Skip to content

Privacy Policy

Introduction

Factor Systems, Inc. (“Billtrust”, “we”, “us”, “our”) takes the protection of personal information (“Personal Data”) very seriously. Please read this privacy policy (the “Policy”) to learn what we’re doing with your Personal Data, how we protect it and the privacy rights you have under the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”).

What Is Covered by this Privacy Policy?

This Privacy Policy explains Billtrust’s practices regarding the collection of Personal Data that is gathered through our websites www.billtrust.com and www.secondphase.net (the “Sites”), through the delivery of our solutions (the “Solutions) and through interactions via telephone, email and other communication channels. 

By visiting the Sites or using the Solutions, you are accepting the practices described in this Privacy Policy. 

This Policy tells you, among other things:

Our Role with Respect to Your Personal Data

Within the scope of this Policy, Billtrust acts as a data controller or “business” for the Personal Data we process. This means that we decide how and why Personal Data is collected and further processed.

We are also a data processor, processing Personal Data as directed by our Customers, when they use our Solutions. In these cases, we do not decide why and how that Personal Data will be processed.

  • For the Personal Data of our Customers, business contacts and prospects, visitors of our Sites, and the data of sole proprietors that we may disclose in the context of the Business Payment Network, Credit2B and our Business Directory, we decide the purposes and means of processing, and consequently behave as a “business” or a data controller. Please note that we offer a business-to-business service. We incidentally process personal data of sole proprietors, when our Customers provide them to us as part of a wider list of business contacts. It is not always possible for us to differentiate between sole proprietors and corporations, based on the data we receive from our Customers.
  • When we process the Personal Data on behalf of our Customers to provide our services, we act as a data processor or service provider. Where you give your data to one of our Customers or where we collect your Personal Data on their behalf, our Customer’s privacy policy, rather than this Privacy Policy, will apply to our processing of your Personal Data. If you have a direct relationship with one of our Customers, please contact them to exercise your privacy rights. 

What Personal Data We Process and How We Obtain It

The table below describes the categories of Personal Data that we have collected when we act as a data controller or “business”. The CCPA requires us to categorize the Personal Data we collect into a few groups, contained below:

Personal Data We Collect, Process, or StoreHow We Obtain It

Data Category: Identifiers

General (All products except Credit2B, BPN. BBD,Marketing): first and last name, email address, phone number, shipping address.
General: You provide us with this Personal Data during the order process, registration for our Solutions and use of our Solutions.
Credit2B: first and last name, business address, email address, Federal Tax ID (which can be a Social Security Number), shipping address, username (and password)Credit2B: publicly available websites and other Customers.
Business Payment Network (BPN): first and last name, email address, company address, Tax ID (which can be a Social Security Number), account name and Merchant ID.Business Payment Network: our Customers (Payables providers and suppliers) and our Sponsors.

Billtrust Business Directory (BBD): company name (such as sole proprietor’s name), email address.Billtrust Business Directory: our database for billing and payments, which contains data of our Customers and the customers of our Customers.
Marketing: first and last name, IP address, email address, mailing address.Marketing: cookies placed in our Sites as described in our Cookie Policy; communications sent by you or other customers/prospects via our websites or by email; tradeshows/conferences; publicly available websites (for example, LinkedIn, Zoominfo, industry websites); and vendors that provide website analytics and account-based marketing platform services.

Special categories of Personal Data

General (All products except Credit2B, BPN. BBD,Marketing): credit card company, credit card number and expiration date, credit card billing address, bank account information, invoicing information.
General: You provide us with this Personal Data during the order process, registration for our Solutions and use of our Solutions.
Credit2B: financial statements.Credit2B: Credit bureaus, publicly available websites (i.e. news websites) and other Customers.
Business Payment Network: telephone number.Business Payment Network: our Customers (Payables providers and suppliers) and our Sponsors.
Marketing: phone number.Marketing: communications sent by you or other customers/prospects via our websites or by email; tradeshows/conferences; publicly available websites (for example, LinkedIn, Zoominfo, industry websites); and vendors that provide website analytics and account-based marketing platform services.

Data Category: Protected characteristics

Marketing: gender.Marketing: communications sent by you or other customers/prospects via our websites or by email; tradeshows/conferences; publicly available websites (for example LinkedIn, Zoominfo, industry websites); and vendors that provide website analytics and account-based marketing platform services.

