is needed to fulfill the purposes for which we share the information.

We may share personal information with:

  • AppZen affiliates and subsidiaries, for the purposes described in this Privacy Policy
  • Service providers that perform services on our behalf, or partners whom we may collaborate with, in each case for the purposes described in this Privacy Policy. The types of service providers and partners with whom we may share personal information may include:
    • Customer service and support providers
    • Technology providers (including technology support, central reservation system providers, keyless entry providers, email and web hosting providers, and email communications providers)
    • Advertising and marketing partners
    • Analytics organizations

Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets (or during the negotiations of such sale or transfer). If we engage in such sale or transfer (or related negotiations), we will – where required by applicable law – make reasonable efforts to direct the recipient to use the personal information we provide in a manner that is consistent with this Privacy Policy. After such sale or transfer, individuals may contact the recipient with any inquiries concerning the processing of their personal information.

In addition, we may share personal information to comply with legal and regulatory requirements to protect against and prevent fraud or illegal activity, (such as identifying and responding to incidents of hacking or misuse of our websites, products or services), claims, and other liabilities.

Cookies and other information collected by automated means

We, our service providers, and our business partners may collect certain information about the use of our website by automated means, such as cookies, web beacons, and other technologies. A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected devices to uniquely identify the visitor’s browser or store information or settings in the browser. Please see our Cookies Policy for further information. A “web beacon,” also known as an Internet tag, pixel tag, or clear GIF, is used to transmit information back to a web server. We, and our service providers and business partners, may collect information about individuals’ online activities over time and across third-party websites when an individual uses our website.

The information that may be collected by automated means includes:

  • Details about the devices that are used to access our websites (such as IP address, operating system, and web browser)
  • Location information, for example, of a mobile device accessing our websites
  • Dates and times of visits to, and use of, our websites
  • Information about how our websites are used (such as the content that is viewed on our websites and how users navigate between our web pages)
  • URLs that refer visitors to our website
  • Search terms used to reach our websites

Web browsers may offer users of our websites the ability to disable certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.

Some of the business partners that collect information about users’ activities on our websites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. For example, users may opt-out of receiving targeted advertising on websites through members of the Network Advertising Initiative or the Digital Advertising Alliance. European users may opt-out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance, selecting the user’s country, and then clicking “Choices” (or similarly-titled link). Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.

Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.

Data retention

Our retention periods for personal information are based on business needs and legal requirements. We retain personal information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible related purpose. When we no longer need the personal information we collect, we either irreversibly anonymize the information (in which case, we may further retain and use the anonymized information) or securely destroy the information.

Privacy preferences, rights, and choices

Individuals have certain rights and may make certain choices regarding AppZen’s processing of their personal information.

Please note that if the exercise of these rights limits our ability to process personal information, we may be precluded from providing our products or services to individuals who exercise these rights, or from otherwise engaging with such individuals going forward.

We reserve the right to verify the identity of the individual in connection with any requests regarding personal information to help ensure that we provide the information to individuals whom the information pertains and allow only those individuals or their authorized representatives to exercise rights with respect to that information.

You also can make choices about AppZen’s ‘s collection and use of your data. How you can access or control your personal data will depend on which Sites or Services you use. For example the Customer Support Community.

Your communication preferences.

You can always choose whether to receive promotional email, short (text) message services, telephone calls and postal mail from AppZen. To manage your communication preferences:

  • Visit our Subscription Center to opt-out of receiving email.
  • Follow the instructions included in a promotional email from us to unsubscribe.
  • Send us a message to the email or postal address, including your name, email address and specific, relevant information about the communications you no longer wish to receive.

For information about the rights and choices users have in respect to cookies, online advertising and tracking, please see the “Cookies and other information collected by automated means” section of this Privacy Policy.

General objections to the processing of personal information

To the extent provided by applicable law, individuals may withdraw any consent previously provided to us or object at any time on legitimate grounds, to the processing of their personal information. We will apply these preferences going forward. In some circumstances, withdrawing consent to AppZen’s use or disclosure of personal information will mean that AppZen will no longer be able to provide certain products or services to individuals who withdraw consent.

Access to personal information

Individuals may request access to the personal information AppZen maintains about them. If we grant this request, we will provide the individual with a copy of the personal information we maintain about them in the ordinary course of business, in a commonly used format. Individuals may request to correct any errors in their personal information. We may reject such request to access or correct personal information, as permitted by applicable law. If we reject such request, we will notify the requester of the reason(s) for the rejection.

