How Does the GDPR Affect Billtrust and Its Customers?
We are a software company, specializing in order-to-cash solutions. In the normal course of our business activities, we act as processor or service provider on behalf of our customers. Processors and controllers each have their respective obligations under the law. Therefore, even though Billtrust may be in compliance with the GDPR, it does not mean that our customers are automatically in compliance with the GDPR.
Responsibilities of Data Controllers
Data controllers are individuals or organizations that determine the purposes and means of processing personal data. Data controllers bear the primary responsibility for complying with the rights of data subjects and responding to data subjects’ requests under the GDPR.
Data controllers are also required to implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, to provide information about the personal data being processed, the purposes of that processing, and the third parties to which that information will be transferred, among other things.
Responsibilities of Data Processors
A data processor processes data according to the documented instructions of a data controller. While a processor does have certain obligations to support and assist the data controller in upholding its own obligations, such as informing the controller of requests it receives from data subjects, its relationship to the personal data and the data subjects themselves is comparatively restricted.
Data Processing Addendum
If you are a current Billtrust customer and need to update or execute a DPA, please contact Customer Support by phone or email [email protected] to submit a case. While Billtrust continues to certify to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks; it does not rely on such certification as a lawful method of data transfer under the GDPR. Our DPA includes Standard Contractual Clauses along with other appropriate safeguards to address lawful data transfers under the GDPR. Please see the Privacy Shield List at the following link: https://www.privacyshield.gov/list.
To view the Billtrust data processing addendum please download the PDF version.
For new customers, our DPA automatically becomes part of your Agreement with Billtrust. If you have previously negotiated a separate DPA with Billtrust, which includes the prior version of the SCCs, the DPA will remain in place and effective until December 27, 2022 or earlier if otherwise agreed, following which the new DPA will become effective. If you would like to update the DPA prior to Dec 27, 2022, please contact Customer Support at [email protected] to submit a case.
Use of Sub-processors
Billtrust relies on third-party service providers to help provide the Billtrust services to you, such as payment processing services and cloud storage providers. We provide a list of our sub-processors here: https://www.billtrust.com/sub-processors/
Privacy by Design
Billtrust has always been a security-conscious company, and product development at various stages from design to implementation occurs with the privacy and security of personal data in mind.
See our comments in our cover email.
Security and compliance certifications: https://www.billtrust.com/data-privacy-certifications-to-security-and-compliance-certifications/
Stay up-to-date. Connect our RSS Feed to get notified when updates occur.
RSS Feed users, please connect our feed to your RSS feed reader of choice to be notified about the latest updates to our Privacy Terms, including newer versions of the Billtrust data procession addendum pdf. Feedly is a popular RSS reader.