Privacy Policy

 Effective date: February  14, 2024

This Privacy Policy (“Privacy Policy”) describes the privacy practices of AppZen, Inc., its subsidiaries, and affiliates (collectively, “AppZen”, “we”, “us”, or “our”) with respect to Personal Information. This Privacy Policy describes the Personal Information that AppZen collects from or about users of our Website https://www.appzen.com/ (“Website”), our products and services, and sets out how we collect, use, disclose, and otherwise process the information, as well as the rights available to individuals with respect to their information.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY CONTINUING TO USE THE WEBSITE, PROVIDING US PERSONAL INFORMATION, YOU CONSENT TO OUR USE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU MAY WITHDRAW YOUR CONSENT OR ALTERNATIVELY CHOOSE NOT TO PROVIDE YOUR PERSONAL INFORMATION ON THE WEBSITE. SUCH AN INTIMATION TO WITHDRAW YOUR CONSENT CAN BE PROVIDED BY EMAIL TO COMMUNICATION DETAILS MENTIONED BELOW.

IF YOU ARE ACCESSING THE WEBSITE ON BEHALF OF A THIRD PARTY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH THIRD-PARTY TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND, IN SUCH AN EVENT YOUR USE OF THE WEBSITE SHALL REFER TO USE BY SUCH THIRD PARTY. IF YOU DO NOT HAVE SUCH AN AUTHORITY (TO PROVIDE ANY PERSONAL INFORMATION OF A THIRD PARTY) OR DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, THEN YOU SHOULD REFRAIN FROM USING THE WEBSITE.

This Privacy Policy is an electronic record in the form of an electronic contract being compliant and construed in accordance with data protection laws of the jurisdictions such as The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under The Information Technology Act 2000 (“Privacy Rules”) that require publishing of privacy policy for the collection, use, storage and transfer of sensitive personal data, the UK Data Protection Law, the applicable personal data protection laws and regulations of The United States of America (“US”), and The European Union (“EU”) general data protection laws (“the GDPR”).

  1. Personal information we collect

Whose information we collect

We may collect information about a variety of individuals who interact with AppZen, including visitors to Website, our customers as well as their employees or contractors, and others.

  1. How we collect the information

We may collect information about individuals:

  1. Directly from individuals;
  2. Through the Website;
  3. From customers of our products and services;
  4. From third-party expense reporting tools, as authorized by our customers;
  5. From social media services that you connect with through the Website or when using our products or services;
  6. From third-party vendors or business partners.

 

  1. Types of information we collect

The types of information we collect include:

  1. Contact information (such as name, employer name, and email address);
  2. Employee identification number;
  3. Expense report details (such as merchant information);
  4. Information individuals submit in connection with expense reports such as copies of receipts, names, and affiliations of attendees at activities incurring expenses, and explanations of business purposes/justifications;
  5. Username and password that an individual may select in connection with establishing an account for use of our products and services;
  6. Geolocation information from users of the Website;
  7. For job applicants, information of the type that would be included on a resume, such as work experience, education, languages spoken and other information as required.

For the sake of brevity, the aforementioned information shall be referred to as “Personal Information”.

We, our service providers, and our business partners may also collect certain information about the use of the Website by automated means. Please see the “Cookies and other information collected by automated means” section of this Privacy Policy for more information.

  1. How we use Personal Information

In this section, we set out the purposes for which we process Personal Information and identify the legal grounds on which we rely to process the information.

In some cases, AppZen has a legitimate interest to process the Personal Information that we collect, such as to support our recruitment activities, administer our products and services (including to support, communicate about, and analyze the use of our products and services), establish and maintain customer accounts, and operate, evaluate, and improve our business, the Website, and other products and services we offer (including research and development of new products and services), or facilitate a sale of assets or merger or acquisition.

In other cases, AppZen processes Personal Information to fulfill our contracts with our customers and provide the requested products and services.

AppZen may also process Personal Information with individuals’ consent, for which individuals will receive notice at the time of collection.

In limited situations, it may be necessary for AppZen to process Personal Information in order to comply with our legal obligations, such as to protect against, identify, investigate, and respond to fraud, illegal activity (such as incidents of hacking or misuse of the Website, products or services), claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide.

We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose, and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis as well as business planning – without restriction.

  1. How we share Personal Information

AppZen may share Personal Information as described in this Privacy Policy. In all cases, we take measures to share only the information that is needed to fulfil the purposes for which we share the information.

