Privacy Notice

Last Updated: April 2024

Your privacy is important to us. Please read this Privacy Notice carefully to learn how we collect, use, share, and otherwise process information relating to individuals (“Personal Data”), and to learn about your rights and choices regarding your Personal Data.

iPipeline is the controller of your Personal Data as described in this Privacy Notice, unless specified otherwise. This Privacy Notice applies to the collection and processing of Personal Data collected by us when you visit our branded websites that link to this Privacy Notice; use our online products and services as an authorized user where we act as a controller of your Personal Data; visit our branded social media pages; visit our facilities; communicate with us (including emails, phone calls, texts or fax); or register for, attend or take part in our events, webinars, trade shows or contests.

Collection of Personal Data

We collect three types of Personal Data from you:

• Information You Provide: We collect and record any information that you provide to us directly, including any personal identifiers, professional or employment-related information, that you provide to us through this website or other medium.
• Information We Collect Automatically: We automatically collect and store information about your use of this website and our services. To do so, we may use cookie technology and other online identifiers to track your IP address, web browser, geolocation, or your activity on this site. For more information about cookies and other tracking technologies, please see our Cookie Policy.
• Other Information We Collect: We may combine data from other sources with Personal Data we receive from you. These other sources may be from third parties or from publicly available sources. This may include information related to your employment, education, commercial interactions, and internet activity.

In some cases, the collection and processing (see Section 2 below) of Personal Data is required for you to receive certain products or services. Personal Data does not include information that is anonymized or aggregated such that you cannot be identified from it.

If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so and have obtained any necessary consent for the information to be used in accordance with this Privacy Notice. If you believe that your Personal Data has been provided to us improperly or want to exercise your rights relating to your Personal Data, please contact us by using the information in Contact Us section (Section 16) below.

Types of Personal Data We Collect

We may collect the following types of Personal Data about you.

• identifiers (e.g., name, address, phone number, IP address);
• records about you (e.g., signatures, physical characters or descriptionsof you, content, timing, and method of communications you have with us, anyinformation you share or upload to our website, services, or other digitalproperties)
• geolocation data (e.g., computer/device location);
• professional or employment related information.
• Processing your Personal Data. Where required by law, we obtain your consent to use and process your Personal Data for these purposes: Otherwise, we
  rely on other legal bases to collect and process your Personal Data. We process your Personal Data for the following purposes:
  • Providing our services, products, and website access: We process your Personal Data relating to your access of our services, products, website, and other
    digital properties (e.g., account information, etc.) to ensure both you and we meet our obligations under the applicable contract, terms of use, or service agreement and to project future demand as well as improve our websites and services; absent a contractual relationship, we process your Personal Data to further our legitimate interest in operating and improving our websites and services.
  • Internal business purposes: We process your Personal Data to operate, maintain, and improve our services, products, and website, including customizing the content; maintaining internal business records, such as accounting, managing user accounts, document management and similar activities; enforcing our policies and rules; monitoring service usage, management reporting; auditing; and IT security and administration to meet our obligations to you to perform our contract with you, or, if no contract applies, to the extent it is necessary for our legitimate interest in operating our business in a secure and efficient manner.
  • Securing our facilities, websites and services: We process your Personal Data (e.g., name, IP address, account information, internet activity) as part of our efforts to maintain, monitor and secure our websites and services. This may include aggregating data, verifying accounts, investigating suspicious activity, and enforcing our terms and policies to the extent necessary to further our legitimate interest in maintaining a safe and secure website, products and services and in protecting our rights and the rights of others.
  • Responding to contact requests: If you contact us electronically or by phone, we process your Personal Data (e.g., name, account information, government identifiers) to perform our contract with you, or, if no contract applies, to the extent it is necessary for ourlegitimate interest in responding to your inquiry and communicating with you. We may record and process communications for training, quality assurance, and administration purposes. If required under applicable law, we will obtain your prior consent or give you the option to object to a call being recorded.
  • Marketing and advertising: We may process your Personal Data (e.g., name, account information) to advertise to you, based upon your Personal Data to the extent it is necessary for our legitimate interest in advertising our websites, services or products. Where legally required, we will obtain your consent before engaging in any marketing or advertising.
  • Complying with legal and safety obligations: We process your Personal Data (e.g., name, account information) when cooperating with public and government authorities, protecting our legal rights, and protecting against abuse of our services and products. Any such processing is based on our legitimate interest in protecting our legal rights or, when applicable, complying with a legal obligation to which we are subject.
  • In connection with a corporate transaction: We may process your information if we sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change in furtherance of our legitimate interest in operating and transacting the business of the company.

