Privacy Statement Effective as of April 2023
iPipeline is a global software solutions provider. Our headquarters is in Exton Pennsylvania (USA). We have offices in the United States, the United Kingdom and Canada.
We will act as the controller of your personal data in regards to your usage of our website. However, iPipeline acts as a processor in regards to the services we offer our customers. This Privacy Notice applies to the collection and processing of Personal Data collected by us when you visit our branded websites that link to this Privacy Notice; use our online products and services as an authorized user where we act as a controller of your Personal Data; visit our branded social media pages; visit our facilities; communicate with us (including emails, phone calls, texts or fax); or register for, attend or take part in our events, webinars, trade shows or contests.
Within this Privacy Notice we will refer to the business as ‘iPipeline’. Information regarding locations and addresses can be found at our corporate website: https://www.ipipeline.com/.
At iPipeline, protecting your privacy is important. We are required and committed to comply with all applicable privacy legislation in the jurisdictions in which we conduct our business such as GDPR in Europe and HIPAA and state privacy laws, such as in California, Virginia, Colorado, Nevada, Utah, or Connecticut in the United States.
Purpose of Notice
This Privacy Notice aims to inform you about how we collect, use, disclose and store information about you when you interact or use our websites, including downloading materials from our resources page or make inquiries; you register and/or attend any of our events, webinars, or conferences we contact you regarding one of our products or services; and you apply for a position at iPipeline. Country specific applicant privacy notices may apply and are available when applying on our careers site.
This Privacy Notice describes the type of information we collect, how we use and disclose it and how we protect that information.
Other Information that iPipeline Processes
This Privacy Notice does not apply when we process Personal Data on behalf of our customers in the role of processor or other service provider, such as when we allow customers to create their own websites/applications to offer their own products and services, to send electronic communications to others; or otherwise use, collect, share, or process Personal Data via our online products and services. Our customers’ privacy policies may be different from ours, and we are not responsible for those practices. For information about the privacy practices of our customers who use our products and services as a controller, please contact that customer directly.
We will only process your personal information where we have a lawful basis for doing so. In general, the basis is that we are fulfilling a contract with our customers, who provide services to you with your consent, or we have a legitimate interest to process your personal information that does not prejudice your own rights, freedoms and interests.
Information That iPipeline Collects About You
We may collect information when you visit our web site (https://www.ipipeline.com) or our subsidiary sites that we have provided links to.
For iPipeline and subsidiary sites we are the controller for such information. This includes:
Information You Provide
While using our website, we may ask you to supply us with personal information. Generally, this information is collected when you request a service or information from us, such as when you request a fact sheet or information about our products and services or apply for a position. This information will be used to allow us to contact or identify you. The information may include but is not limited to:
- – Email Address
- – First name and last name
- – Phone number
- – Address
- – Your job title and company details
- – Your education and work experience in applications we receive from you
- – Your date of birth
Although we generally only collect information that has been provided directly by you, there are times that we may collect information from third parties (e.g., a company that provides services to us or an information service provider). When we do so we will provide a separate privacy notice if required.
Information We Collect Automatically
We automatically collect and store information about your use of this website and our services. To do so, we may use cookie technology and other online identifiers to track your IP address, web browser, geolocation, or your activity on this site.
In some cases, the collection and processing of Personal Data is required for you to receive certain products or services. Personal Data does not include information that is anonymized or aggregated such that you cannot be identified from it.
If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so and have obtained any necessary consent for the information to be used in accordance with this Privacy Notice. If you believe that your Personal Data has been provided to us improperly or want to exercise your rights relating to your Personal Data, please contact us by using the information in Contact Us section below.
We may also obtain your contact information from third parties to whom you have given consent to share your details with iPipeline or category within which our business activities fall. Where we do obtain your information from a third party, we will inform you of their details when we first contact you.
Processing your Personal Data
Where required by law, we obtain your consent to use and process your Personal Data for these purposes. Otherwise, we rely on other legal bases (legitimate interest, contract) to collect and process your Personal Data. We process your Personal Data for the following purposes:
- – Securing our websites and services: We process your Personal Data (e.g., name, IP address, account information, internet activity) as part of our efforts to maintain, monitor and secure our website and services. This may include aggregating data, verifying accounts, investigating suspicious activity, and enforcing our terms and policies to the extent necessary to further our legitimate interest in maintaining a safe and secure website, products and services and in protecting our rights and the rights of others.