We may share Personal Information with: AppZen affiliates and subsidiaries, for the purposes described in this Privacy Policy Service providers that perform services on our behalf, or partners whom we may collaborate with, in each case for the purposes described in this Privacy Policy. The types of service providers and partners with whom we may share Personal Information may include:

  1. Customer service and support providers
  2. Technology providers (including technology support, central reservation system providers, keyless entry providers, email and web hosting providers, and email communications providers)
  3. Advertising and marketing partners
  4. Analytics organizations

Unless prohibited by applicable law, we reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets (or during the negotiations of such sale or transfer). If we engage in such sale or transfer (or related negotiations), we will – where required by applicable law – make reasonable efforts to direct the recipient to use the Personal Information we provide in a manner that is consistent with this Privacy Policy. After such sale or transfer, individuals may contact the recipient with any inquiries concerning the processing of their Personal Information.

In addition, we may share Personal Information to comply with legal and regulatory requirements to protect against and prevent fraud or illegal activity, (such as identifying and responding to incidents of hacking or misuse of the Website, products or services), claims, and other liabilities.

  1. Cookies and other information collected by automated means

We, our service providers, and our business partners may collect certain information about the use of the website by automated means, such as cookies, web beacons, and other technologies. A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected devices to uniquely identify the visitor’s browser or store information or settings in the browser. Please see our Cookies Policy for further information. A “web beacon,” also known as an Internet tag, pixel tag, or clear GIF, is used to transmit information back to a web server. We, and our service providers and business partners, may collect information about individuals’ online activities over time and across third-party websites when an individual uses the website.

The information that may be collected by automated means includes:

  1. Details about the devices that are used to access the Website (such as IP address, operating system, and web browser)
  2. Location information, for example, of a mobile device accessing the Website
  3. Dates and times of visits to, and use of, the Website
  4. Information about how the Website are used (such as the content that is viewed on the Website and how users navigate between our web pages)
  5. URLs that refer visitors to the Website
  6. Search terms used to reach the Website
  7. Web browsers may offer users of the Website the ability to disable certain types of cookies; however, if cookies are disabled, some features or functionality of the Website may not function correctly.

Some of the business partners that collect information about users’ activities on the Website may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behaviour for purposes of targeted advertising. For example, users may opt-out of receiving targeted advertising on the Website through members of the Network Advertising Initiative or the Digital Advertising Alliance. European users may opt-out of receiving targeted advertising on the Website through members of the European Interactive Digital Advertising Alliance, selecting the user’s country, and then clicking “Choices” (or similarly-titled link). Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.

Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.

  1. Data retention

Our retention periods for Personal Information are based on business needs and legal requirements. We retain Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible related purpose. When we no longer need the Personal Information we collect, we either irreversibly anonymize the information (in which case, we may further retain and use the anonymized information) or securely destroy the information.

  1. Privacy preferences, rights, and choices

Individuals have certain rights and may make certain choices regarding AppZen’s processing of their Personal Information.

Please note that if the exercise of these rights limits our ability to process Personal Information, we may be precluded from providing our products or services to individuals who exercise these rights, or from otherwise engaging with such individuals going forward.

We reserve the right to verify the identity of the individual in connection with any requests regarding Personal Information to help ensure that we provide the information to individuals whom the information pertains to and allow only those individuals or their authorized representatives to exercise rights with respect to that information.

You can make choices about AppZen's collection and use of your data. How you can access or control your Personal Data will depend on which Sites or Services you use.

  1. Your communication preferences.

You can choose whether to receive promotional email, text messages, telephone calls and/or postal mail from AppZen. To manage your available communication preferences:

  1. Visit our Subscription Center to opt-out of receiving email.
  2. Follow the instructions included in a promotional email from us to unsubscribe.
  3. Send us a message to the email or postal address, including your name, email address and specific, relevant information about the communications you no longer wish to receive.
  4. For information about the rights and choices users have in respect to cookies, online advertising and tracking, please see the “Cookies and other information collected by automated means” section of this Privacy Policy.

 

  1. General objections to the processing of Personal Information

To the extent provided by applicable law, individuals may withdraw any consent previously provided to us or object at any time on legitimate grounds, to the processing of their Personal Information. We will apply these preferences going forward. In some circumstances, withdrawing consent to AppZen’s use or disclosure of Personal Information may mean that AppZen will no longer be able to provide certain products or services to individuals who withdraw consent. If you wish to withdraw your consent or you have any questions in respect of the processing of Personal Information you can contact us at privacy@appzen.com .

