Last Updated: March 29th, 2019
Important – Transfer to the US of European Personal Data: Privacy Shield certification
Information that our European users submit through the Expensify Service or the Site is sent to and stored on secure servers located in the United States of America and may be transferred by us to our other offices and/or to the third parties (such as our Partner Companies), who may be situated in the United States of America or elsewhere outside the European Economic Area (EEA) and may be processed by staff operating outside the EEA. The US and other non-EEA countries do not have similar data protection laws to the European Union, and you should be aware in particular that the law and practice in the United States in respect of law enforcement authority access to data is significantly different from Europe. Where we transfer your information we will take all reasonable steps to ensure that your privacy rights continue to be protected consistent with our obligations under local law and the Privacy Shield Framework. By submitting information via the Site, you agree to this storing, processing and/or transfer.
Participation in the Privacy Shield
Resolution of Privacy Shield-related queries and complaint mechanism
In compliance with the Privacy Shield Principles, Expensify Inc. commits to resolve complaints about our collection or use of your Personal Data. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Expensify Inc. via email at: email@example.com or via post addressed to Operations Lead, 88 Kearny Street, San Francisco, CA 94108.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at feedback-form.truste.com/watchdog/request. As further explained in the Privacy Shield Principles, a binding arbitration option also be made available to you in order to address residual complaints not resolved by any other means. (How to submit a complaint)
Accountability for onward transfers
Expensify, Inc. is responsible for the processing of Personal Data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, including the onward transfer liability provisions.
Right of access
You have a legal right to request the Personal Data about you held by us. On request, we will provide you with a copy of this information. You also have a right to correct, amend or delete such Personal Data where it is inaccurate or has been processed in violation of the Privacy Shield Principles.
With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Application of the Privacy Shield Framework and Privacy Shield Principles
The Privacy Shield Framework and Privacy Shield Principles set out above only apply to Members and Corporate Members located in the EU. Accordingly, Expensify, Inc. is not liable under the Privacy Shield Framework and Privacy Shield Principles to Members or Corporate Members located outside the EU.
1. MEMBER CONSENT
2. A NOTE ABOUT CHILDREN
We do not intentionally gather Personal Data about individuals who are under the age of 18. If you become aware that we inadvertently hold or have access to Personal Data about anyone under 18, please let us know so we can delete it.
3. TYPES OF PERSONAL DATA WE COLLECT
So that we can provide you with our products and services, we may need to collect Personal Data (as that term is defined below) about you or others. If you do not provide us with the Personal Data we request, we may not be able to supply you with some or all of our products and services.
Expensify collects Personal Data from you when you visit our Site, when you send us information or communications in connection with your use of the Expensify Service, and/or when you download and use the Expensify Software. "Personal Data" means data that allows someone to identify or contact you or your employees, consultants, and independent contractors, including, for example, name, address, geographic location of your computer or mobile device, telephone number, credit card number, email address and bank account information. If you are accessing the Expensify Service from Australia, "Personal Data" also includes any information or opinion, whether true or not and whether recorded in material form or not, by which you may be reasonably identifiable.
Personal Data You Provide To Us
We collect Personal Data from you, such as first and last name, email and mailing addresses, telephone number, professional title, company name, and password, when you register for the Expensify Service. In addition, we (or our third-party credit card or payment processor on our behalf) will collect Personal Data including your credit card number or account information when you upgrade to a paid account. We also retain information on your behalf, such as the Personal Data described above and any correspondence. If you provide us feedback or contact us via email, we will collect your name and email address, IP address, as well as any other content included in the email, in order to send you a reply, and any information that you submit to us, such as a resume. If we conduct a survey in which you participate, we may collect additional profile information. We may also collect Personal Data at other instances in the Site or Application user experience where we state that Personal Data is being collected.
If you choose to use our referral service to tell a friend about our site, we will ask you for your friend's name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. Expensify stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program. If your friend is a resident of the European Union or Australia, please make sure they are happy to be contacted by us.
When you provide us with Personal Data about your contacts we will only use this information for the specific reason for which it is provided.