- – User Account Management: If you have registered for an account with us, we process your Personal Data (e.g., name, IP address, account information, payment information) to manage your user account for the purpose of meeting our obligations to you according to the applicable contract or terms of service.
- – Responding to contact requests: If you contact us electronically or by phone, we process your Personal Data (e.g., name, account information, government identifiers) to perform our contract with you, or, if no contract applies, to the extent it is necessary for our legitimate interest in responding to your inquiry and communicating with you. We may record and process communications for training, quality assurance, and administration purposes. If required under applicable law, we will obtain your prior consent or give you the option to object to a call being recorded.
- – Managing payments: We may process your financial information and other Personal Data (e.g., name, account information, financial history) to verify financial information and to collect or make payments to the extent that doing so is required to fulfil our contract with you.
- – Tracking office visitors: If you visit our facilities, we may process your Personal Data (e.g., name, government identifiers) for security, health, or safety reasons (including any NDAs our visitors may be required to sign) to the extent such processing is necessary to further our legitimate interest in protecting our offices and our confidential information against unauthorized access.
- – Marketing and Advertising: We may process your Personal Data (e.g., name, account information, purchase history, internet activity) to advertise to you, conduct market research, and to provide other personalized content based upon your Personal Data to the extent it is necessary for our legitimate interest in advertising our websites, services, or products. Where legally required, we will obtain your consent before engaging in any marketing or advertising.
- – Complying with legal and safety obligations: We process your Personal Data (e.g., name, account information, payment history, internet history) when cooperating with public and government authorities, protecting our legal rights, conducting audits, and protecting against abuse of our services and products. Any such processing is based on our legitimate interest in protecting our legal rights or, when applicable, complying with a legal obligation to which we are subject.
In some cases, we may provide specific services or offerings subject to separate or supplemental privacy policies. In those cases, we will prominently inform you of those policies and provide those policies in an easily accessible format. As per the new FCA Guideline, iPipeline will ensure that all third-party sources used in our UK risk report analysis will be properly referenced.
Sharing of Information
We do not sell or rent your personal information to anyone.
We may share your personal information with:
- – the companies in our corporate group;
- – our personnel, subcontractors, agents and advisors who have a need for that information as they assist us in running our business, this website or providing related services;
- – our subcontractors, suppliers and advisors to the extent necessary and relevant for the provision of our services;
- – third parties known as processors; and
- – those other persons we believe are reasonably necessary to comply with our legal and regulatory requirements and/or exercise any rights we have under our contracts.
Where we wish to share your personal information with third parties who are not listed above then we shall seek your consent before doing so, unless the data is anonymized (i.e. it doesn’t identify individuals) – in which case we may share the information without first obtaining your consent.
We may disclose your information to members of our corporate group. Countries in which we are based include the United States, the United Kingdom and Canada. We have appropriate controls in place in relation to intra-group transfers.
In addition, we may transfer your information to countries or jurisdictions which do not provide the same level of data protection as the country in which you reside (including without limitation to the US), if necessary, for achieving the purposes set out above. If we do make such a transfer, we will, if appropriate, put a contract in place to ensure your information is protected.
We use processors for the purposes listed in the table below. Our processors will only process your personal information in accordance with this Privacy Notice and will be bound by contract to keep your personal information secure and only to process your personal information in accordance with our instructions.
|Processor Category||Nature of Processing & Purpose|
|Marketing & Feedback services||
Disclosing Personal Data to Third Parties
We do not “sell” or “share” Personal Data about you to unrelated companies for their independent use as those terms are defined by the California Consumer Privacy Act. We may share or provide your Personal Data to the categories of recipients described below:
- – iPipeline’s divisions, holding companies, subsidiaries, and affiliates.
- – Third party service providers or other entities that perform services on our behalf, help us provide you with our products and services, and that otherwise support our relationship with you (such as shipping or direct mailing organizations). These third-party service providers have access to personal information needed to perform their functions but may not use it for other purposes. Further, they must process the Personal Data in accordance with this Privacy Notice and as permitted by applicable data protection laws.
- – Law enforcement, government agencies, or other regulators to comply with law or legal requirements, to enforce our agreements, and to protect our rights and the property or safety of [Insert Name of Company], our users, or third parties.
- – Transactional parties if we, or some or all of our assets, acquire or are acquired by another entity, including through a sale or in connection with a bankruptcy.