Data Category: Commercial information

General(All products except Credit2B, BPN. BBD,Marketing): invoicing information.General: You provide us with this Personal Data during the order process, registration for our Solutions and use of our Solutions.
Credit2B: Trade data, business operational, employment and financial characteristics; government compliance data; creditor exposure and payment experiences; industry opinions.Credit2B: Credit bureaus, publicly available websites (i.e. news websites) and other customers.
Business Payment Network: monthly check data/volume, transaction value of payments flowing through the BPN (ultimately, this data is aggregated).Business Payment Network: our Customers (Payables providers and suppliers) and our Sponsors.
Billtrust Business Directory: number of electronic payments, number of payments with paper checks, payment preferences (paper checks/electronic payment) (this is further aggregated).Billtrust Business Directory: our database for billing and payments, which contains data of our Customers and the customers of our Customers.
Marketing: service and product purchase history.Marketing: communications sent by you or other customers/prospects via our websites or by email; tradeshows/conferences; publicly available websites (for example, LinkedIn, Zoominfo, industry websites); and vendors that provide website analytics and account-based marketing platform services.

Data Category: Internet or other similar network activity

General(All products except Credit2B, BPN. BBD,Marketing): your interaction with our website, applications and advertisements.

Marketing: your interaction with our website, applications and advertisements.
General and marketing: General: you provide us with this Personal Data when you visit our websites or interact with our Apps (with cookies).

Data Category: Geolocation data

Marketing: country information.Marketing: you provide us with this Personal Data, when you visit our websites or interact with our Apps (for example, Google Analytics places a cookie in your device).

Data Category: Sensory data

Marketing: call recordings.Marketing: you accept that we record the call when you phone us.

Data Category: Professional or employment-related information

Credit2B: job title.
Credit2B: Credit bureaus, publicly available websites (i.e. news websites) and other Customers.
Marketing: job title.Marketing: communications sent by you or other customers/prospects via our websites or by email; tradeshows/conferences; publicly available websites (for example LinkedIn, Zoominfo, industry websites); and vendors that provide website analytics and account-based marketing platform services.

Data Category: Inferences drawn from other Personal Dat

Business Payment Network: supplier’s payment preferences.Business Payment Network: database for billing and payments, which contains data of our Customers and the customers of our Customers, suppliers and sponsors.

Data Category: Other

Credit2B: any content that you create or share, including any communications with Credit2B or other users, and other information related to your work or organization.Credit2B: you create or share it in your communications with Credit2B or other users.

We don’t collect additional categories of Personal Data, without informing you.

According to the CCPA, Personal Data does not include:

  • de-identified or aggregated information; and
  • information excluded from the CCPA’s scope, such as:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and 
    • the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Consequently, we do not refer to such information in this Privacy Policy.

Lawful Bases for Processing

We must have a valid reason to use your Personal Data. It’s called the “lawful basis for processing”. 

When we process Personal Data based on the instructions of our customers, our Customers must determine the appropriate lawful basis for processing your Personal Data. To learn about their lawful bases for processing your Personal Data, please read the privacy policies of our Customers. 

When we determine why and how your Personal Data will be processed, we may process your Personal Data on the basis of:

  • your consent;
  • the need to perform a contract with you;
  • our legitimate interests, such as our interest in marketing our Services; and the interests of third parties, such as the interest of Account Receivable providers in having a network connecting buyers with suppliers that improves the processing of payments;
  • the need to comply with the law; or
  • any other reason, as required or permitted by law.

When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided in this privacy policy.

Where we process your Personal Data based on your consent, it may be withdrawn at any time. However, this will not affect the lawfulness of our processing, before you withdrew your consent. It will also not affect the validity of our processing of personal data performed on other lawful grounds.

How Do We Use Your Personal Data? 

The table below explains why we process your Personal Data, when we act as a data controller:

