Effective Date: January 20, 2023
This Supplemental Privacy Notice applies to You only if You are a natural person and are a resident of California, Colorado, Connecticut, Virginia, or Utah. This Supplemental Privacy Notice is incorporated into and forms part of the BILL Privacy Notice.
This Supplemental Privacy Notice describes how We collect, process, and disclose Your personal information. It also describes the rights You may have, depending on the state of Your residence, with regard to Your personal information, which apply when new or updated laws take effect in these states. This Supplemental Privacy Notice does not apply to any employees, owners, directors, officers, or contractors of BILL or its affiliates.
Capitalized terms not defined in this Privacy Notice have the meanings given to them in BILL’s Terms of Service.
CATEGORIES OF PERSONAL INFORMATION WE COLLECT AND HOW WE USE THAT INFORMATION
During the past twelve (12) months, we have collected, used, and disclosed the following categories of personal information:
| Category of Personal Information | Category of Source | Business or commercial purpose(s) for collection | Categories of third parties with whom we share |
|---|---|---|---|
| Personal identifiers | Directly from You or Your agents
From Your Organization From Your Vendors or Customers From other third parties You choose to interact with From Our service providers From public sources |
To provide the Services to You
To communicate with You To verify Your identity To protect Your account To prevent fraud or illegal activity Our marketing activities |
Our service providers
Your authorized service providers Other third parties that You authorize Our business and marketing partners Third parties as required by law |
| Financial information, including bank account number, credit card number |
Directly from You or Your agents
From Your Organization From Your Vendors or Customers From other third parties You choose to interact with From Our service providers From public sources |
To provide the Services to You
To verify Your identity To protect Your account To prevent fraud or illegal activity |
|
| Commercial information, including products/services purchased |
Directly from You or Your agents
From Your Vendors or Customers |
Provide the Services to You
Prevent fraud or illegal activity |
|
| Internet or other electronic network activity information |
Directly from You
From Our service providers |
Provide the Services to You
Protect Your account Prevent fraud or illegal activity Debug or repair the Services Maintain reliability, quality or safety of the Services Improve the Services Our marketing activities |
|
| Geolocation data | Directly from You
From Your mobile provider or ISP |
Provide the Services to You
Protect Your account Prevent fraud or illegal activity Debug or repair the Services Maintain reliability, quality or safety of the Services |
|
| Audio, electronic, visual, or similar information | Directly from you |
Provide the Services to You
Prevent fraud or illegal activity Improve the Services Maintain reliability, quality or safety of the Service |
|
| Professional or employment-related information |
Directly from you
From your Organization From your Vendors or Customers |
Provide the Services to You
Prevent fraud or illegal activity Our marketing activities |
|
| Inferences drawn to create a profile about a consumer | BILL |
Provide the Services to You
Prevent fraud or illegal activity Maintain reliability, quality or safety of the Services Our marketing activities |
We do not knowingly collect or use personal information of anyone under the age of 16.
Sensitive Personal Information
When we collect government identification (such as Your driver’s license number or Social Security number) or financial details (such as Your bank account or credit card numbers), we are deemed to be collecting data that is “sensitive” under state privacy laws. Where legally required, we will obtain Your consent for collecting this information. For our California users, we do not use or disclose sensitive personal information for any purpose other than as permitted by law, such as to provide the Services to You, to detect security incidents, and protect against malicious or fraudulent actions, nor do we use or disclose such information to build a profile about You.
Retention
We retain Your information as long as it is necessary to comply with Our internal records retention and management policies and procedures and to provide You with the Service or administer Your BILL Account, or as long as necessary to comply with legal obligations, resolve disputes, reserve legal rights, and enforce agreements, which may include retaining Your information after You stop using the Service.
Sales/Sharing
In the last 12 months, we have allowed third party ad providers to collect personal information from Our website visitors in order to provide targeted advertising and analytics. This practice may constitute a sale of personal information under certain state laws and, in California, may also constitute “sharing” (which is a term used to address the sharing of information for advertising purposes) of personal information. To the extent that our practice constitutes a sale or sharing of Your personal information, You have the right to opt-out of the sale or sharing of Your personal information with third parties for purposes of targeted advertising by filling out this Opt-Out Form and by enabling Global Privacy Control on Your browser or opting-out of cookies by clicking here:
Global Privacy Control (“GPC”) is a setting You can enable in Your web browser to communicate Your privacy preference for not having certain information about Your webpage visits collected across websites. For all the details, including how to turn on GPC, visit https://globalprivacycontrol.org/. Our websites that link to this privacy policy recognize and respond to GPC signals.
Consistent with our practice of not collecting data on anyone under 16 years old, we do not have actual knowledge that we shared information on such minors with the companies we work with on targeted advertising.
UNDERSTANDING YOUR RIGHTS
Subject to certain limitations, and depending on Your state of residence, You have the following rights with respect to the personal information that we collect about You:
Right to Know. You can ask us to give You information about our collection and use of Your personal information. Specifically, You can request that we provide You one or more of the following:
The categories of personal information we collected about You.
The categories of sources from which we collected Your personal information.
Our business and commercial purposes for collecting, selling, or sharing Your personal information.
The categories of third parties to whom we disclose Your personal information.
The specific pieces of personal information we collected about You.
Right to Delete. Subject to certain limitations, You can ask us to delete Your personal information.
Right to Correct. You can ask us to correct inaccurate personal information that we have about You.
Right to Opt Out of Targeted Advertising or Sale. You can ask us to stop using Your personal information for targeted advertising. Please see the discussion on Sales/Sharing above.
Right Against Discrimination. We will not discriminate against You for exercising Your rights.
You can request to exercise Your right to know, delete, or correct Your personal information by emailing privacy@divvypay.com or by contacting BILL Customer Support by clicking on Help once You have logged in (if You are unable to log in, please click on the chat modal here to connect with Us). If You do not receive a confirmation of our receipt of Your request within 10 days, we may not have received Your request and You should re-submit it. Once we receive Your request, we will attempt to verify Your identity. We may ask You for additional information to help us verify Your identity, including by asking You to confirm other personal information You have provided to us. We may deny Your request for reasons permitted by law, including our inability to verify Your identity. If we deny Your request, we will tell You why we did so.
Subject to certain restrictions, You can have an agent exercise Your rights for You. If You have an agent exercising Your rights, that person must provide to us Your written authorization allowing them to make such a request on Your behalf. We reserve the right to deny the agent’s request if we are not reasonably able to confirm proper authorization and/or verify Your identity as the requestor.
APPEALS
Residents of Colorado, Connecticut, and Virginia can appeal a refusal to take action on a request by contacting us by email at privacy@divvypay.com.
CONTACT
If You have any questions or concerns about this Supplemental Privacy Notice, You can email us at privacy@divvypay.com or by contacting BILL Customer Support by clicking on Help once You have logged in (if You are unable to log in, please click on the chat modal here to connect with Us).