- – Your employer or co-workers’ if you receive our products or services in connection with your employment.
- – Where you request us to do so.
We may also sell or share Personal Data that has been deidentified or aggregated with third parties for any purpose.
Data Transfers to Countries Outside the EU/EEA
Your data may be used and disclosed by the Company and its divisions, holding companies, subsidiaries and affiliates, or other entities outside the European Union (EU) and the European Economic Area (EEA) including in the U.S.
Third Party Sites/Services
Protecting Personal Data
We take appropriate steps and maintain electronic, physical, procedural and organizational safeguards using industry standard techniques and controls to protect the information we hold (including your personal information) from misuse, loss, unauthorized access, modification or disclosure. Where you use passwords, ID numbers, or other special access features on this site, it is your responsibility to safeguard them and to log out of any accounts you access after your sessions.
Promotional and Marketing Policy
We may ask you to consent to being contacted by us for promotional and marketing purposes. However, you may opt-out of receiving promotional or marketing emails at any time by notifying us as a reply to any unwanted e-mail, by using the unsubscribe function in our newsletter, contacting us at email@example.com, or by writing to us at iPipeline Headquarters (USA), 222 Valley Creek Boulevard, Suite 330, Exton, PA 19341. Requests to unsubscribe from iPipeline e-mails may take 5 business days to process.
We will retain your personal information for the period necessary to provide you with the services that you have requested, to fulfil our contractual and regulatory obligations or otherwise deliver or enhance our services. Some of the services that we offer our customers require us to retain information indefinitely.
Our corporate web site and our services are not directed to children. We do not knowingly solicit or collect personal information from children. If you are under 16, do not access, use, or provide any information on the website or on or through any of its features. If we learn we have collected or received Personal Data from a child under 16 without parental consent, we will delete that information.
We recognize your rights regarding your personal information as stipulated under privacy laws that apply to you, based on your place of residence.
For information that iPipeline directly collects in the EU and UK and for which we are a data controller, the GDPR gives EU citizens the following rights:
- – a right to access your personal information held by us;
- – a right to receive certain personal information in machine-readable format;
- – where we have specifically requested your consent to process your personal information and have no other lawful conditions to rely on you have the right to withdraw this consent;
- – a right to have certain personal information erased where it is no longer necessary for us to process it, where you have withdrawn your consent pursuant to the paragraph above, where you have objected pursuant to paragraph below, where your personal information has been unlawfully processed, or where erasing your personal information is required in accordance with a legal obligation;
- – a right to object to processing where lawful basis is that it is in our legitimate interests, but please note that we may still process your personal information where there are other relevant lawful bases or where we have compelling grounds to continue processing your personal information in our interests which are not overridden by your rights, interests or freedoms;
- – a right to have inaccurate personal information rectified;
- – a right to request an explanation of the logic involved where we make decisions about you solely through automated means; and
- – a right to complain to the Information Commissioner’s Office in the UK. https://ico.org.uk/
Please contact us using our iPipeline Data Protection Request Form or our email at firstname.lastname@example.org to submit a data subject request.
North American Rights
Provisions in the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VDCPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA), Nevada Senate Bill 220, and Connecticut Data Privacy Act (CTDPA) require some or all of the following disclosures.
Categories of personal information collected.
The personal information that iPipeline collects, or has collected from consumers in the twelve months prior to the effective date of this Disclosure, fall into the following categories established by the California Consumer Privacy Act:
- – identifiers (e.g., name, address, phone number, IP address);
- – protected classifications (e.g., age, gender, gender identity);
- – financial and commercial information (e.g., credit card numbers, purchase history);
- – internet or other online activity information;
- – biometric information;
- – geolocation data (e.g., computer/device location);
- – audio or visual information;
- – professional/educational information; and
- – sensitive personal information (including government-issued identifiers, account log-in, and precise geolocation”) and
- – inferences drawn from any of the above.
Categories of personal information disclosed for a business purpose.
In the 12 months prior to the effective date of this Disclosure, iPipeline has disclosed to the third parties identified in the “Disclosing Personal Information to Third Parties” section of the Privacy Notice above personal information that falls into the following categories established by the California Consumer Privacy Act:
- – identifiers;
- – protected classifications;
- – financial and commercial information;
- – internet or other online activity information;
- – geolocation data;
- – audio or visual information; and
- – professional/educational information.
Sources from which we collect your Personal Data.