Category of Personal DataBusinesses and Commercial Purposes for Processing Personal Data
IdentifiersGeneral (All products except Credit2B, BPN. BBD,Marketing):
– To maintain or service accounts for our Customers, providing customer service to our Customers, to process or fulfill orders and transactions, to verify customer information, to process payments, and to provide our Products and Solutions to our Customers;
– To detect security incidents, to protect our systems against malicious, deceptive, fraudulent, or illegal activities, and to prosecute those responsible for those activities;
– To identify errors in our systems, Sites, Products and Solutions.
– To perform internal purposes such as auditing, creating an internal directory, data analysis, and research to improve Billtrust’s products, services, and customer communications.
Credit2B: To create global business profiles, to enable portfolio monitoring and to send alerts on portfolio accounts of our Customers, and to create a portal that gathers credit application information, as part of the credit onboarding decisioning process of our Customers.
Business Payment Network: to maintain or service accounts for our Customers, to provide customer service to our Customers, to process or fulfill order processing and transactions, to verify customer information, to process payments, and providing the Business Payment Network product to our Customers.
Billtrust Business Directory:
to identify opportunities within our customers’ customer bases to convert print invoices to electronic invoices and payments from paper checks to online payments.
Marketing: to keep you informed about upgrades, products and services of Billtrust, its affiliates and other third parties that may be of interest to you.
Special categories of Personal DataGeneral: to process or fulfill orders and transactions, verify customer information, and provide our Products and Solutions to our Customers.
Business Payment Network: to contact our customers, when required.
Marketing: to contact customers or prospects in order to market our Products and Solutions.
Protected characteristicsMarketing: to address you in our marketing communications.
Commercial informationGeneral: to process or fulfill orders and transactions, to verify customer information, payments, and to provide our Products and Solutions to our Customers.
Credit2B: to gather and analyze credit application information for our Customers.
Business Payment Network: to create a two-sided platform in which payable providers can deliver digital payments directly to the suppliers’ acceptance platforms.
Billtrust Business Directory: to allow our customers to identify opportunities within their customer base to convert print invoices to electronic invoices and payments from paper checks to online payments.
Marketing: to send Customers relevant marketing communications in light of Products and Solutions that they have already purchased.
Internet or other similar network activityGeneral: to detect security incidents, to protect our systems against malicious, deceptive, fraudulent, or illegal activities, and to prosecute those responsible for those activities.
Marketing: to target the marketing of our products and services, to count ad impressions to unique visitors, and to verify positioning and quality of ad impressions.
Geolocation dataMarketing: to obtain aggregate demographic information about the entire Billtrust audience, to help us create, develop, operate, deliver, and improve our products, services, content and advertising.
Sensory dataGeneral: to provide and improve the quality of our customer service.
Marketing: to contact you about our Products and Solutions.
Professional or employment-related informationGeneral and marketing: to provide customer service; to verify customer information, to process payments; and to provide our Products and Solutions to our Customers; to contact you about our Products and Solutions.
Inferences drawn from other Personal DataBilltrust Business Directory: to allow our customers to identify opportunities within their customer base to convert print invoices to electronic invoices and payments from paper checks to online payments.

How Long We Keep Your Personal Data

With respect to the data processing operations where we act as a data controller, we will retain your Personal Data for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other lawful legitimate purposes. We will also delete your Personal Data  upon a verifiable request to delete the personal data.

Where we process Personal Data for marketing purposes or with your consent, we process the information until you ask us to stop and for a short period after this (to allow us to implement your requests). 

We also keep a permanent record of the fact that you have asked us not to send you direct marketing or to process your Personal Data so that we can respect your request in future. 


With respect to Personal Data that we process on behalf of our Customers, we retain Personal Data for as long as instructed by the respective Customer (who typically acts as a data controller) or as required by applicable law. Where a Customer requests the erasure of Personal Data, we will comply with such request within sixty days of our receipt of the request.  

Your Personal Data may need to be retained in our backup systems and will only be deleted or overwritten at a later time, which is normally within two weeks. This may be the case, even when you or a Supervisory Authority has validly asked us to delete your Personal Data or when we not no longer have a legal basis for processing such Personal Data. 

Sharing Data with Third Parties

The table below describes the categories of Personal Data that we have disclosed for our own operational business purposes, what categories of Personal Data we have sold, and the types of recipients of your Personal Data.