If you believe that one of your contacts has provided us with your Personal Data and you would like to request that it be removed from our database, please contact us at firstname.lastname@example.org.
Your friend may also contact us at email@example.com to request that we remove this information from our database.
Personal Data Collected by Third Parties
We will collect your Personal Data from you unless it is unreasonable or impracticable to do so. However, we may collect and receive Personal Data about you from companies that distribute the Expensify Service by way of a co-branded or private-labeled website, companies that offer their products and/or services via the Expensify Service, or companies that provide services (such as payment processing services) in connection with the Expensify Service (collectively, "Partner Companies"). Our Partner Companies may supply us with Personal Data, such as your name and email and mailing address information or your login credentials for such Partner Company's website or service, in order to help us establish the account or fulfil orders. We may also collect your Personal Data from public sources. We may add this information to the information we have already collected from you via our Site or Application in order to perform and improve the Expensify Service. If you provide us Personal Data about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Personal Data Collected via Technology
The Expensify Service (which may be hosted by a third-party service provider) collects Personal Data from you, such as browser type, your approximate geographic location of your mobile device or computer (from your Internet Protocol (IP) address), operating system and version, Internet Protocol (IP) address, domain name, information about your application, operating environment and hardware profiles and/or a date/time stamp for your visit. We may also use Identifiers (as defined below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of your visit and/or access to the Expensify Service and your activity on the Site and the Application. Like most internet services, we automatically gather this Personal Data and store it in log files each time you visit the Site, use the Application or access your account on our network.
When you interact with the Site or the Application, we try to make that experience simple and useful. We and our partners use industry standard identifiers, such as cookies or other similar technologies. We also use mobile device identifiers which perform a similar role, like the IDFA used by Apple devices and the UDID used by Android devices. Cookies are small pieces of information which are issued to your computer or mobile device (as the case may be) when you visit a website or access or use a mobile application and which store and sometimes track information about your use of the Site or Application (as the case may be). A number of cookies we use last only for the duration of your web or Application session and expire when you close your browser or exit the Application. Other cookies are used to remember you when you return to the Site or Application and will last for longer. We refer to cookies and the mobile device equivalents as "Identifiers".
We use Identifiers to:
- remember that you have visited us before; this means we can identify the number of unique visitors we receive;
- customize elements of the promotional layout and/or content of the pages of the Site or Application;
- collect statistical information about how you use the Site or App (including how long you spend on the Site or Application) and where you have come to the Site or Application from, so that we can improve the Site and learn which parts of the Site and which functions of the Application are most popular with users.
Usage information may be linked to your account in order to assist Expensify to provide services to your account, for example analysing data for the purposes of trouble shooting. Expensify will not sell or disclose usage data to any third party unless such usage data has been aggregated or de-identified and is no longer capable of identifying you as an individual.
Some of the Identifiers used by the Site are set or accessed (as appropriate) by us, and some by third parties who are delivering services on our behalf.
Most web and mobile device browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser or mobile device. Please note, however, that by blocking or deleting cookies used on the Site or Application, you may not be able to take full advantage of the Expensify Service.
In addition to cookies, web beacons may be set by us or third parties in respect of your use of the Site or Application. Web beacons are small image files within the content of the Site or Application for analytics purposes so we or third parties can understand which parts of the Site or Application are visited and which functions of the Site or Application are used and whether particular content is of interest.
When you download and use the Expensify Service, we automatically collect information about the type of device you use and operating system version.
We may send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.
We collect your location based information for the purpose of mileage tracking and providing location specific features. We may share your geo-location data with third parties for the sole purpose of providing these services. If you do not wish to allow us to share your information in this manner please opt out by contacting us at firstname.lastname@example.org.
You may opt-out of location based services at any time by editing the setting at the device level or by emailing us at email@example.com.
We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the Application, the events that occur within the Application, aggregated usage, performance data, and where the Application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile Application.
3rd Party Tracking Technologies
We may partner with a third party to either display advertising on our Site or Application or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to opt -out of interest-based advertising click here [or if located in the European Union click here]. Please note you will continue to receive generic ads.