  1. Access to Personal Information

Individuals may request access to the Personal Information AppZen maintains about them. If we grant this request, we will provide the individual with a copy of the Personal Information we maintain about them in the ordinary course of business, in a commonly used format. Individuals may request to correct any errors in their Personal Information. We may reject such requests to access or correct Personal Information, as permitted by applicable law. If we reject such requests, we will notify the requester of the reason(s) for the rejection.

  1. Deletion of Personal Information

Individuals may request that we delete their Personal Information. We may reject such requests, as permitted by applicable law. If we reject such a request, we will notify the requester of the reason(s) for the rejection.

  1. Marketing emails

Individuals may unsubscribe from receiving marketing or other commercial emails from AppZen by following the instructions included in the email or by contacting AppZen using the contact information below. However, even if an individual opts out of receiving such communications, we retain the right to send them non-marketing communications (such as changes in the website terms).

  1. How we protect Personal Information

AppZen maintains reasonable administrative, technical, and physical safeguards designed to protect the Personal Information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, or use. However, we cannot guarantee that due to events beyond our control the measures we maintain will ensure the security of personal information. In such events, we will take the necessary steps to mitigate the risks.

  1. Links to websites and third-party content

We may provide links to websites and other third-party content that are not owned or operated by AppZen. The websites and third-party content to which we link may have separate privacy notices or policies. AppZen is not responsible for the privacy practices of any entity that it does not own or control.

 

  1. Information for the EU and the UK individuals

Residents of the European Union (the “EU”) and United Kingdom (the “UK”) should note that this Privacy Policy has been updated in accordance with the requirements of the EU General Data Protection Regulation (the “GDPR”) and the UK GDPR, the United Kingdom Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and any regulation superseding any of the foregoing (the “UK Privacy Laws”). As per the provisions of the GDPR and UK Privacy Laws we shall be considered the Controllers of the Personal Information collected as a result of your use/access of the Website.

AppZen is the data controller in relation to the Personal Information we process in connection with the Website (including job applications submitted through the Websites) and is primarily responsible for how the Website users’ Personal Information is processed. AppZen is the data processor in relation to the Personal Information we process in connection with our products and services and we process such information only on behalf of and upon the instruction of the relevant customer.

Legal Basis (for the EU residents and the UK residents): We will not process your Personal

Information without a lawful basis to do so. We will process your Personal Information only on the legal bases of consent, contract, or on the basis of our legitimate interests, provided that such interests are not overridden by your privacy rights and interests.

Transfer of your Personal Information across borders (for the EU Residents):

We collect and transfer Personal Information outside the EU and UK in accordance with the provisions of the GDPR and UK Privacy Laws. If you have questions, please contact ciso@appzen.com .

Your Rights (For EU and UK Residents):

  1. You have the right to request us, to let you know what Personal Information belonging to you we hold in our possession,
  2. withdraw consent at any time where we are relying on consent to process your Personal Information,
  3. right to have us rectify or modify any such Personal Information,
  4. right to have us erase/delete your Personal Information,
  5. right to restrict us from processing such Personal Information,
  6. right to object to our use of your Personal Information,
  7. you have the right to lodge a complaint with a data protection authority.

 

UK residents have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. We may need to request specific information from you to help us confirm your identity or also contact you for further information in relation to your request. If you would like to exercise ANY of these rights, please contact ciso@appzen.com .

Governing Laws: For any EU and UK residents, this Privacy Statement shall be governed respectively by the provisions of the GDPR and UK Privacy Laws.

  1. Your California Privacy Rights

This section provides information regarding Californian residents’ rights under the California Consumer Privacy Act (“CCPA”) read along with California Privacy Rights Act (“CPRA”). For clarity, Personal Information and Sensitive Personal Information shall have the same meaning as defined under CCPA and CPRA.

We do not sell, rent, distribute, lease or otherwise provide your Personal Information to third parties, without your prior consent. You may exercise your rights allowed to you under the CCPA by emailing to ciso@appzen.com. We may ask you to verify your identity prior to us fulfilling your request.

As a California consumer, you have the following rights under CCPA and CPRA:

  1. You have the right to correct, your Personal Information and Sensitive Personal Information in case of any inaccuracy.
  2. You have the right to limit the use of a particular category of your Sensitive Personal Information to a particular purpose.
  3. You have a right to opt-out of automated decision making, automated inferences in profiling for targeted, behavioural advertisement online.
  4. You have the right to know about the automated decision making and the right to request access to and information about how automated decision technologies work.
  5. You have a right to request for the deletion of Personal Information.
  6. You have the right to know what information is collected, including the right to request access to the Personal Information collected.
  7. You have the right to know what Personal Information is sold or shared including to whom the Personal Information is shared.
  8. You have the right to opt out of sale or sharing of your Personal Information.