Category of Personal DataCategories of Third Parties to Which We Disclosed Personal Data for Business Purposes
Categories of Third Parties to Which We Sold Data
IdentifiersGeneral, Credit2B, Business Payment Network and Business Directory: 
– Credit-reporting companies (only in the case of Credit2B) – Payment gateways
– Service providers that may provide:
– fax and printing services;
– hosting services;
– cloud data storage services and SaaS-based integration platforms;
– cloud-computing software;
– colocation and infrastructure services;
– electronic signature software;
– anti-money laundering solutions;
– payment infrastructure platforms;
– business intelligence software;
– big data analytics platform;
– event logging platforms;
– security solutions;
– and interactive voice response systems.
Marketing: providers of account-based marketing automation software, customer relationship management, sales engagement platforms, enterprise electronic invoice presentment & payment solutions, analytics, and B2B intelligence tools.
Credit2B: credit bureaus, credit analysts, factor organizations, and Customers.
Special categories of Personal DataSame as above.Credit2B: credit bureaus, credit analysts, factor organizations, and Customers.
Protected characteristicsSame as above.None.
Commercial informationSame as above.Credit2B: credit bureaus, credit analysts, factor organizations, and Customers.
Business Directory: our Customers.
Internet or other similar network activitySame as above.None.
Geolocation dataSame as above.None.
Sensory dataSame as above.None.
Professional or employment-related informationSame as above.None.
Inferences drawn from other Personal DataSame as above.Credit2B: same as above.
Business Directory: (in aggregate) our Customers.

Some of these third parties may be located outside of the European Union or the European Economic Area. In some cases, the European Commission may have determined that in some countries, the applicable data protection laws provide a level of protection equivalent to European Union law. The following list shown here includes the countries that the European Commission has recognized as providing an adequate level of protection to personal data. When the GDPR applies to the processing of your Personal Data, we will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data, when there are appropriate safeguards in place. These may include the European-Commission-approved standard contractual data protection clauses under Article 46.2 of the GDPR, or transfers on the basis of the Privacy Shield Framework. To learn more about our Privacy Shield certification, read our Privacy Shield notice.

In the event that all or a part of Billtrust is bought, sold, or otherwise transferred, or is in the process of a potential transaction, Personal Data that you have provided for use, will likely be shared for evaluation purposes and included among the transferred business assets.

We may also disclose Personal Data when required by law or in the good-faith belief that such action is necessary in order to conform to the edicts of the law or comply with a legal process served on Billtrust or our Site.

What Privacy Rights Do You Have? 

You have specific rights regarding your Personal Data that we collect and process. When we act as the data controller (i.e., the “business” under the CCPA) you can contact us directly to exercise your privacy rights. When our role is limited to just a service provider, and we only process your personal data based on the instructions of our Customer, then you must contact that Customer to exercise your privacy rights, and that Customer will then inform Billtrust of the changes, corrections, etc. that must be made to your Personal Data (based on the request you have made). 

We only act as the data controller when we decide what personal data of yours to process, and for what purpose. However, Billtrust is usually just a service provider acting on behalf of our Customers. In that case, our Customers decide what data to collect about you and for what purposes they want to use it, and therefore only our Customer can directly help you with your privacy requests. 

In this section, we first describe those rights and then we explain how you can exercise those rights.

Right to Know What Happens to Your Personal Data

This is called the “right to be informed”. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it and who it will be shared with, among other things.

We are informing you of how we process your Personal Data with this Privacy Policy.

We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, the GDPR exempts us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential, due to professional secrecy or other statutory secrecy obligations.

Right to Know What Personal Data We Have About You

This is called the right of access. This right allows you to ask for the full details of the Personal Data we hold on you.

You have the right to obtain confirmation from us, as to whether or not we process Personal Data concerning you and, where that is the case, a copy or access to the Personal Data and certain related information. 

Once we receive and confirm that it was effectively you or your authorized agent who made the request, we will disclose to you:

  • The categories of Personal Data we collected about you;
  • The categories of sources for the Personal Data we collected about you;
  • Our purposes for the processing of that Personal Data;
  • Where possible, the anticipated period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
  • The categories of third parties with whom we share that Personal Data;
  • If we carry out automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;
  • The specific pieces of Personal Data we collected about you; and
  • If we sold or disclosed your Personal Data for a business purpose, two separate lists disclosing:
    • sales, identifying the Personal Data categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained; and
  • If we rely on legitimate interests as a lawful basis to process your Personal Data, the legitimate interests pursued by us or by a third party;
  • The appropriate safeguards for transferring data from the EU to a third country, if applicable. 

Please take into account that the GDPR allows us not to satisfy your access request when:

  • You already have the information;
  • Providing such information proves impossible or would involve a disproportionate effort, or in so far as providing such information is likely to render impossible or seriously impair the achievement of the objectives of that processing; and
  • That Personal Data must remain confidential, subject to an obligation of professional secrecy regulated by European Union or Member State law, including a statutory obligation of secrecy.

Please note that the CCPA does not allow us to disclose Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers.