4. USE OF YOUR PERSONAL DATA
Expensify uses your Personal Data in the following ways:
- to facilitate the creation of and secure your account on our network;
- identify you as a Member in our system;
- to provide improved administration of the Expensify Service;
- to improve the quality of experience when you interact with the Expensify Service, including staff training;
- to send you a welcome email to verify ownership of the email address provided when your account was created;
- to send you administrative email notifications, such as security or support and maintenance advisories;
- to collect fees and payments owing to us;
- to respond to your inquiries related to employment opportunities or other requests and to resolve disputes;
- to send with your consent (or where a friend has referred you to us) promotional communications;
- to provide you with hardcopy or electronic newsletters, or surveys;
- to send with your consent (or where a friend has referred you to us) upgrades and special offers related to the Expensify Service and for other marketing purposes of Expensify or our Partner Companies;
- to make telephone calls to you, from time to time, as a part of secondary fraud protection or to solicit your feedback; and
- to compare information provided by you for accuracy and verification with third parties.
From time to time, we may also use your Personal Data to send important notices to you, such as communications about purchases you have made, or changes to our terms and conditions or other policies. This information is important to your interactions with us and you acknowledge that you may not opt out of receiving these communications.
Any information, including Personal Data, which you elect to make publicly available on the Expensify Service will be available to other Members or the public. If you remove information that you have made public on the Expensify Service, copies may remain viewable in cached and archived pages of the Expensify Service, or if other Members have copied or saved that information.
In some cases we collect information provided by our Corporate Members, and in such cases, we have no direct relationship with the individuals whose Personal Data we process. If you believe your Personal Data has been collected by us in such circumstances, and would no longer like to be contacted as an employee or customer of one of our Corporate Members, please contact that Corporate Member directly in order to request your removal.
5. DISCLOSURE OF YOUR PERSONAL DATA
We may share your Personal Data with Partner Companies to provide technical support or to provide specific services, such as hosting of your applications, maintenance services, database management or payment processing for purchases, reimbursements or other payments (including but not limited to PayPal and the Bancorp). Partner Companies will have access to your Personal Data only to perform these services on our behalf and are obligated not to disclose or use it for any other purpose. They may be located, or their data processing activities may take place, in the United States of America or elsewhere outside the European Economic Area (EEA). The US and other non-EEA countries do not have similar data protection laws to the European Union, and you should be aware in particular that the law and practice in the United States in respect of law enforcement authority access to data is significantly different from Europe.
Expensify may sell/divest/transfer the company (including any shares in the company), or any combination of its products, services, assets and/or businesses. Personal Data may be among the items sold or otherwise transferred in these types of transactions, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your Personal Data. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company.
In certain situations, Expensify may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Regardless of any choices you make regarding your Personal Data (if applicable), Expensify may disclose Personal Data if it believes in good faith that such disclosure is necessary to (a) comply with relevant laws or to respond to subpoenas or warrants or lawful requests from government authorities served on Expensify; or (b) protect or defend the rights, reputation or property of Expensify or users of the Expensify Service.
Except as otherwise stated in this policy, we do not sell, trade, share, or rent the Personal Data collected from the Expensify Service to third parties. You expressly consent to the sharing of your Personal Data as described in this policy.
Service Provider, Sub-Processors/Onward Transfer
Expensify may transfer Personal Data to companies that help us provide the Expensify Service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients.
Expensify offers you the choice of receiving different types of communication and information related to our company, products and services. You may subscribe to e-newsletters or other publications; you may also elect to receive marketing communications and other special offers from us via email. If at any time you would like to change your communication preferences, we provide unsubscribe links and an opt-out mechanism for your convenience. You may also access and manage your preferences from your account.
7. PERSONAL DATA CHANGES
If you believe that the Personal Data we hold about you may not be complete, accurate and up-to-date, you may change aspects of any of your Personal Data in your account by editing your profile within the registration portion of the Site or by sending an email to us at firstname.lastname@example.org.You may request deletion of your account information by us, but please note that we may be permitted or required (by law or otherwise) to keep this information and not delete or change it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). We will respond to your request to access within 30 days. We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Access to Data Controlled by our Corporate Members
Expensify will retain data we process on behalf of our Corporate Members for as long as needed to provide services to our Corporate Member. Expensify will retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We ensure that Personal Data we dispose of is de-identified or destroyed in a secure fashion.
