ExpenseAnywhere complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework set forth by the United States Department of Commerce with respect to the collection, use and retention of Personal Data transferred from the European Union, the United Kingdom and Switzerland to the United States, respectively, as further described in the Scope section below. This Privacy Shield Policy outlines our commitment to the Privacy Shield Principles (the “ Principles”) and our practices for implementing the Principles. If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
ExpenseAnywhere’s Privacy Shield certification can be found Here
ExpenseAnywhere complies with the Principles with respect to the Personal Data the company receives from its Customers or their Users in the European Union, the United Kingdom and Switzerland in connection with the use of (i) ExpenseAnywhere hosted software applications (the “Subscription Service”), and (ii) Applications downloaded to a User’s mobile devices ( the “Mobile Applications”); and related support services ( the “Support Services”), as well as expert services (including professional services, training and certification) (the “Expert Services”) that we provide to Customers. In this Privacy Shield Policy, the Subscription Service, the Support Services, and the Expert Services are collectively referred to as the “Service.”
“Controller” means a person or organization which, alone or
jointly with others, determines the purposes and means of the processing of
“Customer” means any entity that purchases the Service.
“Customer Data” means the electronic data uploaded into the
Subscription Service by or for a Customer or its Users.
“Device” means a mobile device.
“Personal Data” means any information, including Sensitive
Data, that is (i) about an identified or identifiable individual and (ii)
received by ExpenseAnywhere in the U.S. from the European Union, the United
Kingdom or Switzerland in connection with the Service.
“Processor” means any natural or legal person, public
authority, agency or other body that processes Personal Data on behalf of a
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“User” means an individual authorized by Customer to access and use the Subscription Service.
Types of Personal Data Collected
ExpenseAnywhere hosts and processes Customer Data, including
any Personal Data contained therein, at the direction of and pursuant to the
instructions of ExpenseAnywhere Customers. ExpenseAnywhere also collects
several types of information from our Customers, including:
Information and correspondence our Customers and Users
submit to us in connection with Expert Services or other requests related to
Information we receive from our business partners in
connection with our Customers’ and Users’ use of the Service or in connection
with services provided by our business partners on their behalf, including
configuration of the Subscription Service.
Information related to Users’ use of the Mobile
Applications, including geographic location data and information regarding
Users’ Devices and OS identification, login credentials, language and time
In addition, ExpenseAnywhere collects general information
about its Customers, including a Customer’s company name and address and the
Customer representative’s contact information (“General Information”) for
billing and contracting purposes.
Third Party Disclosures
does not disclose any Customer or User information to anyone except to those on
a need to know basis in the performance of Services herein.
We may, however, disclose Personal Data that our Customers
and Users provide to our Service and Mobile Applications:
- To our subsidiaries and affiliates;
- To contractors, business partners and service
providers we use to support our Service;
- In the event ExpenseAnywhere sells or transfers
all or a portion of its business or assets (including in the event of a merger,
acquisition, joint venture, reorganization, dissolution or liquidation), in
which case Personal Data held by us about our Customers will be among the
assets transferred to the buyer or acquirer;
- If required to do so by law or legal process;
- In response to lawful requests from public
authorities, including to meet national security, public interest or law
Individuals in the European Union, the United Kingdom, and
Switzerland generally have the right to access their Personal Data. As an
agent processing Personal Data on behalf of its Customers, ExpenseAnywhere does
not own or control the Personal Data that it processes on behalf of its
Customers or their Users and does not have a direct relationship with the Users
whose Personal Data may be processed in connection with providing the
Service. Since each Customer is in control of what information, including
any Personal Data, it collects from its Users, how that information is used and
disclosed, and how that information can be changed, Users of the Subscription
Service should contact the applicable Customer administrator with any inquiries
about how to access or correct Personal Data contained in Customer Data.
To the extent a User makes an access or correction request to ExpenseAnywhere,
we will refer the request to the appropriate ExpenseAnywhere Customer and will
support such Customer as needed in responding to any such request.
To access or correct any General Information Customer has provided, the Customer should contact their ExpenseAnywhere account representative directly or by using the contact information indicated below.
In accordance with the Principles, ExpenseAnywhere will
offer Customers and Users choice to the extent it (i) discloses their Personal
Data to third party Controllers, or (ii) uses their Personal Data for a purpose
that is materially different from the purposes for which the Personal Data was
originally collected or subsequently authorized by the Customer or User.
To the extent required by the Principles, ExpenseAnywhere also will obtain opt‑in consent if it engages in
certain uses or disclosures of Sensitive Data. Unless ExpenseAnywhere
offers Customers and Users an appropriate choice, ExpenseAnywhere uses Personal
Data only for purposes that are materially the same as those indicated in this
ExpenseAnywhere may disclose Personal Data of Customers and Users without offering an opportunity to opt out, and may be required to disclose the Personal Data, (i) to third‑party Processors that ExpenseAnywhere has retained to perform services on its behalf and pursuant to its instructions, (ii) if it is required to do so by law or legal process, or (iii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. ExpenseAnywhere also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).
Liability for Onward Transfers
ExpenseAnywhere complies with the Privacy Shield’s Principle regarding accountability for onward transfers. ExpenseAnywhere remains liable under the Principles if its onward transfer recipients process Personal Data in a manner inconsistent with the Principles, unless ExpenseAnywhere proves that it was not responsible for the event giving rise to the damage.
If ExpenseAnywhere maintains your Personal Data in one of the Services within the scope of our Privacy Shield certification, you may direct any inquiries or complaints concerning our Privacy Shield compliance to email@example.com, or in the U.S., European Union, the United Kingdom , or Switzerland by regular mail as indicated below. ExpenseAnywhere shall respond within 45 days. If your complaint cannot be resolved through ExpenseAnywhere’s internal processes, ExpenseAnywhere will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at www.jamsadr.com/international‑mediation‑rules. JAMS mediation may be commenced as provided for in the relevant JAMS rules. The mediator may propose any appropriate remedy, such as deletion of the relevant Personal Data, publicity for findings of non‑compliance, payment of compensation for losses incurred as a result of non‑compliance, or cessation of processing of Personal Data of the Customer or User who brought the complaint. The mediator, or the Customer or User, also may refer the matter to the U.S. Federal Trade Commission, which has Privacy Shield investigatory and enforcement powers over ExpenseAnywhere. Under certain circumstances, Customers and Users may be able to invoke binding arbitration to address complaints about ExpenseAnywhere’s compliance with the Principles.
How to Contact ExpenseAnywhere
To ask questions or comment about this Privacy Shield Policy
and our privacy practices or if you need to update, change or remove your
information, contact us at: firstname.lastname@example.org
or by regular mail addressed to:
4099 William Penn Highway
Monroeville, PA 15146