Right to Change Your Personal Data 

This is called the right to rectification. It gives you the right to ask us to correct, without undue delay, anything that you think is wrong with the Personal Data we have on file about you and to complete any incomplete personal data. 

If your account settings do not allow you change it, please contact us and we will do our best to change the Personal Data for you.

Right to Delete Your Personal Data

This is called the right to erasure, right to deletion or the “right to be forgotten”. This means that you can ask us to delete your Personal Data.

Please contact our Customer Service by telephone at 1-888-580-2455 to exercise the right of erasure.

Sometimes, we can delete your Personal Data. However, at other times, it is just not possible, such as when the law tells us we are not allowed to. If that is the case, we will consider if we can limit how we use your Personal Data, instead of deleting it.

Occasions Where We Cannot fulfill a Deletion Request Under the GDPR or the CCPA

The GDPR and the CCPA allow us to deny a request to erase your Personal Data, if we or our service providers need to retain the Personal Data to: 

  1. Complete the transaction for which we collected the Personal Data;
  2. fulfill the terms of a written warranty or product recall conducted in accordance with federal law;
  3. Provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  4. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  5. Debug products to identify and repair errors that impair existing intended functionality;
  6. Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law;
  7. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  8. Enable solely internal uses that are reasonably aligned with your expectations, based on your relationship with us;
  9. Comply with a legal obligation, including (but not limited to) obligations from the California Electronic Communications Privacy Act; or
  10. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Ask Us to Change How We Process Your Personal Data

This is called the right to restrict processing. It is your right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain occasions, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, such as when you want us to establish its accuracy or the reason for processing it.

Right to Ask Us to Stop Using Your Personal Data

This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right, where we rely on a legitimate interest of ours (or of a third party). You also have the right to object at any time to the processing of your Personal Data for direct marketing purposes.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

If we have received your Personal Data in reliance on the Privacy Shield, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out, if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized. 

Right to Port or Move Your Personal Data

This is called the right to “data portability”. It is the right to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our services, so that you can:

  • Move it;
  • Copy it;
  • Keep it for yourself; or
  • Transfer it to another organization.

We will provide your Personal Data in a structured, commonly used and machine-readable format. When you request electronically to determine which data we have about you, we will provide you with a copy in electronic format.

Right Related to Automated Decision Making

We sometimes use computers to study your Personal Data. We might use this Personal Data, so we know how you use our services. For decisions that may seriously impact you, you have “the right not to be subject to automatic decision-making, including profiling”. However, in those cases, we will always explain to you when we might do this, why it is happening and its effect.

Right to Withdraw Your Consent

Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw your consent is still lawful.

If you have given consent for your details to be shared with a third party, and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

Right Not to be Discriminated Against for Exercising your Privacy Rights 

We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you with a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Right to Lodge a Complaint with a Supervisory Authority

If the GDPR applies to the processing of your Personal Data with us, the GDPR grants you the right to lodge a complaint with a supervisory authority, if you’re not satisfied with how we process your Personal Data. 

In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work or of an alleged violation of the GDPR.

Your Right to Opt Out of the Sale of Personal Data

You have the right to ask us to not sell your Personal Data at any time. This is called the “right to opt out”. To exercise the right to opt-out, you (or your authorized agent) you may submit a request to us by completing this form.

Once you make an opt-out request, we will wait at least twelve months before asking you to reauthorize the sale of your Personal Data. However, if you change your mind, you may opt back into Personal Data sales at any time, by using the contact details below. We will only use Personal Data provided in an opt-out request to review and comply with the request.

If you would like to opt out of cookies (except for the strictly necessary ones), click on the “Cookie Settings” button below: Cookie Settings

Your Right to Opt In to the Sale of Personal Data

If you have directed us not to sell your Personal Data or if you want us to sell your Personal Data, you can opt-in to the sale of your Personal Data at any time. 

In addition, we do not process nor sell the Personal Data of individuals that we know are less than 16 years old. We will not accept opt-in requests from parents or guardians on behalf of their children. 

How Can You Exercise Your Privacy Rights?

To exercise any of the rights described above, please submit a request by either:Calling us at 1-888-580-2455

Contacting us by email at [email protected]; or

Filling out this online form

Authorized Agents

You may appoint an authorized agent to exercise your rights on your behalf. You should appoint such agent via written permission or a power of attorney pursuant to Probate Code sections 4000 to 4465 (if you reside in the State of California) or the applicable rules for authorizing somebody else to exercise your rights in your country of residence.