We will not charge you a fee for making a valid request unless your valid request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your valid request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

AppZen will not discriminate against you for exercising your rights under CCPA and CPRA. Specifically, we will not:

  1. Deny access to our software or services;
  2. Charge a different rate for the use of our software or services; or
  3. Provide a different quality of product or service.

 

  1. Virginia Consumer Data Protection Act 2021

The residents of Virginia, United States of America to note that this Privacy Policy is in full compliance with the requirements of the Virginia Consumer Data Protection Act, 2021 (“VCDPA”). As per the provisions of the VCDPA we shall be considered as the Controllers of the Personal Information collected as a result of your use/access of the Website.

The VCDPA provides consumers with 6 key rights as follows:

  1. the right to decide whether a controller is processing and accessing their Personal Information.
  2. the right to correct inaccuracies in their Personal Information.
  3. the right to have their Personal Information deleted by the controller.
  4. the right to obtain a copy of their Personal Information that is held by the controller in a portable and readily usable format that allows the Consumer to transmit the data to another controller.
  5. to opt out of the processing of the Personal Information for purposes of targeted advertising, the Sale of Personal Information and profiling in advancing decisions.
  6. the right to appeal in case a business denies to act within a reasonable time.

 

  1. Data Privacy Framework

The Data Privacy Framework (“DPF”) was developed by the US Department of Commerce and the European Commission to provide the US based organizations with a reliable mechanism for Personal Information transfer from the EU to the US. The European Commission’s adequacy decision for the EU-U.S. DPF entered into force on July 10, 2023, which allows the transfer of EU Personal Information to US to the participating organizations.

AppZen complies with the EU-US DPF, *the UK Extension to the EU-US DPF, and the Swiss-US DPF* as set forth by the US Department of Commerce (“DOC”).  AppZen has certified to the U.S. DOC that it adheres to the EU-U.S. DPF Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. AppZen has certified to the U.S. DOC that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF.

In case of a conflict between the terms of this Privacy Policy and the principles of the DPF, the principles of the DPF shall govern.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

AppZen’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, AppZen remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless AppZen proves that it is not responsible for the event giving rise to the damage. 

For Queries/ Complaints

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, AppZen commits to resolve to the DPF Principles-related complaints about our collection and use of your Personal Information.  The EU, UK and Swiss individuals with inquiries or complaints regarding our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact AppZen at: privacy@appzen.com.

For independent dispute resolution body mechanism

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, AppZen commits to refer unresolved complaints concerning our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to <BBB National Programs an alternative dispute resolution provider Located in the United States and operated by . If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf for more information or to file a complaint.  The services of BBB EU Privacy Shield Program are provided at no cost to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf  

Contact the US Enforcement Authority

AppZen is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), and you may submit your complaint to the FTC on https://reportfraud.ftc.gov/#/.

 

*AppZen will rely on the UK Extension to the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework until they enters into force.

  1. Children’s Privacy

The Website is not directed to children. We do not knowingly collect personal information from children under the age of sixteen (16) years without the prior, verifiable consent of his or her legal representative. If you, as a parent or guardian, become aware that your child has provided us with Personal Information without your consent, please contact us at privacy@appzen.com . If we become aware that a user is under the age of sixteen (16) and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.

  1. Updates to our Privacy Policy

AppZen reserves the right to change this Privacy Policy at any time. When we make any updates to this Privacy Notice that are deemed material under applicable legal requirements, we will notify individuals of such changes by updating the date of this Privacy Policy and providing other notification as required by applicable law. We may also provide notification of such changes to the Privacy Policy in other ways, such as via email or using other contact information provided to us.

For all other changes, please review the Privacy Policy from time to time to stay informed of how we are processing Personal Information.

  1. How to contact us

Individuals may contact us with questions, comments, or complaints about this Privacy Policy or our privacy practices, or to exercise any of the rights or choices they may have under applicable law. Our contact information is as follows:


a. Outside of the EEA & Swiss

AppZen, Inc.

6201 America Center Drive, Suite 300

San Jose, CA 95002

 

b. Within the EEA & Swiss

AppZen UK Ltd.

20 Red Lion Street

London WC1R 4PS

 

c. Via Email at

Privacy@appzen.com