We collect the categories of Personal Data listed above from the following types of sources: consumers, data analytics companies, ad networks, social networks, internet service providers, service providers that help us to run our business, and data resellers such as data management platforms. We also collect Personal Data automatically via cookies, web beacons, and other tracking technologies when you use our websites, online services, or mobile apps.
Purposes for which we use your Personal Data:
We use your Personal Data for the purposes listed in the “Information That iPipeline Collects About You” section.
California Privacy Rights Act Sensitive Personal Information Disclosure.
The categories of data that iPipeline collects about you, to receive and discloses for a copy of your business purpose include “sensitive personal information,” as defined under the California Privacy Rights Act. iPipeline does not use or disclose sensitive personal information for any purpose not expressly permitted by the California Privacy Rights Act.
Right to Access, Delete, or Restrict the Use of Personal Data:
Residents of California, Virginia, Colorado Connecticut, Nevada and Utah may have the right to exercise some or all of the rights described below. Depending on your data choices and where you reside, certain rights may be limited or unavailable.
No sale of Personal Data
iPipeline has not sold or shared any personal information Personal Data of consumers, as those terms are defined under the California Consumer Privacy Act, in the 12 months prior to the effective date of this Disclosure.
iPipeline will not discriminate against any consumer for exercising their rights under the applicable state laws.
Please be aware that while we will try to accommodate your request regarding your rights under privacy laws, these are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part. We will require proof of identification when you make a request in respect of your rights. We may also ask that you clarify your request. If we receive repeated requests or have reason to believe requests are being made unreasonably, we may not be required to respond.
Your Individual Rights
You may have certain rights relating to your Personal Data based on applicable local data protection laws, including from individual US state privacy laws (e.g., California, Virginia), Canadian privacy laws, and the EU/UK General Data Protection Regulation. Depending on the applicable laws these rights may include the right to:
- – Request and receive copies of your Personal Data that we hold;
- – Request additional information about how we process your Personal Data;
- – Correct inaccurate or incomplete Personal Data (taking into account our use of it);
- – Request deletion of your Personal Data;
- – Restrict or object to our processing of your Personal Data, including restricting the sale or sharing of your data or its use for cross-context behavioural marketing. Where we process Personal Data for direct marketing purposes (either by us or third parties) or for cross-context behavioural marketing, you may not have to provide a specific reason for such objection;
- – Require us (if possible) to transfer your Personal Data to another controller (i.e., data portability);
- – Limit the use or disclosure of your sensitive Personal Data;
- – Restrict certain disclosures of your Personal Data to third parties;
- – Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects; and
- – Withdraw your consent to the processing of your Personal Data (to the extent we base processing on consent and not on another lawful basis).
We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights. You may exercise these rights by sending us an email at email@example.com, writing to us at iPipeline Headquarters (USA), 222 Valley Creek Boulevard, Suite 330, Exton, PA 19341, using our iPipeline Data Protection Request Form or by calling (844) 526-7473. We will respond to any such requests within 30 days of receipt.
While we work hard to reduce the risk of data breaches, we have implemented dedicated controls and procedures in place for when such situations arise, along with the procedures that are required to make notifications to you and to the relevant Supervisory Authority as appropriate.
Cookies and Tracking Technologies
Below provides information on cookies, their use and how you can control them. Please read our cookie notice for all cookies used and how iPipeline have made it easier for you to control them when visiting our websites.
If you would like to find out more about cookies and their use on the Internet. You may find the link at the bottom of this section useful: Additional Cookie Information.
Unless you have previously opted out of marketing communications from iPipeline, tracking technology may be used in any of the emails sent to you.
Some of our third-party suppliers may send you emails, which may include a web beacon to allow us to determine the number of people who open these emails. These web beacons are electronic images provided by authorized third parties known as single-pixel GIFs, which are invisible graphical images.
When you click on a link in an email, we may record this individual response to allow us to customize our offerings to you. Web beacons collect only limited information, such as the time and date of an email being opened and a URL where the web beacon resides, which will identify the email that was opened.
Web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.
Changes to This Privacy Notice
iPipeline will conduct regular reviews of this privacy notice and update it as necessary. This privacy notice became effective from: April 2023.
Inquiries regarding this privacy notice may be made via the following methods:
iPipeline Headquarters (USA)
222 Valley Creek Boulevard
Exton, PA 19341
In US: (844) 526-7473
Outside US: +011 484 212-5316