Blog / Forum
Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Data from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your Personal Data, in which case we will let you know if we are unable to do so and why.
8. CALIFORNIA PRIVACY RIGHTS
Members who are California residents may request and obtain from us once a year, free of charge, certain information about the Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of Personal Data that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to firstname.lastname@example.org.
9. SECURITY OF YOUR APPLICATION AND PERSONAL DATA
Expensify is committed to protecting the security of your Personal Data. We use a variety of industry-standard security technologies and procedures to help protect your Personal Data from unauthorized access, use, or disclosure. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). We also require you to enter a password to access your account information. Please do not disclose your account password to unauthorized people. Despite these measures, you should know that Expensify cannot fully eliminate security risks associated with Personal Data. If you have any questions about the security of your Personal Data, you can contact us at email@example.com.
10. CONTACT INFORMATION
If you have general enquiry type questions, you can choose to do this anonymously or use a pseudonym. However, if you require information which is specific to your circumstances then it may not be possible for you to deal with us anonymously or by pseudonym. You acknowledge and agree that when contacting Expensify, whether by email, chat, or otherwise, you will not include any personally identifiable information in your communications, and that if such information is included in your communications with Expensify, Expensify will have no legal obligation or liability with regard to such information.
12. AUSTRALIAN PRIVACY RIGHTS
In addition, the following information applies to you.
If you choose to use our referral service to tell a friend about Expensify, you must seek your friend's consent to our use of your friend's name and email address to contact them about the Expensify Service. By providing us with your friend's name and email address, you warrant that your friend consents to such contact.
Anonymity and Pseudonymity
If you are making a general enquiry only, you may deal with us on an anonymous basis or through the use of a pseudonym. However, we will not be able to provide you with any specific information about your account if you fail to identify yourself to us.
Data Transfer Disclosure
Personal Data provided to us by Members or Corporate Members located in Australia may be disclosed to service providers located outside Australia, including in the US, including providers of cloud or other types of networked or electronic storage.
Although these third parties are subject to privacy and confidentiality obligations imposed by contract or the regulatory frameworks of the jurisdiction in which those third parties are located, you acknowledge that:
13. OVERSEAS DISCLOSURE
Expensify is based in the United States, and, unless we expressly agree otherwise, we may host, transfer, and process data, including Personal Information, in the United States and in other countries through Expensify and third parties that we use to operate and manage the Service. These countries may have data protection laws that are different from those of your country of residence. When you access or use the Service, or otherwise provide information to us, you are consenting, on behalf of you and your authorized agents, (and representing that you have the authority to provide such consent) to the processing and transfer of information in and to the United States and other countries which may have different privacy laws from your or their country of residence. Expensify takes appropriate measures to ensure such transfers are in compliance with applicable laws. For EU residents, please see the provisions regarding our EU Privacy Shield certification. For Australia residents, please see Section 12 (“Australian Privacy Rights”).
14. DATA RETENTION
Other than in aggregated, anonymized form as permitted under the Expensify Terms of Service, and except as required by applicable law, we will delete or otherwise destroy your Personal Data as soon as practicably possible following your termination or cancellation of your use of the Expensify Service.
15. QUERIES, CONCERNS, AND COMPLAINTS
If you have any queries, concerns or complaints about the manner in which we have collected, stored, used or disclosed your personal information, please contact the Data Protection Officer at firstname.lastname@example.org
We will treat your complaint confidentially and, after investigating your complaint, discuss the ways in which we can remedy the situation. We will ensure that we respond to your complaint within a reasonable time (and in any event within the time required by applicable law).
- The Office of Australian Information Commissioner at https://www.oaic.gov.au/ (if you are an Australia individual);
- The International Trade Administration by following the instructions at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint (if you are a European Union individual); or
- The Federal Trade Commission at https://www.ftccomplaintassistant.gov/#crnt&panel1-1 (if you are a United States individual).