In some cases, we may provide specific services or offerings subject to separate or supplemental privacy policies. In those cases, we will prominently inform you of those policies and provide those policies in an easily accessible format.

Exclusions

This Privacy Policy does not apply to Personal Data that:

• we process on behalf of our customers in the role of processor or other service provider, such as when we allow customers to create their own websites/applications to offer their own products and services, to send electronic communications to others; or otherwise use, collect, share or process Personal Data via our online products and services. Our customers’ privacy policies may be different from ours, and we are not responsible for those practices.
• we process about current or former employees, job applicants, and other individuals who interact with us for employment-related purposes.

Protecting Personal Data

We take commercially reasonable precautions to protect the Personal Data in our possession from loss, misuse, unauthorized access, disclosure, alteration, or destruction. While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure or error-free. Personal Data you send to or from the website or via e-mail may not be secure, and we encourage you to contact us about more secure ways to share sensitive
information when necessary. Where you use passwords, ID numbers, or other special access features on this site, it is your responsibility to safeguard them and to log out of any accounts you access after your sessions.

Your Individual Rights

Depending on our relationship with you and where you may reside, you may have certain rights relating to your Personal Data based on applicable local data protection laws, including from individual US state privacy laws (e.g., California, Virginia, Colorado, and other states), Canadian privacy laws, and the EU/UK General Data Protection Regulation. Depending on the applicable laws these rights may include the right to:

• Request information about the categories of Personal Data we have collected about you, the categories of sources from which we collected the Personal Data, the purposes for collecting, sell or
  sharing the Personal Data, and to whom we have disclosed your Personal Data.
• Request and receive copies of your Personal Data that we hold;
• Request additional information about how we process your Personal Data;
• Correct inaccurate or incomplete Personal Data (taking into account our use of it);
• Request deletion of your Personal Data;
• Restrict or object to our processing of your Personal Data, including restricting the sale or sharing of your data or its use for cross-context behavioral marketing. Where we process Personal Data for direct marketing purposes (either by us or third parties) or for cross-context behavioral marketing, you may not have to provide a specific reason for such objection;
• Require us(if possible) to transfer your Personal Data to another controller (i.e., data portability);
• Limit the use or disclosure of your sensitive Personal Data;
• Restrict certain disclosures of your Personal Data to third parties;
• Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects; and
• Withdraw your consent to the processing of your Personal Data (to the extent we base processing on consent and not on another lawful basis).

We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights. You may exercise these rights, to the extent applicable, by making the request via our website using our iPipeline Data Protection Request Form, by sending us an email at uk.dataprotection@ipipeline.com, or writing to us at iPipeline at Second Floor, The Quadrangle Building, Imperial Promenade, Cheltenham GL50 1PZ. Please call at +44 (0)345 408 4022. We will respond to any such requests within 30 days of receipt.

If you are not happy with how iPipeline handles your Personal Data and we cannot provide you with a satisfactory resolution to your request, you also have the right to lodge a complaint with a supervisory body for data protection in your jurisdiction, for example, the Information Commissioner’s Office at https://ico.org.uk/. If you wish to pursue any of these rights, please contact us using the details set out at the end of this Notice below.

Disclosing Personal Data to Third Parties

We do not “sell” or “share” Personal Data about you as those terms are defined by the California ConsumerPrivacy Act. We may provide your Personal Data to the categories of recipients described below:

• iPipeline’s divisions, holding companies, subsidiaries, and affiliates.
• Third party service providers or other entities that perform services on our behalf, help us provide you with our products and services, and that otherwise support
  our relationship with you (such as shipping or direct mailing organizations). These third-party service providers have access to personal information needed to
  perform their functions but may not use it for other purposes. Further, they must process the Personal Data in accordance with this Privacy Notice and as
  permitted by applicable data protection laws. Please click here for a list of the third party service providers we use.
• Vendors necessary to complete transactions you request, such as shipping companies and logistics providers.
• Law enforcement, government agencies, or other regulators to comply with law or legal requirements, to enforce our agreements, and to protect our rights and
  the property or safety of iPipeline, our users, or third parties.
• Transactional parties if we, or some, or all of our assets, acquire or are acquired by another entity, including through a sale or in connection with a bankruptcy.
• Entities to which you have consented to the disclosure.

Disclosure of Personal Data. Although we have not “sold” Personal Data for money in the past 12 months, we engage in routine practices with our services, products, and websites involving third parties that could be considered a “sale” or “sharing” as defined under California law. We do not knowingly sell or share any Personal Data of minors under the age of 16.

Below please find a chart detailing the categories of Personal Data we collected and with whom it was sold, shared, or disclosed for a business purpose in the past 12 months.