To verify that your authorized agent acts on your behalf, we will ask for this written permission from your agent or for the power of attorney. In case you provided your authorized agent with written permission, we will also require that you verify your identity.

Verification of Your Identity 

Bear in mind that to evaluate your privacy rights requests (except the requests to stop the sale of your Personal Data), we need to be sure it was you who made the request. Consequently, we might need some identification to check that you are, who you say you are.

To verify your identity, we will ask you some questions concerning information we already hold about you or ask you to verify that you’re the owner of the email address or phone number you are using to contact us. For this verification, we may ask you information related to various identifiers such as, your first name, last name, email address, phone number, complete billing address, and complete mailing address. 

We will only use the Personal Data you provide us in a request to verify the requestor’s identity or authority to make the request.

Please note that you may only make a consumer request to know or data portability twice within a twelve (12)-month period. 

Response Timing and Format of Our Responses

We will confirm the receipt of your request in ten (10) days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, except when we have already granted or denied the request.

Please allow up to thirty (30) days for us to reply to your requests (except requests to stop selling your Personal Data) from the day we received your request. If we need more time [up to ninety (90) days in total], we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to the contact details associated with that account. If you do not have an account with us, we will send our written response electronically, unless you ask us to send our response by mail. 

We will only cover the twelve-month period preceding the moment we receive the request in any disclosures that we provide you with. 

We will act upon your request to opt out from selling your Personal Data in fifteen (15) days. We will also notify the third parties to whom we sold your Personal Data of your request and instruct them not to further sell your Personal Data, if they do. We will inform you about this within ninety (90) days from the receipt of your request.

If we cannot satisfy a request, we will also provide the reason(s) in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.

We promise that we will not charge a fee for processing or responding to your requests. There may be exceptions when we may charge a fee, if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate, before completing your request.

How Does Billtrust Protect your Information?

Billtrust works to maintain your confidence and trust in us and has, therefore, implemented physical, technical, and administrative measures designed to protect information from accidental loss, unauthorized access, use, alteration, and disclosure. We store and process your information on our servers located within the United States.

Children’s Privacy

Billtrust, including the Site and Solutions, is not directed at children, and Billtrust does not knowingly solicit or collect Personal Data online from children under the age of thirteen (13). If Billtrust learns that a child under the age of thirteen (13) has submitted Personal Data online without prior verifiable parental consent, it will take all reasonable measures to delete such information from its databases and to not use such information for any purpose (except where necessary, to protect the safety of the child or others as required or allowed by law). If you become aware of any personally identifiable information we have collected from children under thirteen (13) years of age, please contact us at [email protected].

EU-US Privacy Shield

To the extent that the Site or Solutions involves the collection of personal data of our clients or their customers in the European Economic Area, Billtrust may transfer that personal data to the United States for processing and storage. Billtrust handles any such personal data in adherence with the EU-US Privacy Shield and has certified compliance with the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfers, Security, Data Integrity & Purpose Limitation, Access, Recourse, Enforcement and Liability. To access the Privacy Shield List and to find details of our certification, please see https://www.privacyshield.gov/. For more specific information, please review our Privacy Shield notice.

Changes and Updates to the Privacy Policy

This Privacy Policy may be updated and revised from time to time, and we will post the current version of this Privacy Policy at www.billtrust.com/privacy-policy. When we revise it, we will also update the “Effective” date.

You agree that the Personal Data we gather now, will be subject to the Privacy Policy in effect at the time of use. We may contact you through email regarding material, retroactive changes to our Privacy Policy or practices, but you should check the Site periodically to review any changes. In order to receive communications from Billtrust regarding, among other things, our privacy practices, it is important that the email address you have on record with Billtrust is kept up to date.

We suggest that you review this Privacy Policy periodically, since it may be updated from time to time.

Data Protection Officer Contact Details

VeraSafe has been appointed as Billtrust’s Data Protection Officer (“DPO”) in accordance with Article 38 of the General Data Protection Regulation (“GDPR”). All comments, queries and requests relating to Billtrust’s use of Personal Data are welcomed. Please contact:

Data Protection Officer

VeraSafe
22 Essex Way #8203 Essex, VT 05451 USA
+1 (617) 398-7067
Email: [email protected]

Web: https://www.verasafe.com/about-verasafe/contact-us/

Any Questions?

If you have questions or concerns about this Privacy Policy, please feel free to contact us at [email protected]

Secured By miniOrange