Deletion of personal information

Individuals may request that we delete their personal information. We may reject such request, as permitted by applicable law. If we reject such request, we will notify the requester of the reason(s) for the rejection. You may request to delete your account information by emailing to privacy@appzen.com

Marketing emails

Individuals may unsubscribe from receiving marketing or other commercial emails from AppZen by following the instructions included in the email or by contacting AppZen using the contact information below. However, even if an individual opts out of receiving such communications, we retain the right to send them non-marketing communications (such as or changes in our website terms).

How we protect personal information

AppZen maintains reasonable administrative, technical, and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. However, we cannot guarantee that the measures we maintain will ensure the security of personal information.

Links to websites and third-party content

We may provide links to websites and other third-party content that are not owned or operated by AppZen. The websites and third-party content to which we link may have separate privacy notices or policies. AppZen is not responsible for the privacy practices of any entity that it does not own or control.

International data transfers

Privacy Shield for EEA and Swiss Individuals

AppZen Inc., complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. AppZen Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

The US Federal Trade Commission (FTC) has jurisdiction with enforcement authority over AppZen Inc.

AppZen Inc. Inc.’s participation in the Privacy Shield applies to all personal data that is received from the European Union and Switzerland. AppZen Inc. will comply with the Privacy Shield Principles in respect to such personal data. AppZen Inc. Inc. does not actively collect personal data from EU or Swiss individuals but may receive personal data from third parties in the normal course of providing services to those entities. AppZen therefore acts in the capacity of a data processor in relation to this information.

The types of personal data received typically include names, addresses, email, network files (such as Expense Receipts, Microsoft Word, PowerPoint, Excel docs), HR Information, Supplier Address, Supplier Contact, Supplier Payment Information and image files.

All data received by AppZen Inc., including personal data, must be preserved in its original state throughout processing.

Pursuant to the Privacy Shield Frameworks, AppZen Inc. acknowledges the following:

  • EU & Swiss individuals whose data has been transferred into the United States have the right to access that data.  Since AppZen holds this data in its capacity as a data processor any individual requests for access will be referred to our appropriate client, who is the controller of that data. If you are an EU or Swiss individuals who wishes to exercise this right and you either do not know who your controlling data entity is, or you are unable to reach them, please refer to the “How To Contact Us” section of this policy below and we will assist you in locating the correct party.
  • We may be required to disclose an individual’s personal data in response to lawful requests from public authorities including to meet national security and law enforcement requirements.
  • AppZen Inc. will only use the data it receives from third parties for the specific purposes outlined in our agreement with that customer.
  • No personal information will be disclosed to any non-agent third parties for purposes other than those for which the data was originally provided. If in the future, this practice changes, AppZen Inc. will update this policy and provide individuals with choice regarding the sharing of their personal data with non-agent third parties.
  • AppZen may share data with agent third parties.  For more information on this data sharing please refer to the, “How we share personal information,” section above.
  • AppZen remains liable for the onward transfer of EEA and Swiss personal data that is transferred into the US unless we can prove we were not a party to the events giving rise to the damages.

Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, and/or Switzerland, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:

  • Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer. For further details, see European Commission, Model contracts for the transfer of personal information to third countries.
  • For transfers to third parties in the United States, ensuring they participate in the E.U.-U.S. Privacy Shield Framework.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.

In compliance with the Privacy Shield Principles, AppZen Inc., commits to resolve complaints about our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact AppZen Inc.’s Chief Information Security Officer, via email at: CISO@AppZen.com

AppZen Inc. has further committed to refer unresolved Privacy Shield complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. The services of BBB EU Privacy Shield are provided at no cost to the individual.

As further explained in the Privacy Shield Principles, an individual has the option, under certain conditions, to invoke binding arbitration for complaints not resolved by any of the other Privacy Shield mechanisms noted above. Click here for more detailed information on binding arbitration provisions: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

AppZen Inc., commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner, and comply with the advice given by the panel or Commissioner with regard to human resources data transferred from the EU or Switzerland, in the context of the employment relationship.

Updates to our Privacy Policy

AppZen reserves the right to change this Privacy Policy at any time. When we make any updates to this Privacy Notice that are deemed material under applicable legal requirements, we will notify individuals of such changes by updating the date of this Privacy Policy and providing other notification as required by applicable law. We may also provide notification of such changes to the Privacy Policy in other ways, such as via email or using other contact information provided to us.

For all other changes, please review the Privacy Policy from time to time to stay informed of how we are processing personal information.

How to contact us

Individuals may contact us with questions, comments, or complaints about this Privacy Policy or our privacy practices, or to exercise any of the rights or choices they may have under applicable law. Our contact information is as follows:

Outside of the EEA & Swiss

Attn: Privacy
AppZen, Inc.
6201 America Center Drive, Suite 300
San Jose, CA 95002

Within the EEA & Swiss

AppZen UK Ltd.
c/o Crowe UK LLP
2nd Floor, Aquis House,
49-51 Blagrave Street
Reading
RG1 1PL, UK

Via Email

Privacy@appzen.com

AppZen Cookies Policy

Effective date: July 19, 2019.

Consent

By using the AppZen website and any other website (including mobile-optimized websites) or web application owned or controlled by AppZen and which links to this Cookies Policy (collectively, the “Website”) you consent to the use of cookies in accordance with this Cookies Policy.

What are cookies?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating web domain on your subsequent visits to that domain. Most web pages contain elements from multiple web domains so when you visit the website, your browser may receive cookies from several sources.

Cookies are useful because they allow a website to recognize a user’s device. Cookies allow you to navigate between pages efficiently, remember preferences and generally improve the user experience. They can also be used to tailor advertising to your interests through tracking your browsing across websites.

Session cookies are deleted automatically when you close your browser and persistent cookies remain on your device after the browser is closed (for example to remember your user preferences when you return to the site).

What types of cookies does AppZen use?

We describe the categories of cookies AppZen and its service providers or business partners use below.

Essential cookies

These cookies are essential to provide you with the services available through the Website and in order to enable you to move around the Website and use its features. Without these cookies, services you have asked for (such as navigating between pages) cannot be provided.

Performance cookies

We make use of analytics cookies to analyze how our visitors use the Website and to monitor Website performance. This allows us to provide a high-quality experience by customizing our offering and quickly identifying and fixing any issues that arise. For example, we might use performance cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages. We might also use these cookies to highlight articles or site services that we think will be of interest to you based on your usage of the Website. The information collected by these cookies is not associated with your personal information by us or by our contractors.

We permit Google Analytics to set performance cookies on the Website.

Website functionality cookies

We make use of cookies to provide you with certain functionality. For example, to remember choices you make (such as your user name or the region you are in), or to recognize the platform from which you access the site, and to provide enhanced and more personal features. These cookies are not used to track your browsing on other sites.

Advertising cookies

Advertising cookies (or targeting cookies) collect information about the browsing habits associated with your device and are used to make advertising more relevant to you and your interests. They are also used by services provided by third parties on this Website, such as Like or Share buttons, as well as provide the requested functionality. Third parties provide these services in return for recognizing that you (or more accurately your device has) have visited a certain website. These third parties put down advertising cookies both when you visit our Website and when you use their services and navigate away from our Website.

We do not currently use advertising cookies on the Website.

Local shared objects (“flash cookies”)

In addition to the above cookies, we may use local shared objects, also referred to as “flash cookies,” on our Website. These are used to enhance your user experience, for example, by storing your user preferences and settings. Local shared objects are similar to browser cookies but can store data more complex than simple text. By themselves, they cannot do anything to or with the data on your computer. Like other cookies, they can access only personally identifiable information that you have provided on this Website, and cannot be accessed by other websites.

To find out more about flash cookies or how to disable them, please click here: http://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html.

Disabling cookies

If you do not agree to the use of these cookies, you may disable them by following the instructions for your browser as explained at http://www.allaboutcookies.org/manage-cookies/. Please note that some of our services may not function properly if cookies are disabled. You may also opt-out of third-party cookies where available by using the links provided in this Cookies Policy.

Furthermore, some parties that set cookies via our site may offer the ability to opt-out of cookies via the Network Advertising Initiative’s consumer opt-out tool, the European Interactive Digital Advertising Alliance’s consumer opt-out tool, or the Digital Advertising Alliance’s Consumer Choice Page.

Cookies Policy does not cover third-party websites

Please note that this Cookies Policy does not apply to, and we are not responsible for, the cookie practices of third party websites which may be linked to this Website.

Changes to the Cookies Policy

We may update this Cookies Policy and we would encourage you to review the policy from time to time to stay informed of how we are using cookies.